work-on: A Quick Script for Context Switching

2019-05-07

I work on a lot of projects.

$ ls ~/Projects/ | wc -l
      29

$ ls ~/Projects/work/ | wc -l
      67

And that’s just what I have checked out at the moment. 😇

Empire Builders

2019-05-05

In Powersat, the big bads were terrorists. In Privateers, the Russians. In The Empire Builders it’s… global warming and the mob?

Given how times have changed, it’s amusing to see the specter of a ‘greenhouse cliff’ looming over the world, with no one believing at first that such a thing is even possible. Nowdays, you’ll see arguments over if it’s happening or not (more and more rarely) and if we caused it in the first place (of course we did), but you’d be hard pressed to find too many people that have never even heard of the idea. That’s what you get for reading near future sci- fi written a quarter century ago I guess. It’s a straight forward enough plot with a few twists through politics, squatters on the moon and natural disasters and an engaging read. I find myself increasingly interested in what happens to this other Earth.

Harbinger

2019-05-02

Harbinger is a bit of a tonal shift from the The Fallen. Where The Fallen had a split feel between Chavali’s life with her clan and then after her death as one of the Fallen, Harbinger is almost entirely concerned with a single mission she’s sent on on behalf of her former masters.

We still have hints of Chivali’s former life. How she uses her powers; occasional sad memories of all she’s lost. But for the most part, she seems to be fitting into her role as something like a spy, running missions for the masters of the Fallen. It works, although I was hoping for a bit more even about the clan she’d lost, perhaps rebuilding it, and why it happened to them in the first place. We get a few answers, but really more questions than ever.

Prevent JavaScript links by parsing URLs

2019-05-02

If you have a website that allows users to submit URLs, one of the (many many) things people will try to do to break your site is to submit URLs that use the javascript: protocol (rather than the more expected http: or https:). This is almost never something that you want, since it allows users to submit essentially arbitrary code that other users will run on click in the context of your domain (same origin policy).

So how do you fix it?

First thought would be to try to check the protocol:

> safe_url = (url) => !url.match(/^javascript:/)
[Function: safe_url]

> safe_url('http://www.example.com')
true

> safe_url('javascript:alert(1)')
false

Forcing Secure Cookies Behind an ELB in Ruby/Rails

2019-04-30

As part of general security good practices, you should always (whenever possible):

use HTTPS to serve all requests
serve redirects to upgrade HTTP requests to HTTPS
set session cookies to secure and http_only
enable HTTP Strict Transport Security (HSTS)

Tiny Helper Scripts for Command Line MySQL

2019-04-27

Quite often, I’ll find myself wanting to query and manipulate MySQL data entirely on the command line. I could be building up a pipeline or working on a task that I’m going to eventually automate but haven’t quite gotten to yet. Whenver I have to do something like that, I have a small pile of scripts I’ve written over time that help out:

skiphead: Skip the first line of output, used to skip over headers in a query response
skipuntil: Skip all lines until we see one matching a pattern, used to resume partial tasks
commaify: Take a list of single values on the command line and turn them into a comma separated list (for use in IN clauses)
csv2json: a previously posted script for converting csv/tab delimited output to json
jq: not my script, but used to take the output of csv2json and query it further in ways that would be complicated to do with SQL

Admitedly, the first two of those are one liners and I could easily remember them, but the advantage of a single command that does it is tab completion. sk<tab>, arrow to select which one I want, and off we go. I could put them as an alias, but I don’t always use the same shell (mostly fish, but sometimes Bash or Zsh).

Privateers

2019-04-26

Reading Powersat and then Privateers (the suggested chronological order given for [series:The Grand Tour|51185]) is a bit strange, given the former was first published in 2005 and the latter back in 1985.

In Powersat, the ‘big bads’ are informed by the political tensions of the early 2000s, with terrorism (especially Middle Eastern) driving the conflict. When Privateers was written, the Soviet Union had not yet fallen and the Cold War was still going, so it’s unsurprising to find that the ‘what if’ this time around sees the Soviets taking a position of political power and the United States fading to isolationism.

Powersat

2019-04-20

I last read most of the The Grand Tour in high school or earlier, jumping about from book to book in no particular order. I don’t even know if I read The Grand Tour, especially given that it might not have been out yet. It’s a bit of a strange book, set first chronologically but written decades after others in the series. I was looking for an audiobook series to listen to next and this seemed worth a try.

Plotwise, it’s near future science fiction, with a world similar enough to the modern world that nothing seems impossible but exploring what could be / could have been. It’s not the sort of science fiction I generally read, but so it goes. The idea of the powersat and the spaceplanes is neat and the idea of NASA transferring responsibilities to private companies seems increasingly prescient every year (the last space shuttle flight was 6 years after this book was published). The ending in particular has just the right push of scifi action and adventure to keep me reading by itself.

The Fallen

2019-04-20

I have a pretty good number of less known / self published stories that I’ve collected through various sales and bundles that I keep meaning to work through. The Fallen is one such book. I’m not even sure where I picked it up anymore, but it seems worth giving a try.

Structurally, The Fallen starts with Chavali (a fortune teller who just so happens to have a gift for mind reading) and her clan of travelling folk. Fascinating world building already and we just keep getting hints of even crazier things going on in the greater world as everyone dies and Chavali is brought back as one of the mysterious "Fallen" . Quite a twist.

Red Seas Under Red Skies

2019-04-18

“That’s a sweet piece,” said Jean, briefly forgetting to be aggravated. “You didn’t snatch that off a street.”

“No,” said Locke, before taking another deep draught of the warm water in the decanter. “I got it from the neck of the governor’s mistress.”

“You can’t be serious.”

“In the governor’s manor.”

“Of all the -”

“In the governor’s bed.”

“Damned lunatic!”

“With the governor sleeping next to her.”

The night quiet was broken by the high, distant trill of a whistle, the traditional swarming noise of city watches everywhere. Several other whistles joined in a few moments later.

“It is possible,” said Locke with a sheepish grin, “that I have been slightly too bold.”