Dependent Origination

Archive for June 2011

by Alice Munro

这书蠻好看的 是我看的第一本 alice munro的书 但是还挺喜欢的

同名的 那篇并没有觉得特别好 但是后面几篇越来越好 看到后来 完了 还觉得意犹未尽 再有几篇就好了. 印象比较深刻的 一个女人a single day affair却记了一辈子 不断的添加想象 早已和事实大相径庭 但是 the memory gained a life of its own, fed on its own growth, and filled in the gaps of a long marriage. 另外就是那个有个老年痴呆的爱妻 但又不断出轨的老公 爱妻不再记得他是谁 反而和养老院另外一个不能动的老头 attachment起来 老公只能靠回忆 和 反省生活 但是出轨的机会仍然存在 只是这次真的是为了妻子而出轨了.

一个 collection写了很多横跨爱情/家庭各个阶段的故事 从不同的视角 大多是女性角度 看待贫穷 生活 掙扎 demanding husband or family 看了感同身受. munro reminds me of annie proulx, but not that detail oriented or incisive writing. still the struggle of a poor life is vividly on the paper.

第一次看到 munro的名字 是在 grad school的 时候 学校main street上有个旧书店, 我平时经常去逛逛, 里面在层层书架之间 有个蓝白条相间的布沙发 我有时就坐下来 看书 因为店面很深 能看一下午 都不知道天黑了. 那个沙发一点都不像放在商店里的东西 更象某个 beach house里的家具 因此坐上去更有 时光/地点穿梭机的感觉 读的书分外有趣些. 至今我仍然很怀念它.

当时有一次书店摆了一些 american contemporary writers的书出来 其中一本就是 munro, 哪一本已经想不起来了 但是记得当时很想看 但有事情 不能 indulge自己 翻了几页就走了 一直记到今天.

Advertisements

4/17/2011

鉴于我实在照不出好看的 汤的照片, 现在就改成了照原料. 放了胡萝卜, 应该是苹果, 还有牛蒡. 这个汤很好吃.

4/17/2011

菜谱在这里. 这个blog我已follow了好几年了 是个很有名的food blog. 但是这是我第一次做她的recipe. 不是太成功. 味道很普通 没有什么特别的地方. 不知道是不是自己 french cooking的段位比较低的缘故 没有把人家的风味做出来.

这个菜谱比较有收获的地方是我第一次用 leek这个东东, 一下子就 fall in love了, 到现在变成了几乎每周必买的fridge staples. 下面还有两个关于 leek的 更好吃的 菜. 这里我第一次发现 leek的颜色 味道都是这么迷人 更不用说和 spring zucchini抄在一起 简直是动人心斐的嫩绿色 和春天的心情仿佛是绝配.

今天我 自己发现了一个命令: =%

要先把光标放到curly brace上面 然后就可以indent all code within the curly braces

很久以前看到过有这样的命令 但是 google没找到 突发奇想 因为 % 可以找 matching braces的吗

<input type=’…’ name=’…’ autocapitalization=’off’ autocorrection=’off’>

you can put them to the form element too. that way, all the inputs in the form will not auto-capitalize or auto-correct user inputs.

I should have known this a long time ago — i overheard quite some conversations about them in my ex-ex-employer but never really spent time thinking or trying to understand what other people were saying at the time — this proves the point of never being lazy again. Everything you got lazy about will come back and bite you. This is probably the number one lesson I learned in my entire life 🙂 不能懒啊. 一时的懒惰日后都要付出代价的.

Anyway this time, after hours spent in a marathon push, I figured everything out, hopefully. There is a parameter when you set a cookie: secure or not secure. If you mark it secure, then it won’t come back through a http connection. If you don’t mark it secure, it will come back for both http and https connection. That is it.

We got a report from a guy who lives in Tokyo on a page of ours that is vulnerable to XSS attacks. Seems he sent multiple emails to different companies on the topic. It is a sure way of securing interviews. I hope he run a program to find the holes, instead of finding them by hand 🙂

Anyway, despite my two years in a security infrastructure team, I actually got more education on XSS this time — it is a very common security flaw and was taken advantaged of fairly early in the history of my ex-employer. So the issue was fixed well ahead of my time and I never really paid any attention to how they solved it.

Now I got the chance to read about it and figure out the best way to make sure it never happens. Turns out it is very hard to systematically get rid of it, barring a full fledged parser of the code base. The root problem is never display anything the user types in. In the same line of thought you cannot display anything directly from the database too. So it is a problem of proper escaping. Since display happens in different contexts, such as html and javascript being the most likely contexts, you cannot pre-escape the user inputs. The guard has to be at the display time. This can be helped by a naming convention — add raw or escaped to the end of your variable names so you can catch them on a glimpse in a display context. Another help is to make sure the default is safe — just html-escape everything from the apache server — this way in the worst case we display a bunch of wrong characters but never closed/opened contexts unintentionally.

this is the wiki article on cross-site scripting. here is a page that describes the common guards of dealing with it.


June 2011
M T W T F S S
« May   Jul »
 12345
6789101112
13141516171819
20212223242526
27282930  

Twitter

  • is reflecting on the past three years and reading the article on divided self aptly showing up at the top of my tweeter feed. 3 months ago
  • is having a nice feeling of connecting dots all over the place. they are now illuminating the same point. 4 months ago
  • Style Transfer is fun! TensorFlow rocks! #WTM17 https://t.co/zYP0IFIDfp 6 months ago
  • couldn't get over the jetlag, sleeping during the day from seven to four, for days. 8 months ago
  • is emptying trash and happily discovering the available disk space now ranks at 100G+. 9 months ago

Flickr Photos