Friday, August 04, 2006
Tuesday, August 01, 2006
Password-storage-busting
Firefox and Internet Explorer store passwords if you want them to. I'm sure other browsers do too, but the big two do.
However, there are times you don't want people auto logged in - sometimes it's unwise. You want to prevent this. (Nevermind that help desk bans password storage like this, that doesn't matter when it's not followed)
So, how do you fix this, with Struts + JSP + JSTL, in a cross platform way?
Let's explore the options:
1. Turn autocomplete off. This is a non-standard (non html-4.01) attribute. Struts doesn't want to pass it through - it's not XHTML. So I can't just do:
2. Ok, let's try Javascript. Let's say
3. Howabout trying
4. Now how about the option I liked the best: Having the following in your jsp:
On the backend, you do:
Unfortunately, this doesn't work. strut's config doesn't allow a dynamically named form element name. It works on the frontend, no password is ever stored, across any browser. Close, but not working on the backend.
4a. The final solution works! We use the same frontend from 4, and we ignore Struts to get what we want.
Basically, Struts sometimes is useful. It makes everything we do regular. But sometimes it gets in my way. However, this is the solution I liked in the first place, it just took beating struts into submission.
However, there are times you don't want people auto logged in - sometimes it's unwise. You want to prevent this. (Nevermind that help desk bans password storage like this, that doesn't matter when it's not followed)
So, how do you fix this, with Struts + JSP + JSTL, in a cross platform way?
Let's explore the options:
1. Turn autocomplete off. This is a non-standard (non html-4.01) attribute. Struts doesn't want to pass it through - it's not XHTML. So I can't just do:
<html:form autocomplete="off">
2. Ok, let's try Javascript. Let's say
form.password.value = "";This legitimately blanks the password field on load - however, when the user's cursor enters the password field, it pulls the password from the browser and automatically enters it for the user.
3. Howabout trying
<input type="password" autocomplete="off">This is supposed to do the trick. It, upon my testing, does nothing about preventing password storage in Firefox 1.5.
4. Now how about the option I liked the best: Having the following in your jsp:
<jsp:useBean id="now" class="java.util.Date" scope="request"/>
<c:set var="nowInt" value="${now.time}" scope="page"/>
<input type="text" name="username/">
<input type="password" name="password<c:out value="${nowInt}"/>"/>
<input type="hidden" name="salt" value="<c:out value="${nowInt}"/>">
On the backend, you do:
String salt = (String) PropertyUtils.getSimpleProperty("salt");
String username = (String) PropertyUtils.getSimpleProperty("username");
String password = (String) PropertyUtils.getSimpleProperty("password" + salt);
Unfortunately, this doesn't work. strut's config doesn't allow a dynamically named form element name. It works on the frontend, no password is ever stored, across any browser. Close, but not working on the backend.
4a. The final solution works! We use the same frontend from 4, and we ignore Struts to get what we want.
String salt = (String) PropertyUtils.getSimpleProperty("salt");
String username = (String) PropertyUtils.getSimpleProperty("username");
String password = (String) request.getProperty("password" + salt);
verify(username, password);
Basically, Struts sometimes is useful. It makes everything we do regular. But sometimes it gets in my way. However, this is the solution I liked in the first place, it just took beating struts into submission.
Wednesday, July 26, 2006
Krispy Kreme vs Dunkin Donuts
An intern asked me today "What does Dunkin Donuts have that Krispy Kreme doesn't?"
Muffins.
Bagels.
Bagels with meat and cheese.
Better coffee.
And good dounts.
(of course, the best donuts I've ever had come from Frosty's Donuts in Brunswick, Maine)
[Previously...]
Muffins.
Bagels.
Bagels with meat and cheese.
Better coffee.
And good dounts.
(of course, the best donuts I've ever had come from Frosty's Donuts in Brunswick, Maine)
[Previously...]
Friday, July 14, 2006
Saturday, July 08, 2006
Blogroll
I've made some additions on my blogroll/siteroll. With no further ado, I've added:
Cute Overload, pictures of cute animals.
Burbed, a blog about ridiculous housing prices
Bill Monk, a site for tracking shared bills among friends
Enjoy!
Cute Overload, pictures of cute animals.
Burbed, a blog about ridiculous housing prices
Bill Monk, a site for tracking shared bills among friends
Enjoy!
A good UI
I was in Helen's car (a 2002 Prius) the other day and we used the GPS to get from one place to another.
The UI for entering the destination address was pretty awesome! When you push letters, letters that couldn't happen after disappear. So if I type 'S-o-u', every letter but 't' dims. Ok, so clever use of a trie. But they filled the trie with the street names in the US - so once I type in 's-o-u-t-h-b-r', very few letters are up - it's not trying to build a compound word, but it really only looks at legit street names.
Once you enter the street name, they show you only cities that have streets of that name in the state (I forget how one chooses another state).
I have to say, they could have put a pretty bad UI in the system - one where you enter every little detail - but they seemed to take the extra step and make it that much better. (My only complaint: they do an ABCDEF keyboard instead of QWERTY)
I'm glad I never played with this system before I bought my new car. Otherwise I might have tried to hold out for a GPS system!
The UI for entering the destination address was pretty awesome! When you push letters, letters that couldn't happen after disappear. So if I type 'S-o-u', every letter but 't' dims. Ok, so clever use of a trie. But they filled the trie with the street names in the US - so once I type in 's-o-u-t-h-b-r', very few letters are up - it's not trying to build a compound word, but it really only looks at legit street names.
Once you enter the street name, they show you only cities that have streets of that name in the state (I forget how one chooses another state).
I have to say, they could have put a pretty bad UI in the system - one where you enter every little detail - but they seemed to take the extra step and make it that much better. (My only complaint: they do an ABCDEF keyboard instead of QWERTY)
I'm glad I never played with this system before I bought my new car. Otherwise I might have tried to hold out for a GPS system!
Friday, July 07, 2006
Keep Them Afraid!
Homeland Security Advisory System level history:
Yep, it's stayed at Yellow or Orange since its inception at March of 2002. This seems fishy to me...
Although the system in theory consists of five levels, the threat level has never been lowered to blue or green, nor elevated to red. The threat level has stood at yellow for most of its existence. (source)
Yep, it's stayed at Yellow or Orange since its inception at March of 2002. This seems fishy to me...
Thursday, July 06, 2006
Biking isn't that slow
Between stop lights and taking back roads to work, my driving commute in is 13 minutes, starting car to parking. (I could take 101, but having to come to a complete stop on an onramp makes my commute much less happy).
My biking commute is 30 minutes, getting on the bike to getting off the bike.
Biking isn't that much slower than driving! I'd never timed it before, but this is surprising - it's only twice as much time to bike!
My biking commute is 30 minutes, getting on the bike to getting off the bike.
Biking isn't that much slower than driving! I'd never timed it before, but this is surprising - it's only twice as much time to bike!
Tuesday, June 27, 2006
DMV
I have complained about the DMV before. I'm going to do it again.
I moved to the area in January, and in April I decided that it was time to get a California license and California registration. At the time, you had to make a separate appointment for each, or risk waiting in line for 2 hours. I made two appointments, and went to the DMV twice (during work hours no less). That went relatively smoothly.
Now, I bought a car. The guy selling it doesn't have a copy of the title, so we fill out a title-less transfer form. I then go to the DMV, and they say we need a bill of sale too. They say that's all I need.
So I meet the guy this weekend for that signature. Again, I go back to the DMV during work hours. The DMV then says "Oh, California has never had the title for that - Montana must have it. Sorry we didn't tell you this last time! You can't use that form, you really need the title or a copy of it!"
I'm tired of the DMV.
I moved to the area in January, and in April I decided that it was time to get a California license and California registration. At the time, you had to make a separate appointment for each, or risk waiting in line for 2 hours. I made two appointments, and went to the DMV twice (during work hours no less). That went relatively smoothly.
Now, I bought a car. The guy selling it doesn't have a copy of the title, so we fill out a title-less transfer form. I then go to the DMV, and they say we need a bill of sale too. They say that's all I need.
So I meet the guy this weekend for that signature. Again, I go back to the DMV during work hours. The DMV then says "Oh, California has never had the title for that - Montana must have it. Sorry we didn't tell you this last time! You can't use that form, you really need the title or a copy of it!"
I'm tired of the DMV.
Friday, June 23, 2006
Goodbye, Myspace
Goodbye, Myspace. The amount of people I don't know asking to friend me, the number of invitations to events I have no interest in going to, etc was way too much.
Basically: your level of abuse is too high, and the signal to noise is really bad. I'll stick to Facebook.
Basically: your level of abuse is too high, and the signal to noise is really bad. I'll stick to Facebook.
Wednesday, June 21, 2006
Baby blogs
Let's face it, baby blogs are the new black. Actually, babies are the new black. It's summer in the valley, and I see many, many babies. Also, I see many pregnant women.
Many of my coworkers' wives have recently had children. Most of my breeding coworkers have baby blogs. They're very trendy!
Many of my coworkers' wives have recently had children. Most of my breeding coworkers have baby blogs. They're very trendy!
Tuesday, June 20, 2006
Taxes and the DMV
The taxes on my new car cost more than the purchase price of the Thunderbird (in 2001), by about $8.
There's something about the way the DMV employees seem to treat me as meat and don't really show joy and are kind of brisk that makes me extremely nervous there.
There's something about the way the DMV employees seem to treat me as meat and don't really show joy and are kind of brisk that makes me extremely nervous there.
Bill Monk @ Google
Wednesday, June 14, 2006
Google News in Arabic
I'm really glad that Google is launching Arabic services lately:
Google News Arabic
Gmail Arabic
Google Translate (English <-> Arabic)
I'm sad it has taken this long to do, but part of the problem with Arabic is most programmers design pages right to left, not start to finish!
Google News Arabic
Gmail Arabic
Google Translate (English <-> Arabic)
I'm sad it has taken this long to do, but part of the problem with Arabic is most programmers design pages right to left, not start to finish!
Saving money on your car insurance
I pay $164.46 per 6 months on my Thunderbird
I get a discount of $117.42 per 6 months on my Audi because I have the Thunderbird.
Yes, it makes me greatly sad that when I remove the Thunderbird, I'll save $50 every 6 months.
Anyone want to buy a used Thunderbird?
I get a discount of $117.42 per 6 months on my Audi because I have the Thunderbird.
Yes, it makes me greatly sad that when I remove the Thunderbird, I'll save $50 every 6 months.
Anyone want to buy a used Thunderbird?
Monday, June 12, 2006
New car details!
I test drove a car from Craigslist the other day. If you're interested here's the listing.
Details:
Audi A4 Avant (wagon)
Engine: 1.8 Liter Turbo
Transmission: 5 speed manual
Year: 2002
Color: Silver with a tinge of blue
Quattro (All-wheel drive)
37,500 miles
Moon roof
Climate control
Things it has in common with the Thunderbird:
* Leather
* Moon roof
* Manual transmission
* Pressure intake (supercharger/turbocharger)
Things the Audi doesn't have in common with the Thunderbird:
* It gets 25 miles per gallon
* It will make it up to Lake Tahoe if it snows
* It works!
Jim is already trolling for rides to Ikea... hrm...
Details:
Audi A4 Avant (wagon)
Engine: 1.8 Liter Turbo
Transmission: 5 speed manual
Year: 2002
Color: Silver with a tinge of blue
Quattro (All-wheel drive)
37,500 miles
Moon roof
Climate control
Things it has in common with the Thunderbird:
* Leather
* Moon roof
* Manual transmission
* Pressure intake (supercharger/turbocharger)
Things the Audi doesn't have in common with the Thunderbird:
* It gets 25 miles per gallon
* It will make it up to Lake Tahoe if it snows
* It works!
Jim is already trolling for rides to Ikea... hrm...
I bought a car!
Sometimes, it's just time to give it up and buy a new (used) car.
And I have.
Details to follow...
And I have.
Details to follow...
Wednesday, June 07, 2006
Gay Marriage ban vote
List of US Senators' votes for gay marriage ban
I suggest contacting your senators and either thank them for voting against the gay marriage ban, or harangue them for voting for the gay marriage ban.
I thanked Maine's Republican Senators for breaking party lines and said how impressed I am.
I suggest contacting your senators and either thank them for voting against the gay marriage ban, or harangue them for voting for the gay marriage ban.
I thanked Maine's Republican Senators for breaking party lines and said how impressed I am.
Saturday, June 03, 2006
I'm a romantic
Is it strange I tried to explain something completely non technical to my girlfriend today by talking about L1 and L2 cache?
Subscribe to:
Posts (Atom)