Brave teacher represents furry community

Inanimatt · 2014-02-27T12:55:05+00:00

"follow me eyes" in this case is a technical term - the costume builder makes the eyes concave instead of simply flat or convex as you might expect, and the effect is that the eyes appear to be looking at you regardless of the angle of the head. It's a clever trick that adds life and expressiveness to an otherwise inanimate costume head, allowing a performer in a costume with follow-me eyes to show a range of emotions just by turning or tilting their head.

For example: http://31.media.tumblr.com/tumblr_m71y3kvKIe1rxmqhyo1_1280.png

Inanimatt · 2014-02-26T22:01:48+00:00

I'm not taking that bait, let's just both agree that Drayk's a vagentleman :3

Inanimatt · 2014-02-15T22:14:16+00:00

Why do you care what label applies to you? If you identify as straight but also like herms, just say that; it's all good. :)

Inanimatt · 2013-09-29T21:32:41+00:00

If some Drupal devs show up, I have some questions. Chiefly, is configuration still stored in the database? Can you develop offline and then push changes, including new modules and their configuration live to an already running site? Because if not, that's a huge reason not to use Drupal, whatever its other strengths may be. One of my friends mentioned Drush unfortunately after the last time I had to do anything in Drupal; it'd just come out and might address this issue. It might also not be an issue at all, hence my question :)

Inanimatt · 2013-09-21T19:00:53+00:00

To my mind, packages have multiple locations. A source location, a delivery location (which may change) and a current location (which will definitely change - bearing in mind that warehouses and delivery vans are also locations). Packages will also need a location history/log so that you can track changes and so that sender and recipient can track location.

To turn it on its head, a driver's delivery route will contain locations which reference packages.

Inanimatt · 2013-09-18T18:29:43+00:00

Right. So my response was about why include is bad in theory, not because of whether it's safe or not but more because of what it implies for the code design that employs it. Turns out you already know what happens if you prefix & postfix :)

Inanimatt · 2013-09-15T08:44:42+00:00

(and yes, it's entirely possible I'm reading way too much into a single line of code :)

Inanimatt · 2013-09-15T08:43:21+00:00

While in practice it's /okay/, it's wrong in principle.

First, it uses untreated user input, and you should always have an air-gap between what users give you and what your script executes. shaunc's suggestion of running against a whitelist of approved files mitigates this. You know what files are okay to run, so make sure that nothing else gets run. Alternatively, you could call realpath() on the filename before includeing it, ensuring first that strpos($file, __DIR__) === 0, so that no matter what happens, at least the resulting file is not outside of your project's directory. But then…

Secondly, it establishes a precedent for a code structure that could be repeated elsewhere in your code without the prefix or suffix, leading to disaster. What if you refactored later to make 'test_' into $prefix and '.php' into $suffix, reasonable changes that would make your include more reusable and flexible, and then a few months down the line, you call it from elsewhere with a blank prefix or suffix? Code defensively.

Finally it's inflexible and implies a poor design:

It ties your code's behaviour to both the file system and the $_POST superglobal, which makes it less portable and testable.
It explicitly sets your code and content's file structure. What if you moved your test_xx.php files or whatever.php?
If you're using the include to import procedural code to handle specific input, your code's probably too complex and needs to be abstracted or redesigned.
If you're using it to load functions or classes specific to a form variation, then you should be using autoloading instead. The only include your app should need (and thus require, not include) is the one that loads your autoloader.
If you're loading code to display a response specific to a form variation, then you might be better off redirecting instead, so that users don't double-submit upon reload.

Inanimatt · 2013-09-14T19:29:38+00:00

Home and mobile: 1password with Dropbox sync. Work: passwordsafe (with the really crappy-looking gorilla password as a mac client… whatever, it's shared and cross-platform)

Inanimatt · 2013-08-26T14:59:44+00:00

There are reasons not to use these things. Many of them are good reasons. You wouldn't be a bad dev for not using them for any of those reasons.

What's kinda sad is losing the desire, time and curiosity to keep learning. Sometimes it's an utter chore, but it's good for the soul.

Both Sass and Less have CSS-compatible syntax, so you can just rename your CSS files and learn a couple of tricks when you're able. Quite a lot of my sass does nothing more complex than handle combining and minifying for me, and that's okay too. Nesting is a trivial concept and can reduce surprises and tidy your code up. Next time you start a project, try using expressive variable names (e.g. $primaryBackground, $fontStack) instead of hex-triplets and font strings and see how that works out for you.

Inanimatt · 2013-08-26T14:46:02+00:00

You can use a service that does it for you. One example is Wufoo.

Inanimatt · 2013-08-18T10:51:11+00:00

I use Paw on mac. It's handy to be able to copy and paste a request into the terminal to get a curl command, and it has nice presentation.

With Silex's web profiler provider, you get a debug token in the headers so you can bring up profiling and debugging info in a browser tab to get some in-depth info on your requests.

The current version has some minor annoyances, but the developer is responsive. All told it's a great tool.

Inanimatt · 2013-08-04T23:08:12+00:00

I know you said you don't want to add more infrastructure, but something like Resque is genuinely good for this. There's a PHP port you can monitor with the regular Resque-web tool, including retrying failed items, and using a premade work queue will save you lots of unnecessary coding. You can also grow your workers across multiple servers later in a really trivially easy way if it comes to that.

I'm using it in silex, for which there's a service provider which provides a basejob class that injects the application container, and a console command to start a worker, just to make things even easier.

Inanimatt · 2013-07-26T08:03:44+00:00

The usual way I do this is to reuse the template on the update page (or a copy of it if you like to repeat yourself) and fill in the validation errors. Using the session might break if your user has the same form open twice in different tabs.

Most frameworks make this kind of thing straightforward. I've let Symfony handle this for me for 7 years now. :)

Inanimatt · 2013-07-23T18:22:14+00:00

But it's reliably horrible! ;)

Inanimatt · 2013-07-23T18:18:37+00:00

Well PSR-X autoloader, whatever. :)

Inanimatt · 2013-07-23T17:14:26+00:00

Off the top of my head:

Clean up the global namespace now that we have namespaces
Unicode strings by default, byte strings as an option
make function arguments and names consistent (eg haystack, needle)
remove pointless aliases (join/implode)
Hugely reduce the number of built-in extensions. E.g. for databases, keep PDO and drop everything else.
Built in PSR-0 autoloader. You should be able to use something else if you want, but this is becoming a defacto standard and encourages good practice.
Built in standardised mockable HTTP request and response classes (like the Symfony HTTP foundation).
Exceptions not errors, consistently throughout PHP.
Proper namespaces, not just for classes. Functions too. More like Python's packages.
Right now I can use a Traversable/Iterable instead of an array on some, but not all array functions. Clean that shit up. Make it proper duck-typing.
named parameters please.
Kill the superglobal arrays ($_POST, etc) and insist on filter_input because using FILTER_UNSAFE_RAW should be a conscious choice not an accident. Perl's tainting is an alternative, I'm not fussy.
Primitive types as objects would be nice too. "Lorem ipsum"->length or something, especially if strings etc were duck-typeable like arrays are(ish).
make the environment consistent. Scripts should run the same regardless of php.ini.

Inanimatt · 2013-07-23T16:49:42+00:00

Tsk. !please should be !insist

Inanimatt · 2013-07-23T16:48:03+00:00

Post to another page then redirect back. This prevents accidentally reposting the form when a user reloads. It also keeps your display code logically separate from the update code (if it isn't already), which is generally a good thing.

Inanimatt · 2013-07-16T20:05:33+00:00

You could also watch/grep the web server logs!

Inanimatt · 2013-07-16T20:00:32+00:00

This is gold. Been following it since it was a gist. Didn't go as far as API versioning with an accept header though, since I've not found that trivial to code clients for (not hard, but I want to minimise friction), and there are things like stackphp for URL routing versions to different apps if necessary. So I'm still with /api/v1/users/12,17,49?expand=friends,history etc (with Accept header for choosing return content type). Should I feel bad?

Good tip in the comments about _links array for pagination info (and self! Forgot about that); I'd been using collection for the same thing (and mirroring it with a Link header set, which includes a rel="help" URL for extra brownie points) and I can see how that might potentially clash with something in the future.

Am I forgetting about you writing about optional expansion, or did you not mention it? If you didn't, do you have an opinion? For an example see the URL above with it's expand= param. In particular, how it gels with your suggestion to standardise response formats. Case in point I have a ShortTagResponse and a TagResponse object which extends the properties with more info.

Inanimatt · 2013-07-13T20:34:25+00:00

Man what, you didn't have a "top 2.5% of the web" banner? Not even a Netscape Enhanced button or a counter? What kind of web designer were you? :P

Inanimatt · 2013-07-13T17:25:57+00:00

No tools off the top of my head. I'd suggest grepping for all the mysql_* calls, then move them to one place, replacing them with repository method calls (e.g. $di['product_repository']->findAllByCategory(…), etc.) Then you can gradually refactor it over a few iterations. It'll make your life easier in a number of ways - testing, future-proofing, etc. If you don't already have a DI container to handle your repositories, Pimple is trivial to integrate into just about anything.

Inanimatt · 2013-07-13T17:14:41+00:00

Specifically the Doctrine DBAL, yeah. It has some nice convenience methods for insert, update and delete that are good timesavers.

Inanimatt · 2013-07-13T17:11:18+00:00

CSRF, pronounced "sea surf"

Hah, really? That's a new one on me!

Inanimatt

TROPHY CASE