Sunday, July 13, 2008

Apple Snapple

So, I had an idea for an iPhone app today. And like a poor Mac user I immediately set to work, only to be disappointed yet again by Apple's closed-ness.

How cool would it be to scan barcodes using the iPhone's built-in camera, and be able to Google up the product? Read reviews?

Unfortunately, in Apple's infinite wisdom *cough*, there is no access to the camera from the SDK. Oh well, so much for revolutionary device eh? :)

RROD'ed :(

So the Xbox 360 died the other day. I can't say I'm terribly surprised - in fact I'm terribly surprised it hasn't died *sooner*. This is the one that was a launch unit, went through the checked-baggage gauntlet that is air travel several times, and survived all of it, barring a slightly gimpy DVD tray.

It was entirely surprising to me when it died just standing there. Rock Band froze up at the most inopportune moment, I power cycled, and ahead stared the worst sight an Xbox owner can imagine :(

I was dreading the inevitable call to Microsoft tech support - oh boy, I thought, they must try to weasel their way out of as many of these as they can. Heck, even the vaunted Apple screwed me when my lemon of a laptop arrived.

Nope, I called them, and right away they shipped a box out to me to pack the Xbox in. Coolness. Never had THIS smooth of a customer experience with anyone, though I suppose they've certainly had enough practice...

And I only got a few days to use my new headset :( Slightly annoying volume control placement, but oh-so-sturdier than the piece of crap Microsoft shipped the Xbox with. Bah, now it has to sit here for the obligatory 2-3 weeks while I get no fragging done :(

Oh well, more coding time I guess.

Thursday, July 10, 2008

Back From the Dead

So my... third... foray into blogging about my life has so far been a pretty spectacular failure, no updates for 3 months? Lose.

So, just for kicks I've been writing a small PHP authentication library for myself lately, nothing too fancy or spectacular, and it's been kicking my ass.

The basic structure is simple - once authenticated, the system stores some data in a cookie - the username and a hash of a various bunch of things, including the user's password. As the user moves about my site the system just checks the hash for validity. Elementary, but works well enough for a low-traffic site that doesn't demand iron-clad security.

$cookie = sanitize($cookie);
parse_str($cookie, $output);

Simple? Not quite:


Expected output:
[username] => potato
[phash] => 9ee26cb97a7e32d9c0f1c02199295bc3
Actual output:
['username] => potato
[phash] => 9ee26cb97a7e32d9c0f1c02199295bc3\'

What the, how did those quotes sneak in there? Worse yet... if I run this on my dev box locally (OS X):
[\'username] => potato
[phash] => 9ee26cb97a7e32d9c0f1c02199295bc3\'

Notice the difference? PHP was friendly enough to provide this explanation:

Note: The magic_quotes_gpc setting affects the output of this function, as parse_str() uses the same mechanism that PHP uses to populate the $_GET, $_POST, etc. variables.

Which means that, as a means for security, quotes and slashes get escaped properly. Great. I don't see any quotes or slashes in my input. What gives? Google hasn't turned up anything relevant, so I'm unfortunately stuck on this.