Skip to content
- NoSQL injection attacks are in fact a real thing, and PHP is especially prone to them due to the way you can pass arrays in your query string. The defence against these is to turn off JavaScript execution on your Mongo server (or if you really need it, to never send user-generated data to it), and to check every field of user input to make sure it is a string (or other primitive if passed in as a JSON blob) and not an array.
- I really enjoyed a talk about information architecture called Beyond the Polar Bear by Mike Atherton. It’s a great introduction to the subject as Mike discusses the mammoth task of reorganising the BBC’s web presence, and the impossibility of generating simple, canonical, user-readable URLs for every piece of content when working at that scale. And you’ll also learn what a polar bear and a barn owl have in common.
- How to clone a single directory of a repository using Git sparse-checkout.
- Composer 2.0 was released in October last year and it’s waaaaay faster than its predecessor. I’ve been installing a few projects recently and it’s so nice not to be twiddling my thumbs for too long while my packages are downloaded. I’m also surprised to see that the Symfony install time is way faster than Laravel, which I’ve always considered less “enterprisy”.
- How to test a link that opens in a new tab with Selenium and PHPUnit.
- What the FLoC Google’s been up to in their quest to help advertisers target web users without third party cookies. I’m also reading Wild Swans at the moment and my first thought is that “Federated Learning of Cohorts” sounds more like a Maoist indoctrination camp than a technology designed to help advertisers profile website visitors. Literally the only thing I like about this is that the profile is supposed to reset after a week – I am still being stalked around the internet by a bookshelf I bought last year – but then if you visit any website that knows your personally identifiable information there’s nothing stopping them from storing this week’s profile against your name and amassing a history of the things. The thing that I like the least is perhaps Google’s proposal that it will monitor profile groups for correlations with sensitive information like race and gender … by using data that it’s collected about people’s sensitive information. I have installed the Disable FLoC WordPress plugin on this site and will be using this handy idiot’s guide to opting out to do the same on other sites I manage.
- Insomnia is a desktop API client available for Mac, Windows and Linux. I really distrust browser-based API testers (notably Postman) because of their tendency to share cookies with any browser tabs you have open on the same subdomain. My mainstay for years has been the mock REST client in PHPStorm but that’s now been replaced with a new implementation that’s less wysiwyg so I’m looking for something new. So far I’m very happy with it, especially with how easy it is to import and export request sets so they can be shared with colleagues.
- PHP 8 has a constructor promotion feature which allows for a lot of boilerplate declarations and assignments to be removed, and a nullsafe operator which allows you to chain away to your heart’s content. It’ll be a while before I get to play with these in production code, but I hope when the time comes I will be strong enough to wield this new superpower responsibly, rather than making all of my methods one-line chains of chaos like I used to as a grad.
- JetBrains are introducing a new remote pairing feature called Code with Me into their IDEs. Funnily enough I only had my first experience of true remote pairing (as opposed to passively looking at someone else’s IDE in a Google Hangout) a couple of weeks ago, using a tool called Drovio which does the trick nicely. The big drawback to the JetBrains tool that I can see is that it doesn’t sound like you can share non-IDE windows (e.g. a browser or MySQL Workbench) which could be a limiting factor in some situations.
- StackOverflow used the code they built for their April Fool’s Day joke to figure out how many people copy and paste content off their website – turns out it’s one in four users, or 40 million times in two weeks. They seem surprised that more copies are made off questions without accepted answers than questions with them, but I’m not. When there’s an answer that’s known to work you only have to copy that; when you’re swearing at your cheap burner laptop because Ubuntu doesn’t like the wireless card you’re in for a tedious afternoon of throwing random solutions at it until you’ve lost track of which ones you’ve already tried.