Posts

Showing posts from June, 2012

Pygame Google Summer of Code, 2012.

Thanks to the students, and mentors donating their time, along with the PSF, and Google, the following pygame related projects are ongoing over the summer. "Pygame: GUI toolkit" by Sam Bull (sambull), mentored by Mike Fletcher(mcfletch) and with backup mentor Robert Deaton (masquerade). ( Proposal | Blog ) "Pygame: Improved Sprite and Scene system" by Sagie Maoz (n0nick), co-mentored by Robert Deaton (masquerade) and Katie Cunningham (kcunning). ( Proposal | Blog ) "Easy networking in PyGame" by Szymon Wróblewski (bluex), mentored by Rene Dudfield (illume) and with backup mentor Mike Fletcher (mcfletch). ( Proposal | Blog ) Some project updates: Sagie wrote a tutorial on pygame.sprite.Dirty and pygame.sprite.LayeredDirty, as well as a blog update on his progress.     http://dotfile.n0nick.net/quick-dirty-using-pygames-dirtysprite-layered     http://dotfile.n0nick.net/gsoc-journal-weeks-1-2 Szymon wrote a blog post on the networking proje

Internet protocol 6, 6, 6.

June 6th, 2012 is ipv6 launch day.  http://www.worldipv6launch.org/ You can now go to http://www.pygame.org/ with version 6 of the internet protocol.

Why Firefox 13 'load tabs on demand' is bad UX.

With the new firefox 13, on start-up it does not reload all of the tabs at once. Theoretically this means firefox loads faster.  Since it only needs to load one website when you restore, not all of them. This is a great example of a UX/UI app experience that seems good for users, but is in fact bad.  This comes up quite often when optimizing applications, and I have even done this style of optimization in the past.  So I'm using this as a case study in why doing this is not good from a UX perspective. The Scenario. I have 8 tabs, and I'm using most of them. Old firefox behaviour. Firefox loads, I go away whilst it loads itself, then loads all 8 tabs. I wait .  It takes a while to load - but some stuff can be loaded at the same time, in parallel.  If they are fast pages it is pretty much instant, and I can get to work. If they are slow pages, then I have to wait once until they are all loaded.  I can go off and do something else until the loads ar

SQL Injection via field names, and table names.

About a year ago I had to implement a system where the table name could be configured for an application.  Why would you want to do that?  Lots of reasons really, like if you have a table generator via a web interface.  In this case, the system integrates with other systems, and users need a way to specify where the data would go in an existing database.  So I merrily went ahead to try and put the table name in a prepared statement... but ERROR!  Unfortunately the sqlite database does not do table names or column names via prepared statements (like postgresql does for example).  The documented solution by sqlite is to escape them correctly with the provided functions.  Unfortunately python does not expose these SQL escaping functions - since most people should be using prepared statements. Here are some WONTFIX, closed, invalid bugs also mentioning table names, and column names not being a problem.  One of them is six years old. (closed wontfix) http://bugs.python.org/issue11685