November 2007 - Posts
Reading (still pending) RSS feeds about Lego Mindstorms I've found something interesting... How to control your NXT robot with a pc and a Wiimote!
It uses Microsoft Robotics Studio and, more interesting, a managed .NET library for the Wiimote (which opens possibilities to not only controlling robots...).
Now that I have a Wii I have to play with this .NET library... For controlling the robot I still prefer doing so from my phone.
I've found an interesting article about the 50 greatest game design innovations.
Some of them are too obvious, but others have good points (like "stealth" or "bullet time"). I think that the order is not important, but judge by yourself ;)
Original source: Ascii Dreams
This is just a small update to notify that I'm alive, but combining another parrondo party we had this friday with some pain in the neck I'm having lately (I fear that the reason is too much time with laptops), I'm not in the mood for coding too much after work.
I'm working on getting a monitor for the laptop (I use a normal mouse and the arms are in good angle) and I need a new decent chair, but as next week I've got small holidays... Seems this will be a calm week. Anyway I'll try to post something before going out.
Last night, after coming early home I decided to install Windows XP Professional 64, to play the (growing) list of Vista-incompatible games and to not need to tweak DirectX (after Crysis, I've lost my faith in DirectX 10, it just slows down any game and visual improvements are barely noticeable).
So... I get my XP Pro 64 copy, read this fantastic dual-boot guide and launch Diskpart (fantastic tool for resizing partitions!) from my Vista 64 DVD. All seems to go ok, I reboot with the XP64 DVD, Setup starts... And doesn't finds my RAID0 HDDs :(
I've tried almost everything, I've learned how to include my own drivers into a Windows Install DVD (via nLite, nothing special), I've tried using the official floppy drivers, but after a correct install the 64 version of XP just gives a BSOD and reboots.
I've given up and installed WinXP Pro 32 (so I'll still use Vista 64, but incompatible games will run on XP), but the 32-bit memory addressing limit means WinXP only detects 2,25 GB of my total 4GB of RAM.
I enjoy a lot doing all this IT-related tasks, but when they have a "good ending". But I assume this is the price for having new hardware, backwards compatibility...
Today has been a great day, Messenger control for web plus presence API. The second one was a simple URL to query messenger.services.live.com and get a user's online status image. Not bad... but could be better!
Playing a bit, I found that you can get the full JSON of the presence API, like this example:
URL: http://messenger.services.live.com/users/a4ac90d9a8d3ed64%40apps.messenger.live.com/presence
JSON:
{
status: "Away", icon: {
height: 16, url: "http://settings.messenger.live.com/static/w13r1/Conversation/img/Status_Away.gif", width: 16
}, statusText: "Away", id: "a4ac90d9a8d3ed64@apps.messenger.live.com", displayName: "Kartones :: .Code :: 4.95T"
}
Uhmmm, more interesting, no? We can get the status text, image url, and even the display name! Much better for mashups and gadgets!
So, by building a small AJAX proxy (like the Twitter badge one), PedroA (who is becoming the JSON master) and I can query for our "full" status and handle it with JSON.
We've uploaded a small demo here: http://kartones.net/demos/001/WindowsLiveStatusMessenger.htm
Note: you must have opted in to show web presence in order to see your status.
Or you can see my actual Messenger status in this blog, near the bottom of the left sidebar. Nice :)
Just a small, quick post that has amazed me. Messenger IM Control is finally available!!!
I've tested it and works very simply but correctly, allowing even anonymous conversations from the web!
I'm just missing the Activities window (which, being a web page, could be just another iframe), but nevertheless is a great improvement!
Update:
For example, you can talk with me (if I'm online) via this button: 
Or you can try talking to the Encarta Agent.
Today a small post that I had in mind since some time... a quick-list of how to fortify against SQL Injection (and some more general best practices).
- You can do some javascript, client-side validations to avoid postbacks, but rembember: never, ever trust client-side code and data.
- Check all input data before sending it to your application logic. Parse integer data types into actual integers and validate data with the expected formats.
- Server.HtmlEncode() and Server.HtmlDecode() are vital in web applications, do not forget them.
- You can use a black-list approach for eliminating or escaping undesired characters, but I prefer a white-list approach: regular expressions are cool and not so difficult, use them and if username can only contain letters and numbers, do not allow anything else in.
- Using custom entities, business objects or similar object oriented approaches helps avoiding injections. If you missed validating the new user page age field, when creating a new user entity it's integer age property will throw an exception.
- Never, ever build querystrings without at least using CommandParameters... Stored procedures are fast and more secure, but if you don't want to (or can't) use them, CommandParameters are strong-typed and will avoid injections too.
- Do not use the SA/admin accout from your code! Create a new user, map it only to the application's database, and give him only the specific, minimum rights. Few applications need DROP statements. And if you need to, maybe having two users is the solution (one just for delicate operations and the other for normal SELECT,UPDATE...).
- Just in case everything else fails... use Logs! Log every important operation, every non-trivial method call, every exception... Each day I rely more on logs and less on just debugging to watch for errors or undesired behaviors, because you don't always have the option to debug ;)
I think I'm not letting anything out... but if it happens, I'll update the post. Comments will be appreciated ;)
Couldn't resist to post this fantastic (but real) advertising:
Source