Mike Conley's Blog

When I don’t have work to do, I get antsy.

And right now, I’ve got no work to do.

So I’ve come up with a project for myself:  remember how I created a Firefox Plugin a few months back?  I’d like to make another one – but this one will actually serve a useful purpose.

Have you ever been to a page that suddenly started spewing window.alert boxes at you?

If you haven’t, open up Firebug, and paste this into the console:

for(i = 0; i < 10; ++i){ alert(i); }

Now imagine if instead of 10 alert boxes, it spewed hundreds…or thousands….or god forbid, it uses a while(true) loop, and throws infinity alert boxes at you.

It totally cripples Firefox. It’s a super simple browser DoS attack.

Mozilla knows this, but so far, no solution except for killing the Firefox process, or disabling Javascript manually, or with NoScript (a plugin that I highly recommend).

Google Chrome has solved this problem by providing a checkbox on alert dialogs that allow a user to disable future popups from the current site.

Cool.  I want Firefox to have the same feature.

So, this summer, I’m going to try to build a Firefox Plugin that will override the standard window.alert function, with one that provides a checkbox, letting the user disable future alerts.

I don’t even know if this is possible, but I’m looking into it.

I’ll blog my research and progress as I go along, and share my code / final plugin when it’s all finished (or when I abandon it…hey, it happens).

So stay tuned.

2 people like this post.

Like

Unlike

Well, it’s official:

This summer, I will be working on OLM for the Department of Computer Science at the University of Toronto.

I will also be going to Poland for 2 weeks, and maybe even do some camping…we’ll see.

Just wanted to announce that.

Be the first to like.

Like

Unlike

ANOTHER UPDATE: Whoops.  Fixed the links to the auction and the St. Catharines Standard article.

UPDATE: Apparently, the Feds are getting in on the online auction circuit too.

Over the past three summers, I’ve been employed by the District School Board of Niagara as an internal web application developer.

One of my first jobs in the summer of 2006 was to rebuild the online auction application that the DSBN Purchasing department ran.  The original auction let the Board dispose of old equipment quickly and easily, and was quite popular.  Unfortunately, it was also written in (almost) unintelligible/unmaintainable Perl.

So I rewrote it by myself, and learned PHP/MSSQL along the way.  We called this new auction site The Government Surplus Online Auction, and we opened it up so that other government agencies could also post items for auction.

Things went along fine until last summer, when the site got attacked by an SQL Injection bot.  Back in 2006, I had no idea what SQL injection was, or how to guard myself.

So there I am – I’ve just come back from a camping trip, my inbox is packed with complaints, and I’ve got three weeks until school begins.  Crap.

Luckily, I had plenty of tools at my disposal.  My web app development skills and practices had evolved dramatically since 2006, and I had been itching to reimplement the auction anyhow.  The SQL Injection attack was a perfect excuse for me to gut the entire application, and rebuild from scratch.

And I did.  I rebuilt the whole thing from the ground up in three weeks.  It’s been almost a year since it was deployed, and I’m still very happy with its performance, and the code that runs it.

I’m not happy with its overall UI design.  I think there are plenty of improvements to be made in that regard.  Luckily, it’s coded using a light MVC framework that I designed/built myself, so reskinning shouldn’t be too hard for whoever decides to work on it…

Apparently, I’m not the only one happy with the auction site.  Check out this article (now without annoying print dialog).

I just checked the logs today – we hit a new record: an aerial truck went for $22,000 dollars.  With the Board receiving 5% ($1100) of that simply for hosting, I think everybody is walking away happy.

Here’s the auction.

Proof that I wrote it?  This’ll have to do.

Be the first to like.

Like

Unlike

Last night, I had a dream.

In it, I was breaking into a house.  In the house was a TV and a computer.  On the TV was Mario64, and on the computer, Starcraft.

Somehow, in my dream, I knew that both had been re-implemented in Javascript.  I was blown away.

When I woke up, I posted a little blurb about this dream on Twitter.  Paul Gries responded with this link:  Javascript Starcraft.

Dreams.  They can come true.  Except sometimes, you need Internet Explorer to run them.

Be the first to like.

Like

Unlike

I’ve mentioned the OLM project a few times, and more than once, I’ve been asked:  “What is this OLM thing you keep talking about?”

So that’s what this post is for:  to provide a plain-English explanation of what OLM actually is/does.

Note: I can’t guarantee that the history of OLM is entirely accurate – I’m assembling this from hearsay, and personal accounts.  If there are any corrections to be made to this post, please comment or email me.

Part 1:  How it Used to Be

Computer Science students, at one point or another, have to computer programs for their assignments.  These programs are written in a myriad of languages (Java, Python, C, the list goes on…), and have to be marked by teaching assistants.

Originally, after students submitted their completed programs, the TA’s would print off the source code and write on the printouts to give feedback on how the code was written.  They would also use a rubric to grade the overall assignment based on predetermined criteria – which isn’t at all unusual in grading student work.

That’s how it used to be.

Part 2: The Birth of OLM

One day, the Computer Science Department at UofT decided that they wanted to write a web application for instructors to manage assignments, and to receive student submitted code.  They also wanted TA’s to be able to log in, and mark the code, almost as if they were doing it on paper.

So OLM (On-Line Marking) was born.  It was written in a web framework called TurboGears by a group of undergraduate students.

And it wasn’t bad.  It’s still used in the department to this day.

Part 3:  OLM is Reborn as…Checkmark…or OLM…or something

The original OLM has a few deficiencies.  The instructors who actually use it could probably rattle off plenty of stories about how, sometimes the client-side of the interface doesn’t entirely agree with the server, or little glitches that require diving into the database to fix.

Plus, the code-base is kind of a hodge-podge.  Not easy to extend, not easy to maintain…the framework that OLM was written on was no longer the “hot framework”, and there was little in the way of support.  Something needed to be done.

So it was decided that OLM would be recreated from the ground up, and would be an evolution based on the lessons learned from the original implementation.  It was going to be rebuilt in Ruby on Rails, and it was going to be awesome.

It was also going to be renamed.  The name “Checkmark” has been bounced around, but should really be more considered as a code-name.  The project is still referred to as OLM, or Checkmark.

(Just came up with a name idea:  MarkUs.  Note to self:  send name idea to supervisor…)

Part 4:  As it Stands

The new implementation of OLM is actually in pretty decent shape.  There are plenty of bug-fixes and unimplemented features, but a lot of the hardest stuff seems to be over – at least, in terms of matching the feature list of the original OLM.

And that’s important, because our supervisor wants this thing polished, tested, and deployed for the Fall term – and it’s got to at least match the original feature set of OLM, if not exceed it.

Part 5:  Want to See It?

If you want to see this thing, you have three choices:

1. Catch me in person, and ask to see it.  If I have my laptop, I’ll give you a demo.
2. Get it from our Subversion repository, and get it running on your own machine.
3. Enroll in a CS undergrad course in the Fall, and who knows…maybe you’ll end up using it.

Anyhow, if there are any OLM related questions, or even some name ideas, please don’t hesitate to post.

Be the first to like.

Like

Unlike

It’s a race.

I’m going to attempt to create a simple Firefox extension that will display the DOM ID of an element that my mouse cursor is hovering over in the status bar.

There are probably a ton of Firefox extensions that will do that already, but I want to give it a shot as a project.

It’s 3:30PM right now, and I want to try to get this done by 5:00PM.  I’m going to be using Ubuntu 8.04, gEdit, and Google to get me started.

And I’m going to record my progress here in this blog post.

Note: After I’m done, I’m going to edit my sporadic notes so that they make more sense.  So if you’re wondering just how I managed to stay so cool, calm, and collected in my prose under such time pressure, and why the publish date on this article is after 5PM, now you know.

3:35PM:

Gonna start with Google:  “building a firefox extension”

Ok, found an article about how to create a Firefox extension.

Apparently, the first thing I want to do is try setting up a development profile in Firefox.

3:41PM

Finished setting up my dev profile by opening up FF with this command:

firefox -no-remote -P

Then created a profile called “Development”.  After that, I typed “about:config” in the URL bar, and changed some settings as instructed on this site.

3:49PM

According to that last article, I can create a skeleton Extension project using this site.  Done – calling the project DOM ID Displayer

3:53PM

Installed this Extension - apparently, it’ll be some help.  Will let me reload Firefox’s chrome  shtuff without restarting the browser each time.  Useful.

3:55PM

Found this article on making a status bar extension in XUL.  Easy as pie.

4:05PM

Ok, I’ve coded something in XUL that should display a new panel in the status bar.

<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet href="chrome://domiddisplayer/skin/overlay.css" type="text/css"?>
<!DOCTYPE overlay SYSTEM "chrome://domiddisplayer/locale/domiddisplayer.dtd">

<overlay id="domiddisplayer-overlay" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<script src="overlay.js"/>

<!-- Firefox -->
<statusbar id="status-bar">
  <statusbarpanel id="domiddisplayer" label="Hello, World!" tooltiptext="Dom ID Displayer" />
</statusbar>
</overlay>

I put that in the “overlay.js” file in my ~/Experiments/Extensions/domidinspector/content folder that was created using that Wizard from 3:49.

Now, to get this thing to run in my Development profile, I create a symbolic link to it in the Development profile’s extensions directory

ln -s ~/Projects/Experiments/Extensions/domidinspector ~/.mozilla/firefox/nzuzbdpz.Development/extensions/domiddisplayer@mike.conley

Open Firefox with Development profile:

firefox -P Development &

4:16PM

Looks like I can access and relabel the XULElement that I’ve ID’d as “domiddisplayer” using this:

domiddisplayer.updateDisplay = function(event) {
var dom_element_id = event.relatedTarget.id;
document.getElementById('domiddisplayer').setAttribute('label', dom_element_id);
}

Cool – I can now change my text in the Firefox status window.  Now I just need to capture any time a mouse moves over a DOM element….yikes, that might be tricky.

4:33PM

Been tinkering with this as a way of putting a mouseover event listener on everything in the window:

window.addEventListener("mouseover", function(e) {
  domiddisplayer.updateDisplay(e);
}, false);

4:35PM

Seems to only be capturing mouseover/mouseout events on Chrome elements – so I can get the ID’s of the statusbar, etc.  These are XUL Elements, not the DOM elements of a web page…

So I’m close.

4:44PM

This page is super helpful…

Apparently, I need to wait for the content of the page to load before I can attach observers to all of its sub-elements.  Makes total sense.

So, in my domiddisplayer.onLoad function, I write this:

var appcontent = document.getElementById("appcontent");
if(appcontent)
  appcontent.addEventListener("DOMContentLoaded", domiddisplayer.onPageLoad, true);

And now, I create a function called onPageLoad, which looks like this:

domiddisplayer.onPageLoad = function(aEvent) {
//Runs when the page is loaded
  window.content.document.addEventListener("mouseover",
  function(e) {
    domiddisplayer.updateDisplay(e);
  }, false);
}

5:03PM

Done.  I’m over time, but I’ve finished a (relatively) working extension.

Here, it’s a mess, but you can download the whole thing right here if you want to tinker with what I did.

Download domiddisplayer.zip

Be the first to like.

Like

Unlike

So, maybe I’m about to state the obvious here, but believe it or not, parts of Mozilla Firefox are coded in JavaScript.

JavaScript?  Powering Firefox?  Holy smokes, I had absolutely no idea.

Let me back up for a minute.

There’s a very small possibility that I’m going to be working with Mozilla for Google Summer of Code this year, so I downloaded the Firefox code base to take a look at what their code looks like.

And it looks good.  Really good.  Clearly, the guys at Mozilla are pros.

So I was digging around in the source code, and in the folder mozilla/browser/base/content/browser.js, there is a JavaScript file that essentially details how Firefox behaves.

Look – here’s the function that handles when a new tab is opened in Firefox:

function BrowserOpenTab()
{
  if (!gBrowser) {
    // If there are no open browser windows, open a new one
    window.openDialog("chrome://browser/content/", "_blank",
                      "chrome,all,dialog=no", "about:blank");
    return;
  }
  gBrowser.loadOneTab("about:blank", null, null, null, false, false);
  if (gURLBar)
    gURLBar.focus();
}

JavaScript.  My mind is starting to get blown here, and I’m getting excited by the possibilities – seeing as how I’ve grown quite comfortable with JavaScript over the years.

And it’s all thanks to the Mozilla framework, apparently.  I’m only scratching the surface here, but I’m really interested in this, and I’ll post more as I learn it.

Be the first to like.

Like

Unlike

For those of you who don’t know, this past Thursday, Friday, and Saturday, I’ve had my face planted into a laptop, working 8 hour days on the OLM project.  

And I wasn’t alone.

I was in a room with plenty of other Computer Science students – some even coming from as far as the West coast to join us. Good people, good times, interesting problems, and free food – all care of Greg Wilson, Karen Reid, and the other support within the department.  It was really fun, and I learned a lot.

And we coded our asses off.  Literally.  It was awesome.

So what did I end up actually doing?  Well, when TA’s are marking code, there are little menus that let them attach pre-built annotations to highlighted sections of code.  I’ve also replaced the ugly Javascript Prompt dialog that asks for new annotations with a nice, modal dialog, using LivePipe UI.  The team also got the rubric listed next to the code, and we now have the ability to apply grades on the rubric!  Awesome!  We’re almost there!  There are plenty of tickets, plenty of ways this code and interface can get cleaned up, but we almost have the behaviour we want.  And that’s something.

If I get a chance, there are two things I’d like to do:

1. Replace the SyntaxHighlighter Javascript code with something a little less client-heavy.  Maybe we can syntax highlight the code on the server side before we send it to the client for viewing?  That doesn’t sound too bad… does anybody know of a Ruby gem that’ll do that?
2. Refactor the annotations code.  Right now, it’s a lot of Javascript.  A lot.  I’d like to shave it down, simplify it, streamline it.  But that’s what refactoring is all about, right?

Oh, and, in other news, I’m considering graduate school, and doing Google Summer of Code.  Just something I’m mulling over in my head…

Update:  Coding for three days straight brought sooooo much tension back into my shoulders…this is where Movement class exercises become very handy…

Be the first to like.

Like

Unlike

Did I mention I’m code-sprinting over the next three days?  Actually, next two days – I just finished my first day today.

What’s code-sprinting?  It’s a trendy term for sitting down with your team, and plowing through code en masse, trying to get as much done as possible.  8 hour days, cookies, coffee, whiteboards, pizza, crashes, bugs, tickets, fixes, etc.  We’re trying to cram 3 weeks of work into 3 days.  Cool.

In case you don’t remember, I’m working on a project called Checkmark (or OLM…still undecided on the name) – a tool for Professors/TAs to receive student code submissions, and to facilitate easy marking and annotating of the submitted code.

So here’s something I learned today while coding:

Say you have some nested DIV’s, and the parent DIV has a mouseout trigger.  Something like this:

<div id="parent" onMouseOut="alert('Mouseout triggered on parent');">
  <div id="child_1">This is some child</div>
  <div id="child_2">This is another child</div>
</div>

As you would expect, the mouseout event will get triggered if you move your mouse over the parent DIV, and then move the mouse back out again.

But it also gets triggered when you move your mouse OVER any of the child DIV’s.

Say what?  That’s right – even though you’re still inside the parent DIV, the mouseout event got triggered.  I found this out today when I was trying to code dropdown menus in Javascript/CSS using Prototype – I could get the dropdown menus to appear find when I clicked on the appropriate button, but they’d disappear again as soon as I put my mouse over any of the sub-elements of the DIV.

So how did I fix this?  I found this example code, and adapted it for my purposes.  This code assumes that you’re using the Prototype Javascript library.

$('some_dropdown').observe('mouseout',
  function(event) {
     //We could probably replace the following with Event.element(event), but oh well.
     var target = $('some_dropdown');
     var mouse_over_element;  //What the mouse is currently over...
     //So let's check to see what the mouse is now over, and assign it to mouse_over_element...
     if( event.toElement ) {
        mouse_over_element = event.toElement;
     }
     else if(event.relatedTarget) {
       mouse_over_element = event.relatedTarget;
     }
     //In the event that the mouse is over something outside the DOM (like an alert window)...
     if(mouse_over_element == null) {
        return;
     }
     //Now we just make sure that what the mouse is currently over is NOT a descendant of
     //the dropdown, and that the target is not the current mouse_over_element (I can't
     //remember which case this covers, but it's important)
     if(!mouse_over_element.descendantOf(target) && target != mouse_over_element) {
        target.hide();
     }
   }
 );

And it works.  Whew!  Just thought I’d share that little snippit.

1 person likes this post.

Like

Unlike