Monthly Archives: February 2009

The Best Teachers…

I like the TED talks.  A lot.  When I was working at the school board, I wasted many a lunch hour going through the TED video library.

This guy, Barry Schwartz, makes a plea for common sense over bureaucratic rigidity in modern society.  He also sums up the qualities of every single teacher that I’ve ever had, who I considered “amazing”.

Pretty inspiring stuff.

See Barry Schwartz’s talk here.

What’s Google’s slogan?  “Don’t be evil”? Whoever I end up working for, I hope I go home every day feeling like I’ve really done a good thing, as opposed to feeling like I just made a few bucks from somebody.

Some things I’ve learned from Movement and Voice class…

At the University College Drama Program, if you’re taking a Performance course, then you’re taking Voice and Movement.  They go hand in hand.  This is my third year taking Performance at the UCDP, and so this is also my third year with Voice and Movement.

I’ve learned a lot over the past 3 years in V/M.  Though they’re really two separate courses, there is plenty of overlap.  One of the most interesting things about these courses is their similarity to physiotherapy.  In these classes, we’re challenged to become more articulate with muscles that most people take for granted, or don’t even know they have.

So how do you get students to discover new muscles?  This is the challenge I didn’t understand two years ago – the challenge that the instructor has in guiding students to these areas of the body/brain.  Every student is different, and each could have their own way of understanding the mechanical workings of their own bodies – it’s really hard to tell.

So how did they do it?

Metaphors, believe it or not.  Images and metaphors.  I remember thinking that these classes were really…kind of strange, with all of the speaking in metaphors and images…

“Now, imagine that your soft pallate is like one of those automatic-pop-up tents….now POP it open!”

“Imagine more space in your hip flexor…breathe into that space…”

It might sound spacey, or floaty, or like nonsense, but believe it or not, this stuff works.

Probably the best example was in my voice class this year, when the instructor was getting us to find ways of getting our voice over obstructions in our mouths.  In this case, our obstruction was our own tongues – we had placed the tip of our tongue against the lower portion of our bottom teeth, and were pushing the middle of our tongue out of our mouths.

Now try to get sound out.  It might sound like you’re talking into a tin can.

The instructor then got us to try and “arc” our voices out of our mouths – and here’s where the really interesting part came in – he got us to arc our arms forward at the same time.  And it worked.

He said that there are many ways of communicating with the brain, and that one of them – that is often overlooked by academics – is through the body.  It’s called kinesthetic learning.  By arcing our arms away from our body, we were reinforcing the feeling of what he wanted us to do with our voices.

And in doing this, I actually discovered new muscles in my throat.  No joke.  They don’t move much, and they’re very subtle, but they’re there, and they affect sound, and those are what he was trying to get us to find.

Awesome.

Preventing SQL Injection Attacks

Over the reading week, along with studying for various midterms and assignments, I’ve decided to brush up on preventing SQL Injection attacks in web applications.

Pretty scary/awesome stuff out there on this stuff.  Here’s a great place to get some SQL Injection training, and here’s an excellent SQL Injection cheat sheet.

I got hit with a pretty bad SQL Injection attack last summer on an application I had written 3 years ago (before I had any clue that SQL Injection attacks were possible).

Here’s the take home message:  never trust user input.  Ever. If you’re expecting an int, make sure it’s an int.  Never insert user input directly into an SQL string. Use prepared statements instead, or stored procedures.

Luckily, I just did a quick survey of all of my running apps, and I seem to be OK in terms of SQL Injection.  Still, it’s a common attack vector – and the consequences of being lazy on user input can be pretty awful.

Update: Want to see something awesome?  Check this out – a Debian box gets rooted through MySQL injection…killer soundtrack too.

Getting to #1 on Google…

So I just Google’d “mike conley”.

This site was the 20th result. Not bad, but I’d like to do better.

Unfortunately, I have to compete with a professional basketball player, a singer-songwriter from Indiana, and an Olympic triple-jumper.

Yikes. Stiff competition. Luckily, I seem to be the only “Mike Conley” programmer/theatre enthusiast…

Model-View-Controller in PHP: Model

(Notes:

)

I have one thing to say for all of those PHP developers who look at Rails’ ActiveRecord class and get all excited about implementing it in PHP:

It can’t be done.  Yet.

Here’s why:

Until PHP5.3, PHP does not implement a feature called “late static binding”.  What is late static binding?  Well, how about I show you what it’s like to NOT have late static binding:

class A {
   public static function who() {
     echo __CLASS__;
   }
   public static function test() {
     self::who();
  }
}
class B extends A {
  public static function who() {
    echo __CLASS__;
  }
}
B::test();  //Outputs:  'A'

That’s right:  B::test() outputs ‘A’.  This is a problem, because while it is true that B is a subclass of A, B is still B.  When I call a static method of B, I want it to know that it’s B.

With late static binding (only available in PHp5.3 and onward), this goes away:

<?php
class A {
  public static function who() {
    echo __CLASS__;
  }
  public static function test() {
    static::who(); // Here comes Late Static Bindings
  }
}
class B extends A {
  public static function who() {
    echo __CLASS__;
  }
}
B::test();  //Outputs 'B'
?>

Why is this a problem for ActiveRecord?  Well, say we define a class called ActiveRecord, and create a subclass of ActiveRecord called Person.  When I call Person::find_all(), PHP5.2 is going to run find_all in ActiveRecord – and ActiveRecord’s find_all() will not know what kind of subclass I am.  It won’t know if I’m a Person, Dog, Pizza, or any of that jazz.  Essentially, ActiveRecord is now dead in the water.

Now, you could just make find_all a standard method instead of a static one, but then for every find operation, you’d have to do this:

$p = new Person();
$persons = $p->find_all();

Semantically, this doesn’t make much sense.

But, PHP coders, take heart –  there are two silver linings: