Wed 22 October, 2008
“ Just think of the tragedy of teaching children not to doubt. ”
Clarence Darrow
add to del.icio.us. look up in del.icio.us. 
add to furl add to del.icio.us. look up in del.icio.us. add to furlTue 21 October, 2008
add to del.icio.us. look up in del.icio.us. add to furl add to del.icio.us. look up in del.icio.us. add to furlMon 20 October, 2008
21:58 南京三日游» 梦想风暴关于游
我这个兄弟说,南京旅游,除了明朝那点事儿,就是爱国主义教育了。
我随身带了本《万历十五年》,对于寻访明朝踪迹,就没有那么浓厚的兴趣了,于是,游就成了彻底的爱国主义教育。去了中山陵,到了雨花台,几乎是游览中国近代史。我对历史有兴趣,但唯独不喜欢中国近代史,毕竟,好事让人心里舒坦。
跟近代关联不大的是,夫子庙。旧时秦淮人家,歌舞升平的景象,伴随着如今熙熙攘攘的人流。
关于吃
好吧!我承认,我喜欢吃。在南京,我吃过饭店,吃过普通人家,也吃过小吃,不同特色。
我对小吃情有独钟,无论走到哪里,我都喜欢找当地的小吃,这就是我喜欢西安的一个原因。南京给我留下印象的是,鸭血粉丝汤、盐水鸭和梅花糕。小吃遍地都是,但自己肚子有限,想找到最好吃的,通常需要本地人的陪伴,像这次为了吃梅花糕,也经历穿街游巷的过程。
关于算命
我不大信那些算命的,但是,这次到南京,居然算了两次。
一次在灵谷寺的貔貅殿,一次在玄武湖边。当然,无论是大师,还是仙姑,目的都是尽人皆知的。不过,偶尔听他们说一些,也很有意思,尤其是彼此素不相识,却说出了自己的很多情况,给了自己一些建议,有趣!
关于书店
这次去南京,目的之一,还有找一本书,虽然败兴而归,却逛了三处书店,对于如我一般的书虫,也算是一种补偿吧!
南京大学边上的先锋书店,给人一种属于读书人的感觉;军人俱乐部里面的淘书场,让人体会到是实惠;凤凰国际书城,时尚。
关于民俗
这次去的目的,参加婚礼。
第一次,参加家乡之外的婚礼,有些不同。比如,家里那边都是早上结婚,而南京这边居然是晚上。相同的是,一样的喜庆、一样的热闹。
关于行
公交车、地铁、出租车、步行、火车,差不多了吧!
运气比较不错,大多数坐车的时候,都能遇到座位。南京的公交站点很有趣,据说,叫同一个名字的站,最多会相距三站的距离。南京的地铁买票时,需要选择站点,大概是按站计费吧!那个地铁票让我想起电影中赌博的筹码。南京西站破旧的能够去拍老电影,而南京站豪华得让我差点对出租司机说,我要去的是火车站,不是飞机场。
关于印象
我并没有感到任何特别。如果说特别,可能是它没有我想象那么繁华,毕竟,江苏是一个经济强省。
在南京,还可以看到城墙,所以,给我的感觉,有些像西安,可能也正是因为这种感觉,让我并没有感觉特别,甚至有一丝亲切。兄弟家住的是一个老房子,所以,我有机会在那个平凡得不能在平凡的街区中穿行,从一个个普通得不能在普通住家门前经过,这种普通的感觉,在那一丝亲切上又增加了几分。
关于节俭
这是一个与城市无关的话题。兄弟和他老婆,都很懂得节俭,和他们在一起,经常挺他们说,别买这个了,等打折的时候再买吧!
他们的这种节俭甚至用到了我的身上,光在回程的火车票一项上,就为我省了180块钱:省下卧铺,“坐”了一夜火车。正是因为如此,此时此刻,我已经很累,就到这里了!:)
add to del.icio.us. look up in del.icio.us. add to furlWant to have a look at the entries for this year’s Rails Rumble? Take a look at this list of applications that were submitted and then ordered according to category. Good stuff.
add to del.icio.us. look up in del.icio.us. add to furlParis on Rails is having it’s third annual conference on December 1st. There’s a wealth of great speakers lined up and yours truly will be doing a video iChat session as well. If you register before November 9th, the entrance fee is just 80 euros. If you can, go!
add to del.icio.us. look up in del.icio.us. add to furl
“ I want to give my kids just enough so that they would feel that they could do anything, but not so much that they would feel like doing nothing. ”
Warren Buffett
add to del.icio.us. look up in del.icio.us. add to furlTime for another small security fix for Rails 2.0.x. The 2.0.5 release contains just two changes: A backport of the offset/limit sanitization fix for Active Record and a fix against header-injection when using user-contributed strings in redirect_to (see Response Splitting for more information).
As always, you can install with:
gem install rails --version 2.0.5
add to del.icio.us. look up in del.icio.us. add to furlThe Ruby HTTP libraries used by Rails do not perform any santization of the values of their HTTP Headers. This can lead to Response Splitting and Header Injection attacks in certain circumstances where user-provided values are written into response headers. These malformed values can be used to set custom cookies, and forge fake responses to users if your application uses any of the user submitted parameters to construct HTTP headers without sanitizing.
A common scenario where this can be exploited is where your application takes a URL from the query string, and redirects the user to it. To mitigate this common scenario new versions of Rails will be released which sanitize the values passed to redirect_to. However you will still need to take care when writing other values to response headers.
The new versions which will contain the fixes are:
- 2.0.5
- 2.1.2
- 2.2.0
These releases are not available immediately, so in the event that it’s infeasible or inconvenient for your application to sanitize the user-supplied values it passes to redirect_to, patches are available at the following locations.
Users of Edge Rails prior to ba80ff74a962 should update to the latest revisions, cherry pick the change at ba80ff74a962 or or apply this patch
Thanks to Luka Treiber and Mitja Kolsek of ACROS Security for notifying us of this issue and the Ruby Security team for their advice.
add to del.icio.us. look up in del.icio.us. add to furl add to del.icio.us. look up in del.icio.us. add to furl
“ All frisks that avoid the sensitive regions are by definition symbolic. ”
Jeffrey Goldberg
add to del.icio.us. look up in del.icio.us. add to furlSun 19 October, 2008
add to del.icio.us. look up in del.icio.us. add to furl add to del.icio.us. look up in del.icio.us. add to furl add to del.icio.us. look up in del.icio.us. add to furl add to del.icio.us. look up in del.icio.us. add to furl add to del.icio.us. look up in del.icio.us. add to furl add to del.icio.us. look up in del.icio.us. add to furl add to del.icio.us. look up in del.icio.us. add to furl add to del.icio.us. look up in del.icio.us. add to furl add to del.icio.us. look up in del.icio.us. add to furl add to del.icio.us. look up in del.icio.us. add to furl add to del.icio.us. look up in del.icio.us. add to furl add to del.icio.us. look up in del.icio.us. add to furlAt the Tempe Nerds lunch the other day we were speculating about there being another Desert Code Camp any time soon. I hadn’t heard anything, but today, out of curiosity, I checked the Web site, and right at top it says, “Next camp is coming December 6th, 2008”
Hopefully, more info will be available soon.
add to del.icio.us. look up in del.icio.us. add to furl add to del.icio.us. look up in del.icio.us. add to furl add to del.icio.us. look up in del.icio.us. add to furlSat 18 October, 2008
Fri 17 October, 2008
add to del.icio.us. look up in del.icio.us. add to furl“ Greatest weakness? It’s possible that I’m a little too awesome. ”
Barack Obama
add to del.icio.us. look up in del.icio.us. add to furlRubyConf2008 is less than a month away. 500 or so people will attend.
Four years ago in Virginia I spoke at RubyConf. People were always taking pictures of the speaker, so I decided that the speaker should take a picture of the audience.
This (taken with my cell phone) is it:
That’s pretty much everyone attending the conference. That was when you really could know the name of everyone who attended. When almost everyone there was making a living doing Not Ruby work, but banging out a cool Ruby project on the side. When folks hung out in the bar and lobby hacking on Ruby code (and not playing Werewolf) ‘til the wee hours.
Different.
add to del.icio.us. look up in del.icio.us. add to furlThu 16 October, 2008
“ Cannot construct the infinite type. ”
Glasgow Haskell Compiler
add to del.icio.us. look up in del.icio.us. add to furlI added some notes about my Wii+Ruby talk to the Ruby::AZ site.
If anyone has question about it, please drop me some E-mail (see here for contact details) .
When I have an actual complete app I’ll post the code.
add to del.icio.us. look up in del.icio.us. add to furl
{ |one, step, back| }
动态感觉 静观其变
Caiwangqin的blog
Articles published in Ruby Code & Style