Two little snippets, some simple things that seem to be forgotten when writing code.  First, a general example using PHP; have you ever found yourself writing a loop that looks something like this?

$i = 0;
while ($row = mysql_fetch_assoc($result) {
	// ...
	// maybe something about $i % 2 to determine even-from-odd rows
	++$i;
}

If so, remember this: you are (effectively) building a complicated, difficult to read and easy-to-break for-loop. There is no magic law that says that all three arguments of a for-loop must be related to the same variable (heck, you may have even used a few of them with no arguments in one or more positions). Consider the following:

for ($i = 1; $row = mysql_fetch_assoc($result); ++$i) {
	// ...
	// the same code can go here
}

While the differences may seem semantic-bordering-on-syntactic-sugar at first (there is no real execution difference between for-loops and while-loops, of course), consider what differences they offer to you as a developer:

1. When looking at the for loop, you know immediately what is involved, instead of hunting for the declaration and incrementation of $i, or whatever your preferred increment-variable flavor is.
2. It saves code real-estate
3. You can easily edit the contents of the loop, as well as what contains the loop, and not worry about destroying an important variable declaration, iteration, etc.

Of course, this isn’t a serious gripe, just a nudge towards thinking outside of “traditional” declarations and using something that will be easily maintainable.

Second, remember that everything in JavaScript can be treated like an object-reference.  Of course, you’ve probably been told this before, but I want to bring up one instance in particular: functions.  If something returns a function reference, you can execute it directly, without cluttering the parser/code with unnecessary calls to things like setTimeout(). Consider the following code I have been running into a lot recently (using Prototype 1.6):

setTimeout(someFunction.bind(window),10);

While this will certainly do what you want, the call to setTimeout() is superfluous, and serves only to confound the matter. Since it is an object reference, you may use function notation to execute it like any other function object, such as:

someFunction.bind(window)();

Not only is it more concise, but when you look at it you know exactly what you’re doing with it.

Remember, while avoiding cleverness for cleverness’ sake, it is important to use your brain while programming. Strive for elegance and keep on truckin’.

Hey there kids! Put your walk-mans down and listen up! Let’s “rap” for a second about nerds. Nerds, the social stragglers that make your stuff go just so you won’t beat them. Nerds, the… Actually, I’m sick of this already. I was browsing Graphjam today, and I ran across this:

I, like many, thought it was cute.  I even posted it on a certain social networking site that sounds like “Chase Crook.”  Then, I made the mistake of reading the comments, causing me to run across this gem:

“Nerds do not exist. Nerdisms are a threat to the success of society, and perpetuated by popular culture. Because of nerdisms, people subconsciously associate science, math and engineering with being ‘socially inept’ thus avoiding such unpopular fields. We are running out of scientists in the US and soon China, because of their immense quantity of engineers and scientists will become the world superpower.”

Now, without addressing the inherent Jingoism this quote, the rest of it is pretty spot-on. Maybe it’s the that’s-for-nerds factor, or maybe it’s the waah-it’s-hard factor (maybe even both), but I do tend to hear more kids my age talking about majoring in communications, business or English (to name a few) than I do in science-related fields (considering Math as the purest science, for the sake of grouping).

Of course, college major isn’t everything.  In fact, attacking a major would, by and large, be completely the wrong avenue, since there’s no accounting for (a) what you will actually do with your degree and (b) quite honestly, science isn’t for everyone.  Business, Politics, Education, and others can all be worthwhile pursuits — even entertainment is necessary to the vast bulk of society, nerd or otherwise.  This isn’t an attack on these fields, so much as question: why is it that science is almost treated with disdain?

I, for one, have no college degree, and I know there are plenty of us doing just fine without a fancy degree from a major institution saying that we can be, well, nerds.  Those of us who bear that title generally do so with pride; many of us took up the nerd banner at a young age, suffered social ostracism as children, and tinkered, and played, and stayed in figuring out just that one last problem (which of course led to the next thousand-or-so) that prepared us to move on, as adults, to bigger and better things.

I know that I can’t change society’s mind; it’s just not hip to be smart.  At this point, it’s almost a vicious cycle – in a society that engenders a distrust, or downright hatred, of smarter people when they’re children, doesn’t it stand to reason that the same children will lose out on the formation of critical social skills at a young age?  Oh, there are exceptions to this (and every) social rule, but popular culture makes sure that it stays firmly rooted as a mainstay of growing up: there’s cool kids, average kids, slime moulds, and nerds – in that order.

What’s the solution?  wish I knew.  How do you take a society like ours, with values and culture in the state they are in, and try to get it to really believe that maybe they don’t need to hate everything they don’t understand?  Well, now I am reaching too far…

For years, as a P.C. and Windows user and developer, I’ve been forced to listen to inane claims about the superiority of Mac/Linux/BSD/Gameboys because they “don’t get viruses because they’re better products.”  Now, I usually try not to allow myself to be incited to anger, or shame, but come on.  That’s like saying that Malta isn’t getting invaded because their security is top-notch.  The actual quality of Malta’s security notwithstanding, they don’t get attacked because there just isn’t a market for it. With Windows keeping its market share well over 85%, it’s little wonder that it’s the prime market for attacks and exploits. And, while I won’t argue that some of the choices they’ve made over the years haven’t affected the vulnerability, the real point is that there is simply more sensetive data to be gathered from Windows users, and more “research” done into the field of Windows hacking.

Enter the iPhone “virus.”  There are several blogs and articles talking about it, and it seems that a dull roar is arising of people clamoring that there is a horrible problem here, and they’re right… ish.  While certainly any security breech allowing an attacker not only complete control over and access to your data and device is a tremendous issue, you have to balance this issue with reason.  Charlie Miller, discoverer of the vulnerability, admonishes users not to jump ship yet — at best, would-be attackers are weeks away from a workable piece of malware.

“It’s extremely hard. It took me two-and-a-half weeks to write the code for this. If there were a bad guy who wanted to attach something like a virus to this exploit, it would realistically take a few weeks if not longer for them to carry it out.”

What this means to you is that panicking and turning off your phone right this instant is probably an overreaction; then again, with an apparent lack of response from AT&T about the issue, don’t just turn off the alarm in your head just yet. If this issue is not addressed, an event that yours truly finds just a bit unlikely, then yes, feel free to panic, scream, rant, rave, and yell at Customer Service all the live-long day until they address the issue, but don’t have a heart attack today.

Certainly, the scariest part of this issue is that you really don’t have to do anything for this to affect you; simply by having adopted, as almost all of us have, technology that uses the current SMS specification, your smartphone is vulnerable.  Keeping in mind a certain amount of concern, and certainly the response of major phone carriers and manufacturers over the coming weeks will be the gauge by which we measure this, it simply isn’t necessary to jump overboard… yet.

Now, I have to admit, I do take a small amount of sick pleasure in seeing an Apple product fall susceptible to an issue this potentially massive, if only to have the slight personal vindication of knowing the truth: Everything is vulnerable, given someone takes enough time to bother attacking it.  To this end, Dai Zovi warned at a Las Vegas security conference that “There is no magic fairy dust protecting Macs.” As they gain in market share, as they become more and more ubiquitous, they become more and more vulnerable.  According to Zovi, there is more code in the Mac OS than in Windows, something which provides would-be attackers with even more vulnerabilities to exploit.

Of course, at the end of the day, all this really means is that every user, no matter their OS or hardware choice, must exersize caution.  Thinking that you can’t be targetted by someone just because you use Product X is a ridiculous security plan that will only end in heartbreak.  To put it succinctly, for the desktop computing world, I Told You So.

As for the SMS vulnerability for smartphones, it’s in the hands of the big boys now;  We’ve trusted them to look out for us for some time, but the coming weeks will be a testament to how well founded that trust has been.  Here’s hoping we haven’t been just a bunch of lemmings.

In last Thursday’s article I ended up discussing browser market share and trends. As I wrote that article, I was using Firefox 3; As I write this article, however, I am using Google Chrome. This fact, actually, shocks even me, so I’ll share how it happened.

A quick search of google reveals that many of us on Vista 64 have been plagued with instability and inexplicable crashes from Firefox for a little while now. And, while the browser was generally stable, it could happen at frustrating times — for example, in the middle of writing my last article. Thankfully, WP had a fairly up-to-date draft saved, so I didn’t lose much, but what if I’d been typing an email at the time? Or using some sort of ticket system that didn’t have an autosave feature?

I forget how it happened, but I ended up reading the Google Chrome Comic, which is an interesting read to be suggested to anyone considering chrome, but let me summarize what I got out of it: Chrome runs each and every tab in its own process. You heard right, the tab bar is being run by Chrome’s central “process manager” and it seperates each and every tab out into a unique PID, handle, etc. The first advantage is huge: If you crash, only one tab crashes; all the others are fine and dandy. And, overall, it means that even if every tab crashes, the parent process manager doesn’t lose all your settings. But let’s step back a bit and talk about how we got here.

In the beginning, as far as most people who got a PC between 1996 and now are concerned, was the Internet Explorer. And it was good… ish. Well, when you were first getting a computer, there wasn’t a whole lot to notice about it being bad. If it seemed slow, well, that’s just the speed computers run, no real need to worry. In fact, and I don’t think anyone is disputing me on this one, most of the reason Internet Explorer is still being used in such volume is actually very pragmatic on the part of its home user base: If It’s Not Broken, Don’t Fix It. As far as your average user goes, there’s nothing wrong with IE. Well, there is, but not that they can see.

If I had to pick a number one problem with IE, it’d be security. Since IE has been a part of the “Core OS” since Windows 95, it has access to a lot of components that other browsers, by virtue of not hooking functions that are allowed to run in Kernel Space, do not. And with great power, comes great responsibility — except for the part where it was apparently decided that Microsoft should be able to silently install its own ActiveX controls. Now, I’m not going to bash them for trying to take control of the user’s machine and make decisions for them, and I am not going to say that, for the average user, this doesn’t make a lot of sense, as it allows Microsoft Signed ActiveX controls, which have a tendency to make browsing into a less painful experience for the users, become available with little-to-no interaction on their part; really, it does make sense from that perspective.

If you’ve ever been identified as “The Computer Guy” by your family or friends, you’ve inevitably had to suffer through some questions which just seem downright silly, and make you wonder how they could possibly not know this and still manage to not get their fork stuck in a nostril while eating. One of the common complaints, that usually makes any and all support personnel scoff, is that “I didn’t do anything, I just got a virus.” The odds of that happening are, well, slightly more likely than the presence of snow in the earth’s molten core — you always did something. Except, of course, when they genuinely didn’t. A while back, a vulnerability was identified with the Access Shanpshot Viewer ActiveX Control that allowed someone to execute arbitrary code with the same access level of the currently logged on user. And, what’s more, not only did it automatically, and silently, install on the target’s machine, it would even install if a user had an updated version of the same control. And this is only one issue of its kind.

From a web developer’s perspective, 75% of the hassle of developing a new application is debugging it for IE. When I first started slamming my face into the keyboard and calling what came out on the screen “HTML” I was only viewing it in IE. And, because of this, I developed a lot of bad habits. Quickly, too. That was over 10 years ago now, and I am still embarrased over this hideous markup, thankfully now striken from the web with the demise of sites like Angelfire and Fortunecity. Again, though, from the user’s perspective, this makes the web “more accessible” because little Johnny’s website looks good in IE, but looks like a steaming pile of dung and other unmentionables in FireFox.

Of course, from the Web Developer‘s perspective, Firefox is pretty much the best choice. Standards Compliance to a fault, a plethora of development and debugging tools (Web Developer Toolbar, Console², Firebug and Execute JS are daily saviors of my sanity), and open source? Sign me right up! And, for my day-to-day work, I will continue to use Firefox, for all of these other reasons. Build it to work with all the standards, and then go back and hack it up for the other browsers, not the other way around. At least, that’s one man’s opinion.

Most other browser alternatives are regarded by those outside of their userbase with a silent disdain. I don’t mind if you want to use Safari or Netscape, but in all honesty, if my site doesn’t work in your browser, I probably don’t care. It’s not that you aren’t important, it’s just that your browser doesn’t agree with the other 85+ percent of the browser market; I’ve got to draw the line somewhere, and I draw it right over your browser’s stupid face.

So why support chrome? Well, A lot of us were taken in early by the google name. “Google is making a browser? God yes, get me in on that!” Of course, Chrome hasn’t taken off as much as we really expected it to, clocking in at between 1.80% and 5.50% for may of 2009, depending on who you ask. And I’m proud to add myself to that list, at least from home, because just a moment ago Firefox crashed and lost all of my settings. I might as well have reinstalled, save for my addons. This was after it crashed about 10 times in a row. Great.

Now, supposedly, we will get 64-but support in the release of Firefox 3.6, but I’m not going to hold my breath. There’s still the nature of that multi-threaded-versus-multi-process programming scheme. And the memory bloat, don’t get me started about the memory bloat (“Mommy, why is Firefox taking up over 800 MB of memory?”). No no, for now, I’m pleased, if a little annoyed at having to reconfigure yet another program. Of course, it seems pretty clearly worth it, and if you haven’t tried Chrome yet, let me go ahead and implore you to do so. In addition to being shiny and wonderful, it is also extremely fast, reliable, and just plain shiny. Let me end this by saying:

“Thanks, Chrome. Thome.”

Update! Another fun thing about chrome is that, in addition to crashing responsibly, it uses its error messages to lighten to mood of what’s just happened. Read more about this in one of my favorite blogs, Jeff Atwood’s Coding Horror.