Aloha Friday: Ditching Training Wheels

Aloha Friday, NHL

Yesterday, I wrote about JSL riding his big wheel bike. At the end, I mentioned that JSL might inherit NHL’s bike at some point next year. Whether or not NHL gets a new bike, we have been considering when to remove NHL’s training wheels. I was about 7 (NHL’s age) when my training wheels were removed and some of the kids in his class are riding two wheelers now. Of course, NHL’s hyper-fexiblity is an issue. Since he needs to work much harder than a normal kid to maintain his balance, riding without training wheels will no doubt be tougher for him.

My Aloha Friday question for today is: At what age did you and/or your kids start riding without training wheels?

Thanks to Kailani at An Island Life for starting this fun for Friday. Please be sure to head over to her blog to say hello and sign the MckLinky there if you are participating.

Aloha Friday by Kailani at An Island Life

Aloha #56

Big Time Big Wheeler

JSL, Photos

All summer, JSL, envious of his brother’s “big kid” bike, has wanted to ride his tricycle. Unfortunately, he couldn’t figure out the pedals and would wind up insisting that I push him. Of course, he being so low to the ground and me being so high up meant that I needed to bend down and put pressure on my back. A few minutes of pushing later and he was squealing for more oblivious to my growing back pain.

Recently, we tried pushing a big wheel bike we had for him instead of the tricycle. My theory was that this bike would give him better leverage and he would learn to pedal it better. Sure enough, after a bit of practice, he was pedaling like a champ.

P1330734.JPG P1330729.JPG

In fact, he was pedaling too fast! Most of my photos of him from the front are blurry. I would run in front of him to give my camera some “focus time” but he would be moving too quickly.

Still, he was having a blast. And he didn’t just pedal up and down our block. He wanted to go for a ride *around* our block. We set off, leaving NHL and B behind, with me on foot and JSL on bike. As we walked/rode, we stopped for red lights. Not because we had to, mind you. We weren’t crossing any roads. No, we stopped because JSL insisted that we need to stop at red lights. He’s already following the rules of the road.

Around we went, all 1,800 feet or so. (Yes, I Google Map’d it.) Then, he insisted on going around a second time. He would have likely gone around a third time, had I let him. However, while we stayed on our street from here on out, he kept pedaling up and down the block. He easily biked a mile by the time he was done.

At the end of his bike adventure, and after NHL had done some biking of his own, I let JSL try out NHL’s bike.

P1330812.JPG

He can’t quite reach the pedals when they go down, but he might be able to use NHL’s “big kid” bike next year. NHL was worried about this prospect as his bike was our birthday present to him last year. We assured him that, when he eventually grows out of his current bike and gives it to JSL, he would get to pick out a bigger bike to ride himself. Perhaps B and I will also get bikes and we can go on family biking trips around the neighborhood!

Beware The Twitter Black Text

Internet, Twitter

As a web developer, one thing you learn early on is that you can’t trust the user’s input at all. When you ask for a date of birth in mm/dd/yyyy format, people *will* type in September 17th, 1962. When you ask for a number from 1 to 10, people *will* type in “red.” Don’t ask me why, but people do these things. Sometimes it is out of sheer ignorance of what should be entered (either due to a fault of the webmaster’s for not being clear enough or due to the user not reading directions). Sometimes, though, the user will be malicious in nature and will be trying to find holes in your code to exploit.

A common method of attack is called a SQL Injection attack. In layman’s terms, this is an attack that fools the script into running what the hacker wants instead of what the webmaster intended. For example, if the webmaster asked you for your user ID and used that to form a query like “Select * From users Where ID = USERID” (where USERID is the ID you entered), this could be hacked by someone entering “1; Delete From users;”. The “1” would complete the webmaster’s original query and the semi-colon would indicate to the server that another query was coming. Then the Delete statement would delete all data in the database (well, at least the Users table).

Obviously, webmasters would want to take measures against this. To do this, they would check the user’s input against what they were expecting and act accordingly. Using the example above, I could check to see if the data was a number. If the user entered “5”, they would be ok and the query would be run. If the user entered “1; Delete From users;”, their data would either be cleansed (just use the “1” portion) or rejected outright.

So what does this have to do with Twitter? This:

TwitterBlackText.jpg

The black text above hides a Twitter worm working its way through Twitter.com as of this writing. This is similar to the database example above, only in this case it involves Twitter and link formation.

You see, if you’re typing a tweet and say, for example, “I really like http://www.TheAngelForever.com/“, Twitter will helpfully turn the typed URL into a clickable link for you. It does this by detecting where the link is and sticking it in a <a href=”URL”>URL</a>. (The actual code is slightly more complex, but this simplified version will work for now.) This works fine when the typed URL is http://www.TheAngelForever.com/, but what if the URL is this:

http://a.no/@”onmouseover=”;$(‘textarea:first’).val(this.innerHTML);
$(‘.status-update-form’).submit()” style=”color:#000;background:#000;/

Don’t worry. I’ve kept this code from forming a link and split it on two lines for good measure. The first segment (“http://a.no/”) is used to fool Twitter into thinking that the rest of the code is just a hyperlink. Next, a double-quote (“) is used to close out the HTML link section. Now the real “fun” starts. The “onmouseover” tells the browser to run the following code when the user hovers over the link. The code within this section enters the whole fake link into Twitter’s status update box and submits it. This is what makes you tweet that link and thus spread the worm. The remaining section (“style…”) turns the text and background colors to black to hide the text and make it look “censored” (prompting you to hover over it to see what it says). The slash at the end further fools Twitter into thinking that the whole thing is one big URL.

So what should you do if you’ve been hit? Delete the tweet, for one thing. I’d also recommend using a 3rd party application like Seesmic Desktop or TweetDeck until Twitter addresses it. At this writing, the worm is only propogating itself and isn’t otherwise a threat. Still, the code it runs could send you to other websites (which could infect you with malware/viruses/trojans) or do other things to compromise your account/computer. So keep your eyes peeled for suspicious activity.

What can Twitter do? For one, I’d recommend that they escape any double-quote in URLs. If that code was rendered as:

http://a.no/@&quot;onmouseover=&quot;;$(‘textarea:first’).val(this.innerHTML);
$(‘.status-update-form’).submit()&quot; style=&quot;color:#000;background:#000;/

then the worm wouldn’t be able to run its payload. Hopefully, Twitter will act on the fast and prevent any further spread.

UPDATE: Twitter has fixed the bug that allowed this script to run. You can see my non-malicious test tweet here. Notice how the link cuts off before “onmouseover.” This means that the worm is now stopped in its tracks. While an old infection-tweet might cause you to post the link, the resulting tweet won’t be able to spread the worm. In addition, Twitter seems to be deleting the worm where they can find it. Good job, Team Twitter!

Ziploc Review & Giveaway

Giveaway, Review

With school here (and me continuing to bring lunch into work), we’re going to be sending in a lot of lunches and snacks. This means that I’ll be packing a lot of items in either Ziploc bags (which I try to reuse as much as possible to reduce waste) or Ziploc storage containers.

P1330684.JPG P1330685.JPG

I was sent a Ziploc sandwich bags, slider bags (both Quart Storage and Quart Freezer) and Smart Snap storage containers. All three of these come in handy around the house. The obvious use for the sandwich bags is lunches, but we also use them to help keep small items together. For example, Box Tops For Education which Ziploc, and many other national brands, participate in. Instead of having those clipped box tops lying around (and possibly getting lost), we’ll toss them into a Ziploc bag and keep them all together until they can be sent in to our school. The Ziploc containers come in handy for storing leftovers and transporting them to work for lunches. As a bonus, we toss them in the dishwasher and use them over and over and over. (There’s that Reuse in Reduce-Reuse-Recycle.)

The freezer bags, obviously, get put to use keeping items frozen. I like to take fruit that is heading past its prime (which I know we won’t finish before it spoils), cut it up and stick it in a Ziploc freezer bag. Then, once frozen, it can be used later on for smoothies or other dishes. The Ziploc storage bags are handy for corralling various items around the house (similar to the sandwich bag example above, but bigger items like batteries).

You can find Ziploc brand storage bags and containers in your local supermarket.

Giveaway:

Thanks to SC Johnson, one lucky winner will receive a Ziploc prize package containing:

  • Ziploc Brand sandwich bags
  • Ziploc Brand Freezer slider bags with expandable bottom and smart-zip seal (quart)
  • Ziploc Brand Storage slider bags with expandable bottom and smart-zip seal (quart)
  • Ziploc Brand Containers with the Smart Snap™ Seal (medium square)

To enter, simply leave a comment below answering this question: What would you store in a Ziploc storage bag or container?

You can also earn bonus entries by doing any (or all) of the following items. Just be sure to leave a separate comment for each item that you complete.

  • Follow @TechyDad on Twitter. (1 bonus entry)
  • Tweet about the giveaway on Twitter. Be sure to include @TechyDad, Ziploc and a link to this post in the Tweet. (1 bonus entry per day) For example: What would you store in a Ziploc bag/container? Chance to #win a Ziploc prize package from @TechyDad. http://bit.ly/9ROgV1 #Giveaway
  • Subscribe to my RSS feed or let me know if you already are. (1 bonus entry)
  • Leave a comment on any of my non-giveaway posts from August/September. Leave a comment here letting me know which post you commented on. (1 bonus entry per comment, maximum 3 entries)
  • Write a post on your blog linking to this giveaway. Leave 3 comments about this to get credit for all of your extra entries. (3 bonus entries)

To enter, please follow the rules above within the comment section. Contest starts today, September 20th and ends at Noon EST on October 4th, 2010. You do not have to be a blogger to enter, but must leave a valid e-mail address for me to contact you for mailing address once the giveaway is over. I will select the winner using random.org and contact you via e-mail. You will have 48 hours to claim the prize. If there is no response, another winner will be selected. Open to U.S. and Canada residents only.

Disclosure: I received a Ziploc package (containing the products described above) complimentary of SC Johnson in order to facilitate this review. No other compensation was given. The opinions expressed above are my own. SC Johnson is also providing the giveaway item to my readers.

1 219 220 221 222 223 300