Removing a Stripped Stainless Steel Screw

Well, if you made the mistake of putting decking down with stainless steel screws like I did, you may have run into this issue before. Either you didn't drill a decent pilot hole, or it was getting to be too hot, and you were in a rush, it doesn't matter. The bottom line is that you now have a completely stripped stainless steel screw head staring you right in the face.

After giving up with the hacksaw (because I realized that would just leave a dead screw in the wood, I decided to use an old flathead screwdriver bit. I held the bit on the head of the screw and pounded it into the screw a few times with a hammer.

After the bit was into the screw, I slowly turned it out.

Stainless steel screw head

Sandbox

I finally built a sandbox for the kids (just in time for winter, right?). I've been meaning to all summer, and planned to do it as soon as our landscaping was done in the back yard.

It took longer than I thought to finish up the landscaping, and after that, there were a few other more pressing projects. But, the bottom line is that it's done.

I got the plans from the Home Depot website. It cost about $85 for the materials, which I realize is complete overkill for a sandbox. However, I wanted to have at least one thing in the back yard that wasn't a plastic monstrosity, even if they only use it a few times.

Actually, I'm sure it will be worth it. The kids love to play in the sand. Anyway, here are some pictures of the process.

Prepping the base

Building walls

Adding pavers for edging

Fixed bench

Closed

Open

XSS Sanitizer Grails Plugin

Well, earlier this week I published my first Grails plugin. I'm hoping that people will find it useful to add a general security plugin to parse out, and prevent XSS attacks on their website. It's a long way from being done, but I think it's a good start.

It uses OWASP's ESAPI to strip out any unwanted script, iframe, and img tags that come in on the request. It also has the added benefit of doing this in a Java filter (in case you access the request via the HttpRequest) and the Grails "params" attribute.

Next steps are to write tests for each of the potential hacks on http://ha.ckers.org/xss.html to make sure they all pass. Plus, in my opinion, this is just a general replace of all values. There are potentially times when you might want to submit something that falls into one of these categories, and you feel that it's safe to not have to filter it. So, I'd like to allow users to be able to annotate methods to allow/disallow the filter to run give a certain action.

Here's a link to the source code:

https://github.com/tonyzampogna/XssSanitizer

If you would like to install it, just type:

grails install-plugin xss-sanitizer

If you are interested in contributing, please let me know. I'd love to have some collaboration.

Click event slow in Chrome and Safari

Well, I came across an interesting quirk. Click events in Chrome and Safari were taking a couple of seconds before they were being fired. It was quite the head scratcher.

Here's essentially what I was doing:

<script>
        $(".example").delegate("a", "click", function(event) {
            $("h2").toggle();
        });
</script>

<div class="example">
    <a href="#">
        Toggle Title
    </a>
    <h2>TITLE</h2>
</div>​

At first, I just changed the <a> tag to be a <span> tag, and that worked. But, I couldn't figure out why an anchor tag was having this problem. I had been doing similar things in other parts of the application, and it was working fine.

When I made the simple script above in jsFiddle, I couldn't reproduce it. So, I started pulling out things slowly.

That's when I noticed it was something that Omniture was doing. I'm not sure I could tell why that particular element was being slow. My guess was maybe that it was nested too deep, and something Omniture was doing was making it slow.

Either way, the fix of changing it to a <span> tag seemed to fix it.

How to inject two or more dependencies with the same name

Let's say you have two services named UserService and both are included in your Grails classpath. This can happen, for example if you have a "core" package, and an "application" package that extends services from "core".

Here's what that might look like in our case:

Well, if you try to use "UserService" in your Grails application like so, you will get an error saying that UserService cannot be found.

    def userService

That's because there was a name collision on UserService.

Spring accounts for this, and allows you to define your class for each bean name. In Grails, we can define our beans in the grails-app/conf/resources.groovy file.

Here's an example of what our resources.groovy file would look like:

beans = {
  // syntax is beanId(implementingClassName) { properties }
  // User Service
  coreUserService(com.company.core.UserService) {
    grailsApplication = ref("grailsApplication")
  }
  userService(com.company.usecase.UserService) {
    coreUserService = ref("coreUserService")
  }
}

Then, in your services, you can inject these services like so:


class UserController {
  def userService

  ...
}

// From your UserService, you can access the core UserService like this.
package com.company.core.UserService
class UserService {
  def coreUserService

  ...
}

Hopefully, that helps.

The birds are back in town

It was a nice day today. Walking around the Como Lake, we saw all sorts of birds coming back from migration. There were loons, coots, mallards, and gulls. The red-winged blackbirds were in full chorus.

One of the coolest things was a mature bald eagle that surprised us overhead. We stopped walking to take a look at it, when all of a sudden its talons came out, and down toward the water it went. When it came up, it had a fish.

Eagles are still an amazing sight. Even though they are easier to spot, their size and the way they soar are always captivating in my book.

Grails resources plugin

I installed the Grails zipped-resources plugin on a new project the other day, and I noticed that by default it zips up everything it sends.

This is fine, but when I tried to make it ignore the image files being served up, it wasn't obvious at first how to do that. Finally, I figured out what I needed to do. Adding the following line to my Config.groovy excluded the image files from being zipped up.

grails.resources.mappers.zip.excludes = ['**/*.png','**/*.gif','**/*.jpg','**/*.jpeg','**/*.gz','**/*.zip']

Once I read more about defining a mapper, it was nice to see that even configuration of these resource files was taking on a convention.

That said, the suite of resources plugins that are coming out now for Grails are very useful. I would say that they really help make Grails a strong contender in platform choices for the future.