If you use Sun’s great (and free!) virtualization software VirtualBox, then you’ve ran into their “Guest Additions.” They’re for making one’s VirtualBox guest OS experience as good as possible. This is a short guide to getting Guest Additions installed on a CentOS 2.6 guest via command line (without a desktop GUI like Gnome). It finishes after the jump… Read on. »

For all of you developers out there working with databases, most of you (especially if you work in the web field) of SQL injection attacks. These attacks “inject” SQL queries via user input forms or URL string queries. The SQL used in these injections are typically very bad and reek havoc upon the sites that depend on these databases. The most common example of an SQL injection is similar to that found in the “Exploits of a Mom” comic strip by xkcd:

The SQL query in the comic strip finishes the current query then deletes (the “DROP” command for most engines) the named table. The loss would be tremendous.

To fight such attacks, many developers (like myself, up to a few months ago) sanitize the hell out of their user input. However, this can be a pretty painstaking operation. Even if you put it all into an easy-to-call function, you still put in the extra system resources to calling the function.

Much of the sanitizing can be replaced, instead, by using statement parameterizing. It’s just a fancy way of saying let the database handle putting in the data. Using the MySQLi class in PHP (for instance), you can parameterize the SQL statement (mysqli::prepare). MySQL takes care of putting the variables into the statement.

Almost any language with database support (and support of prepared statements by the database, of course) supports parameterized statements. Check out Bobby-Tables.com, an online resource to preventing SQL injection. It takes a look how to parameterize statements using different languages (including PHP, dotNet, and Python). It’s a very good work in progress, in my opinion.

Do you know of any good resources or methods for  parameterizing statements or avoiding SQL injection attacks? Let a comment!

The folks over at Smash!ng Apps have a post showcasing beautiful examples of high speed photography.

High speed photography is when scenes typically not seen by the naked eye are captured using camera with ultra-fast shutter speeds. Most SLRs can capture such photography but the higher end cameras will probably do a much better job at capturing a particular moment.

You can also find other’s high speed works at deviantArt, Flickr, and from other blogs.

I’ve included 4 of the images available from Smash!ng Apps after the jump, check out their post for more! :) Read on. »

Do you find that your “new” menu when you right-click is rather overcrowded with all of the different extensions of files you have available?

I do and it tends to make things slower even on the fastest of computers.

Nir Sofer (NirSoft) has created the freeware utility ShellMenuNew that allows you to disable any unwanted entries in the “new” menu.

It’s a standalone program, so it runs directly from the exe file without needing to install. It’s small weighing in at a mere 40KB. It’s also been translated into seven languages.

At CES 2010, Oregon Scientific unveiled the Wireless Appliance Manager. It is a savvy and rather sexy geekery that monitors and shows you–in real time–how much power you’re sucking from the line and how much money the line is sucking from you. Not to mention the amount of CO² you emit. Again, in real time.

The Manager comes in two versions: basic and advanced. The basic version–retailing at $60–can only receive a signal from one appliance. The advanced version–retailing at $80 plus extra transmitters–can receive signals from up to eight appliances at once. With either version, a programmable timer allows you to control sockets which turns the Manager into a control panel for your lights and appliances.

I can’t wait for the product to be available to consumers. I wasn’t able to find out a release date on the Manager, but I hope it’s sometime soon. These would make great gifts for anyone: the budget conscious, the greenie, or the curious.

[Parts of this post via Popular Mechanics]