Just another WordPress site

Tag: coding

  • PHP 5.2.2 and 4.4.7 Released

    “PHP 5.2.2 and 4.4.7 have been released with a plethora of security updates. Many of the security notifications come from the Month of PHP Bugs effort, and range from double freed memory to bugs in functions that allow attackers to enable register_globals, to memory corruption with unserialize(), to input validation flaws that allow e-mail header injections, with an unhealthy sprinkling of other bugs and flaws fixed. All administrators that run any version of PHP are encouraged to update immediately.”

    Our sysadmin installed 5.2.2 on our test instances earlier today, and we’ll be testing (and closely watching for external reports) over the next few days before rolling it into production.

    Via Slashdot.

  • The Javascript Programming Language

    Yahoo! JavaScript Architect Douglas Crockford provides a comprehensive introduction to the JavaScript Programming Language in this four-part video. This is the first section of the four-part video. See below the embedded video for more links.

    Other programming videos by Douglas Crockford on Yahoo! Video:
    The JavaScript Programming Language (4 parts).
    Theory of the DOM (3 parts).
    Advanced JavaScript (3 parts).

    Via Digg.

  • parseMe 20070429 Update

    Here’s another update to parseMe (back story), my little GPL’ed PHP-based RSS/Atom feed reader for mobile phones and other web-capable devices.

    • Moved to object oriented, pretty much for the “fun” of it.
    • Now passing a custom user-agent in the http query to avoid problems with sources that require it (Digg, among others).

    You can find the appropriate links below:

    Keeps me from hating my phone until I can afford to get myself a nicer mobile solution.

  • Google@Mcgill

    Yes! We’ve done it. McGill is now using a Google Search Appliance as its main search engine backend, which is the main reason I have been so busy in the last while.

    Despite early hardware issues and a few bugs I faced in the caching engine and XML APIs (most of which have been or are being addressed by the Google Enterprise team), I have to admit that it’s been one of the most motivating and enjoyable projects I have handled at McGill.

    You can try it out for yourself on our main search page.

    We also enabled other areas, such as our advanced course search, and classified search.

    This is of course only the tip of the iceberg, since the architecture is quasi-infinitely extensible through the feeds and OneBox concepts (both of which we already use). And as usual, I already have a head full of ideas on how to further leverage the enormous amount of digital content on campus.

    Fun times ahead!

  • March To Be Month of PHP Bugs

    From the source article, on SecurityFocus (via Slashdot):

    Stefan Esser is the founder of both the Hardened-PHP Project and the PHP Security Response Team (which he recently left). Federico Biancuzzi discussed with him how the PHP Security Response Team works, why he resigned from it, what features he plans to add to his own hardening patch, the interaction between Apache and PHP, the upcoming “Month of PHP bugs” initiative, and common mistakes in the design of well-known applications such as WordPress.

    Given the success of the Month of Apple Bugs project, I think it’s a fantastic idea. This said, our sys admin at work isn’t too thrilled by the prospect of having to patch our many PHP installs everyday in March… ๐Ÿ˜‰

  • parseMe 20070213 Update

    It’s time for another quick update to parseMe, my little GPL’ed PHP-based RSS/Atom feed reader for mobile phones and other web-capable devices. Pfew [deep breath], that was quite a mouthful, wasn’t it? ๐Ÿ˜‰

    • It now loads the destination links without images by default, for performance improvements on most sites. Links still go through the Google Mobile gateway.
    • Small screen-related interface improvements for the feed selection form.

    You can find the appropriate links below:

    Hoping you’ll enjoy it as much as I do in the bus, on the way to and from work.

  • /me Like PostgreSQL

    PosgtresSQL ElephantI’ve recently had to take over the role of DBA at work (our previous one left for a job at Google), and I’m trying to make the most of the situation (still have my job to do too) by restructuring the PostgreSQL-powered database at the core of our Web architecture.

    Like so many enterprise projects, it’s grown exponentially, in both size and complexity, over the years and what I’m left in charge of today is less then ideal. Nonetheless it’s been serving us quasi-flawlessly, and I sure am happy my predecessor(s) made the choice to go with PostgreSQL as a database backend. The use of PostgreSQL in an enterprise environment was actually one of the reasons I started working at McGill, back in 2002.

    What I’m doing these days involves modernizing and sanitizing a considerable number of tables, stored procedures and functions. All while staying fully backward compatible so that the countless pieces of software relying on the data can keep on running as if nothing changed. I’m of course modernizing the codebase I have access to so it all takes advantage of the improved data structure. But for the sake of phasing in the upgrade and to not force it on external developers whose schedule I have no control over, replicating the current base is a of the essence.

    This is all proving to be a task our faithful PostgreSQL environment is truly shining at.

    Through the use of temporary tables from queries, case-based views, rules and other assorted options, I am rather quickly and easily able to author scripts that handle the nasty stuff, all wrapped in the safety transactional DBs afford us. They create new tables, populate them from others, tweak the data, drop the old tables once ported, setup views to replace them just-in-time and more, all transparently.

    All of this is of course also possible with many other RDBMS. I’m just dealing with PostgreSQL in this instance, and enjoying (almost) every minute of it! ๐Ÿ™‚

  • Integrating the Upgraded Digg Tools in Blogger

    Digg.com released a worthy upgrade to their site integration tools today, with such neat new features as combining the submission process and Digg box, etc. Since I have previously published a method of integrating the first incarnation of the Digg tools in your [new] Blogger posts, it is now time to post an update to take the new features in consideration.

    Before you start, make sure that your blog is set to save post pages. This is a Digg (and other social sites) requirement, since we need unique URLs to submit. To verify, go to your Blogger Dashboard ยป Settings ยป Archiving ยป Enable Post Pages? Select yes and save.

    Then go to your Blogger Dashboard ยป Layout ยป Edit HTML. Be sure to check the Expand Widget Templates checkbox.

    Locate the following code in the template’s XML:

    <p><data:post.body/></p>

    And replace it with:

    <p>
  <span style="margin-right: 10px; float: left;">
    <script>
      digg_url = '<data:post.url/>';
    </script>
    <script src="http://digg.com/tools/diggthis.js"> </script>
  </span>
  <data:post.body/>
</p>

    You’re done! It’s now as simple as this.

    You can also try the new, more discreet, compact mode:

    <p>
  <data:post.body/>
  <span style="margin-top: 5px; float: right;">
    <script>
      digg_url = '<data:post.url/>';
      digg_skin = 'compact';
    </script>
    <script src="http://digg.com/tools/diggthis.js"> </script>
  </span>
</p>

    Personally though, I’m not too keen on displaying Digg boxes showing 0 diggs when the content has not been submitted yet, nor am I interested in showing the digg box on all my posts. So I’m still going to use my original solution and just update the URL of the Digg javascript from /api/ to /tools/ in my template. Overall, it is a more involved option, but I’d rather have flexibility than ease of use.

    Ultimately, I’d like to see another mode (digg_skin variable) where unsubmitted content sports a simple button (like the Digg Guy), and the box only starts to show if and after the content has been submitted.

    As a side note, it’s probably going to get fixed quickly, but the compact mode of the new tool had a bug with url targeting that made the submit form show in the tiny iframe the Digg javascript outputs.

    Update: 2007-07-26: Updated formatting after import from Blogger.com.

  • parseMe 20070111 Update

    Update: 2007-02-13: An upgraded version is now available.

    I have released an upgraded version of my GPL’ed lightweight feed reader for web-enabled devices, parseMe, a couple of days ago.

    I have added a couple of interesting new features:

    • It now integrates with Google Mobile to provide full content browsing of the destination URLs. This is done by using their nifty (x)html parser, which reformats standard web pages for mobile/accessibility browsers.
    • There is now a cookie-based feature that lets users define what their default source and item limit should be when first accessing the app. All cookie manipulation is done via PHP, on the server-side, as to not rely on Javascript, which is rarely available on the targeted browsers.

    You can find the appropriate links below:

    I’m obviously quite a bit biased of course, but it’s still is my favourite mobile app. ๐Ÿ™‚ And since I’m not seeing an iPhone (or similar smart phone) in any kind of recent future for me (availability in Canada, price, usage fees, etc), it probably will be for quite a while.

  • Funny Software Comments in Google Code Search

    Major geek humour warning…

    • Step 1: Programmers leave silly comments all over their code.
    • Step 2: Google launches Code Search.
    • Step 3: Enjoy! ๐Ÿ™‚