United States of Google

January 23rd, 2011 No comments

Just saw this code on a site, I forgot this good stuff existed. I've seen it before in a post about Google's web fonts and using their jsapi to load the webfont.js file, and I just rediscovered it again. I love Google. Using their clout to better the web (IMHO.) You can call me a fanboy - I don't care.

<script type="text/javascript" src="http://www.google.com/jsapi"></script>
<script type="text/javascript">google.load("jquery", "1.4");</script>
<script type="text/javascript">google.load("jqueryui", "1.7.2");</script>
Categories: Development

True "Incognito" mode for Google chrome

January 8th, 2011 No comments

I hate Windows. I do.

This is a very hacky, no-garbage-collection, but still "working good enough" script. At the advice of #chromium on freenode, when asked about cookie sharing between Incognito windows, I was told it's been discussed before, and I got the information on how to make sure that your Incognito windows don't share information or cookies by forcing separate user data directories.

I'm not really worried about privacy, I'm more annoyed that I launch separate Incognito windows and it shares cookies between them, which is sort of against the point. I have to login to the same sites over and over under different accounts for different clients, and it's a PITA.

Major things to note:

  • This assumes you'll run some sort of "temp directory cleanup" tool on your own for Windows. This doesn't have any concept of "oh yeah, I have to cleanup that temp directory I made"
  • None of your extensions, bookmarks, settings, etc. will be remembered in this session. It's completely barren.
  • You will never (assuming the GUID is unique) get the same session more than once.

As I said, it's hacky, and you'll need to change a couple of the paths. I couldn't figure it out elegantly, and I was getting tired of trying to find script examples on the net (why is it so hard to find code that works together for Microsoft languages?)

Perhaps someday soon Chrome or someone will develop something more robust for this. For now, if you want - this does seem to work, at least on my XP SP3 system.

Note: This is vbscript. Make a file called "incognito.vbs" or something and it should work.

' keep us honest
Option Explicit

' because we have to
Dim strDirectory
Dim strTempDirectory
Dim TypeLib
Dim objFSO
Dim objShell
Dim strChromePath

' change this if you want - anything with spaces has to have be wrapped in triple quotes
strChromePath = """C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"""
strTempDirectory = "C:\Windows\Temp"

' make a clean guid
Set TypeLib = CreateObject("Scriptlet.TypeLib")
strDirectory = TypeLib.Guid
strDirectory = Replace(strDirectory, "{", "")
strDirectory = Replace(strDirectory, "}", "")
strDirectory = strTempDirectory & "\" & strDirectory

' create the directory
Set objFSO = CreateObject("Scripting.FileSystemObject")
objFSO.CreateFolder(strDirectory)

' launch it, or fail
If err.number = vbEmpty then
   Set objShell = CreateObject("WScript.Shell")
   objShell.run (strChromePath & " --incognito --no-first-run --user-data-dir=" & strDirectory)
Else
   WScript.echo "VBScript Error: " & err.number
End If

' cleanup
Set TypeLib = nothing
set objFSO = nothing
Set objShell = nothing

' quit
WScript.Quit()
Categories: Development, Software

PHP 5.2.15 released, patch updated

December 9th, 2010 No comments

PHP 5.2.15 was released today, and I've made a copy of the previous patch. It still applies without any issues (a "make test" looks good) - this is supposed to be the latest version of PHP 5.2.x.

Download it here.

I highly recommend upgrading to PHP 5.3.3+ with the more updated/better FPM version (among a million other enhancements) that is bundled in core now. Coincidentally, PHP 5.3.4 came out today as well, with a handful of FPM bug fixes/features (see my other blog post or the NEWS file.)

Enjoy!

Categories: PHP, PHP-FPM

Netflix jumps on the fleecing bandwagon

November 22nd, 2010 No comments

If you've read some older posts, I have praised Netflix for multiple reasons:

  • Great service
  • Easy-to-use, feature-rich but not overbearing website
  • Fast delivery times
  • Actually reduced the price of my plan voluntarily

Today I've got some bad news though. I just received an email notifying me that my plan will increase $3/month. Normally I wouldn't be as vocal, but this is on top of the deals they've made with studios to delay releases ~30 days. Netflix claims it will receive huge discounts and the press release for Fox says it will more of their library to be streamed. It's obvious the studios are supposedly hoping this ~30 day window will encourage consumers to rent/buy DVDs normally. Most sites I've read think it will just cause piracy to rise. I'm inclined to agree.

While the movie delay originally annoyed me, it wasn't enough for me to get too angry over. I'm so busy most of the time that 30 days passes me by in the blink of an eye. I don't believe Redbox has that restriction in place, so one could go rent a movie immediately from them still if they wanted.

However, now they are increasing costs on me while delivering less service. That I can't keep quiet about.

So with a heavy heart right now, I have to -2 Netflix. I kept the original movie delay -1 to myself. But now they get both negative marks at once for this new move. I really need to start a point system.

Categories: Consumerism

I was wrong.

November 18th, 2010 No comments

I was wrong, and I'm happy to admit it.

I was worried that if FPM was to ever make it in to PHP core, it would stagnate and become part of such a big machine that it would take forever to receive updates. However, since its adoption into PHP 5.3.3, Jérôme has been hacking away on it and I was happy to see that in 5.3.4RC1, a handful of changes are being included:

  • Added '-p/--prefix' to php-fpm to use a custom prefix and run multiple instances. (fat)
  • Added custom process title for FPM. (fat)
  • Added '-t/--test' to php-fpm to check and validate FPM conf file. (fat)
  • Added statistics about listening socket queue length for FPM. (andrei dot nigmatulin at gmail dot com, fat)
  • Fixed inconsistent backlog default value (-1) in FPM on many systems. (fat)
  • Fixed bug #52674 (FPM Status page returns inconsistent Content-Type headers). (fat)
  • Fixed bug #52498 (libevent was not only linked to php-fpm). (fat)

Thanks guys, I am counting the days until I can finally use PHP 5.3. I also discovered the new magic variable __DIR__ exists a couple weeks ago - between everything, I am jonesing to move badly!

(For those wondering, "fat" is Jérôme's pseudonym.)

Categories: PHP, PHP-FPM

Pidoco - rapid prototyping/wireframing - why didn't I find this before?

November 11th, 2010 No comments

A while ago, I was looking for tools to do prototyping/wireframing so I could explain my ideas a bit better than some crappy sketched out "wireframes" on paper. For some reason, this one did not come up, so I want to help them gain exposure for being so awesome.

I just discovered this tool in the last hour. It not only  allows you to make wireframes, but actually usable prototypes - with links to external sites and other pages inside of the prototype, pull in external images and content, has layers like photoshop ... the list goes on and on. Best part is the learning curve was quite simple. I found another tool which was an Adobe AIR-based app, if I recall, but it was a bit cryptic and hard to use. This thing allows you to even invite people to do usability testing on your prototype, record their movements, leave comments, etc. Best of all, the cost is extremely reasonable!

There's simply too much to name off and now all I want to do for the next month is prototype out all my ideas!

https://pidoco.com/

Categories: Development, Software

Drupal is NOT a CMS.

October 9th, 2010 No comments

Contrary to what you may call it, and even what they say it is - a "Content Management Platform" - I consider it to be an extensible core framework that "happens to ship with many content related features by default."

Stripping it down to bare bones would reveal a flexible and fairly well designed framework that can be used for anything really.

That's my major beef with Drupal - that it ships with so much content-specific functionality in place. For instance a node is something everyone universally agrees is a "great concept" - a basic item that is extended by custom options (CCK is the model of how easy this is) - but nodes still have a "Title" and a "Body" and publishing options and other fields that shouldn't be there in a truly generic system. The idea of one central basic element though is spot-on in my mind. With all that in mind, I begin my thoughts...

When it comes down to it, almost everything can be considered some form of a "content" item. For example, I designed something to track transactions. At first I cheated and used CCK and just made some custom fields. I also made a version using Drupal's schema API that just made a normal database table, to skip any CCK overhead and node "addons" Drupal glues on by default. However, the overhead aside, I was able to use this system and with not a lot of code, make a fully functional transaction tracking system based off of node concepts. I used CCK as a "schema designing" frontend, and could use Views to get the information back out in a variety of ways.

Is a transaction "content" in the common sense of the word? Not at all. It's a reference to someone purchasing something, in this case a user purchased another type of node - so really it was just a user reference and a node reference. I didn't care about the "Publishing options" or any of the other Drupal-related built-in node specifics, and anything else that may attach itself to nodes - Pathauto, Fivestar, etc.

I [ab]used the node-based system and CCK's UI to make myself a flexible schema to track transactions. I was also able to use pure API to create a database table and manually track the information, and skip any of the hooks related to node processing (Pathauto, Fivestar, publishing options, etc.) - which one was better? Well, I'm still deciding that. By using the node method I can easily expose it in a view. I am not sure I can using custom schema (I think someone told me I could but I haven't tried yet) - I'd really like to use Views for it, and be lazy on the delivery side of it. By going custom, I track only what I want in the database and save probably many levels of pre- and post-processing on the result set.

Getting back to my original statement - Drupal's foundation is pretty solid. It enables anything to be accomplished, it's just that damn middle layer that I wish would be more decoupled and moved into modules that can be enabled or disabled. For the most part, people who use Drupal seem to use it mainly for it's CMS/"Content Management Platform" capabilities just fine. Some of my sites require custom work though, and that is where I enjoy the framework/platform's underlying capabilities.

Typically when developing a site, there are common elements such as user login/registration/roles and management, form processing, XSS/CSRF/other attack vector protection, output encoding, data and request normalization, etc. I've built my own little library of functions and even a bit of a stub framework to use them which do a lot of this. Drupal however has already generalized most of this and provides it to you for no cost.

Frameworks in the typical definitinion such as RoR, Symfony, and half a million others give you the basics, but don't give you that much. It's still up to you to create everything else. While I may whine about Drupal's content-heavy core packaging, it does provide some built-ins that I do find useful to be included. So I guess that can be chalked up to some personal opinion - I would rather the it push the content stuff out to modules (and strip nodes down to even simpler basic structure) yet keep the user registration, login, role and capabilities and form processing available.

All in all, I am having fun looking through the directories of modules out there, and trying to approach things with a more Drupal-eqsue model in mind, understanding that I will sacrifice some performance and add some overhead, but also save myself the headache of all those tedious user submission and form processing screens and such. That's usually where typical self-coded projects seem to start trailing off for me, is winding up getting into the user interaction piece of it. Database design, delivery - that's easy. Form processing and user experience? Annoying as hell 🙂

Categories: Drupal

How to render Safari cookieless

October 5th, 2010 No comments

Today we had an issue at work, an odd issue.

OS X users using Safari wound up with a proxy issue after clicking on a button on our site, and reloading the page.

The suspect seemed simple to me - the button has to do something persistent that makes the browser behave differently the next page load - so a cookie or a session-based thing on the server side which scrambles the request. Session stuff seemed incorrect as it should show a PHP error or something, not actually make the proxy reject the request. So I came to the easy conclusion of going down the cookie route.

Sure enough, it was an onclick function which set a cookie - one that worked in every browser including Safari on Windows*, but broke on Safari on OS X. So we looked to see what the cookie was. Turns out, Safari on OS X at the moment does not like when a cookie's value ends with a comma "," - it  literally breaks cookie handling altogether. It sends some request that our proxy considers invalid and rejects, and checking without the proxy involved showed us that some cookies (if not all of them) were not being sent to the server (or at least not properly) - which included our authentication cookies. The minute we nuked this "bad" cookie, our other cookies got read properly, the proxy allowed the request, etc.

So, for those people who like to see things more direct and don't like to read a lot of fluff (me included!) here's a simple breakdown:

BREAKS: CookieName=Foo,Bar,Baz,
WORKS: CookieName=Foo,Bar,Baz

Pretty simple. Odd that it appears to be inconsistent across platforms. Anyway, have fun with that little nugget of information. If I wasn't lazy I would look into exactly where to submit a bug, somewhere in the WebKit community I assume.

* I cannot confirm that Windows did not suffer from this, a coworker provided that information.

Categories: Software

How would I change PHP?

September 22nd, 2010 3 comments

Anyone who knows me knows I am a PHP fanboy. I use PHP for everything - web applications, web scraping, batch scripting, if there is an itch that software can fix, I try to scratch it with PHP. I dreamed of a PHP scripting plugin for Eggdrop IRC bots, so I didn't have to fuss with TCL. Anywhere PHP could be adopted, I've hoped someone was working on a way it could be.

However, if you talk to people who know the internals of PHP they'll tell you there's a lot of ugly stuff in there. That it's a language based on macros, etc. I don't necessarily care about that. My experience is from a user perspective, not an internals one. That being said, just from my higher level interaction with the language, these are some of the things I'd love to change.

  • Make function name conventions consistent. Some functions have underscores, some don't. strpos vs. str_replace, html_entity_decode vs. htmlentities, etc.
  • Make argument order consistent for similar types of functions. Depending on what you're doing, it's one or the other. in_array($needle, $haystack) vs. strstr($haystack, $needle), etc.
  • Optimize the core. Strip the core down more, and push more things into modules. Enable some of them by default, fine. But when it comes down to it, I don't need easily 30-40% of the functions that PHP has built in.
  • Combine similar functions and use arguments to define the behavior. For example addslashes() and addcslashes(). Make it one function with a constant to define its behavior.
  • Disable magic quotes (preferred) or enable it and don't give any option to change it. As far as I'm concerned as long as you pick one route, you can guarantee universal compatibility, whether that means using magic quotes, or not using them and expecting developers to understand input sanitization, sanity checking/type checking/all that jazz. Which I don't think is a bad thing.
  • Implement a "strict" mode. "PHP is lazy" as Rasmus says which is fine and all, but I don't like the PHP name shamed with terms like "insecure" - any code can be insecure in any language, however, PHP is so easy to pick up and get things going that it makes it too easy to write crappy and insecure code. Specifics on a "strict mode"? I've got none. It's late and I can't think of how I would enforce better coding practices in core...
  • Get rid of $_REQUEST. I've advocated this for years and even unset($_REQUEST) in my code. To me it's a lazy person's workaround for coding and introduces some of the same vectors that were closed when disabling register_globals. If you -really- want to have a $_REQUEST type mechanism in your code, just array_merge($_GET, $_POST, $_COOKIE, etc) in whatever oder you want. I dislike using software that uses $_REQUEST by default but doesn't actually need the flexibility of POST vs. GET vs. COOKIE and such. Know which input stream your data is coming from, if nothing else, it will at least make replay attacks and such much harder for people to craft.
  • Get rid of objects and OO stuff. Yeah, I said it. Everyone loves OOP. Why? While I see the power of being able to extend classes, I also see it seeming to be the most troublesome when it comes to compatibility checks, all the APC crashing or odd bugs I've suffered from were due to it. If you look at something like Drupal, they've figured out how to extend or override using procedural code quite well. Sadly, even they're converting more things to OO as well.  IMO, OOP is more suited for longer-running applications, perhaps something event driven where a new object to represent a connection is created (however, C's been doing this without dealing with objects forever, it doesn't HAVE to be OO...) Those are the two main examples I see for using OO. Disclaimer: I wasn't raised in an OO environment, this is all based on personal experience and preference. 🙂

I've memorized the function list for what I use pretty well (like I said, I probably only use a subset of the functions in PHP) however the most annoying thing is when it comes to the needle vs. haystack argument positioning. I usually have to reference php.net for it. Sometimes I can trial and error though. In an ideal world, I wouldn't have to.

It would be great if something like PHP 6.0 would adopt some of these practices, since it is a major version change. Perl, Ruby and Python I believe have all done similar things where a major change really was a dramatic change and required conversion of code to meet its new requirements.

I'm sure this list could grow, and I may add to it. Who knows.

Categories: Development, PHP

Our credit system is broken

September 11th, 2010 2 comments

I got some results back on my credit report.

Choice items such as:

  • Length of account history is too short.
  • Too long since most recent account established.

What the hell? Don't those basically contradict each other?

But wait, there's more:

  • Too many recent inquiries.
  • Length of account history is too short.
  • Too many accounts with balances.

Sounds like I am being encouraged to open a fresh account, because my "most recent account" was created too long ago. But too many new accounts dings me, on the flip side. I have too many accounts at the same time though. It's a catch 22.

However, the major complaint I have is that applying for loans/doing any sort of shopping that requires someone to pull your credit winds up hurting your credit score. This isn't anything new, but I simply do not get it. Shopping around and applying to things should have absolutely nothing to do with your score. That is like being charged 25 cents for looking at a carton of milk at the store but not buying it. Or having to pay to window shop - before you know whether or not you can even afford what you're looking at. Your credit score should only be altered when your credit situation changes. Not for simply checking to see if you can save money by refinancing or shopping for auto loans.

Unless you are extended a new credit line or something else, there should be no change in score. Especially nowadays with so many companies offering specials that require you to apply, shopping for a refinance (which can be turned down easily) costs you points on your credit score. Shopping does not mean you're actually receiving anything.

Also, I am told that "inquiries within the same industry within the same 45 day period only counts as one pull". I call bullshit. I am sure they're still counting each one somewhat.

While I do believe a credit rating system is valuable in some form, ours definitely needs to be overhauled. With the economy moving so slowly, people are looking for various ways to get more money out of their home or car, applying for more credit cards, etc. Regardless of the approval, it is messing with your credit just for shopping.

Suggestions

  • Having your credit pulled should have no adverse affect on your score. Period.
  • The time ranges need to be adjusted. "Too long since your latest account was opened" - that's a new one for me. Really contracts the hell out of the "Length of account history is too short" notice.
  • Consistency across different bureaus - some tell me I don't have enough accounts. Some tell me I have too many. It is like trying to please a committee - you can't please everyone all at once.

I've had credit being built for 10 years, a couple different credit cards, bank accounts and loans. By now I should be receiving no negative marks for anything I've done relating to too many accounts, not enough accounts, too much time, not enough time, etc. However, it seems like raising the number takes an infinite amount of time, but lowering it happens almost immediately when your credit is pulled.

Once again, a sincere disappointment with how a system is run. I also do not see the reasoning behind some of the rules, either.

Categories: Consumerism