26 Jul, 07
You may or may not know that I’m terribly busy at work at the moment, rewriting a large application that has its roots in PHP3 (oh yeah) and is a crazy mix of HTML and PHP. Things like ‘abstraction’, ‘layers’, or even just ‘separating code and presentation’ are completely alien concepts there.
So I decided to do the rewrite using one of the many PHP frameworks - CodeIgniter, CakePHP, Symfony, etc. - and decided on CakePHP (and, maybe more important, against Symfony). Doing the ‘reading’ parts of the app was simple enough, despite me being a complete newbie to CakePHP and using the 1.2 alpha versions which is mostly undocumented. But the actual data input and saving part, I hit a wall. Hard.
The problem I have is this (models are in bold):
To enter a Venue, you first select a Location. Then you add the Venue data, which is a lot of fields. Then, you add 0..n Images (which you upload just then). Then, 0..n Organs (as in music), either from a list of existing ones, or you can add one on the fly. Then, optionally, Ensembles (dito); and then you finally get to review your data and finalize the Transaction. All this should be on a wizard-like form, with multiple steps/pages.
Editing a venue is pretty much the same, except the data is already there. So the record and all associated records get copied as needed, with a reference to the original.
Then, the admin can either approve your Transaction and merge your changes into the DB, or deny it and delete the Transaction and all associated rows.
The problems start with getting everything wizard-like. There is a FormWizard component, but that seems to randomly overwrite or clear $this->data. I don’t know what to do with my data when I hit the ‘add 0..n images’ step, or when adding organs or ensembles. I have no clue what “the Cake way” would be here, since all examples I can find are rather simplistic with only a few fields, all on one page, and at most one relation (which always fits a select box).
Can any cake baker out there help me get back on track before I lose my mind?
18 Apr, 07
Matt Mullenweg on wp-hackers:
Let’s create a 2.2 branch and start removing the current tagging
implementation. I’ll announce on my blog that 2.2 will be delayed.
So, fear not, ye UTW users. There shall be no tagging in 2.2.
The discussion has been lively to say the least.
Update: Demolition!
Update: Official Announcement
01 Apr, 07
I kid, I kid. I have no intention of changing operating systems, at least until Linux finally is ready for the Deskop.
Plan 9 still is nice, though!
Much is foul in the state of computing today. Proprietary software is used throughout the industry as well as on the majority of personal computers. The promised Linux Desktop revolution, announced since years, has not happened so far, and people are beginning to doubt it ever will happen.
This madness must end.
No longer can we use proprietary software! Be it the proprietary operating system we use, or closed source drivers, protocols that are neither open nor standardized, or even embedded firmware in devices.
No longer must people get away with “I use Mac OS X because it’s userfriendly”, when large parts of their OS are completely closed and locking them in.
No longer can “Well, I use Windows XP, but it’s ok, I run Cygwin under it!” be tolerated, lest we all lose our GNU-given freedom.
No longer can we just watch the proliferation of patents, software or otherwise, spreading like a cancer and trying to smother our liberty.
We must stand up and fight! We must retake our freedom! We can not stand and watch as the walls grow closer, not wait until they suffocate us!
Today I’m doing the first step towards my personal free software freedom. And this freedom can not, it must not depend only on some license, or development model considerations. Licenses are manmade. The Tao of Operating Systems is bigger than that.
I’m switching to an Operating System that is pure in itself, whose radiant beauty enlightens the galaxy of computing. One which treats all resources equally, in its infinite wisdom. One which uses the only true encoding - UTF-8 - everywhere. One whose name is funny, and not some ego boosting thing (say what, Linus?).
UNIX may be dying. BSD may be dead. But from the ashes of sockets and ioctl rose the phoenix that is Plan 9.
Replacing a tried-and-true installation of Windows XP with an equally able setup of Plan 9 is easy. You just install Plan 9 — there is no need to bother with backups, partitioning, or selecting packages. After an installation procedure taking some twenty minutes, you reboot into a new, blissful existence. Plan 9 is the Tao, and the Tao is Plan 9.
I want to take this opportunity to ask everyone of you, my readers, to get yourself a Plan 9 installation/live CD. In the month of April, set yourself the task of converting at least five computers from a proprietary, egoistically named, or user-friendly Operating System to the salvation that is Plan 9. Do not try to reason with the unbelievers you encounter, for you will encounter them, and they shall not be swayed from the path of darkness. Only through force can you rescue them from this downward spiral, the lefthand path, the path of usable systems and working devices. By the sword you shall spread the righteousness and glory of the path of light. Plan 9 is the Tao, and the Tao is Plan 9.
Go forth, and spread it.
Remember: The open source zealot’s blood is the seed of Freedom’s tree. This is madness, you say? Madness? This is Plan 9!
Screenshots of my new Plan 9 system will follow as soon as I get my screenshot file working.
Plan 9 is the Tao, and the Tao is Plan 9.
02 Mar, 07
Update: The announcement is out. The important part is:
[…] a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file […]
Nothing in the Subversion repository was touched, so if you upgrade and maintain your blog via SVN there is no chance you downloaded the corrupted release file.
This is the kind of thing you don’t want to happen to anyone.
Kudos to the WordPress guys for their quick reaction.
Original entry below.
The following mail was just posted to the WordPress mailing lists, as a reaction to this security advisory. There are multiple XSS vulnerabilities in WordPress <= 2.1.1 — inserted by a cracker — and an upgrade is urgently recommended.
Subject: Upgrade to 2.1.2
From: Matt Mullenweg m at mullenweg.com
Date: Fri Mar 2 19:41:35 GMT 2007
Hello everyone.
If anyone is running 2.1.1, or knows someone who is, I would recommend
upgrading to 2.1.2 as soon as possible. It is now available at
http://wordpress.org/download/
The md5 of the tar.gz is b1ae0c152e60300cba8c40c030baafd4.
No announcement quite yet, but coming soon. Thanks for your help.
Read the full announcement on wordpress.org.
11 Jan, 07
The add-meta-tags WordPress plugin broke my WordPress 2.1 alpha site in more ways than one.
Update: Version 0.7 is out with fixes.
Anyway, here’s a (quick and dirty) patch against 0.6 to fix things.
--- add-meta-tags.php.old 2007-01-10 13:14:40.000000000 +0100
+++ add-meta-tags.php 2007-01-11 04:03:26.466994857 +0100
@@ -148,6 +148,7 @@
function amt_clean_desc($desc) {
// This is a filter for the description metatag text
+ $desc = stripslashes($desc);
$desc = strip_tags($desc);
$desc = htmlspecialchars($desc);
$desc = preg_replace('/(\n+)/', ' ', $desc);
@@ -218,10 +219,9 @@
if ( empty($site_keywords) ) {
// If $site_keywords is empty, then all the blog's categories are added as keywords
$my_metatags .= "\n<meta name=\"keywords\" content=\"";
- $all_cats = strip_tags(list_cats(FALSE, '', 'name', 'asc', '', FALSE, FALSE, FALSE, TRUE, FALSE,
TRUE, '', '', TRUE, '', '', ''));
- $all_cats_arr = explode("\n", $all_cats);
+ $all_cats_arr = get_categories();
foreach ($all_cats_arr as $cat) {
- $my_metatags .= strtolower(trim($cat)) . ', ';
+ $my_metatags .= strtolower(trim($cat->category_nicename)) . ', ';
}
$my_metatags = rtrim($my_metatags, " ,\n") . "\" />\n";
} else {
If you don’t have patch available, here’s the changed file (rename to .php).
I’m not quite sure whether the stripslashes is good there of if the bug comes from the admin panel, but frankly, I don’t care. I have other things to do.
10 Jan, 07
Habari is a new blogging platform being developed by
a number of well known people, some of which are fed up with open source, others just looking for new challenges.
The thing about Habari is that is starts from scratch, and today. That means it doesn’t have to worry about a lot of existing legacy code and thus, downward compatibility. It is also being designed from the grounds up, using the latest available technology. Heck, it’s full OOP! It abstracts database access! You can plug in different theme engines (and, of course, there are plugins). In short, it could easily be the greatest thing since pressed words.
I wrote my first patches against Habari trunk today, one fixing a locale bug and making basic i18n work, the other mostly style changes. How could I resist joining the development frenzy!
Find me in the habari-dev group and on the Habari IRC channel, #habari on irc.freenode.net.
06 Jan, 07
[langen]
[/langen]
[langde]
[/langde]
I’m looking for a Firefox extension that marks the boundaries of the previous viewport after scrolling, e.g. in most cases, a horizontal bar that, when you scroll down, signals where the bottom of the previously visible screen was.
Does something like that exist, or does anyone have an idea how that could be achieved using only JavaScript? I would be willing to create an extension or userscript but … nevermind, I just thought of something. Stay tuned.
Update: It is done. Enter Reader Bar 0.2, available in userscript and bookmarklet flavours.
15 Dec, 06
Twaingle is a tool that allows you to search for images on flickr or yahoo and insert them directly into an application.
Where ‘application’ means ‘anything TWAIN-aware’. TWAINgle installs itself into the system (Windows XP only at the moment) as a TWAIN driver. Thus, all applications that have an option to “scan” images via TWAIN become web-enabled instantly. And how!
23 Nov, 06
Internet Explorer habla Español. Apparently Microsoft mixed up the binaries. ;)
22 Nov, 06
Mozilla today made bug #360493 public. It describes an attack using cross-site forms and a security flaw in the Firefox Password Manager to read stored passwords for a different site. There is a proof of concept that demonstrates that the bug can even be abused without any hint to the user - the form need not be visible for the auto-fill of the credentials to work, and Firefox does not even give a warning.
The type of attack has been coined a Reverse Cross-Site Request (RCSR).
As of the time of this post, there is no fix available. However, a possible workaround is to set a Master Password and use the Master Password Timeout extension with a very short timeout. One can also disable the password manager altogether.
The bug existed since at least Firefox 1.5. Also, similar bugs seem to exist in at least IE 6 and 7, but Microsoft say they’re working on a fix.
