Putting PHP to work for the people.
Jun 26, 2011:
Jul 09, 2007:
Issue the command "trac-admin /path/to/projenv resync", and that should fix your borked database.
Trac is a great project, but it took me too long to track down this simple fix to an annoying bug.
Jun 19, 2007:scrap-blogging software at http://chxor.chxo.com. I don't think anyone actually follows this feed, but in case you do, you should follow that one for a while.
First impressions? Easier and funner than your real blog.
Apr 12, 2007:
You go to commit changes to your working copy, and svn responds with:
svn: The version resource does not correspond to the resource within the transaction. Either the requested version resource is out of date (needs to be updated), or the requested version resource is newer than the transaction root (restart the commit).
You follow the standard advice, which is to update your working copy using svn up. But nothing is out of date!
Arrrrgh! Can't commit!!!
You can do the following, but I don't know all the consequences of doing this so DON'T BLAME ME if you lose important local properties in your repository. I can say this has not hosed any of my working copies yet.
1) Go to the directory in your working copy that contains the problem file.
2) Delete .svn/all-wcprops from there.
That's it. Commit and be happy.
let w = img.width;
let h = img.height;
return [w, h];
[width, height] = size($('image25'));
Seems simple, why am I excited? Because it *is* simple, and we haven't been able to do it gracefully before.
Feb 12, 2007:
Most servers have already been updated, but since you definitely want to check, here's the command to do so:tzdump -v /etc/localtime | grep 2007That should print out a list that confirms that DST is set to begin on March 11, and end on Nov. 4.
If it doesn't, well I suppose you need to get an updated tzdata package, or a patched zoneinfo file for your timezone. Ask your sysadmin.
Jan 29, 2007:safe_html.php, your favorite HTML sanitizer has been updated to version 0.6.
His exploit embedded XSS code in such a way that when some tags were stripped by safe_html(), the exploit became active. Recombination attacks like that inspired safe_html() in the first place, so fixing the problem was straightforward: after stripping the tags, we check again for any obvious exploit attempts, and strip *everything* if found.
Remember, if you use safe_html.php or any other CHXO software, you should subscribe to our Announcements List to be informed of critical updates such as this one.
Jan 24, 2007:Trac to manage open source projects at work. It has a nifty plugin that allows you to mix in Doxygen-generated API documentation.
Trac, being rendered by mod_python, doesn't append a trailing slash to requests. But Doxygen assumes the trailing slash is there. How to fix?
<LocationMatch /doxygen$>Works like a charm.
Redirect permanent /doxygen http://trac.example.org/doxygen/
Jan 18, 2007:
Jan 14, 2007:
Of course, some of the top-tier ISPs, and I'll single out the SBC/AT&T/Cingular megaplex since they're the subject of some controversy among alpha-geeks right now, want to be able to charge more for some packets.
Specifically, they want to charge more for packets containing commercial content, on the basis that those packets are somehow more valuable than all of the others.
In exchange for this predatory business practice they seem willing to forgo the protections afforded to "common carriers," exposing their shareholders to liability for any fraudulent of illegal packets sent over their networks. In other words, if they transmit packets used in the commission of a crime, they could be held accountable.
And the first time that happens, guess whose packets they will no longer consent to carry? That's right: yours and mine. The end of net neutrality will make it impossible for ISPs to allow the common man and woman to connect to the Internet as a peer. For that matter, it will make it impossible for them to transmit any email, considering the number of scams being perpetrated by the second in that medium alone.
Unless there are viable non-commercial alternatives, of course! As freedom lawyer Lawrence Lessig reminds us, cooperatives can accomplish amazing feats of transparent engineering when motivated by need. And not being able to send and receive email would qualify as a pretty big need.
The Internet as we know it may become a locked-down, commercialized, sanitized, rights-managed toll-road. But there are tens of millions of users who will choose to opt out of the commercial networks and forge ahead with a true network of peers. Just like the old days.
We can do it the hard way, on our own and with limited connectivity and bandwidth (think BBS), or we can convince our city and state governments to spend some fraction of a percent of our taxes to ensure that we all get a free and open internet, supplied by a common carrier.
So let AT&T charge as much as it wants for its pipes, and the sooner the better. When only MSN can afford to send content to AT&T subscribers, there will be exactly 5 subscribers left. Everyone else will be watching YouTube on the muni-net.
Jan 11, 2007:Bruce Schneier is recommending mixed-case "first letter of each word in a sentence" (Floewias), with mixed-in numbers, rather than the usual word-plus-appendage approach.
The article also provides a good summary of why web applications, when not exposing XSS or other flaws, can be much harder to break into. There's no way, at least with my slow servers, that a program could make 900 guesses per second against my accounts.
Also, remote applications can tarpit or firewall chronic guessers, something desktop apps can't do.
Oct 27, 2006:Firefox takes away a very important feature for Mac OS X users: long-click context menus.
See, Mac laptops have only one button, which means that if you want to see right-click context menus (to open a link in a new tab, for instance) you need to use two hands and Ctrl-Click. One of the many great features of Firefox 1.x is that, for OSX, if you held down the mouse button for more than a second, the context menu would just appear.
The Fix! Hooray! You can enable long-click context menus using the about:config screen.
The key is ui.click_hold_context_menus. Set it to true and you'll be one-hand surfing again in no time!
Sep 21, 2006:
Says support: Ye'll get no support from the likes of me fer that, arrrrr.
That's okay. Linux supports itself. Here's a step-by-step (in German) for installing vanilla Debian on a Virtuozzo guest.
Tiefe Abneigung gegenüber Plesk, indeed. Rock on, DanielD.
Clever, because the visited link behavior is old-school and seems safe enough, but it's actually leaking private information about your browsing habits.
Aug 21, 2006:
Aug 21 12:56:11 dey kernel: rtc: lost some interrupts at 2048Hz.VMWare is being a little too aggressive about checking the clock.
Aug 21 12:56:42 dey last message repeated 1528 times
Aug 21 12:57:43 dey last message repeated 3050 times
Aug 21 12:58:44 dey last message repeated 3050 times
I'm sure there are better ways to fix this, but the VMWare Timekeeping Manual recommends the following workaround for Guest OSes where exact timekeeping isn't necessary:
You can prevent /dev/rtc from being used. This will generally cause clocks to run slowAdded that line to /etc/vmware/config, called /etc/init.d/vmware restart, and the messages disappeared.
in any virtual machines you have that need the additional interrupts, but that may be
acceptable to you, depending on your application. To do so, add the following setting to
each virtual machine's .vmx configuration file, or add the setting globally to the host's
configuration file (/etc/vmware/config):
host.useFastClock = FALSE
Update: As pointed out here, you can also fix the problem (rather than just ignoring it as I did) by building a custom kernel with HPET_EMULATE_RTC.
I don't use VMWare anymore, but if you do, you should definitely take the time to grok the High-Precision Event Timer and the various kernel options related to it.
There will also be a php.ini setting to set the httpOnly flag on session cookies, which is where it is needed most.
Right now, httpOnly is an MSIE thing, supported by IE6.5 (and presumably 7). Other browsers are working on it.
Jul 27, 2006:Pro PHP Security, which I co-authored with Mike Southwell, was reviewed on Slashdot.
Pro PHP Security is arguably the most comprehensive PHP security book available, and is highly recommended to any developer or administrator of a PHP-based Web site.Wow, that's exactly what we set out to do. Yay!
Jun 20, 2006:The Snook Chart has all the objects/methods as a cheat sheet (though not the arguments or what types are returned, grr...)
Opereira's Notes are still by far the best everyday reference.
And for filling in the rest (that is, everything that isn't Prototype), I can't recommend Krook's DOM Doc enough.
That's the update.
May 12, 2006:Bootcamp, you need to sell Windows XP Home Licenses in the Apple Store.
I have several copies of this fine software in the family, so all I need is another key, and I'll have myself a nice little gaming rig or "business" workstation.
If I could buy it from you, I would... you know, to support the cause.
Apr 24, 2006:http://www.krook.org/jsdom/
Best. API doc. Ever.*
*until someone does the same thing for Prototype
Apr 11, 2006:csej (Cross-Site Evilness with JSON) makes a good point about the potential for abuse that can occur in the following situation:
1) You are logged into a private, AJAX-enabled site in one tab
2) You visit a bad guy in another tab
Traditionally, the bad guy could cause your browser to make an authenticated request to the private site, but the content of the response would not be visible to his script, because it would be in an iframe.
I'd like to see a demo to prove that xmlHttpRequest() will send the session cookie for the private site with a request that originated on a page controlled by bad guy.
There is no "official" documentation, and unless you're fully clued in to the Prototype way of doing things (apparently Rails gurus have an advantage), it can take a while to find your way around.
If you liked jordan's writeup, then read the entire source of prototype.js. I didn't understand half of it the first time through, but it was incredibly helpful to work through those bits and recognize patterns.
If you want a good review of important concepts, Particletree's Quick Guide should be on your list.
And finally, for a comprehensive reference to use while coding, tag Serio Pereira's Using Prototype.js 1.4.0.
Apr 06, 2006:
If more people start using OSX, we (web developers) can finally be free of ActiveX, MSHTML, and all the other dreck that comes with the big blue e, in all its guises.
So here's a hint to everyone who buys Mactel in the next few years: that Firefox thing is available no matter what OS you're using.
Mar 15, 2006:
Rather than duplicate the system for the unix servers I manage, I've been writing my backups to a share on the Windows system, and they get backed up and archived with everything else.
But because the share is NTFS, I have to make a really nasty choice: preserve unix permissions and file times by using archives (which backup everything every night) or use rsync to only backup what's changed, but loose all the file metadata thanks to Windows' brain-dead filesystem.
Additionally, the share that I'm writing to has a 2GB filesize limit, which seems to preclude the use of tar altogether, since full backups are at 6GB and growing for our media server.
But then I discovered that GNU tar can do incremental backups! And there is a handy unix utility called split which will break files (or standard input) into conveniently-sized chunks.
Here, then, is how I solved my backup dillemma: incremental tar piped to split.
Mar 01, 2006:Newsnight was apparently deluged with email when they suggested that using BitTorrent implies theft. Producer Adam Livingstone responded with an apology, and then sought to elaborate on what the segment was trying to say.
Of interest to me is that, in response to ISPs' use of traffic shaping to throttle BitTorrent transfer (30% of all internet traffic yadda yadda yadda), BT clients now use an encrypted channel, effectively eliminating the kind of analysis required for traffic shaping. The capital-F Fear is that with all that encrypted data flying around, it is now even easier for bad guys to hide their evil plottings.
Hah. I have at least five things to say in response.
First of all, bravo to BT client authors for finally protecting our privacy. It's about time those streams were encrypted, I always assumed they were.
Second, if you're spying on people, watching internet traffic is a horrible way to try to do it. Internet packets are forgeable, reroutable, and ephemeral. Any judge who would allow a felony conviction based on internet packet capture needs an education in how this stuff really works.
Third, BitTorrent may make up 30% of all internet traffic, but BT is designed to move content through the edges of the network rather than from a single point in the center. BT clients are constantly optimizing the download so that packets are sent across the fewest hops possible.
The 30% number is likely bogus, but even if you took it at face value, the right way to phrase it is that 30% of all internet traffic is now being efficiently served from peers rather than being forced through the internet backbone. ISPs should be encouraging this kind of use!
Fourth, the network is much more robust than we think it is. There are millions of miles of dark fiber (in America, at least). There are extremely competent people running the show behind the CEOs backs. TCP/IP can cope with massive demand, even at version 4.
Fifth, and finally, do we really live in an age when, five years after a content distribution technology as nearly perfect as BitTorrent is introduced, the major content producers in our society still haven't figured out that they could be using it to their advantage? Is the management at Disney, Viacom, News Corp, et al really this brain dead? And if so, why does their stock still trade?
It's not that difficult. I should charge your media company hundreds of thousands of dollars for this advice, but I'm a softie and you guys are just pathetic, so here it is for free:
Release your own BitTorrents. In stereo HD. With advertisements. For free, without DRM. Publish the torrent files on your show's website.
It will cost you nothing. It will put an end to pirated versions. You will know how many people downloaded based on click. You can tell advertisers that their ads will be on the harddrives of hundreds of millions of viewers around the world.
Most of all, your audience will think that you actually appreciate and respect them.
Or you can bitch about illegal downloading and piracy (arrrr!) and how BitTorrent is going to crash teh internets, and watch as people desert your shows in droves.
Feb 19, 2006:
Feb 16, 2006:
I've been using this excellent little editor (which is like pico but available without pine) since 1999. I didn't know until just now that Ctl-\ intiates search and replace. How embarassing...
...but _very_ good to know.
Feb 14, 2006:this Slashdot post to be extremely informative, and I'll be happy to admit that it even taught me a few new tricks (like, it never occured to me (not being a C coder) to edit /bin/sh so that "nobody's" userid was locked out).
But I have to take issue with the "tired of people getting rich writing books making hype about what (should be) a very trivial issue" thing at the end. Utter bullshit. It only seems like a trivial issue once you master all of the concepts involved, and by then you'll be far more valuable as a sysadmin than a PHP coder.
Someone has to write about this stuff, otherwise how are the rest of us supposed to find out how to do it?
Jan 28, 2006:
how to save export settings from the QuickTime (Pro) Player.
Combine that with some folder actions or an Automator droplet (or just the command line), and you can make your own video processing robot.