2718.us blog » Web Programming http://2718.us/blog Miscellaneous Technological Geekery Tue, 18 May 2010 02:42:55 +0000 en hourly 1 http://wordpress.org/?v=3.0.4 StartSSL: Free/Cheap SSL Certificates http://2718.us/blog/2009/11/03/startssl-freecheap-ssl-certificates/ http://2718.us/blog/2009/11/03/startssl-freecheap-ssl-certificates/#comments Tue, 03 Nov 2009 09:11:50 +0000 2718.us http://2718.us/blog/?p=198 StartCom is the certificate authority providing StartSSL certificates: unlimited 1-year domain-validated single-site SSL certificates for free (“Class 1″); unlimited 2-year domain-validated single-site, UCC, or wildcard certificates after paying $39.90 to further validate your account (“Class 2,” which necessitated photo IDs and a phone call, and is good for 1 year); 2-year EV certificates for $149.90 (I have no idea if this is a good price or not, as I have no use for an EV certificate right now).  The “Class 1″ and “Class 2″ SSL certificates, both 1- and 2-year, both single-site and wildcard are chained certificates, requiring an intermediate certificate, but the underlying root certificate was included in FF3.5, Chrome, Safari4, and IE6 (these are the browsers to which I have easy access for testing).  I wasn’t able to find a proper comprehensive list of who’s root certificates are included in which versions of what browsers (if anyone can point me to such a list, I’d be grateful).

$39.90 for unlimited 2-year wildcard certs is a whole heck of a lot cheaper than anything else I’ve seen.  In fact, that’s not much off of what I’d been paying for 2 years of a single-site certificate, having done a lot of comparison-shopping.  And it’s really hard to beat free for single-site certificates.  It’s an easy replacement for self-signed certificates at the same price.

]]>
http://2718.us/blog/2009/11/03/startssl-freecheap-ssl-certificates/feed/ 1
Improving Your Vim-Fu http://2718.us/blog/2009/02/25/improving-your-vim-fu/ http://2718.us/blog/2009/02/25/improving-your-vim-fu/#comments Thu, 26 Feb 2009 01:18:43 +0000 2718.us http://2718.us/blog/?p=134 Efficient Editing With vim

This tutorial assumes a basic knowledge of vim — insert mode, command mode, loading and saving files, etc. It is intended to help vi novices develop their skills so that they can use vi efficiently.

(Posted mostly for my own reference, though I thought it might be of use to anyone else who wants to improve their use of vim.)

]]>
http://2718.us/blog/2009/02/25/improving-your-vim-fu/feed/ 0
Text Editors http://2718.us/blog/2008/11/12/text-editors/ http://2718.us/blog/2008/11/12/text-editors/#comments Wed, 12 Nov 2008 20:44:32 +0000 2718.us http://2718.us/blog/?p=113 When I was first learning structured programming, I used an IDE (TurboPascal).  Since then, I have rarely used an IDE outside of specialized language development environments like VisualBASIC.  Mostly, I use a text editor that I link up with a good sftp program to edit remotely or that I use in conjunction with subversion.  For a long time, when I was still programming heavily on PCs, I used TextPad.  It’s probably still toward the top of my list, but it’s been so long since I used a PC as one of my primary machines that it’s hard for me to know.

The lack of TextPad for mac has left me searching, on and off, almost constantly for the “right” mac text editor.  Most of the time now, that search leaves me right back at Komodo Edit, the free cross-platform text editor built on Gecko and Scintilla that I’ve been using for a logn time now.  Every other major editor just seems to be missing something I’ve come to really like in Komodo Edit, even as slow and clumsy as the interface can be sometimes.

I really wanted to like BBEdit, TextWranger, TextMate, skEdit, subEthaEdit, Coda, etc., but none of them seemed to have the simplicity of code-completion (including variable and constant name completion) and intelligent code auto-indenting that Komodo Edit does.  I wanted to like the integration of various resources in Coda, but having the reference materials in the one program versus in a web browser window over on that second monitor there just didn’t seem to make enough of a difference.  I wanted to think that having an editor that could do sftp and subversion was worthwhile, but it just didn’t seem to matter to my workflow.

It’s been so long since I’ve been away from TextPad that I’m not sure even it would compare to Komodo Edit.  Of course, the one tool that is poised at any moment to start eating into Komodo Edit’s share of my use time is MacVim (this is apparently a new port of vim).  Vi/vim is so unbelievably powerful… and so much more my style than Emacs.  Vi has been my text editor of choice at the command line for about a decade or so now.  See also Why, oh WHY, do those #?@! nutheads use vi? and the two graphics below.

Learning Curves

Real Programmers

]]>
http://2718.us/blog/2008/11/12/text-editors/feed/ 0
Statistics on LiveJournal-based Sites v2.0 http://2718.us/blog/2008/10/22/statistics-on-livejournal-based-sites-v20/ http://2718.us/blog/2008/10/22/statistics-on-livejournal-based-sites-v20/#comments Wed, 22 Oct 2008 18:05:39 +0000 2718.us http://2718.us/blog/?p=111 The reworking of my site that shows comparative statistics on every site based on the code from LiveJournal is now up and live and at a new URL:  http://lj-stat.2718.us/.  Moreover, there are now graphs of the data over time.  The data is updated at noon and midnight central time (U.S.).

One of the things that took the most work to get right was the thickness of the graph lines.  Because of the nature of the graphs, it was an absolute necessity that the lines be drawn with antialiasing enabled.  PHP’s interface to GD (or perhaps it’s GD itself?) ignores the line thickness setting when antialiasing is enabled.  The solution I eventually settled on is to, more or less, draw several one-pixel-wide lines next to and on top of one another to get the appearance of a thicker line.

As an aside, I’m using the technique mentioned here for permanently redirecting the old URL to the new URL:

… if you actually moved something to a new location (forever) use:

<?php
 header("HTTP/1.1 301 Moved Permanently");
 header("Location: http://example.org/foo");
?>
]]>
http://2718.us/blog/2008/10/22/statistics-on-livejournal-based-sites-v20/feed/ 0
An Overhaul of LJ-Stat http://2718.us/blog/2008/10/12/an-overhaul-of-lj-stat/ http://2718.us/blog/2008/10/12/an-overhaul-of-lj-stat/#comments Sun, 12 Oct 2008 12:03:44 +0000 2718.us http://2718.us/blog/?p=108 I’m currently working on an overhaul of LJ-Stat.

It looks like there’s some issue in using curl_multi_exec() in PHP with too many requests at once causing some requests to fail strangely, potentially accounting for the lack of data from several sites that are clearly not down and clearly provide stats.txt.  My current workaround is to do the requests in smaller blocks.

I’m also trying to provide more detail as to why there aren’t stats for the sites that don’t have stats.

But the biggest development is that there will probably be graphs of the data over time.  I say “probably” because while the code is pretty much written, I’ve only been storing historical data for about a day so far (in the past, only the most recent data was kept), so it’s hard to tell whether the graphs will look okay with a lot of data and whether producing the graphs will put a significant load on the server.  The data will probably update more regularly and more frequently–likely noon and midnight CT.

Also, if anyone knows for sure if Bloty, IziBlog, and/or LiveLogCity are still alive or definitively dead, I’d like to know.  Oh, and CommieJournal seems to be looking at the posibility of moving to a different codebase, though I can’t for the life of me see why anyone would want to try to move thousands of accounts from the LJ codebase to something incompatible and with a different working paradigm.

]]>
http://2718.us/blog/2008/10/12/an-overhaul-of-lj-stat/feed/ 0
A Variety of Issues with Pseudo-Random Numbers in PHP http://2718.us/blog/2008/08/31/a-variety-of-issues-with-pseudo-random-numbers-in-php/ http://2718.us/blog/2008/08/31/a-variety-of-issues-with-pseudo-random-numbers-in-php/#comments Mon, 01 Sep 2008 01:10:22 +0000 2718.us http://2718.us/blog/?p=106 It appears that there are now demonstrated exploits of PHP apps that use mt_rand() and/or rand() as a result of issues of seeding in one application affecting the PRNG stream in another application that used the PRNG to generate passwords or similar such things.  From mt_srand and not so random numbers:

… it is strongly recommended for the PHP developers to add more secure random number functions to the PHP core and it is strongly recommended for PHP application developers to keep their fingers away from srand() or mt_srand() and to never ever use rand() or mt_rand() for cryptographic secrets.

It sounds like the PRNGs in PHP, mt_rand() and rand(), shouldn’t be used for anything security-related, and perhaps /dev/random or /dev/srandom or some such should be used instead (though this is much more system-dependent).

]]>
http://2718.us/blog/2008/08/31/a-variety-of-issues-with-pseudo-random-numbers-in-php/feed/ 0
WordPress 2.6 + bbPress 0.9.0.2 http://2718.us/blog/2008/08/16/wordpress-26-bbpress-0902/ http://2718.us/blog/2008/08/16/wordpress-26-bbpress-0902/#comments Sat, 16 Aug 2008 23:48:33 +0000 2718.us http://2718.us/blog/?p=93 In case anyone was still curious following my previous headache post, it is possible to integrate WP2.6 and bbPress 0.9.0.2.  I say “possible” because while I’ve got it working as far as I can tell (without having modified core code in either WP or bbP), I haven’t really tested it and it’s a mess.  More or less, a specially-crafted plugin for WP plus a specially-crafted plugin for bbP got me nearly there.  The one hangup was the login cookie (the new one that is at the root of the site), which while my bbPress plugin seemed to be duplicating it, WP didn’t want to recognize it (I couldn’t find any difference between the cookie set by my bbP plugin and the one set by WP, but WP didn’t like mine anyway).  I got around this by bypassing the bbP login mechanism entirely and using the WP login with a redirect back to bbPress.

Of course, it’s also annoying that while there’s a set_auth_cookie action hook, there’s no clear_auth_cookie, so my plugins had to override the clear_auth_cookie function wholesale rather than hooking into it as they do with set_auth_cookie.

If you have some twisted desire to make this unholy integration that I now seem to have working and would like some of my code, leave me a comment.

]]>
http://2718.us/blog/2008/08/16/wordpress-26-bbpress-0902/feed/ 3
WordPress 2.6 is Giving Me a Headache http://2718.us/blog/2008/08/03/wordpress-26-is-giving-me-a-headache/ http://2718.us/blog/2008/08/03/wordpress-26-is-giving-me-a-headache/#comments Mon, 04 Aug 2008 03:30:08 +0000 2718.us http://2718.us/blog/?p=89 Now, I’m really big on *not* complaining about new versions of things and I especially dislike the practice of complaining about how a new version of WordPress broke some plugin that is of dire importance to someone’s website, but WordPress 2.6 is starting to give me a headache.  I’ve already posted thrice about issues with integrating an external site into WP2.6′s user authentication.  Honestly, I consider that to be my own problem to solve and not WP’s fault, since I’m hooking into WP in a way that wasn’t intended, so I have no right to expect them to preserve my ability to (mis)use it.

However, I just came across this in the bbPress forums:

As of July 2008, do NOT try to integrate WordPress 2.6 with bbPress 0.9 Use WP 2.5.1 – the reason for this is simple – WordPress has radically changed the way cookies are used. If you have already installed WP 2.6, don’t worry you have not broken anything, you’ll just need to downgrade and install 2.5 instead. 2.5.1 is perfectly stable and has no known security issues – 2.6 only adds a few new features to WP. There is an updated version of bbPress in the works to support the new cookie method but it might be awhile before it’s available in a mainstream release.

Now, ostensibly, WP and bbPress are coming from the same people/place/company/organization/whatever, so I think I should be able to expect the one to work with the other and to *not* have the left hand tell me to ignore what the right hand is doing.  This is almost enough (*almost*) to make me give up on trying to piece together a decent way to hook into the is_user_logged_in() thing for the non-WP part of the WP-based site I’m working on, since the bbPress part of the site won’t work even if I do fix the non-WP part of the site.

]]>
http://2718.us/blog/2008/08/03/wordpress-26-is-giving-me-a-headache/feed/ 1
Authenticating with WordPress 2.6 (part 3) http://2718.us/blog/2008/08/03/authenticating-with-wordpress-26-part-3/ http://2718.us/blog/2008/08/03/authenticating-with-wordpress-26-part-3/#comments Sun, 03 Aug 2008 23:55:48 +0000 2718.us http://2718.us/blog/?p=82 So, as a followup to parts 1 and 2, per WordPress Trac ticket #7001, WordPress 2.6 has split up the login cookies into three parts:

  • what was the one and only login cookie in 2.5 is now limited to /wp-admin
  • there’s a copy of that one that’s just limited to /wp-content/plugins, for backward compatibility with plugins
  • there’s a new cookie that is at COOKIEPATH (which can be defined in your config file), that is checked by calling
    is_user_logged_in()

    (but perhaps this isn’t intended for secure authorization?)

So, it appears the way to go may be to change

auth_redirect()

to

  1. if (!is_user_logged_in()) auth_redirect();

Maybe more to follow on this when I’ve more thoroughly explored it.

]]>
http://2718.us/blog/2008/08/03/authenticating-with-wordpress-26-part-3/feed/ 8
A List Apart Survey http://2718.us/blog/2008/07/30/a-list-apart-survey/ http://2718.us/blog/2008/07/30/a-list-apart-survey/#comments Wed, 30 Jul 2008 15:52:49 +0000 2718.us http://2718.us/blog/?p=72 A List Apart is probably one of my favorite sites about web design.  Their 2008 survey of web professionals is running now.

]]>
http://2718.us/blog/2008/07/30/a-list-apart-survey/feed/ 1