Saturday, August 11, 2007

Leaking PHP all over the place... don't they have a pill for that?

Facebook has a code leak, or at least it did for several hours due to a server being misconfigured. Facebook, like a lot of other Web 2.0 sites use PHP. PHP not being a compiled language sits in source code form on the server waiting to be interpreted instead of executed like the output of other languages (C++ for example)... which means that if you can get the web server to not interpret the code before serving it or you can get into the web root by some other means outside the the web server (FTP, remote terminal, etc.), you can view all the source code.... the "secret sauce" is out!

Luckily, there are some simple rules of thumb and settings that can stop this from happening. A good blog post to read on the subject was written by Nic Cubrilovic over at his blog.

Some folks have done a quick critique on the released code. For me personally, it's nice to get confirmation that a big site like Facebook is also using the Smarty template engine. They don't seem to be as object oriented as my code though... I wonder if this is intentional, for speed perhaps, or just a legacy framework that never was updated?

Don't let PHP leakage happen to you.

Sunday, August 5, 2007

The correct way to embed Adobe Flash in your web page... again

I previously posted about a neat little JavaScript library called SWFObject. This wonderful little library easily gets you around the Internet Explorer activation control issue. In doing some work for Company X, I found that though SWFObject works under normal conditions, it didn't seem to work when made part of our larger JavaScript framework. I suspect it has something to do with doing DOM modifications after the page has rendered. I looked around and found another library, UFO.

UFO stands for Unobtrusive Flash Objects and is another free (under the creative commons GNU LGPL license) JavaScript library for embedding Flash in web pages. It seems to be well supported (currently it's on version 3.22) and it's just as flexible and easy to use as SWFObject. It's slightly larger that SWFObject, so my advice is to choose the one that works best for your project. My thanks to UFO's author, Bobby van der Sluis, and his employer Refunk for allowing him to work on it during work hours!

Flash Activation Workaround (UFO): $0

Total cost of project to date: $59.99

Friday, August 3, 2007

No trip to San Francisco this year.

The email came in at 7pm... I knew it would... I was not selected to present at TechCrunch20. I do love San Francisco, Kitten and I fell in love there. It really would have been grand.

I'm not quite ready to let the cat out of the bag as to what exactly I'm building, but here are a few questions and answers from my "Presenting Company Submission Form":

Company name:
Web site:
Date founded: June 21, 2007
Number of employees: 2 (me and Kitten)
Money raised to date / investors: $0

Was I too honest? Did my application really get through to Heather? Was my penmanship too sloppy? Too bad I didn't get any feedback from the judges.... I'm sure MC Hammer is a busy guy.

I was, along with all the other non-finalists, offered to demo at the "Start-Up DemoPit" if I shelled out $1247.50 for two tickets to the conference. I've only spent $59.99 on this project so far, so I'm not ready to drop that kind of dough quite yet. Maybe next year, if I haven't already sold for ONE BILLION DOLLARS (stop laughing, it could happen).