Facebook has a code leak, or at least it did for several hours due to a server being misconfigured. Facebook, like a lot of other Web 2.0 sites use PHP. PHP not being a compiled language sits in source code form on the server waiting to be interpreted instead of executed like the output of other languages (C++ for example)... which means that if you can get the web server to not interpret the code before serving it or you can get into the web root by some other means outside the the web server (FTP, remote terminal, etc.), you can view all the source code.... the "secret sauce" is out!
Luckily, there are some simple rules of thumb and settings that can stop this from happening. A good blog post to read on the subject was written by Nic Cubrilovic over at his blog.
Some folks have done a quick critique on the released code. For me personally, it's nice to get confirmation that a big site like Facebook is also using the Smarty template engine. They don't seem to be as object oriented as my code though... I wonder if this is intentional, for speed perhaps, or just a legacy framework that never was updated?
Don't let PHP leakage happen to you.
Saturday, August 11, 2007
Sunday, August 5, 2007
The correct way to embed Adobe Flash in your web page... again
I previously posted about a neat little JavaScript library called SWFObject. This wonderful little library easily gets you around the Internet Explorer activation control issue. In doing some work for Company X, I found that though SWFObject works under normal conditions, it didn't seem to work when made part of our larger JavaScript framework. I suspect it has something to do with doing DOM modifications after the page has rendered. I looked around and found another library, UFO.
UFO stands for Unobtrusive Flash Objects and is another free (under the creative commons GNU LGPL license) JavaScript library for embedding Flash in web pages. It seems to be well supported (currently it's on version 3.22) and it's just as flexible and easy to use as SWFObject. It's slightly larger that SWFObject, so my advice is to choose the one that works best for your project. My thanks to UFO's author, Bobby van der Sluis, and his employer Refunk for allowing him to work on it during work hours!
Flash Activation Workaround (UFO): $0
Total cost of project to date: $59.99
UFO stands for Unobtrusive Flash Objects and is another free (under the creative commons GNU LGPL license) JavaScript library for embedding Flash in web pages. It seems to be well supported (currently it's on version 3.22) and it's just as flexible and easy to use as SWFObject. It's slightly larger that SWFObject, so my advice is to choose the one that works best for your project. My thanks to UFO's author, Bobby van der Sluis, and his employer Refunk for allowing him to work on it during work hours!
Flash Activation Workaround (UFO): $0
Total cost of project to date: $59.99
Friday, August 3, 2007
No trip to San Francisco this year.
The email came in at 7pm... I knew it would... I was not selected to present at TechCrunch20. I do love San Francisco, Kitten and I fell in love there. It really would have been grand.
I'm not quite ready to let the cat out of the bag as to what exactly I'm building, but here are a few questions and answers from my "Presenting Company Submission Form":
Company name: Trell.us
Web site: http://www.trell.us/
Date founded: June 21, 2007
Number of employees: 2 (me and Kitten)
Money raised to date / investors: $0
Was I too honest? Did my application really get through to Heather? Was my penmanship too sloppy? Too bad I didn't get any feedback from the judges.... I'm sure MC Hammer is a busy guy.
I was, along with all the other non-finalists, offered to demo at the "Start-Up DemoPit" if I shelled out $1247.50 for two tickets to the conference. I've only spent $59.99 on this project so far, so I'm not ready to drop that kind of dough quite yet. Maybe next year, if I haven't already sold Trell.us for ONE BILLION DOLLARS (stop laughing, it could happen).
I'm not quite ready to let the cat out of the bag as to what exactly I'm building, but here are a few questions and answers from my "Presenting Company Submission Form":
Company name: Trell.us
Web site: http://www.trell.us/
Date founded: June 21, 2007
Number of employees: 2 (me and Kitten)
Money raised to date / investors: $0
Was I too honest? Did my application really get through to Heather? Was my penmanship too sloppy? Too bad I didn't get any feedback from the judges.... I'm sure MC Hammer is a busy guy.
I was, along with all the other non-finalists, offered to demo at the "Start-Up DemoPit" if I shelled out $1247.50 for two tickets to the conference. I've only spent $59.99 on this project so far, so I'm not ready to drop that kind of dough quite yet. Maybe next year, if I haven't already sold Trell.us for ONE BILLION DOLLARS (stop laughing, it could happen).
Tuesday, July 31, 2007
The correct way to embed Adobe Flash in your web page
One of my pet peeves is when I go to a "professionally designed" website and there is that annoying outline around their embedded Adobe Flash objects. This only effects Internet Explorer (of which only about 88.66% of you) due to a process called "Activating an ActiveX Control's Interface" which was added to IE 6 in response to loosing a patent lawsuit with a Eolas (Eolas seems to me to be one of those companies that does nothing but patent ideas and then sit on them until they can sue... a prime example of what's wrong with the patent system in the United States). Essentially, it means that you can no longer use the APPLET, OBJECT or EMBED tag on a web page if you expect your user to interact with that control unless the user "Activates" it my clicking on it. But there is a work around, use JavaScript to embed your control instead of HTML. A pain in the butt, but it works.
Luckily there is SWFObject, a nice little JavaScript file that makes embedding Adobe Flash (the most common ActiveX control in world) easy. You include swfobject.js, create a DIV where the flash should be shown and then create SWFObject object with a few parameters (location of the .swf file, size, frame rate, etc.).
I know a lot of websites are created by designers on using the Mac... which means they usually test their websites on either FireFox or Safari. But, please, please, please be considerate of the other 88% of us and use SWFObject for your embedded flash.
Flash Activation Workaround (SWFObject): $0
Luckily there is SWFObject, a nice little JavaScript file that makes embedding Adobe Flash (the most common ActiveX control in world) easy. You include swfobject.js, create a DIV where the flash should be shown and then create SWFObject object with a few parameters (location of the .swf file, size, frame rate, etc.).
I know a lot of websites are created by designers on using the Mac... which means they usually test their websites on either FireFox or Safari. But, please, please, please be considerate of the other 88% of us and use SWFObject for your embedded flash.
Flash Activation Workaround (SWFObject): $0
Total cost of project to date: $59.99
Monday, July 30, 2007
Yikes, competition! Where did that come from?!?!
I was watching CNBC today when a story came up about a couple of Web 2.0 companies... the first is a well established company (you have all heard of this company) that I've viewed as competition for my current project and the second is a new one that I hadn't heard of. When I conceived of my project, many years ago, there was definitely no competition. Now, in seeing that there is some competition, I was confident that my novel slant on this area would perhaps not blow the competition out of the water, but at least give me a fighting chance to create and capture my own niche. Company number two is doing exactly what I was going to offer... Damn it!
I supposed ignorance is bliss, but that is no excuse for keeping my head so down into the code that I am not aware of others in the field. I thought I had identified all the possible competitors until this one came out of nowhere.... they are VC funded, been around for several years and have a product that they are actively selling. They were even mentioned on Techcrunch in April (I must have skipped that day, sorry Michael!)...
I heard that if you have an idea, 5 others in the world also have that same idea, it's simply up to you to decide to run with it or not. Maybe I should had run with this idea six years ago when I first wrote it down instead of continuing to struggle with Company X?
Fear not, my loyal readers. I've learned a few things from Company X; competition can catch up fast and a CNBC mention does not make a company golden. And after doing the most minimal research on this company's web site, I can already see that they have expenses in body count and infrastructure that I'm hoping to avoid and still provide world class service. I've also got some ideas on how users interact with my product and a different focus of what the product accomplishes that they haven't touched on... yet. Unlike six years ago, I'm a veteran of small company strategy, finance, marketing and have the wounds to prove it.... just ask my wife, Kitten.
I think I'll post a question for my friends over at Found+READ and see if anyone has some advice on keeping my paper bag covered head held high. I just hope the folks over at TechCrunch20 don't have a memory that goes all the way back to April (that's centuries ago in Internet time, right?).
I supposed ignorance is bliss, but that is no excuse for keeping my head so down into the code that I am not aware of others in the field. I thought I had identified all the possible competitors until this one came out of nowhere.... they are VC funded, been around for several years and have a product that they are actively selling. They were even mentioned on Techcrunch in April (I must have skipped that day, sorry Michael!)...
I heard that if you have an idea, 5 others in the world also have that same idea, it's simply up to you to decide to run with it or not. Maybe I should had run with this idea six years ago when I first wrote it down instead of continuing to struggle with Company X?
Fear not, my loyal readers. I've learned a few things from Company X; competition can catch up fast and a CNBC mention does not make a company golden. And after doing the most minimal research on this company's web site, I can already see that they have expenses in body count and infrastructure that I'm hoping to avoid and still provide world class service. I've also got some ideas on how users interact with my product and a different focus of what the product accomplishes that they haven't touched on... yet. Unlike six years ago, I'm a veteran of small company strategy, finance, marketing and have the wounds to prove it.... just ask my wife, Kitten.
I think I'll post a question for my friends over at Found+READ and see if anyone has some advice on keeping my paper bag covered head held high. I just hope the folks over at TechCrunch20 don't have a memory that goes all the way back to April (that's centuries ago in Internet time, right?).
Friday, July 27, 2007
YUI for that Web 2.0 interface
The big buzz these days is about AJAX. You constantly see press AJAX enabled site that does this and does that... but AJAX is really only a way of getting data back and forth between your browser and the web server without having to refresh the page every time... what really gets people excited is how that data is displayed with interactive controls. Just as I felt it necessary to spend "Big Bucks" on the design of my site it seems that having these interactive controls is the user perception threshold that is required to truly be a well regarded Web 2.0 site.
For "Company X" I looked at using ASP.NET AJAX (formerly codenamed Atlas), being a C# Microsoft .NET shop it was a pretty logical choice. It's free (as long as you've already dropped the bucks to have IIS servers, .NET development environment tools, etc.) and is, even in it's current 1.0 version, an extremely full featured library with lots and lots of controls. The main idea of ASP.NET AJAX is to hide the dirty details of hooking up AJAX, JavaScript, DOM (Document Object Model) on multiple browser types from the programmer and make it seem just like plain old ASP.NET programming. I expect to see ASP.NET AJAX embedded into the next version of Visual Studio. But we are on a budget here, so what a poor PHP programmer to do?
I went to my handy Google Search box and typed in "AJAX interface library" and the first item on the list was the Yahoo! UI Library (YUI). The kind folks at the Yahoo! Development Network have release this library of cross browser compatible JavaScript controls (many of which work with AJAX methodology) under a BSD license... which means gives them some credit, but otherwise it's all yours to do with as you please.
Along with a bunch of base utility functions there are some great controls such as AutoComplete (a favorite among AJAX aficionados), Calendar and, my personal favorite, TabView. They also have a neat little app / control called Logger that allows you to put debug statements in your JavaScript and then watch them fire off in a floating control panel. Should be extremely useful for tracking down those inevitable JavaScript bugs.
Just for giggles I figured that if Yahoo was giving this out, their natural enemy must also have an offering. After look around a bit (I typed "google javascript UI" into Google) I found the Google Web Toolkit. It has many of the same features as YUI except that the AJAX part is already built out, but only for the Java language. So if you're doing your project under a Java server this toolkit might be more appropriate that YUI.
For "Company X" I looked at using ASP.NET AJAX (formerly codenamed Atlas), being a C# Microsoft .NET shop it was a pretty logical choice. It's free (as long as you've already dropped the bucks to have IIS servers, .NET development environment tools, etc.) and is, even in it's current 1.0 version, an extremely full featured library with lots and lots of controls. The main idea of ASP.NET AJAX is to hide the dirty details of hooking up AJAX, JavaScript, DOM (Document Object Model) on multiple browser types from the programmer and make it seem just like plain old ASP.NET programming. I expect to see ASP.NET AJAX embedded into the next version of Visual Studio. But we are on a budget here, so what a poor PHP programmer to do?
I went to my handy Google Search box and typed in "AJAX interface library" and the first item on the list was the Yahoo! UI Library (YUI). The kind folks at the Yahoo! Development Network have release this library of cross browser compatible JavaScript controls (many of which work with AJAX methodology) under a BSD license... which means gives them some credit, but otherwise it's all yours to do with as you please.
Along with a bunch of base utility functions there are some great controls such as AutoComplete (a favorite among AJAX aficionados), Calendar and, my personal favorite, TabView. They also have a neat little app / control called Logger that allows you to put debug statements in your JavaScript and then watch them fire off in a floating control panel. Should be extremely useful for tracking down those inevitable JavaScript bugs.
Just for giggles I figured that if Yahoo was giving this out, their natural enemy must also have an offering. After look around a bit (I typed "google javascript UI" into Google) I found the Google Web Toolkit. It has many of the same features as YUI except that the AJAX part is already built out, but only for the Java language. So if you're doing your project under a Java server this toolkit might be more appropriate that YUI.
JavaScript UI Controls (Yahoo! UI Library): $0
Total cost of project to date: $59.99
Wednesday, July 25, 2007
Taking advantage of the Feebies!
I'm getting to the point with my project where I need to start testing the ability of my code to send of emails. I tried using the SMTP/POP3 services associated with my Gmail account, but I found it to be incompatible with both the native mail function and PEAR mail objects in PHP. What I needed was a mail server for my domain.
I originally thought about using EC2 (the Elastic Computing Cloud) from Amazon for hosting and I may still do so in that my architecture is designed to load balance out to child servers once a user logs into a main web server, but what I need right now is a cheep Linux web and mail server.... and I found it!
As you recall, I bought a template from TemplateMonster.com for my project's look and feel. The email I received which explained how I could access the template I had purchased also listed some "bonus offers", including 1 year free hosting from Globat.com. After looking around the Globat site to get details on their capabilities I signed up using the coupon from Template Monster.
For security, in additional to a credit card, Globat uses a system where an automated system calls you up to confirm your phone number. You press a web form button and a voicemail robot calls you up 30 seconds later on the phone number you provided during registration and reads off a three digit code, you type that number in the web form and you are informed that your site will be provisioned very soon and that you'll be receiving an email with your new server information shortly. So I waited... and waited... and waited... finally I went to bed, assuming it would be provisioned overnight.
The next morning I woke up to find nothing. I opened a trouble ticket with Globat billing and soon received an email back saying that I would have to fax a copy of my credit card and drivers license to them. I thought my website was being provisioned, but I guess not. I faxed the front of my credit card and drivers license to the phone number provided. Meanwhile, I received a second email stating that in order to provision my website I would need to fax both the front AND BACK of my credit card and my drivers license to a completely different fax number. Now I was confused.... I was just about to fire off another email when, KABOOM, a email came in with my provisioning info (URLs, password, etc.).
So, besides the provisioning hoops they make you jump through, I have been pretty happy with their service. I don't have terminal access to the web server, but I can FTP and use their control panel to control my server (MySQL, email accounts, etc.) My only hiccup so far was finding out that they use port 587 instead of the standard port 25 for SMTP... I had to use their online chat system to speak to a help desk person to figure this out as this information is not mentioned anywhere in their FAQs or online help.
Web Hosting (1 year from Globat.com): $95.40 + $19.99 setup - TemplateMonster.com coupon = $0
Total cost of project to date: $59.99
I originally thought about using EC2 (the Elastic Computing Cloud) from Amazon for hosting and I may still do so in that my architecture is designed to load balance out to child servers once a user logs into a main web server, but what I need right now is a cheep Linux web and mail server.... and I found it!
As you recall, I bought a template from TemplateMonster.com for my project's look and feel. The email I received which explained how I could access the template I had purchased also listed some "bonus offers", including 1 year free hosting from Globat.com. After looking around the Globat site to get details on their capabilities I signed up using the coupon from Template Monster.
For security, in additional to a credit card, Globat uses a system where an automated system calls you up to confirm your phone number. You press a web form button and a voicemail robot calls you up 30 seconds later on the phone number you provided during registration and reads off a three digit code, you type that number in the web form and you are informed that your site will be provisioned very soon and that you'll be receiving an email with your new server information shortly. So I waited... and waited... and waited... finally I went to bed, assuming it would be provisioned overnight.
The next morning I woke up to find nothing. I opened a trouble ticket with Globat billing and soon received an email back saying that I would have to fax a copy of my credit card and drivers license to them. I thought my website was being provisioned, but I guess not. I faxed the front of my credit card and drivers license to the phone number provided. Meanwhile, I received a second email stating that in order to provision my website I would need to fax both the front AND BACK of my credit card and my drivers license to a completely different fax number. Now I was confused.... I was just about to fire off another email when, KABOOM, a email came in with my provisioning info (URLs, password, etc.).
So, besides the provisioning hoops they make you jump through, I have been pretty happy with their service. I don't have terminal access to the web server, but I can FTP and use their control panel to control my server (MySQL, email accounts, etc.) My only hiccup so far was finding out that they use port 587 instead of the standard port 25 for SMTP... I had to use their online chat system to speak to a help desk person to figure this out as this information is not mentioned anywhere in their FAQs or online help.
Web Hosting (1 year from Globat.com): $95.40 + $19.99 setup - TemplateMonster.com coupon = $0
Total cost of project to date: $59.99
Subscribe to:
Posts (Atom)