Friday, July 27, 2007

tekArtist has moved to a new host

tekArtist has moved. Please update your bookmarks to
You can find more details about the move in the related blog post. The FeedBurner feed that was and still is associated with the present pages has been updated to point to the new site location, and is therefore accurate.

I do not intend to delete my blogger account, or remove the pages in this blog, as external sites are pointing to some of the entries and I quite believe in permalinks. So, the pages will be up as long as Blogger doesn't decide to purge them from their DB. :)

Cheers, and here's to seeing you on the other side.

Thursday, July 26, 2007

Sand, sun and RFID?

From the source article, via Slashdot:

Ocean City, New Jersey is a nice, family-oriented beach that will apparently soon be the high-tech model for seashore lovers and now perhaps geeks everywhere. The city has on its plate a $3 million variety of public services on tap featuring Internet access and radio-frequency identification chips (RFID) and Wi-Fi wireless technology.

Usually, when I go to the beach, it's not to be "in range"... Although, for those whose offices are in walking distance of the beach, it's a dream come true! Nothing than a good old cantenna couldn't achieve before, in the latter context, but even better.

On a related note, here is the definition of self-control: seeing your neighbours discarding a portable satellite dish, picking it up to convert it in a wi-fi extender, then putting it back because you just know you don't actually need it.

Monday, July 23, 2007

OpenMoko teaser video

See embedded video below for a teaser of the FIC Neo 1973 running OpenMoko.

I even like the soundtrack they chose, and they also have more OpenMoko related videos on their dedicated Youtube account. Must... Fight... Urge... And wait until October for the consumer version. Not enough time on my hands to involve myself as a developer unfortunately, but once again, it wouldn't be the first time I say this and fall for it later on. ;)

Sunday, July 22, 2007

Oh my, that's a lot of porn accounts...

Since I was addressing poor online business ethics in my last post, I might as well touch the following, as it came up while I was browsing the upcoming security stories thread on Digg.

I was googling my online trail recently, and was quite stirred that the nickname I use on a lot of online communities started showing up as a registered user of a number of social-networking-flavoured porn sites. Most of them pumping out (pardon the analogy) long lists of sites and videos one allegedly features on their profile as interesting, à la Digg et al.

I thought someone else was simply using the same moniker, but the following article and its author might just have provided me with some valuable insight: Why are my picture and name showing up on porn sites without my permission?

Thankfully, this seems limited to the user name for now, and my real name isn't returning such search results. But it is definitely of interest to me professionally, since McGill does have, and is looking forward to further develop, people pages. We will definitely have to take this trend in consideration in the upcoming incarnation of the software and content.

First Facebook worm[-ish behaviour]?

A friend of mine supposedly sent me a Facebook-based invite for an FB app called Advanced Wall. It came as a notification in FB and prompted me to retrieve a message from my contact by adding the app to my profile.

'k, I bite, since I'm in Facebook-API-craze mode for work and fun anyway and get the following, as allegedly written by my friend:

Check this out!

It's an Advanced Wall!

You can change colors, sizes, fonts, add smilies, pictures, videos and a lot more...


Odd.. Especially from the supposed author...

First, I was just curious to know if they are using tinyMCE for the advanced editor, like WordPress and co. Evidently, I dig a bit deeper, and fire up Firebug, which as a complete aside is the most amazing piece of software. I use it everyday, and am still baffled by how efficient and powerful it all is.

So, the Javascript doesn't look familiar and the editor's iframe goes to, a domain which strangely enough doesn't respond under or, and just redirects to the app's description inside FB (as of 2007-07-22, ~1 AM).


Head off the the terminal: whois tells me the domain is registered to a more than likely fine fellow from the Russian Federation, which in and of itself doesn't really imply anything.

But that's when I start noticing the ads in multiple locations around the Advanced Wall's WYSIWYG editor. Text ads, subtly placed in the telling Facebook colour scheme. Blockbuster, icon sets, the usual.

So on to my friend's profile I go, and what do you know? What do I see on his wall, with no other message than:

Check this out!

It's an Advanced Wall!

You can change colors, sizes, fonts, add smilies, pictures, videos and a lot more...


Really? And it's coming from someone else in my contact's own friend list...

Next: Facebook » Profile » Applications » Edit » Remove


This all said, I haven't gotten a reply from my friend yet on if he actually sent the invite in the first place (it's late, and the invite was sent at 11:59pm), so maybe I'm just seeing things and outta get to bed. I'll post an update here when I know more. Call me traumatized by another friend's experience. ;P See update below.

Personally, I'm not sure I'm willing to go for this one anyway. Best case scenario, it's gonna be MySpace all over again...

And if by any chance you receive an invite for Advanced Wall from me, you'll at least know how it did not get there: Not-by-my-click.

Update (20:45): Well, it seems that my friend is a surprised as I was. Although he did see an option to invite his friends, he is fairly sure he canceled. Yet, the app seems to have propagated itself to his contact list. He also had the same reaction as I with the dubious first message template, and brought to light an error message he received from the app stating "there are still glitches we're working on with the facebook team". So worm[-ish]? Questionable interaction design? Buggy app? Plain old bad taste? I'm not a security expert by any stretch, so I'll hold off on the labeling, but as a software developer, I say: none for me, thanks.

Friday, July 20, 2007

We Should Not Bite the Hand that Diggs

I've been noticing that Digg has been getting a substantial amount of cr*p about things they've done on and with the site recently. Nothing new or exceptional, as every popular Web outfit gets the community treatment once in a while, but now that the dust settled a bit, I just wanted to express the following thoughts.

I had the pleasure to meet with some of the Digg crew in San Francisco last month, coincidentally hours before they released their new commenting system. What I saw was a group of people who, on top of being passionate about their respective vocations, actually believe in the product they bring us. This is a relatively rare and precious thing, and I think that as a community, we should nurture it as much as we can.

I'm definitely not saying we should just fall into blind fanboy-ism and idolize their every actions, but I do think that there's a [not so] fine line between constructive criticism, which is usually welcomed by any self-respecting professional, and plain old bashing, which can be the most depressing aspect of public releases. And it's not like they're not listening (1, 2).

Yes, I do think that a balance between surprise releases and usability testing could gain to be developed. And yes, I do understand that sudden changes to something you enjoy can be offsetting for users. But I also know that they're cultivating a tight-group/almost-family-like atmosphere amongst their ranks, and that the last thing I want is for the people behind the code to be nudged anywhere close to just being yet another bunch of salary makers, in yet another faceless corporation.

So I say, keep on guys, and thanks for your efforts. I'll happily keep on digging and watching the site evolve.

And no, I'm not going to submit my own post to Digg. ;)

A Swarm of Angels: Remixing Cinema

I found out about this open source movie project last winter, and am happy to see that they are so far reaching their set targets.

A groundbreaking project to create a £1 million film and give it away to over 1 million people using the Internet and a global community of members.
  • P2P-friendly: free to download and share
  • No DRM: watch on anything
  • Creative-Commons licensed: remixable
A fantastic initiative, in my humble opinion.

See also: Elephants Dream, by the Orange Open Movie Project.

Saturday, July 14, 2007

2007 World Gravity Sports Championship

On August 25th and 26th, Montreal will, for the 5th time, host the Top Challenge competition, featuring skateboarding, speedboarding, street luge, inline skating and inline boarding.

I know I'm shooting myself in the foot as a dad, but I'm definitely bringing my boys to see this. They surely would lynch me if I went by myself...

Thursday, July 12, 2007


I just have to let it all out: I love mootools!

I'm not going to get in a pi**ing match with prototype, jquery, dojo and company, since they're all truly neat little bundles of joy, but as a write-all-javascript-from-scratch kinda guy, I wasn't inclined on having to rely on such involved libraries in the past. Especially when coupling them with huge server-side code base that I must keep in mind might actually outlive me. Call it an ever-lasting "vendor" lock-in allergy.

Choosing the best contender to be included in the McGill web platform among the countless available options in the compact JS framework sphere was one of the most difficult tech decisions I've had to make in years. But so far, I sure am glad we opted for mootools. Bonus: I didn't even have to force it on anyone either, and adoption by different levels of developer has proven smoother than in tests involving other potential choices.

Great docs, tight syntax, (close to) worry free platform compatibility and a lively dev community are all among the many benefits we are so far enjoying.

But beware! I'd advise anyone going the framework way to:

  • Do a lot of research before committing to anything, to really gauge what is best for you and your team(s).
  • Not be afraid to write a slew of tests to be implemented in the selected top choices to right away define what has more potential in your very context.
  • And most importantly, not get too comfortable and devolve into a one-lib-only coder.
On this, I'm going back to milking it for all its worth.

Sunday, July 08, 2007

Neo 1973 + OpenMoko: It's Out!

The first open mobile solution is out and available for purchase (developer preview).

Neo Base US$300
The Neo Base kit contains everything the mobile application developer needs to enjoy the benefits of the first freed phone, the Neo 1973.

Neo Advanced US$450
The Neo Advanced Kit everything the mobile device hacker wants to get down and dirty with the first freed phone, the Neo 1973.


Saturday, July 07, 2007

Amstrad CPC 464

I was recently talking to someone about the first computer I owned: an Amstrad CPC 464 (@wikipedia). Attached is a nice flickr photo of the beast in all of its 64kb-RAM-and-tape-recorder glory.

Good times; good times indeed. I was 12 (1987) and saved my money for around two years to get one. It was my first major purchase on my own. The first computer I used was a Thomson TO 7, and its lovable turtles, at school.

Sunday, July 01, 2007

Happy Canada Day!

Oh, how I wish I was back in Vancouver, where people actually celebrate our country, instead of disguising the day as the province's official moving day...

Thursday, June 28, 2007


Something rather peculiar puzzled me today... I went on to purchase the latest Nine Inch Nails album, eager for a fresh batch of their trademark sound. If you haven't heard about Year Zero yet, they had a killer marketing campaign associated with it that anyone interested in the viral trend should check out.

When the download was complete, I promptly went the the Recently Added smart playlist in iTunes, and there were the two last album I purchased from the iTMS: Year Zero, by NiN and The Best Damn Thing, by Avril Lavigne. Before you scold me for the latter, I bought it last month on my wife and kids' request... Everybody should know the artwork is all I wanted. ;)

What I found peculiar about this view was the rating on the tunes. Every single Avril Lavigne track was labeled as explicit, while none of the NiN ones were flanked by the telling red icon.

Had I purchased the radio-edit version?!? Argh... But no. After listening to the whole album, it just does not contain anything deemed offensive by the music rating authorities.

Really, what has the world come to when the music marketed to my kids gets such a rating and an album many puritan bodies would surely like rated 18+ is squeaky clean?!?

Personally, I think it's a giant yet brilliantly subtle [explicit] to the rating bodies. Kudos Trent and co. You did it again.

Charles de Gaulle: Vive le Québec Libre

On July 24th 1967, French president Charles de Gaulle delivered a speech in Montreal in which he declared 4 simple yet revolutionary words, echoing the Quebec separatist slogan: Vive le Québec Libre.

After reading about the said speech for years, I finally found the video on the Web in its entirety today. Regardless of one's (or even my) opinion on the subject, this is a historical moment by all measures.

The CBC Archives also has a newsreel for this day, highlighting the controversy this created in the rest of Canada.

Sunday, June 17, 2007

A "man pages" approach to information

It still amazes me how Unix man pages shaped my approach to digesting information.

I first started using Unix-based systems around 1997. My Unix mentor had, in retrospect, a fantastic approach to helping me out on my autodidactic path. Whenever I needed help with a command, he would always prepend his answer with "man".

I: How do you check your disk space?
Len: man df
I: ???
Len: man man

I am now more than grateful for his wisdom, but I cursed it many times in context.

What amused me the most about the man repository was how it was simply impossible to read one page without reading ten others, by curiosity if nothing else. The same holds true for many subjects, but man pages have this special twist that unlike so many other publications, they never dumb down their content to widen their audience reach, but instead historically assume that the reader is a highly trained operator and knows (or should know) everything about the rest of the system. This shapes an interesting vicious cycle, since it makes for a documentation system with essentially no true beginning or even accessible entry point.

While this might be perceived as a flaw in the man's matrix, it truly catalyzed my habit of always pushing myself to learn and know more than just what I need for the very task that brings me to a piece of information. To this day, I find myself quasi-incapable of reading anything without going into the research equivalent to a shark's feeding frenzy, unless I'm on a on a tight schedule, in which case I only limit and control myself.

In the end, two things are for sure: Thank [insert fav' deity here] for hypertext, and Digg, Facebook , Slashdot, et alii sure do not help one bit. ;)

Tuesday, June 12, 2007

What Hapens to your Body if You Stop Smoking Right Now

Motivation for me and others.

Found on Health Bolt, via Digg.

Monday, June 04, 2007

It's a Love / Hate Thing

It's days like this I both love and loathe my vocation all at once.

Love it: never bored, always have new things to learn, mentally challenging, great interaction with the many development communities, constant stream of new opportunities, etc...

Loathe it: there are only 24 hours in a day and my body and brain stubbornly force me to sleep for a few of these... Almost every day too...

Thirteen years of web app dev, and still see it it as the World's biggest playroom. :)

Saturday, June 02, 2007

parseMe 20070602 Update

Here's another update to parseMe (back story), my little GPL'ed PHP-based RSS/Atom feed reader for mobile phones and other web-capable devices.

You can find the appropriate links below:

Release notes:
  • Moved my CVS repo to Subversion (svn), hence the revision number differences. I considered moving to a distributed revision control system, since they're gaining in popularity, but I got lazy after the major rewrite. ;) Maybe for the next release.

  • This is a quasi-complete code rewrite. In this release, I have moved away from the initial goal of keeping within the 500 lines limit (including comments) and having an "educational" flavour, to focus instead on the code structure, the features, further increased security, etc. The security aspect does account for a lot of the extra lines, when coupled with the new features.

  • The parseMe class has now been substracted from the index.php script and has been moved to lib/php/parseMe.class.php.

  • One of the most significant features, on the user end, is that you can now request any number of feeds to be parsed at once. Keeping in mind that the main target audience for this tool is the mobile market (usually slow, tiny screens, low RAM, etc), the usual total number of feeds offered does not lead to major performance hits, unless of course the sources themselves are slow to answer the tool's request(s). You can of course still set your feed selection in the cookie-based preferences, which now allow for multiple choices.

  • With the multiple feeds feature, the next logical step was to enable some sort of sorting options. You can sort the entries by feeds, or from new to old (descending) or from old to new (ascending). Your favourite sort order can be saved.

  • You can now opt in or out of using the Google Mobile Gateway for destination links, right from the query form, and save your preferred choice.

  • On the server end, self-contained caching is now done through PHP data serialization, since there is no point in reparsing the same XML at every page load, after all.

  • On the security front, and primarily with the concern that we do have an application-writable directory (cache), there are quite a few improvements. Since the data contained in the cache files is not very sensitive by design (and if it is, I'd suggest using ssl and password protecting the app), this is really more of an exercise in good coding practices. And there is of course the concern of php injection attacks.

    • The cache filenames are now generated as a sha1 sum, with the help of an admin-defined shared secret so that they cannot be easily guessed.

    • All cache files now start with a dot (.) so that most web servers will not even serve them, and to be invisible when directory listing is enabled at the server level.

    • On the other hand, there is still a very strong emphasis on user input sanitazation and usage in the logic itself (EG: no client-defined source URL, source validity tests, etc).

  • Fully valid class documentation can be leveraged in IDEs such Eclipse, auto-documentation tool such as phpDocumentor, etc.

Thursday, May 31, 2007

It's SQLite-Mania Time!

Between the freshly announced Google Gears and the upcoming Firefox 3, I'm really happy to see the SQLite project picking up some massive and forefront industry momentum. And well deserved at that, since I've always thought it was an excellent venture in many respects, though often overlooked by the general development community.

Firefox will use it for their upcoming Places feature, which aims to be the evolution of bookmarks and history.

Google Gears, on the other hand, uses it for offline web app data storage. I have to say I'm getting a geeky kick out of seeing SQL queries passed directly via client-side Javascript (although as an offline app, I guess the client is the server too). And not even as a WTF post: bonus!

Kudos to the SQLite dev team, and good call to the two latest industry icons who chose it.

That install base sure is going to grow fast! Makes me giggle when I remember thinking that every PC would be running at least 6 different embedded copies of the tiny DB within a few years when I first played around with it, all without 99% of the end users even realizing this. I'd say we're right on track. :)

Who's taking bets on Adobe doing the same with Apollo?

Friday, May 18, 2007

McGill Website Wins Silver CASE Award

I guess we must be doing something right:

The Council for Advancement and Support of Education (CASE) awarded McGill University the silver medal in the Complete Institutional Web Sites category. There were 41 entries in this category, with two silver medals and one bronze medal awarded. CASE is a non-profit association encompassing 3,300 colleges, universities and elementary and secondary schools in 54 countries.

Via McGill Announcements.

I don't actually know any more than this, because the details haven't been published on the CASE web site yet. I really want to know who we tied with, knowing CASE has members such as MIT, CalTech, Harvard, etc.

2007-06-16: The CASE web site has now been updated: Web Sites – 2007 Winners

Sunday, May 06, 2007

French Voters Choose Sarkozy for President

I really like Le Monde's map featured above. Gotta love the colour cliché. And how the colour-coded maps are all the rage now, somehow.

It's days like this I really miss living in France. NOT! ;)

Coming Soon: Ubuntu Mobile and Embedded Edition

From the source email (@ubuntu-devel-announce):

We will start more detailed planning at the Ubuntu Developer Summit next
week in Seville and the first release of this edition will be in October
with Ubuntu 7.10. If you are interested in the project, please get involved.
We will be working through our normal development processes on Launchpad,
the developer mailing lists and IRC.

Via Digg.

Friday, May 04, 2007

PHP 5.2.2 and 4.4.7 Released

"PHP 5.2.2 and 4.4.7 have been released with a plethora of security updates. Many of the security notifications come from the Month of PHP Bugs effort, and range from double freed memory to bugs in functions that allow attackers to enable register_globals, to memory corruption with unserialize(), to input validation flaws that allow e-mail header injections, with an unhealthy sprinkling of other bugs and flaws fixed. All administrators that run any version of PHP are encouraged to update immediately."

Our sysadmin installed 5.2.2 on our test instances earlier today, and we'll be testing (and closely watching for external reports) over the next few days before rolling it into production.

Via Slashdot.

The Javascript Programming Language

Yahoo! JavaScript Architect Douglas Crockford provides a comprehensive introduction to the JavaScript Programming Language in this four-part video. This is the first section of the four-part video. See below the embedded video for more links.

Other programming videos by Douglas Crockford on Yahoo! Video:
The JavaScript Programming Language (4 parts).
Theory of the DOM (3 parts).
Advanced JavaScript (3 parts).

Via Digg.

Sunday, April 29, 2007

parseMe 20070429 Update

Here's another update to parseMe (back story), my little GPL'ed PHP-based RSS/Atom feed reader for mobile phones and other web-capable devices.

  • Moved to object oriented, pretty much for the "fun" of it.
  • Now passing a custom user-agent in the http query to avoid problems with sources that require it (Digg, among others).
You can find the appropriate links below:
Keeps me from hating my phone until I can afford to get myself a nicer mobile solution.

Fedora Core 7 Test 4 Notes

I installed FC 7 Test 4 on one of my home machines, which was previously running FC6, and it pretty much all went fine. Like with all new releases, there was a definite speed improvement in most operations.

I personally like the new live CD installer. If nothing else, simply for the fact that you get a chance to see how the OS will behave on your new machine before you install it. It's still ironic to me to see the major distros going to that format, because I remember how most Linux users were poking fun at the first developers to use a live cd install process (that I know of), back in 1999: the now defunct LinuxPPC distribution.

For those interested, you can access a lot of FC7 screenshots and videos at the main wiki: Fedora 7 Tour.

Besides the obvious changes, one that puzzled me for a while since I'm not a hardcore follower up-to-date with all the details, is that all my IDE hard drives were now showing up as /dev/sd* (historically SCSI) instead of /dev/hd*. One quote I could find on the wiki about this was: "In this release, all hard disk partitions follow a /dev/sd* naming convention due to a new libata driver interface in the kernel. The Anaconda installer eases the transition for release upgrades."

Another puzzler was the fact that despite choosing to setup my box with a manually assigned IP address in the install process, it was still acquiring one with DHCP at boot time. You can see this in the attached screenshot below (click for a larger view): note the discrepancy between the network config panel and the address reported by the ping command in the terminal. This continued, even after rebooting the machine or just the network ("service network restart" as root), until I issued a "ifup eth0" command as root, which made it all fine from there on.

Trying to run FC7 Test 4 on my MacBook worked fine natively from the Live CD (no install), which did not under Test 3, but I haven't been able to boot it while virtualized in Parallels Desktop for Mac. I haven't tried in VMWare Fusion yet.

The last note is quite a personal one: I much preferred the default theme (icons) in Test 3 (3D) than the ones delivered in Test 4 (2D)... The new ones make me feel like I'm back in the pre-BlueCurve years. ;)

That's it for me, for now. This box being mostly a file/web/db server, running on older hardware (P4 1.65Ghz), I can't really play with compiz, which would be one of the major improvements over FC6, besides running new versions of everything.

Update: here are a few notes form a friend who recently installed it on his shiny new Mac laptop: FC7T4 on MacBook (Core 2 Duo).

Thursday, April 26, 2007

Fedora Core 7 Test 4 Released

FC7 test 4 (6.93) has just been announced, right on schedule, and is now available as a torrent and on (most of) the mirrors.

Get it while it's hot and especially before it makes it to the Slashdot, Digg, and many other high profile front pages.

Wednesday, April 18, 2007

Web 2.0 Expo and Conference

The O'Reilly Web 2.0 Expo is just finishing up, and my co-worker and I had a blast with most of it. Working in the academic sphere, it really feels great to get first hand confirmation that we are perfectly on track with the rest of the industry with our vision of what is to come. Now, if only we were given the means to do it all as fast as we can dream it, which is always a challenge in a large public institution. But we're working on that. :)

One of the highlights of the conference for me, was to find out (confirm) how close the Digg architecture is to the one that we've been developing for our university for many years now: LAMP (though we use PostgreSQL), memcache, Linux, clustering, etc. They actually seem to be facing some challenges that we've already tamed in the last year and a half. They're hiring, by the way.

On the other hand, it was my first time in San Francisco (about time...), and I won't lie: it's even better than I imagined it would be! Truly a fantastic city, populated with wonderful people. First time, but definitely not the last one, especially given that I just don't have the time to stay a few extra days to visit Berkeley, Oakland, San Jose, Santa Cruz, Cupertino, Mountain View, etc. Next time!

On this, I'm going to go and enjoy the city before I have to leave tomorrow morning.

Saturday, March 24, 2007


Yes! We've done it. McGill is now using a Google Search Appliance as its main search engine backend, which is the main reason I have been so busy in the last while.

Despite early hardware issues and a few bugs I faced in the caching engine and XML APIs (most of which have been or are being addressed by the Google Enterprise team), I have to admit that it's been one of the most motivating and enjoyable projects I have handled at McGill.

You can try it out for yourself on our main search page.

We also enabled other areas, such as our advanced course search, and classified search.

This is of course only the tip of the iceberg, since the architecture is quasi-infinitely extensible through the feeds and OneBox concepts (both of which we already use). And as usual, I already have a head full of ideas on how to further leverage the enormous amount of digital content on campus.

Fun times ahead!

Wednesday, March 14, 2007

What Happens When...

What happens when you're enjoying your work a bit too much? Well, you end up working some more in the evening instead of spending some quality time with your... blog. ;)

I'll get more chatty again when I'm done with the projects I'm currently handling.

Thursday, March 08, 2007


Ars Technica has a great article on IPv6 (via Slashdot):

As of January 1, 2007, 2.4 billion of those [IPv4 addresses] were in (some kind of) use. 1.3 billion were still available and about 170 million new addresses are given out each year. So at this rate, 7.5 years from now, we'll be clean out of IP addresses; faster if the number of addresses used per year goes up. Are you ready for IPv6?

If you're not in a geek reading mood, this post's title expresses the number of addresses IPv6 will allow for. C'mon, try and pronounce it! :)

Thursday, March 01, 2007

Oops, the jig's up

From the source article, on ABC News:

[...] spring breakers, here's a thought: Before going online to post those pictures of you and your friends dancing atop a table at Senor Frog's, know that your debauchery will probably pop up on many more screens than you intended. Potential employers, school administrators and admissions officers, and vindictive exes can see them too, and decades from now, when college is a mere memory, those photos will still live on the Web.

When the mainstream press and the audience it targets both start catching on to this, you just know that 5,345,961 blogs, photo/video sharing communities and other social networking sites just closed and/or lost their venture capital today alone. Did I just hear a pop? Nah...

Tuesday, February 20, 2007

March To Be Month of PHP Bugs

From the source article, on SecurityFocus (via Slashdot):

Stefan Esser is the founder of both the Hardened-PHP Project and the PHP Security Response Team (which he recently left). Federico Biancuzzi discussed with him how the PHP Security Response Team works, why he resigned from it, what features he plans to add to his own hardening patch, the interaction between Apache and PHP, the upcoming "Month of PHP bugs" initiative, and common mistakes in the design of well-known applications such as WordPress.

Given the success of the Month of Apple Bugs project, I think it's a fantastic idea. This said, our sys admin at work isn't too thrilled by the prospect of having to patch our many PHP installs everyday in March... ;)

Saturday, February 17, 2007

Action Plan for Killer Asteroids

From the source article, on the Beeb:

A draft UN treaty to determine what would have to be done if a giant asteroid was on a collision course with Earth is to be drawn up this year. [...] The association has asked a group of scientists, lawyers, diplomats and insurance experts to draw up the recommendations.

Sorry, it's hard to type while I'm laughing so hard... Yeah, those are definitely the people to put on the job! All they're missing are religious leaders, and we're sure to have a speedy conclusion to that project. ;)

Friday, February 16, 2007

OpenMoko is Picking Up Steam

From the source article, over at the always great

FIC has announced an on-sale date for its Neo1973, expected to be the first low-cost, high-volume phone with a user-modifiable Linux-based operating system. Additionally, the OpenMoko project building open-source software for the phone has published a wealth of technical resources. [...] The first [release phase was] Feb. 11, with free phones for prominent open source community members. The real sale date will be March 11. That's when the online store opens, and everyone can buy one direct, for about [US] $350.

I read about the OpenMoko project the same day the iPhone was announced, and I really think I'm more eager to see a Neo1973 than I am to see Apple's upcoming solution.

There are very good photos (1, 2, etc) of the device's innards on the project's wiki for the hardware enthusiasts.

Thursday, February 15, 2007

Minilogue/hitchhikers choice

The stop motion animation in the following music video is beautiful on its own, but the fact that the medium is a simple white board truly makes it amazing to me.

Music by Minilogue
Animation by ljudbilden & piloten

Wednesday, February 14, 2007

Is this Really Fair?

The above image shows the OS X weather widget for Montreal (Quebec) and Boynton Beach (Florida): -13°C v. 23°C (or 9°F v. 73°F). Why, you ask? Because I'm in the former, and my wife and kids are in the latter for the week...

Does that sound fair to you?

But I'll have my revenge when I go to San Francisco for the Web 2.0 Expo in April, and maybe the Red Hat Summit in San Diego in May. Muhahahaha!

Tuesday, February 13, 2007

parseMe 20070213 Update

It's time for another quick update to parseMe, my little GPL'ed PHP-based RSS/Atom feed reader for mobile phones and other web-capable devices. Pfew [deep breath], that was quite a mouthful, wasn't it? ;)

  • It now loads the destination links without images by default, for performance improvements on most sites. Links still go through the Google Mobile gateway.
  • Small screen-related interface improvements for the feed selection form.
You can find the appropriate links below:
Hoping you'll enjoy it as much as I do in the bus, on the way to and from work.

Sunday, February 11, 2007

Lego Mindstorms Automated Car Factory

It's not exactly the new Volkswagen glass factory, but this has to be one of the coolest Mindstorms-based project I've seen. And there are a lot of them out there.

A bit on the slow side, but amazing nonetheless. I can only imagine how much time this must have taken to think through and build.

Friday, February 09, 2007

/me Like PostgreSQL

PosgtresSQL ElephantI've recently had to take over the role of DBA at work (our previous one left for a job at Google), and I'm trying to make the most of the situation (still have my job to do too) by restructuring the PostgreSQL-powered database at the core of our Web architecture.

Like so many enterprise projects, it's grown exponentially, in both size and complexity, over the years and what I'm left in charge of today is less then ideal. Nonetheless it's been serving us quasi-flawlessly, and I sure am happy my predecessor(s) made the choice to go with PostgreSQL as a database backend. The use of PostgreSQL in an enterprise environment was actually one of the reasons I started working at McGill, back in 2002.

What I'm doing these days involves modernizing and sanitizing a considerable number of tables, stored procedures and functions. All while staying fully backward compatible so that the countless pieces of software relying on the data can keep on running as if nothing changed. I'm of course modernizing the codebase I have access to so it all takes advantage of the improved data structure. But for the sake of phasing in the upgrade and to not force it on external developers whose schedule I have no control over, replicating the current base is a of the essence.

This is all proving to be a task our faithful PostgreSQL environment is truly shining at.

Through the use of temporary tables from queries, case-based views, rules and other assorted options, I am rather quickly and easily able to author scripts that handle the nasty stuff, all wrapped in the safety transactional DBs afford us. They create new tables, populate them from others, tweak the data, drop the old tables once ported, setup views to replace them just-in-time and more, all transparently.

All of this is of course also possible with many other RDBMS. I'm just dealing with PostgreSQL in this instance, and enjoying (almost) every minute of it! :)

Tuesday, February 06, 2007

Integrating the Upgraded Digg Tools in Blogger released a worthy upgrade to their site integration tools today, with such neat new features as combining the submission process and Digg box, etc. Since I have previously published a method of integrating the first incarnation of the Digg tools in your [new] Blogger posts, it is now time to post an update to take the new features in consideration.

Before you start, make sure that your blog is set to save post pages. This is a Digg (and other social sites) requirement, since we need unique URLs to submit. To verify, go to your Blogger Dashboard » Settings » Archiving » Enable Post Pages? Select yes and save.

Then go to your Blogger Dashboard » Layout » Edit HTML. Be sure to check the Expand Widget Templates checkbox.

Locate the following code in the template's XML:


And replace it with:
<span style="margin-right: 10px; float: left;">
digg_url = '<data:post.url/>';
<script src=""> </script>

You're done! It's now as simple as this.

You can also try the new, more discreet, compact mode:
<span style="margin-top: 5px; float: right;">
digg_url = '<data:post.url/>';
digg_skin = 'compact';
<script src=""> </script>

Personally though, I'm not too keen on displaying Digg boxes showing 0 diggs when the content has not been submitted yet, nor am I interested in showing the digg box on all my posts. So I'm still going to use my original solution and just update the URL of the Digg javascript from /api/ to /tools/ in my template. Overall, it is a more involved option, but I'd rather have flexibility than ease of use.

Ultimately, I'd like to see another mode (digg_skin variable) where unsubmitted content sports a simple button (like the Digg Guy), and the box only starts to show if and after the content has been submitted.

As a side note, it's probably going to get fixed quickly, but the compact mode of the new tool had a bug with url targeting that made the submit form show in the tiny iframe the Digg javascript outputs.

Sunday, January 28, 2007

Turning 32

Well, today's that day when I gain an extra year. It always amazes me how much revolves around our age, and how suggestive the latter is. I'm an old fart for some, yet still a youngster for others. But who sees us as which and when is what usually matters most.

On a far less pseudo-existential note, kudos to my 7 year old on his first in-match hockey goal (1st season). :)

Wednesday, January 24, 2007

Up to my Elbows in Enterprise Search

Sorry about the lack of updates, but I'm smack in the middle of a huge project rethink at work, and it's eating up all my time. I've been at it for two weeks, and I'm now hitting a point where I'm satisfied with the direction the project is heading. I reached the point where I'm having fun with it. :)

I'll have more time once this is behind us, which I'm glad to say is coming soon!

Friday, January 19, 2007

Mona Lisa Grave Found, Claims Scholar

From the source article:

The woman behind Leonardo da Vinci's Mona Lisa painting may be buried near a now derelict building in the heart of Florence, according to archival documents. The exact location of Mona Lisa's burial site, the convent of Sant'Orsola, was just a about 900 feet away from the house of the artist's father, according to the historian, Giuseppe Pallanti.

Thursday, January 18, 2007

3D Desktop Linux on Live CD posted two articles in as many days about the 3D desktops under Linux now being available for preview as live CDs.

I'm getting them both as we speak to try them on my MacBook.

Saturday, January 13, 2007

parseMe 20070111 Update

Update: 2007-02-13: An upgraded version is now available.

I have released an upgraded version of my GPL'ed lightweight feed reader for web-enabled devices, parseMe, a couple of days ago.

I have added a couple of interesting new features:

  • It now integrates with Google Mobile to provide full content browsing of the destination URLs. This is done by using their nifty (x)html parser, which reformats standard web pages for mobile/accessibility browsers.
  • There is now a cookie-based feature that lets users define what their default source and item limit should be when first accessing the app. All cookie manipulation is done via PHP, on the server-side, as to not rely on Javascript, which is rarely available on the targeted browsers.
You can find the appropriate links below:
I'm obviously quite a bit biased of course, but it's still is my favourite mobile app. :) And since I'm not seeing an iPhone (or similar smart phone) in any kind of recent future for me (availability in Canada, price, usage fees, etc), it probably will be for quite a while.

Friday, January 12, 2007

Parallels Desktop for Mac Update RC Wins MacWorld Expo 2007 “Best in Show”

RENTON, Wash. – January 10th, 2007 – Parallels announced today that its Update Release Candidate (RC) for the Parallels Desktop for Mac, released today, has been named “Best in Show” at the MacWorld Expo in San Francisco. The “Best in Show” award is presented to the most elite of the several thousand products and services on display at the annual MacWorld Expo and Conference.

Congratulations! :)

Wednesday, January 10, 2007

Canadian coins bugged...

From the source CBC article:

They say money talks, and a new report suggests Canadian currency is indeed chatting, at least electronically, on behalf of shadowy spies. Canadian coins containing tiny transmitters have mysteriously turned up in the pockets of at least three American contractors who visited Canada, says a branch of the U.S. Department of Defence.

This is one of the strangest thing I've ever heard...

Tuesday, January 09, 2007

Apple TV? SlingCatcher? Mac Mini? Something Else???

Apple today officially announced the little box formerly known as the iTV, now dubbed the Apple TV. Nothing new has really been announced, and the honours of the day of course duly went to the quite stunning iPhone. The Apple TV price tag was confirmed, at US $299.

Pretty neat and cheap little device, but one detail to note is that it will not ship with a cable to link it to your TV (see What's in the box), which will probably fetch another US $20 or more at purchase time.

Also, unless 3rd-party cable providers jump on the bandwagon, and/or that the device itself does not make use of Macrovision-like DRM technologies, the Apple TV will also not be compatible with analog TV sets (See the connection options), unless plugged in an intermediary solution like a cable/satellite set-top box or other. This is of course conveniently in line with the media industry's quest to plugging the infamous analog hole (booh, there be dragons in there!).

For those just as tempted as I to press the shiny pre-order button, I'd suggest to consider the family=AppleTV in the URL at the online Apple Store. Can you see the bigger-drive-coming-soon flag too?

On another front, Sling Media announced (1, 2) the upcoming release of their very similar offering, the SlingCatcher, at the Consumer Electronics Show.

We will probably have to watch for the same limitations as the former device, but one big point is that this solution is currently said to be media agnostic.

This is an important fact in my context, since I have digital videos that go back to close to 10 years now, and some of them will not play in Quicktime without the addition of extra codecs (such as wmv, xvid, divx, etc). Apple currently only lists the iTunes compatible H.264 and MP4 (without avi encapsulations).

Other codecs enabled via plug-ins do not import into iTunes at this time (2007-01-09), but interestingly will play in Front Row. I say this is interesting because Front Row seems to use iTunes for video playback (iTunes is launched in the background). Apple probably doesn't want to have to deal with the AVI metadata format.

But there might still be hope, if the Update Software seen in the Settings view is not just an interface to the Mac OS X Software Update utility, and allows for additional plugins to be installed. Or, like in Front Row, if it is possible to stream movies from mounted server, instead of the iTune daap Bonjour/ZeroConf-based streaming protocol (or video-enabled successor?). If I was a 3rd-party QT codec provider, I'd probably be begging them to do so right now, but as much as I enjoy their products, Apple doesn't have the best record for letting others play with their toys.

The price tag for the SlingCatcher is currently pre-announced at around US $200, or about $100 less than the Apple TV. The better solutions for me could still be a Mac Mini using Front Row, which has its own upsides (full feldged OS, analog adapter, DVD player/burner, external expandability, etc) and problems (US $599 v. > 300, thicker, etc). Or also a PS3 running Linux.

Um, again left with decisions... Bah, I still have a few weeks to decide before my birthday anyway. ;)

Update: 2007-01-10: Apple does not actually manufacture/(re-)brand connection cables at all. The ones listed on their site are actually made by Xtreme Mac. Also, some of the same questions/concerns I had have been addressed by some of the Ars Technica editors.

Sunday, January 07, 2007

Why is the universe just right for life?

Paul Davies, George Efstathiou, David Gross and Leonard Susskind, four of the world's most renowned physicists, will debate the fundamental questions of existence at A Cosmic Coincidence: Why is the Universe Just Right for Life? McGill University's second annual Lorne Trottier Public Science Symposium. The symposium will address the controversial anthropic principle: the notion that the universe is somehow specifically "tuned" to support life as we know it.

The 2007 Lorne Trottier Public Science Symposium: A Cosmic Coincidence: Why is the Universe Just Right for Life?

When: 5:00 pm to 7:00 pm, January 25, 2007

Where: McGill University Main Campus, Leacock Building, Room 132

Live Webcast (on January 25)

This symposium will be presented in English with simultaneous French translation.

Read the source article on the McGill Newsroom.

Last Day in Florida

Well, it's our last vacation day in Boynton Beach, Florida, and as you can assume from the attached photo, my family and I had a blast (don't be fooled by the body board, there are no real waves, but enough to fool around in with the kids.). Plane tomorrow, back to school for my oldest on Monday, and back to work for me on the 10th. My wife and two youngest will be staying an extra week.

And of course, back to more tech-oriented blogging for me. :)

Update: 2007-01-12: Link to Google Map where the photo was taken.

Monday, January 01, 2007

Happy new year!

May 2007 bring you all that you wish for.