March To Be Month of PHP Bugs

From the source article, on SecurityFocus (via Slashdot):

Stefan Esser is the founder of both the Hardened-PHP Project and the PHP Security Response Team (which he recently left). Federico Biancuzzi discussed with him how the PHP Security Response Team works, why he resigned from it, what features he plans to add to his own hardening patch, the interaction between Apache and PHP, the upcoming "Month of PHP bugs" initiative, and common mistakes in the design of well-known applications such as WordPress.

Given the success of the Month of Apple Bugs project, I think it's a fantastic idea. This said, our sys admin at work isn't too thrilled by the prospect of having to patch our many PHP installs everyday in March... ;)

Action Plan for Killer Asteroids

From the source article, on the Beeb:

A draft UN treaty to determine what would have to be done if a giant asteroid was on a collision course with Earth is to be drawn up this year. [...] The association has asked a group of scientists, lawyers, diplomats and insurance experts to draw up the recommendations.

Sorry, it's hard to type while I'm laughing so hard... Yeah, those are definitely the people to put on the job! All they're missing are religious leaders, and we're sure to have a speedy conclusion to that project. ;)

OpenMoko is Picking Up Steam

From the source article, over at the always great LinuxDevices.com:

FIC has announced an on-sale date for its Neo1973, expected to be the first low-cost, high-volume phone with a user-modifiable Linux-based operating system. Additionally, the OpenMoko project building open-source software for the phone has published a wealth of technical resources. [...] The first [release phase was] Feb. 11, with free phones for prominent open source community members. The real sale date will be March 11. That's when the online store opens, and everyone can buy one direct, for about [US] $350.

I read about the OpenMoko project the same day the iPhone was announced, and I really think I'm more eager to see a Neo1973 than I am to see Apple's upcoming solution.

There are very good photos (1, 2, etc) of the device's innards on the project's wiki for the hardware enthusiasts.

Minilogue/hitchhikers choice

The stop motion animation in the following music video is beautiful on its own, but the fact that the medium is a simple white board truly makes it amazing to me.

Music by Minilogue
Animation by ljudbilden & piloten

Is this Really Fair?

The above image shows the OS X weather widget for Montreal (Quebec) and Boynton Beach (Florida): -13°C v. 23°C (or 9°F v. 73°F). Why, you ask? Because I'm in the former, and my wife and kids are in the latter for the week...

Does that sound fair to you?

But I'll have my revenge when I go to San Francisco for the Web 2.0 Expo in April, and maybe the Red Hat Summit in San Diego in May. Muhahahaha!

parseMe 20070213 Update

It's time for another quick update to parseMe, my little GPL'ed PHP-based RSS/Atom feed reader for mobile phones and other web-capable devices. Pfew [deep breath], that was quite a mouthful, wasn't it? ;)

• It now loads the destination links without images by default, for performance improvements on most sites. Links still go through the Google Mobile gateway.
• Small screen-related interface improvements for the feed selection form.
  

You can find the appropriate links below:

• Online demo: See this mobile feed reader in action.
• parseMe-20070213-source.phps: PHP source, with comments (for online viewing).
• parseMe-20070213.tar.gz: 14KB - Full app, tar/gzip archive.
• parseMe-20070213.zip: 15KB - Full app, zip archive.
• SHA1SUM: SHA1 sum for the above files.
• RELEASES: Version history.
• INSTALL: Basic installation instructions to get you going.
• COPYING: Software license, GPL.
• AUTHORS: Credits file.

Hoping you'll enjoy it as much as I do in the bus, on the way to and from work.

Lego Mindstorms Automated Car Factory

It's not exactly the new Volkswagen glass factory, but this has to be one of the coolest Mindstorms-based project I've seen. And there are a lot of them out there.

A bit on the slow side, but amazing nonetheless. I can only imagine how much time this must have taken to think through and build.

/me Like PostgreSQL

I've recently had to take over the role of DBA at work (our previous one left for a job at Google), and I'm trying to make the most of the situation (still have my job to do too) by restructuring the PostgreSQL-powered database at the core of our Web architecture.

Like so many enterprise projects, it's grown exponentially, in both size and complexity, over the years and what I'm left in charge of today is less then ideal. Nonetheless it's been serving us quasi-flawlessly, and I sure am happy my predecessor(s) made the choice to go with PostgreSQL as a database backend. The use of PostgreSQL in an enterprise environment was actually one of the reasons I started working at McGill, back in 2002.

What I'm doing these days involves modernizing and sanitizing a considerable number of tables, stored procedures and functions. All while staying fully backward compatible so that the countless pieces of software relying on the data can keep on running as if nothing changed. I'm of course modernizing the codebase I have access to so it all takes advantage of the improved data structure. But for the sake of phasing in the upgrade and to not force it on external developers whose schedule I have no control over, replicating the current base is a of the essence.

This is all proving to be a task our faithful PostgreSQL environment is truly shining at.

Through the use of temporary tables from queries, case-based views, rules and other assorted options, I am rather quickly and easily able to author scripts that handle the nasty stuff, all wrapped in the safety transactional DBs afford us. They create new tables, populate them from others, tweak the data, drop the old tables once ported, setup views to replace them just-in-time and more, all transparently.

All of this is of course also possible with many other RDBMS. I'm just dealing with PostgreSQL in this instance, and enjoying (almost) every minute of it! :)

Integrating the Upgraded Digg Tools in Blogger

Digg.com released a worthy upgrade to their site integration tools today, with such neat new features as combining the submission process and Digg box, etc. Since I have previously published a method of integrating the first incarnation of the Digg tools in your [new] Blogger posts, it is now time to post an update to take the new features in consideration.

Before you start, make sure that your blog is set to save post pages. This is a Digg (and other social sites) requirement, since we need unique URLs to submit. To verify, go to your Blogger Dashboard » Settings » Archiving » Enable Post Pages? Select yes and save.

Then go to your Blogger Dashboard » Layout » Edit HTML. Be sure to check the Expand Widget Templates checkbox.

Locate the following code in the template's XML:

<p><data:post.body/></p>

And replace it with:

<p>
  <span style="margin-right: 10px; float: left;">
    <script>
      digg_url = '<data:post.url/>';
    </script>
    <script src="http://digg.com/tools/diggthis.js"> </script>
  </span>
  <data:post.body/>
</p>

You're done! It's now as simple as this.

You can also try the new, more discreet, compact mode:

<p>
  <data:post.body/>
  <span style="margin-top: 5px; float: right;">
    <script>
      digg_url = '<data:post.url/>';
      digg_skin = 'compact';
    </script>
    <script src="http://digg.com/tools/diggthis.js"> </script>
  </span>
</p>

Personally though, I'm not too keen on displaying Digg boxes showing 0 diggs when the content has not been submitted yet, nor am I interested in showing the digg box on all my posts. So I'm still going to use my original solution and just update the URL of the Digg javascript from /api/ to /tools/ in my template. Overall, it is a more involved option, but I'd rather have flexibility than ease of use.

Ultimately, I'd like to see another mode (digg_skin variable) where unsubmitted content sports a simple button (like the Digg Guy), and the box only starts to show if and after the content has been submitted.

As a side note, it's probably going to get fixed quickly, but the compact mode of the new tool had a bug with url targeting that made the submit form show in the tiny iframe the Digg javascript outputs.