a php developer weblog

Elliott Back noticed that there's a comment in the footer of every Amazon.com web page, that changes on page reload. So what, you might say? Well, we geeks like mysteries, I speculate a lot; and Amazon.com is leading edge in ecommerce. There's always a reason for everything, and it sure isn't pagerank; like this poor bastard tried. Therefore let's start betting:

• it's another fancy google-like job opening contest
• a new way to digital sign or fingerprint a webpage
• some internal stuff, and we don't care. it gets boring; click the back button now!
  
• if it's a fingerprint, it could be read by alexa toolbar, and they match alexa's user patterns towards their own click streams
• since they force the page refresh on every load, they clearly don't play with the HTTP header code 304.
  
• it's simply a HTML comment; no fuss about it
  

Btw, I noticed that the comment appears like this in the homepage:

Read the rest of this entry ... (43 words left)

Many people know this already; but for those that don't: Can anybody think of a reason why passwords should be stored in clear in the database? Because for sure there are huge risks involved, starting from any kind of browser/session hijacking, to major security issues if somebody gets db access or a hold of your db dumps.

Read the rest of this entry ... (72 words left)

MySQL 5.0 is available for production usage! Some of the enterprise feature list:

• Stored Procedures and SQL Functions -- to embed business logic in the database and improve performance;
• Triggers -- to enforce complex business rules at the database level; 
• Views -- to ensure protection of sensitive information; 
• Cursors -- to allow easier database development and reference of large datasets;
  

... and many more. That's perfect timing for Systems 2005 Munich.

Why reinvent the wheel? Why not, said Microsoft, and created the Microsoft Shell beta version 2 (codenamed monad). Read the Ars Technica review, and then some comments from Slashdot. If you have too much time and want to fill pages of personal data for them to mine, try the free msh download link as well (beware you need the .NET platform installed).

From reading the reviews, first impressions are that it's a very complex product; with various inspirational sources. Might also be that in their attempt to simplify things, they created a messy product; that stands no chance against the mature *nix tools. However it's been only 4 months since monad's first beta release; their rush might signal a massive release marketing campaign.

No matter if it's about signing up for some new web account, or just the necessity to approve a clause when installing a program, very few people actually read the Terms and conditions. We have too little time, or the End User License Agreements (EULA) are too long and boring. If they are intentionally long, in order to hide certain aspects of the software, or it's just the legal department's way of saying we exist here too; that's hard to decide. Anyway, if nobody ever reads them; why do we have them?
However, the very few that do read them can find it extremelly rewarding to do so. I won't reveal the plot; but it's a funny story; take your time.

Did you know this function exists? Well, since 4.3, there's this new PHP function called glob(); useful if one simply needs a list of files from a directory, and eventually apply ereg patterns to file matching. Before one had to either use the dir() class, or the opendir() function; something like this:

Read the rest of this entry ... (82 words left)

I manage a small blog hosting website, and I must say the obvious; that this problem exists since a long time and little has been acted upon. A clear strategy has to emerge; containing anti-spam blog filtering (like e-mail spam filtering) maybe integrated into news readers. One can think of a browser extension too, that reports spam blogs to a centralised place, or even tries to "rate" or "signal" spam content in the current visited webpage. A simple solution like CAPTCHAs helps but is far from solving the problem. So long splogs get money for what they do, they will keep pushing.

Read the rest of this entry ... (156 words left)

a new name for the old MSN Hotmail application that is about to be upgraded soon. Here's a indepth review of the new beta; with screenshots: MSN Mail beta preview. It uses intensivelly AJAX; also opens local Outlook integration. Looks pretty impressive; hopefully with support Firefox 100%.

I was talking a while ago about fake referrals, and how this affects search engine ratings. I was recently surprised to find a sad example in action on a website of mine. It concerns this former website, pretty abandoned nowadays, called the simplest shop. I had a product review form there, which was left open to visitors so that they could leave their opinions on products they bought. Some SPAM company saw this open web form, and used Perl to take advantage of this feature, and filled up the small reviews database with SPAM. They had around 2000 daily "pushes" of spam reviews; that's quite a figure. The spam reviews attack came from two different web addresses: one is 24.244.170.180, which seems to be hosted somewhere in the Bahamas, and the second one is 217.160.227.107, hosted on a root US domain, by a german company. I complained to both the hosting providers, but I doubt they will react (they seem to be small, and probably get money from hosting this crap). Meanwhile, don't wonder why you get cialis medicine on top from some spamming *.to companies, who paid this web attack. Bottom line is that unused web forms should be closed, and well protected agains this new type of spam robots. I'll let you know how this develops.

The battle for a strong browser-based e-mail app has just begun. While yahoo's playing with their new beta application, Zimbra has released an entire platform for managing e-mail, contacts, calendar. This platform (demo here) is based on AJAX, and worths been checked out.
They have an interesting business model, too, with a strong focus on the developers community. I hope the ajax hype will cool down soon enough, so that we see which applications are mature enough to endure market pressure. For now, zimbra's demo made my firefox memory usage grow exponential.