linux.ie « Ken Guest’s online diary

Archive for the ‘linux.ie’ Category

Is PHP vulnerable software?

Tuesday, August 26th, 2008

Thanks to Ivo Jansch, I spotted Matt Assay mentioning in his article on cnet that PHP headlines in IBM’s list of most vulnerable software and I have to say this is complete balderdash on the part of IBM.

He quotes from the report:

Another commonality between these three vendors is that they are all written in PHP. If we look back over last year’s disclosures and apply the new CPE methodology to them, we would uncover another newcomer to the top five list, PHP itself, which would rank number four in the 2007 top five vendor list.

What are featuring in IBM’s top ten of vulnerable that makes the report insinuate that the PHP language is a security risk are Jooma, WordPress and Drupal. How PHP would feature in a list of “vendors” is beside the point – if a construction company were to build a house where the windows don’t close fully, the security alarm doesn’t work and where bare wires are exposed you don’t “blame” the windows, alarm system and cabling. The responsibility rests with the construction company and/or the individual contractors hired by that company. Similarly, we can’t “blame” PHP for bad software architecture and security risks present in Joomla, WordPress or Drupal – the onus is on the software developers and architects to design secure [web] applications.

They should, at the least, ensure input data is of the expected type, of certain values; handle uploaded files in a secure and cautious manner that they don’t overwrite files crucial to the health/security of the system running the application or the application itself; use an audit trail for checking against attacks, ensure security in depth against SQL injections, Cross Site Vulnerabilities, Command Injection and … I could go on but won’t – search for php security best practices, get the Zend PHP 5 Certification Study Guide, check out the library resource at the PHP Security Consortium.

Now where’s ruby, cobol, C, and z80A assembly language on that list? And why is Linux mentioned there as a vendor?

Tags: php
Posted in linux, linux.ie, pear, php, Web Development | 1 Comment »

Irish PHP User Group: Committee Forming

Wednesday, August 20th, 2008

Yesterday. a few weeks after much discussion and evolution of the constitution of the Irish PHP Users’ Group I suggested that we should get our skates on and get to forming a committee.
Nominations were made today for all of the posts but there’s a week left before the results are ‘official’ – the cut off is to have a committee voted in by next wednesday so there is still plenty of time left if you think you are better suited for the tasks at hand.

Posted in linux.ie, pear, php, Web Development | Comments Off

pear tab completion

Monday, July 28th, 2008

Last Friday, Amir mentioned that he wrote a bash completion script for the pear cli. I’ve used it a bit since then and the tab completions that it provides makes using pear at the command line much easier. Thanks Amir!
Now – is there any chance to get it installed with pear by default? That would be good!

Posted in linux.ie, pear, php | 5 Comments »

Andrii Nikitin’s son Needs Help – ASAP

Monday, July 14th, 2008

(Reposted from Zack Urlocker’s blog, via Vidyut Luther and planet MySQL. I don’t usually repost such things but a 2.5 year old’s health is at stake so I’m making an exception. If you use mysql at all – and even if you don’t – please dig deep.)

Andrii and his son Ivan

Andrii Nikitin, one of the MySQL support engineers located in Ukraine, has asked for help from MySQLers and so I’m sharing this information to the community at large. Andrii’s son Ivan, who is 2 1/2, is in need of a bone marrow transplant operation. This will require going to a clinic in Europe that will not be covered by regular insurance. So Andrii has asked to see if we could help raise funds. The cost is expected to be €150,000 – €250,000. A huge amount for an engineer from Ukraine to cover. But a small amount by many people could make a big difference.

Many MySQLers have kicked in to help out, but more is needed. Ivan’s health has taken a turn for the worse recently and the issue is now quite pressing. Even a small donation could mean the difference between life and death for Ivan.

I hope some of you who use MySQL or have young kids will join me in making a donation today. You can do so by using Paypal, by sending a cheque to MySQL, or via wire transfer.

Paypal:
Paypal
Or
by check payable to:

MySQL, Inc.
Mail to: MySQL, Inc.
Attn: Linda Dong
20450 Stevens Creek Blvd #350
Cupertino, CA 95014

or
US wire transfer:

MySQL Inc: 7396643001
SWIFT: NDEAUS3N

or
International wire transfer in any currency:
Bank: Nordea Bank
Bank address: Stockholm, Sweden
Bank account: 3259 17 03868
IBAN: SE27 3000 0000 0325 9170 3868
SWIFT: NDEASESS

Thanks to those who have donated already. A child’s life is precious and I hope we can give Ivan a chance.

Posted in JavaScript, linux, linux.ie, pear, php | 7 Comments »

LinkedIn Usability Woes (or “How come there are two Irish Linux Users Groups?”)

Thursday, July 10th, 2008

One of my fellow members of the Irish Linux Users Group posted a link to a newly created LinkedIn Group so that members could connect to each other using the Group as a reference point.
It’s a shame that LinkedIn don’t [yet] provide a search facility for locating such groups as I had already created such a group for ILUG back in October last year – however it does prove a point that it hadn’t been getting much publicity for ILUG members to make use of it.
To prevent this from happening again I’ve placed prominent links for the linkedin and facebook groups on the linux.ie website.
Thankfully there were only a handful of people that joined the second group before we noticed this gaff but it does highlight yet another usability issue with linkedin, which is this:

Importing a CSV file requires you to have firstname, lastname and email address in the file. Why? The people you reference in the file must already be on linkedin so just providing their email address should suffice.
Manually entering this data on the linkedin website can only be done one record at a time; and again you must provide the persons firstname, surname and email address – heaven help you if you enter Thom E. Gemcitty rather than Thom E Gemcitty for example – round trips to the server for adding such data is so web 0.1; I would expect this data to be entered in a spreadsheet-like-grid that the user then verifies and saves.

Tags: ilug, linkedin, usability
Posted in linux.ie, Web Development | Comments Off

What I’ve done recently

Friday, April 11th, 2008

Travis asked What did you do today? recently – and what he did all sums up to an amazing level of work.

I felt a need to answer this question myself. This is what I’ve been keeping myself busy with recently:

Released version 0.18.0 of Date_Holidays – this includes drivers for Iceland, Romania and the Ukraine along with some bug fixes.

Released version 1.0.1 of Validate_IE, focused solely on adding validation for the 089/Tesco mobile phone network.

Released version version 0.1.2 of PEAR_Size. This includes integration with the PEAR command.

Wrote a review of CodeIgniter for Rapid PHP Application Development.

Kick-started a discussion on aggregating blogs of people in the Irish PHP Users Group.

I’m trying to decide what to do with the codebase for the website of the Irish Linux Users Group – at the moment it’s all rather cobbled together and isn’t providing as much functionality to the community as it could. I’ll most likely migrate it over to using a more general purpose framework plus ILUG/User Group specific components.

Posted in linux, linux.ie, pear, php | 3 Comments »

planetilug.linux.ie upgraded

Sunday, March 18th, 2007

Finally got around to update the software running behind planetilug.linux.ie to planetplanet v2.0 – this has solved quite a number of issues that the previous install exhibited. Links to all subscribers blogs should just work and all entries are displayed properly.

Posted in linux.ie | Comments Off

spam prevention technique for sending contributions for linux.ie

Wednesday, April 26th, 2006

I’ve set up an admittedly primitive spam prevention technique to the “Make a contribution” page on the linux.ie website – if you don’t know that ILUG is short for “Irish Linux Users’ Group” you won’t get far.

Posted in linux.ie | Comments Off

ILUG Map – Where exactly are we all?

Wednesday, April 26th, 2006

Set up a map on frappr last night for the Irish Linux Users’ Group – we can use this to get a handle on where everyone is
I’ve also set up a more easily remembered URL for the map – http://linux.ie/map/ instead of the lengthy http://www.frappr.com/irishlinuxusersgroup/map

Posted in linux.ie | Comments Off

Linux.ie: Streaming audio on GNU/Linux – the miniest HOWTO

Wednesday, January 25th, 2006

John Barrett has kindly granted permission to mirror his Streaming audio HOWTO on the linux.ie website. Cool

Posted in linux.ie | Comments Off

Linux and Bluetooth Headset howto

Wednesday, January 25th, 2006

John Moylan’s written a good howto on using a Linux and Bluetooth Headset howto. It details how to tie in a Jabra bluetooth headset to Linux’s Bluetooth Alsa support.

Well worth the read for people who are interested in such things, especially as
it works with Skype.

Posted in linux.ie | Comments Off

upload faces for planetilug.linux.ie

Friday, January 20th, 2006

You can now upload your own ‘face’ or other small image to http://planetilug.linux.ie as I’ve finally gotten around to fixing that functionality.
To do this:

Log in to the linux.ie website
Click Edit planetILUG Details
Click ‘Browse’ to locate the local copy of the image you want to see on planetilug.
When that’s done, click ‘Save’.
The next page should tell you “Your file got uploaded successfully!” – you’ll need to try again if it doesn’t.

Posted in linux.ie | Comments Off

http://planetilug.linux.ie is now database driven

Thursday, September 15th, 2005

http://planetilug.linux.ie is now database driven. This is really cool and means you can add or change your details whenever you want – you won’t have to send an email to the admin asking to be added or that you want your planetFace changed!

The existing list of blogfeeds, copied from planetilug.draoicht.net has been cleared down – only feeds entered on the http://www.linux.ie website will be shown.

To add your blogfeed to http://planetilug.linux.ie:

Log into http://www.linux.ie
Go to “My Account”
Click “edit planetILUG details”
Tap your details in and and click save.

Posted in linux.ie | Comments Off

Some Tweaks on the linux.ie website

Monday, September 5th, 2005

Over the course of the last few days I have made some tweaks to the linux.ie website of the Irish Linux Users’ Group.
I have changed the Who’s Who listing so it no longer details the people in the listing. This results in a quicker download. To read specific entries please follow the individual links on that listing.
Anybody currently linking to URLs such as http://www.linux.ie/linux-ie-people.html#KenGuest are advised to change the URLs to something akin to http://www.linux.ie/whoswho/ken_guest – the person’s name should be changed to lower cases and spaces should be replaced with underscores.

Posted in linux.ie | Comments Off

Significant linux.ie update

Saturday, August 6th, 2005

I decided to have a look through the posts on the ILUG Tips forum last night and spend quite some time weeding through spam that had gotten posted to it.
Too much time.
So I’ve tweaked the code for the board so you now have to fully sign on to post a question or answer one or share a tip – this should significantly reduce the amount of spam getting through and fully justifies the extra hoops you have to jump through.

Posted in linux.ie | Comments Off

linux.ie updates:

Friday, May 27th, 2005

Some more updates for the linux.ie website. They are mostly cosmetic and accessibility focused.

2005-05-27 Ken Guest:
* generic.css: tightened up tooltip
* /vendors/vendors.php: tightened up display
2005-05-25 Ken Guest:
* tooltips.tpl.html: Added new entries.
* /login/register.inc.php: Updated use of tooltips.
* /login/users/edit.inc.php: Updated use of tooltips.
* /login/users/view.inc.php: Updated use of tooltips.
* config.inc.php: Defined TEMPLATE_DIR, where template files are now stored.
* nav.inc.php: Fine-tuned value returned by count_list_size function.
* tooltips.php: Used for displaying tooltip divs now they are in a template
file.
* submit.inc.php: Fixed minor typo.
* /login/news/addnews.inc.php: autofocus to the first input box in the form
* /login/users/add.inc.php: autofocus to the first input box in the form
* /login/users/changepassword.inc.php: autofocus to the first input box in the form

2005-05-24 Ken Guest:
* tooltips.js: Display tooltip closer to the hotspot image.
* menu.inc.php: Added id values to hotspot images so changes to tooltips.js
will work.

2005-05-23 Ken Guest:
* lists.inc.php: Don’t display option to read posting without the
formatting if the style is set to ‘printer’
* print.inc.php: Fixed minor bug.
* *.css: Removed superflous spaces.
* page.inc.php: Fixed hanging brace.

Posted in linux.ie | Comments Off

More updates

Monday, May 23rd, 2005

Some more minor updates; some cosmetic and some important:

2005-05-23 Ken Guest:
* print.inc.php: Fixed minor bug in code.
* config.inc.php: Fixed minor bug regarding PDA detection.
* remindpassword.php: Improved data checking.

2005-05-20 Ken Guest:
* ui.php: added ui_confirm_delete function, will be used to prevent
accidental deletions of data from the database.
* login/…add|edit|view|index||footer*.php: use ui_confirm_delete and
redressed footer.php to be a menu placed underneath the admin
‘breadcrumbs’
* rights.inc.php: accessibility – text beside the checkbox is now a label.
* users/footer.php: rephrase things slightly.

2005-05-19 Ken Guest:
* /login/editor/index.inc.php: fixed regexp so filename be valid. flattened
JavaScript function so slightly less
bandwidth is used.

2005-05-19 Ken Guest:
* /login/polls/index.inc.php: using correct access right ID for secure
administration of polls

Posted in linux.ie | Comments Off

linux.ie site updates

Thursday, May 19th, 2005

Pushed some updates to the linux.ie website again:
A persons name on the CD Burners page now links to the relevant Who’s Who entry.
Made other changes which should result in slightly quicker download times and make things easier to add polls to the site – which I used to have to do by hand.

Changelog as follows:
2005-05-16 Ken Guest:
* polls: got recount’s tooltips working
* saverights.php:working with register globals turned off

2005-05-15 Ken Guest:
* polls: upgraded to recount 0.5.3 and integrated it into system better: no need to manually create pages for each new poll.

2005-05-12 Ken Guest:
* whoswho: include the name of person in the page’s title
* cdburners.inc.php: name links to Who’s Who page now
* $library/whos_who.php: added functions for above functionality
* nav.inc.php: removed use of JavaScript hosted on blogs.linux.ie

grad*.gif images got renamed – cut down bandwidth and speed up transfers ever so slightly.

Posted in linux.ie | Comments Off

April 13th Updates

Wednesday, April 13th, 2005

Well I’ve done it again – pushed more changes to the linux.ie website.
A few tweaks were made, but the main focus here was adding the ‘let me know when my news items are going to expire’ functionality that Paul O’Malley needed.
This won’t make any difference to most people, because they haven’t got access rights to the News System, but they will have a preferences page, so they can indicate whether they want plain or HTML emails sent to them in the future.

2005-04-12 Ken Guest
    * newsitemexpiry: Only send reminder if supposed to - user mightn't want
                      to be notified each and every day running up to the
                      expiry date of the news item in question.
                      ie: prf_newsitem_alert_once value is honoured.

                      Also, in this script, insert as many rows into the
                      user_preferences table as needed so anyone who has posted
                      news items automatically has preferences set up.

2005-04-12 Ken Guest
    * preferences:    Let user change prf_newsitem_watch_period so he can
                      change just how soon he will be emailed ahead of a
                      newsitem expiring.
    * newsitemexpiry: Updated newsitemexpiry.php script to be fully aware of
                      the preferences set up so far, with the exception of
                      keeping track of whether a user has already been
                      notified.
                      Email format (plain/html) setting is honoured.
                      prf_newsitem_watch_period value is honoured.
                      prf_newsitem_expiry_alert value is honoured.

2005-04-11 Ken Guest
    * login:          Fixed assigned_access_right for better checks.
    * ui.php:         ui_yes_no function set to work with 't' and 'f' values.
    * nav.inc.php:    Was using $PHP_SELF with register globals turned off!
    * preferences:    Added user preferences - essential as we'll be sending
                      emails through cron etc fairly soon.
    * articlenotes:   Let admin delete an articlenote through the site.

Posted in linux.ie | 2 Comments »

Site Update

Saturday, March 26th, 2005

Well I pushed more changes to the live site. Most of the changes are trivial:
Worked on database abstraction, so it’ll be ready for mysql improved functions.
VCards for contacts is now in line with standard set by linux.ie/vcards code.
Blank article comments won’t be saved to the database.
All library functions are now commented in ‘PHPDoc’ style.

Posted in linux.ie | Comments Off