sjon.blog

Zend almost convinced me that their Safeguard Suite really secured your PHP scripts. Ofcourse I know that scripts need to be interpreted and executed and are therefore never 100% safe; but I expected some form of obfuscation and rewriting to prevent this. This doesn’t seem to be the case though. I have had a look at PHP Obfuscator/Obscurer; but a good illustration of the quality of that script can be illustrated with following if-statement (line 406):

if($FunctieNaam == 'doLoad') $FunctieNaam = 'doLoad';

Also, obfuscating React took me almost an hour; which isn’t that strange when you have had a look at the sourcecode. Maybe a better example of how to obfuscate properly will be posted on this blog.

The open-source community being dynamic, popping up new alternatives all the time, doesn’t mean there automatically is a wide choice of software available. It just means a lot of ideas get worked out to a website, some sample code an maybe even a working application. Take Y-Windows for example. Y was created as a from-scratch implementation of X which is bloated, old and started to suck-and-scare more people. A mailinglist was set up, a wiki appeared, and although the idea was good and there were some very interesting discussions; things died with the main developers saying they were working really hard on some ‘very-good’ ideas which never seemed to make it to the actual CVS tree. Fortunately there are also people working on improving X instead of rewriting it, thereby avoiding major compability issues. I assume new projects don’t just need to be hyped, they need people open to new developers and ofcourse: Release early. Release often. And listen to your customers.

iStockPhoto is a great website linking amature photographers and designers to people interested in their material. However, some people don’t realize what it means to sell the rights of your work for 30 cents. The Dutch newspaper ‘De Volkskrant’ found iStockPhoto very interesting as well; they used an iStockPhoto they bought for their campaign. However, the photographer seems to never have realised what it actually means to sell the rights of your work. When you release anything; make sure you read the license you are agreeing to!

The very promising XUL based iTunes clone Songbird has delayed it’s 0.1 release date with ‘a few weeks’. It seems as if a designer with XUL experience started this project, but when it came to actually programming it, things went wrong. What would be a better explanation for a sudden ‘few weeks’ delay? I can’t find their subversion or CVS repository neither so helping them out isn’t really easy. Anyway; the screenshots look even better and we still cannot wait for this project te give birth to it’s first public release

When developing a dynamic web-application it is very useful to program your own cache-implementation. Make sure your clients don’t download information they already have, thereby increasing the speed of your application. To check if your application’s caching headers are correct the Cacheability Engine is a very useful link to have in your bookmarks!

The Dutch division of eBay really tries to protect its bidders email address. Check this out; first; the terms of use tell you that email addresses are protected using forwarders (for example, ‘name.pq7ft5v3uptfbm1ib5osoqa04ic1@zend.nu’) to prevent spam. Then, if you (as a seller) want to email a bidder, you get a very long (’protective’ I guess) URL (368 characters in my case) which, indeed, doesn’t show the bidders email-address; but only the forwarding address. Now, check out this screenshot of the very first screen you see as a seller, selling your article (click to enlarge):

Isn’t this a great example of a tiny hole, which would be easy to fix, but which currently completely destroys all the other work you have done on your so-called security?

If you ever considered taking over the world internet; now is the time to buy some Google stock. Of course, you know Google tracks and stores the following:

• Internet searches
• Local computer searches
• Email
• News interests
• Location
• Blogging interests
• What you write

A few weeks ago they made sure they could track you once you left Google as well. Now, just to make extra sure, they launch a new Firefox extensions. I assume this extension will verify every URL you visit with Google so they can ‘check if it is safe’. Combining this with the above things I just hope Google has a good security set up.

When Google thinks that you are infected with a virus, or spyware, they are very sorry, but block you anyway. This happened to me yesterday, and after I quickly turned off the only Microsoft Windows PC in the house; the message went away and Google started working again. Pretty strange though that non of the 5 anti-spyware tools I ran found anything but some ten or twenty ‘tracking cookies’ which I am pretty sure cannot target Google. Thankfully, this message from Google made me realize I don’t like Windows PC’s to be doing stuff on my Network, so I removed the network card from the computer. Thanks for warning Google!

Exactly one week after starting this blog, Google tells me there are now 456,000,000 hits when searching for blogs. Assuming I am in there somewhere (assumptions are dangerous, I know), there were 2.999.999 hits removed from it’s index. Let’s have a moment to think about these 2.999.999 hits…..

And yes, linking to Google image-search for some random word really is funny

Even though RoundCube is officially still in alpha phase it is a very usable webmail-client; replacing my previous SquirrelMail client, which is everything RoundCube is not. RoundCube uses AJAX combined with the Ilohamail IMAP classes, while Squirrelmail uses it’s own backend (which is faster) combined with a frontend based purely on HTML tables. Although Roundcube suffers some performance issues, it’s clean PHP code and templating system make this a very nice webmailclient with lots of potential.