Oct 25, 2010

FireSheep

I just discovered a Firefox plugin called FireSheep, which sniffs the local wireless network for session cookies to common sites and allows you to sign in as anybody it finds. This is a trivial hack, and anybody with an understanding of wireless networks and how session cookies work can figure it out - and it's fairly easy to explain to anybody who doesn't have an understanding of them.

I dug a bit into their code, they have easy access to these sites:
- Amazon (which saves your credit card info, so they could potentially buy stuff on your card)
- DropBox (lots of people use this one to backup files, this would give you access to all their stuff)
- Facebook
- Github
- Google (fortunately Gmail has an option to always use https)
- Live (aka Hotmail)
- Twitter
- and many more!

So long story short, remember that if you're using your laptop on a public network you should be using https:// and not http://.

This reminds me of a program I found that is kinda neat called STunnel. This program creates a tunnel using SSL to any server that supports an SSL connection. So if you have a program that can't use SSL for whatever reason, you can just connect it to the STunnel service on your local machine and have it forward, encrypted, to wherever you are trying to connect.

Oct 22, 2010

5 Weekends

Seems like a lot of people are excited that this month has 5 Fridays, Saturdays and Sundays. They say that it hasn't happened in <some large number> of years (every time I see it, the number is different).

Except, you know, January of this year. Or May last year. So, fail.

Maybe they all meant that there hasn't been any Octobers with 5 Fridays, Saturdays and Sundays (FSSs) in that many years. My answer: go go gadget Ruby! Here's a little script that will find the last October which had 5 FSSs:
i = 2009
# a month with 31 days will have 5 FSSs iff the first
# day of the month is a Friday
begin
  day = Date.parse("#{i}-10-01")
  i -= 1
end until day.wday == 5

puts day.year
Turns out the answer is....2004! Sure enough looking at the calendar for October 2004 it does indeed have 5 FSSs. Before that? 1999. Before that? 1993. I could go on but I'm getting bored of this.

Oct 21, 2010

Building Webapps in No Time

One thing that I've been thinking about is very small web apps, and how to get them out there quickly without having to do a whole lot of work. These are some tips with some arguments behind them and may not work for you, but I'm assuming that you're all smart here anyway and can decide on your own whether or not you should listen to them.

This guide is mainly targeted towards developers who are interested in building their own apps, but others can probably benefit from some of these too.

Tip 1: Screw IE6. Supporting IE6 can be a down-the-road feature (or v2.0 feature, however you want to call it) but for now it's going to consume much more time than it's worth. Too many web companies say, "oh, but the 10-15% of people still using IE6 are so important to me that I need to double my front-end development time just to make sure my site works in their browser."

No.

Tip 2: Choose a technology that is quick for development. Anything with a build cycle is out - one of the major issues I have working with C# these days is that I have to compile my code and restart the app, which takes long enough to break my concentration and I have to spend time re-focusing before I can be productive again (it doesn't help that I'm a bit of a space cadet and it really doesn't take long for me to find something shiny and distracting while the code is compiling). With stuff like PHP, Ruby, Python, etc. I can make my change and do a quick Alt-Tab + Ctrl-F5 to see the updated change.
Note: this also applies to front-end stuff. CSS Frameworks like Blueprint and Javascript libraries like jQuery will help you out there.

Tip 3: Use other people's code. Package management systems (Rubygems, PyPI, PEAR, etc. - is there something like this for jQuery plugins?) have many many libraries available for you to use that are built by guys who have faced the same problems as you and have made their solutions available so that you don't have to reinvent the wheel. In economics it's called capital accumulation, and you're much better off using it.

Tip 4: Use low-risk hosting. The difference between low-risk and low-cost hosting is that if your idea turns out to suck (like most of mine do) then you don't actually lose anything, where a low-cost host will charge you say $4/month regardless of what happens. An example of such a host is NearlyFreeSpeech.NET, who doesn't charge you for hosting if nobody goes to your site. It is free to sign up and create sites, and you get charged solely on the bandwidth that you use - there are a couple gotchas, I've written about them before if you want more details.
In short, you can pay as little as $5 for the hosting in the initial stages, which is less than the cost of your celebration beer when you launch your site.

Tip 5: This one is going to be a bit touchy for some folks, but it will help you get the app launched sooner. Use Facebook Connect as your authentication system. Seriously. While not everybody is on Facebook and others have privacy concerns and don't really want to sign up on sites that use Facebook Connect, there are two good reasons from a business perspective to use it for your site:
1) You don't have to build your own authentication system (or if you are following guideline 3, you don't have to integrate a library like devise to handle it). You'll probably still need to keep a users table in your app, but you won't need to handle the annoying aspects of password retrieval, profile pics, friends management, etc.
To support Facebook Connect with PHP is simple:
<?= $facebook->getLoginUrl() ?>
2) Free advertising and market feedback. When people use your app, you can post stuff to their wall saying something like, "so-and-so did X on MyAwesomeApp.com!". Their friends will then see the post and (hopefully) say, "whoa sweet, let's go check that out." You can take advantage of Facebook's already-established network for marketing, or for learning what people have to say about your app.
If your app goes anywhere, then you can start thinking about supporting non-Facebook accounts. But for your initial launch you want to do the least possible work, and using something like Facebook Connect will help you achieve that goal.

Tip 6: Choose a design and stick with it. Reworking a design can be costly, especially if you're using a lot of Javascript. Do a single design and unless it is absolutely horrible, just stick with it and rework it further down the road once you have actually launched your site.

Of course, some of these tips don't always apply: if you're building an app targeted toward businesses then Facebook Connect isn't really an option. I'll repeat myself: it is important for you to judge how these points might influence the way you are doing things, and to act accordingly.

Oct 8, 2010

PHP Preprocessor

I've thought of a random cool project, but this time instead of starting out on it, getting halfway through and then abandoning it, I figure I'll put it up for public discussion where others can throw in their two cents, tell me if such a thing already exists, or tell me I'm a moron and that it's a stupid idea (actually there will be people who will always say this, regardless of what the idea is).

I want to add some sort of preprocessor to PHP, to extend the power of the language. It seems a bit silly to add a preprocessor to something that is already a preprocessor, but I figure it is more practical to build this thing as something that outputs a language that is already very widely supported - my main incentive for this project is to then use it for PHP sites and put onto servers that already support PHP without needing additional software.

My main inspiration for such a project is from Ruby on Rails. See, Rails has a lot of good ideas, but many of them are easily translatable to PHP and other languages. You can use PHP's __call(), __get() and __set() methods to mimic a lot of the things that Rails does - I do this in MinMVC for model objects already.

What I think is much more powerful is the ability to use code to manipulate classes (aka metaprogramming). In Ruby I can do stuff like this:
class MyClass
  awesome_function_that_manipulates_MyClass

  ...
end
In PHP you can't do this. While PHP has a reflection API (I haven't actually used it much, so I can't comment on how good it is) it appears to be a read-only API. You can get information about classes and methods, but you can't modify them. You can't stick random methods into a class at run-time (unless I haven't read the PHP Reflection documentation properly). So you can't do something like this in PHP:
class MyClass
  has_many :users
The has_many method would add certain methods to MyClass to make it nice and easy to interact with the users that this class has. While you can mimic this functionality using some __call() hackery, I think adding some sort of metaprogramming capabilities would make this much simpler and more maintainable.

What this preprocessor would do is scan for files that end with .m.php and convert them to .php files. The project would involve writing a parser that would scan for preprocessor blocks and execute them. The code in the preprocessor blocks would also be PHP, so you can do whatever you like in there. The key difference would be the use of $this: if you're inside a class, $this would refer to a Class object that represents the current class. So you would write something like this:
class MyClass {
#begin
  $this->has_many("users");
#end
It's not nearly as elegant as the Ruby version, but that's ok. What this would do is the PHP preprocessor would execute the code in between #begin and #end and output some sort of PHP code to affect MyClass, like add methods called getUsers(), addUser(...), etc.

Quick aside on the use of the extension: I use .m.php instead of .phpm or something because Apache has a tendency to just serve files if it doesn't recognize the extension, which is a security risk. If it ends with .m.php, Apache will just execute it as a PHP file and fire out a PHP error when it sees weird stuff.

I'm still thinking about the details as to how you might add methods to $this, so that people can write add-ons. It might look something like this:
class_function has_many($what){
  ...
}
Who knows. Any comments on this idea?

Oct 5, 2010

Hotmail Spam Filter

int is_spam(const char * message){
  return rand() % 2;
}