Friday, August 31, 2007

Captcha's don't work anymore

On Tom Albers blog, I read his message about how captcha's fail to do their job. The linked video really frightened me as a developer. I was under the impression, captcha's were actually really working against SPAM messages but the video shows us that nowadays it's a matter of minutes to overflow message boards, guestbooks and other messaging systems.

What new do we have to invent ?

Thursday, August 30, 2007

PHP Development and security

When you have a website, you should be concerned about security. You need to know a little about what settings are default enabled for development environments that must be switched off for live production environments.
PHP has several settings, and one off them is display_errors = off. If you still have it on, and an error occures, your visitors will get to see all your internals. And you don't want that !

http://www.phpfreaks.com is a site for php developers by php developers, but one thing the missed: display_errors = on resulting in a nice dump of error messages, SQL statements and queries. Luckily the dump didn't contain clear text passwords, otherwise you could imagine how harmful this all could be.

Just a few lines of the dump:
Warning: mysql_select_db() [function.mysql-select-db]: A link to the server could not be established in /home/www.phpfreaks.com/public_html/includes/DatabaseObject.inc on line 69

Warning: mysql_query() [function.mysql-query]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /home/www.phpfreaks.com/public_html/includes/DatabaseObject.inc on line 70

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/www.phpfreaks.com/public_html/includes/DatabaseObject.inc on line 70
MySQL Error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) MySQL Query: INSERT INTO `user_track` set `user_track_id`="", `session_id`="70d2aa2e89ed6aa32c15009630bbbc08", `last_activity`="1188475288", `last_page`="", `member`="0", `ip_address`="195.177.247.201", `refurl`="", `user_agent`="Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/20070730 SUSE/2.0.0.6-2.1 Firefox/2.0.0.6" +===========================================================+ MySQL Query: INSERT INTO `user_track` set `user_track_id`="", `session_id`="70d2aa2e89ed6aa32c15009630bbbc08", `last_activity`="1188475288", `last_page`="", `member`="0", `ip_address`="195.177.247.201", `refurl`="", `user_agent`="Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/20070730 SUSE/2.0.0.6-2.1 Firefox/2.0.0.6"

So security is something to keep in mind, even basic settings can make the difference.

Wednesday, August 29, 2007

Nexen.net : portail PHP et MySQL - Ext/elephpant : the furry PHP mascot

If you like fluffy stuff and you're into PHP development, you might like the PHP Plush Elephant. Show your friends, relatives, co-workers and bosses that you're into PHP development with this cute animal.

Sizes:
- L: 7" (18cm)
- H: 6" (15cm)
- W: 4" (10cm)

Weight: 3.5 ounces (100g)

Although it's not (yet) mentioned where you can buy this, you can contact nexen.net for ordering information.

Friday, August 24, 2007

Better tracking of development projects

Good developers do make mistakes and need to follow up on these little errors. One method is to have a file at hand that lists all errors that occur, but as soon you have at least two developers, you need to rethink this method.

I decided to use bugzilla, a well known bug-tracking tool that has a rich feature list, like database back-end, security, search cache, e-mail support and many more.

With bugzilla it is easy for me to list bugs and unwanted features, problems my customers have and other quirks. With an intuitive interface, a priority list and with e-mail support it's really easy to improve my development.

Another smart tool is trac, an integrated SCM & Project Management tool. This is besides an issue tracker, also a wiki and a web based subversion repository. But since it has too many features, I stick to bugzilla.

Thursday, August 09, 2007

How to estimate the cost of a web development project

There's an interesting article for ICT Consultants about how to estimate the cost of a project on rarepraveen.blogspot.com, and although he keeps his information quite vague, he does mention some important issues.

- fixed price for the time period after time estimation
- ignore change requests before first release
- quality assurance as extra service for your customers

The most difficult part of Application Development is time estimation. It has become common practice to cross deadlines, mostly because of unforeseen or unexpected challenges that weren't planned in advance. There's no rule of thumb to solve this, only experience will provide you enough knowledge to do a correct estimation.

Another common practice is that your customer ask you one thing, but during development your customer will ask to add more functionality and "nice to have" features to the whole application. Prevent this method by describing in detail what functionality your application will contain and list all other requests for a next release.

For quality assurance, you'll find enough ideas on how to integrate this into your own service. This is an individual choice where I still need to find the balance between good and best.

Friday, August 03, 2007

Automated translations



In Belgium we have 3 languages (Dutch, French and German), but often commercial advertisements stick to Dutch and French. And sometimes you'll see a nice piece of automated translations in ads, like this one where the translation was made in Babelfish (French to Dutch).

In English this reads as:
Valid coupons at the railway station of the twelve hour and only during the market of June 27, 28 and 29 2007.
Babelfish translation from French to English:
Valid goods has the Station of the South and only during the Annual stock sale of the 27, June 28, and 29 2007.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.