Saturday, October 13th, 2007
(This article is also available here)
I’ve recently written a web application using Python using the following
libraries:
-
CherryPy v3.0.2
-
Mako v0.1.8
-
SQLAlchemy v0.3.7
CherryPy has a built-in web server which you can use during development and for
actually running the application. I already had an Apache with some old PHP
programs however, so I couldn’t serve the Python web application using
CherryPy’s built-in web server, cause I didn’t want to serve it on a port other
than port 80. Fortunately, CherryPy applications can also be served with Apache
using mod_python.
Setting up to run it through mod_python turned out to be somewhat of a major
pain though. It took me a total of about 4 hours getting it to work. The
information on the CherryPy website about mod_python turns out to be incorrect,
incomplete and a little dated.
So in this article I’ll describe how I eventually managed to set up my
application to work with both the built-in server as well as with Apache v2 and
which pitfalls to look out for.
(more…)
Friday, October 5th, 2007
Dutch minister of Justice, Hirsch Ballin, is being pressured by dutch christian and labour parties to force Dutch ISP’s to start censoring the Internet:
A translation of the dutch NU.nl article:
AMSTERDAM – The NOS [Dutch Broadcasting Institute] on friday reports that a majority of the Dutch parlement have demanded that internet providers be forced to block child pornograpy.
Currently, providers have the freedom to cooperate with blocking activities, but they are not required to. The Korps Landelijke Politiediensten [red; Dutch National Police Corps] keeps a list of websites that spread child pornography, which ISPs can use to filter. The UPC cablecompany is the only one currently using the list.
The CDA [red; Christian Democrats], the ChristenUnie and the PvdA [red; labour party] parties have demanded that minister Hirsch Ballin forces ISP to start blockin child pornorgraphy, according to the NOS. The topic has been a long-running point of discussion between Hirsch Ballin and Internet providers.
First off, I’d like to explain that I am NOT AT ALL for child pornography or anything of the sorts. That said, censorship is never the solution to a problem. If you’re thinking ‘But what about..’, NO! Censorship is never, ever the solution to a problem.
Now, who is this blocking of child pornography supposed to help (or stop)? There are only three possible answers: The children, the people trying to get their hands on child pornography or the people who accidentally stumble upon child pornography. Does this solution really help any of these parties? No. Children featured in child pornography are already hurt, so it doesn’t help them. Paedophiles looking for child pornography aren’t going to be stopped by this blocking. They’ll simply use any of the existing routing networks such as Tor, which don’t allow blocking, or they’ll find some proxy in a foreign country. The only party it might help are people not actively looking for child pornography but who see it by accident. But come on, have you ever encountered child pornography by accident?
A big problem with this kind of blocking is that it is about fighting symptoms instead of causes. We shouldn’t be blocking this content; we should be prosecuting the people hosting it and those that are actively looking for it. By blocking child pornography you run the risk of hiding the actual problem. It appears as if something is actively being done about child pornography, but the problem is still there; except now it’s hidden from the public’s view. And paedophlies? Where will they go for their needs? Underground, perhaps, making them harder to trace? Or will they simply create their own supply, harming even more children in the progress?
Another problem is that once you start censoring, where do you stop? Right now, the Dutch government is planning on blocking child pornography, terrorist sites and sites with content possibly useful to terrorists (bomb-making manuals, etc). Next up? Who knows? Sites presenting views our government doesn’t agree on (anti-religion, discriminating sites, right-wing, left-wing)? Where does it stop? As we all should know, when looking at history, it won’t stop anywhere. The entry barrier to censoring is high, but after that it’s just like dancing: Getting on the dance floor and making the first step is hard, but after that, all bets are off.
And something that hasn’t been discussed by our government is: Who monitors the monitors? Right now, there are no plans for actually making anybody accountable for what gets on the censoring list and what doesn’t. Smells ripe for abuse to me.
So we’re looking at a system that won’t actually help anybody. A system which, in fact, will do more harm than it’ll do good. A system that’s open to abuse and can only lead to an uncontrollable, unmonitored system.
Sounds like another good idea by our government to ‘think of the children!!’.
Friday, October 5th, 2007
I have given up on PHP. I will still need to use it at my job, but in private I refuse to even touch it anymore.
Lately, I’ve been busy creating a framework, or a bunch of libraries actually, which where meant to negate some of PHP’s worst qualities. It had better error reporting (the kind you can’t just ignore), logging, sane naming schemes, better configurability, etc. But at every turn, it felt like PHP was actively trying to fight my efforts at overcoming its obscene shortcomings.
I will not rehash here those shortcomings of PHP, except that it’s a pathetic excuse for a programming language written by a bunch of particularly bad programmers. The same goes for PEAR. They’re simply horrid.
Some time ago I wrote a little web application in Python, and I actually had fun doing it. It felt liberating not having to fight your programming language every step of the way for once. I revelled in the professionalism with which basically everything in and for Python is constructed. It’s invigorating to work with libraries that aren’t written in a fundamentally broken way just so the authors can use every Design Pattern under the sun.
It’s not strange that Ruby (On Rails) has become so popular. Even though Rails is severely limited in its abilities, people will gladly put up with it because of Ruby. Anybody speaking in favour of PHP compared to Python or Ruby simply hasn’t worked with either Ruby or Python, or has never done anything significant in PHP. Or, like me, where so blinded by how much time they’ve invested in PHP, that they couldn’t and didn’t want to admit what a total piece of crap PHP really is.
Thank you, PHP, for finally exposing yourself as the leper you are. Our ways part here, and may I never run into you again. I’m running off with Python, and we’ll live happily ever after.
Saturday, September 29th, 2007
Found an interesting read over at O Reilly’s website:
The GNU Operating System and the Free Software Movement, by Richard Stallman.
Saturday, September 29th, 2007
Something every PHP developer should be reading:
The Unexpected SQL Injection – When Escaping Is Not Enough
The conclusions:
- Write properly quoted SQL:
- Single quotes around values (string literals and numbers)
- Backtick quotes around identifiers (databases, tables, columns, aliases)
- Properly escape the strings and numbers:
- mysql_real_escape_string() for all values (string literals and numbers)
- intval() for all number values and the numeric parameters of LIMIT
- Escape wildcard/regexp metacharacters (addcslashes(‘%_’) for LIKE, and you better avoid REGEXP/RLIKE)
- If identifiers (columns, tables or databases) or keywords (such as ASC and DESC) are referenced in the script parameters, make sure (and force) their values are chosen only as one of an explicit set of options
- No matter what validation steps you take when processing the user input in your scripts, always do the escaping steps before issuing the query. Validation is not a substitute for escaping!
Like my rule #1 of what I like to call Defensive Coding: Don’t be implicit, be explicit. In other words, don’t try to escape things you don’t want in your strings, simply only leave everything you do want in your strings. A column name in a ORDER BY clause should only consist of A-Z, a-z and 0-9. Anything else in the string invalidates that string.
Thursday, September 27th, 2007
The war on Vista continues:
Say NO to Vista.
I’m even recommending Apple Mac’s above Vista!
Wednesday, September 26th, 2007
I was implementing a plugin system for a framework I’m writing, and I needed plugins to be able to register a callback function or method with the Plugin Manager so that the callback function would get called when a signal was emitted. Here’s a very stripped down version of what I ended up with:
callback_method()\n");
}
// Sample static callback method
public static function callback_method_static() {
print("Callback::callback_method_static()\n");
}
}
// Hook class with which you register callback functions and methods
// which will be called when you call the emit() method.
class Hook
{
private $callbacks = array(); // All the registered callbacks.
//
// Register a function/method as a callback function.
//
public function registerCallback($callback) {
$this->callbacks[] = $callback;
}
//
// Run all the functions/methods registered as callbacks.
//
public function emit() {
foreach($this->callbacks as $callback) {
call_user_func($callback);
}
}
}
// Create a hook class instance with which we will register our
// callbacks.
$hook = new Hook();
// Instantiate the sample callback class.
$callback = new Callback();
// Register all the sample callbacks with the Hook class instance.
$hook->registerCallback('callback_function');
$hook->registerCallback(array($callback, 'callback_method'));
$hook->registerCallback(array('Callback', 'callback_method_static'));
// Make the Hook class instance call all the registered callback
// methods.
$hook->emit();
?>
First, we set up some sample callback functions and methods (callback_function(), Callback->callback_method() and Callback::callback_method_static()). Then we define the Hook class with which we can register callback functions. Finally, we register our sample callbacks with the Hook class and emit the ‘signal’.
Right now, there’s only a single signal (or no signal at all, depending on how you look at it), but that’s easy to implement. The magic basically is in the emit() method of the Hook class. It iterates over the registered callbacks, which is nothing more than an array containing either strings for function callbacks or arrays for static and non-static callback methods. It then calls those using the call_user_func() method.
All this results in the following output, when ran:
callback_function()
Callback->callback_method()
Callback::callback_method_static()
Nothing fancy, and I must have implemented something similar a gazillion times, but I thought I’d share it with you all.
Monday, September 24th, 2007
Hi, I’m back from Dublin.
Here’s a picture of what we did:
Thursday, September 20th, 2007
I’m off too Dublin for a couple of days. Be back on the 25th. Ahoy mateys!
Wednesday, September 19th, 2007
‘Tis that time o’ the year again, me hearties! Yarrr! Now, where’s me grog?
The text of all posts on this blog, unless specificly mentioned otherwise, are licensed under this license.
