« June 2005 | Main | August 2005 »

July 29, 2005

Apache and OpenSSL Issues

Occassionally apache with mod_ssl just breaks after doing an operating system upgrade or even just upgrading openssl. Doing a backtrace against the httpd.core file (gdb httpd httpd.core) I got a backtrace which revealed to me the following:

(gdb) bt
#0 0x00000018 in ?? ()
#1 0x28445162 in RSA_new_method () from /lib/libcrypto.so.3
#2 0x28444eea in RSA_new () from /lib/libcrypto.so.3
#3 0x2845e7e8 in RSAPrivateKey_asn1_meth () from /lib/libcrypto.so.3
#4 0x2846a8a6 in ASN1_item_ex_new () from /lib/libcrypto.so.3
#5 0x2846a6c3 in ASN1_item_ex_new () from /lib/libcrypto.so.3
#6 0x2846621c in ASN1_item_ex_d2i () from /lib/libcrypto.so.3
#7 0x28465c85 in ASN1_item_d2i () from /lib/libcrypto.so.3
#8 0x2845e89f in d2i_RSAPublicKey () from /lib/libcrypto.so.3
#9 0x28459b2c in d2i_PublicKey () from /lib/libcrypto.so.3
#10 0x284585b5 in X509_PUBKEY_get () from /lib/libcrypto.so.3
#11 0x28457615 in X509_get_pubkey () from /lib/libcrypto.so.3
#12 0x28375749 in ssl_util_algotypeof () from /usr/local/libexec/apache/libssl.so
#13 0x2836d226 in ssl_pphrase_Handle () from /usr/local/libexec/apache/libssl.so
#14 0x28366f3f in ssl_init_Module () from /usr/local/libexec/apache/libssl.so
#15 0x08057092 in ap_init_modules ()
#16 0x0805fd83 in main ()

Basically what the backtrace gives us back informs us that there is a problem with OpenSSL. Normally the way to resolve this is to recompile apache+mod_ssl as well as php's openssl extension using portupgrade and force it to do the upgrade, and magically next time you run "apachectl startssl" it works.

July 28, 2005

Rasmus' 30 second AJAX Tutorial

PHP's Benevolent Dictator for Life, Rasmus Lerdorf, wrote a 30 second AJAX Tutorial in response to various people discussing on the php-general mailing list how AJAX is going to change web development.

I find a lot of this AJAX stuff a bit of a hype. Lots of people have been using similar things long before it became "AJAX". And it really isn't as complicated as a lot of people make it out to be. Here is a simple example from one of my apps. First the Javascript:

function createRequestObject() {
    var ro;
    var browser = navigator.appName;
    if(browser == "Microsoft Internet Explorer"){
        ro = new ActiveXObject("Microsoft.XMLHTTP");
        ro = new XMLHttpRequest();
    return ro;

var http = createRequestObject();

function sndReq(action) {
http.open('get', 'rpc.php?action='+action);
http.onreadystatechange = handleResponse;

function handleResponse() {
if(http.readyState == 4){
var response = http.responseText;
var update = new Array();

if(response.indexOf('|' != -1)) {
update = response.split('|');
document.getElementById(update[0]).innerHTML = update[1];

This creates a request object along with a send request and handle response function. So to actually use it, you could include this js in your page. Then to make one of these backend requests you would tie it to something. Like an onclick event or a straight href like this:

<a href="javascript:sndReq('foo')">[foo]</a>

That means that when someone clicks on that link what actually happens is that a backend request to rpc.php?action=foo will be sent.

In rpc.php you might have something like this:

  switch($_REQUEST['action']) {
    case 'foo':
      /* do something */
      echo "foo|foo done";

Now, look at handleResponse. It parses the "foo|foo done" string and splits it on the '|' and uses whatever is before the '|' as the dom element id in your page and the part after as the new innerHTML of that element. That means if you have a div tag like this in your page:

<div id="foo">

Once you click on that link, that will dynamically be changed to:

<div id="foo">
foo done

That's all there is to it. Everything else is just building on top of this. Replacing my simple response "id|text" syntax with a richer XML format and makine the request much more complicated as well. Before you blindly install large "AJAX" libraries, have a go at rolling your own functionality so you know exactly how it works and you only make it as complicated as you need. Often you don't need much more than what I have shown here.

Expanding this approach a bit to send multiple parameters in the request, for example, would be really simple. Something like:

  function sndReqArg(action,arg) {
    http.open('get', 'rpc.php?action='+action+'&arg='+arg);
    http.onreadystatechange = handleResponse;

And your handleResponse can easily be expanded to do much more interesting things than just replacing the contents of a div.


Secure PHP Coding

Over at I love Jack Daniels there is another article about Writing Secure PHP, Part 3.

n Writing Secure PHP and Writing Secure PHP, Part 2 I covered many of the basic mistakes PHP developers make, and how to avoid common security problems. It is time to get a little deeper into security though, and begin to tackle some more advanced issues.

July 26, 2005

Perlbal 1.3 has been released

Perlbal 1.3 has been released! :) Perlbal is an uber cool Perl-based reverse proxy load balancer and web server.

July 25, 2005

AJAX Developer Site

ajaxdeveloper.org has started for those interested in everything ajax.

Our hope is that we can provide news, software release information, code examples, etc for the Ajax community and, in the process, provide a good place for all of them to share their problems, cool hacks, and even lists of other resources for the rest of the Ajax commmunity.

Bear with us as we work on things around here - we're still in the startup phase. But, if you'd like to get involved with the site, no matter what kind of role you'd like to take, shoot us an email and let us know.

You'll also notice some references to our sister site, PHPDeveloper.org, around until we get things a bit more polished up. We're using their backed to run the site, so things will look and feel a bit similar between the two...

July 22, 2005

Pasting Wrapped URLs

Andrei Zmievski posted the following Firefox tip on his blog which is quite useful for pasting links which go over two lines in mutt:

Here's another Mozilla/Firefox tip: if you copy a URL wrapped over multiple lines from somewhere and try to paste it into the address bar, you will end up only with the first line of it. To fix it, go to about:config and change editor.singleLine.pasteNewlines setting to 3 or add:

user_pref("editor.singleLine.pasteNewlines", 3);

to your user.js file. Now all the line breaks will be removed upon pasting.

Going South


Ben Saunders popped me an email earlier today announcing his next challenge which he and Tony are embarking on a expedition called "South", where they are planning on completing Scott's epic 1912 journey. Ben is back after his Serco TransArctic Expedition.

January 1912. Dying inch by inch, Robert Falcon Scott and his team crawled back from the South Pole through the most hostile conditions on earth. Eleven miles from their depot they finally perished. In the 93 years since, no one has ever walked to the South Pole and back. Many experts still consider it impossible.

In October 2006, we will attempt to prove them wrong. Setting out from Scott's wooden hut on the edge of Antarctica, we will manhaul 400lb sledges across 1,800 miles of the most hostile terrain on earth, to the Pole and back.

From the Serco TransArctic Expedition site:

On 5 March, Ben Saunders set out to ski solo more than 1,200 miles across the Arctic from the Russian edge of the arctic ice pack to Canada via the North Geographic Pole.

In the weeks that followed Ben experienced what NASA called 'the worst conditions on record'. Of the four solo expeditions that started out that year, one died and two were rescued suffering from frostbite and injuries. Ben was the only solo expedition to make it to the North Pole and in doing so set a world record; he is by far the youngest person to reach the North Pole solo.

Ben continued on towards Canada, but conditions worsened and he was told by his expedition team that he would have to be picked up. Despite not being able to reach Canada, Ben set another British record for the longest solo arctic trek, skiing more than 1,000km in treacherous conditions.

Ben is asking users to pay for the 1800 miles that he and tony are travelling.

July 20, 2005

10 essential development practices

Picked up via Jim Winstead:

damian conway’s “ten essential development practices” article (via daring fireball) may appear on perl.com, but the basics are applicable to any software project.

i would put “use a revision control system” way at the top of the list, and i would also add “use a bug-tracking system.”

Installer that runs installers and extracts files

Dear Lazyweb,

After much googling and yahooing, I'm busy looking for an open source installer which runs various installers as well as placing various files in directories and creating shortcuts to roll out some software to remote offices, without having to have skilled people installing the said software on the other side.

I'd ideally like to not have multiple files that need to be downloaded, just one.

Ended up using two different installers, one which was recommended by Francois is Nullsoft Scriptable Install System which was used for distributing the python files excluding the python installation files and Paquet Builder 2.9 for bundling various python modules with python 2.3.2 and then getting it to first install python 2.3.2 and added custom actions to run the rest of the installers and wait till each installer is finished running prior to running the next installer.

Mozilla Thunderbird 1.0.6 Released

Thunderbird: reclaim your inbox

Just days after the release of Mozilla Thunderbird 1.0.5, Thunderbird 1.0.6 is now available for download. This latest version should resolve the extension problems that were accidentally introduced in Thunderbird 1.0.5. In particular, the popular Enigmail PGP add-on should now work correctly.

To get Thunderbird 1.0.6, head to the Thunderbird product page or the Thunderbird 1.0.6 directory on ftp.mozilla.org. More information about the changes in this version can be found in the Thunderbird 1.0.6 Release Notes.

Mozilla Firefox 1.0.6 Released

Firefox: Rediscover the web

Mozilla Firefox 1.0.6 has been released. As we reported previously, API changes in last week's Firefox 1.0.5 broke some extensions. This version should resolve the problems.

Firefox 1.0.6 can be downloaded from the Firefox product page or the Firefox 1.0.6 directory on ftp.mozilla.org. Consult the Firefox 1.0.6 Release Notes for more information.

Amazon.com opens software development centre in Cape Town, South Africa

Picked up from Coda.

Online retailer Amazon.com has opened a software development centre in Cape Town, a statement issued by the company said on Tuesday.

The centre will create innovative web services and help software developers build innovative applications using Amazon technology.

It is the third centre of its kind in the world, with the other two in Scotland and India.

Chris Pinkham, managing director of the centre, co-founded South Africa's first internet service provider, UUNET, in 1993. In 2000 he joined Amazon.com in Seattle as director for the network engineering group and later as vice president responsible for worldwide IT systems infrastructure.

The launch of the Amazon centre in Cape Town is "testament to the calibre of the highly-skilled talent pool in South Africa", according to Pinkham.

The centre will deal with idea generation and technical design and will expand Amazon.com's global web services offering, allowing software developers around the world to develop and launch their own services built around the company's infrastructure and product data.

"We want to build a team of the most talented individuals that South Africa has to offer," Pinkham said in the statement. The centre is looking for computer scientists and software engineers with entrepreneurial spirit to join the start-up team. - I-Net Bridge

Actually Colin founded what was known as the Internet Africa which also went by the name of TICSA (The Internetworking Company of South Africa). They were based in the Compustat house in Newlands, round the corner from the South African Brewries Newlands plant. One can read how TISCA became UUnet South Africa (Pty) Ltd.

July 18, 2005

XSS could make you loose your cookies!

Thomas Rutter has written an article on Sitepoint entitled Cross Site Scripting Could Make You Lose Your Cookies

Cross Site Scripting (XSS) is a form of security exploit that threatens any web application. Its severity is often underestimated. The problems go far beyond annoyances and practical jokes. By stealing your cookies, Cross Site Scripting attacks can allow attackers to gain administrative access to your CMS.

July 17, 2005

Sentech is SPAM haven for South African spammers

A while back I posted about one of our more persistent spammers in South Africa, called Samantha Bowman from Callum-Lee IT Solutions which is rather one annoying individual. I used to think SPAM king Greg from Reflex was bad but he learnt his when his ability to send out via port 25 on his leased-line was cut!!

I regularly like clockwork receive four copies of her SPAM message every time she decides to SPAM about her various “Special Offers”. It’s highly obvious that she’s been harvesting WHOIS records from the co.za website. Since when do email addresses listed as the dns-admin@domain.name really want to receive her specials on laptops which are over priced? Also I don’t know who at Mr Delivery decided to sell her their customer database! When I registered on the Mr Delivery website I decided to use a generic address to identify SPAM originating from that address. The only way that Samantha Bowman could have gotten hold of that address was either paying a dishonest employee of Mr Delivery money for their customer database for a list of names and email addresses.

Originally she was using both M-Web and SAIX dial-up accounts and sending of her bulk mail via SAIX’s SMTP cluster (smtp.saix.net) and after contacting SAIX’s abuse department I had put an end to her ability to send mail via SAIX’s SMTP cluster. SAIX earns extra brownie points for getting rid of a SPAM sending individual from their network.

It took extra effort to get rid of her M-Web web hosting and dial-up account. But none the less explaining to M-Web’s abuse department that she is in breech of their Terms of Service document took quite a bit of convincing with M-Web’s SMTP servers getting blacklisted for Samantha’s SPAM it woke them up as one spammer on their network can cause a huge inconvenience for the rest of their dial-up users.

Generally when I complain to second-tier ISP’s I tend to always CC the first-tier ISP which they utilise for connectivity as this normally works well except in the case when dealing with Sentech. In the case with Sentech, which Samantha Bowman, is now using for her connectivity to SPAM from, I have been CC’ing the Internet Solutions abuse department as well as their Managing Director in the hope that they would enforce the terms of their Acceptable Usage Policy on Sentech who in turn would be forced to remove Samantha Bowman from their client base.

I’m not sure how many people are purchasing hardware and website hosting from Callum-Lee IT Solutions, but why would they be sending unsolicited commercial mail if they were not making a profit from sending the mailers.

From - Tue Jul 12 00:42:08 2005
Return-Path: <*snip*>
Delivered-To: *snip*
Received: from smtp.sentechsa.com ([] helo=mail02.infosat.net)
	by maquis.powertrip.co.za with esmtp (Exim 4.34; FreeBSD)
	id 1Ds20J-000OlY-2y
	for *snip*; Mon, 11 Jul 2005 19:23:41 +0200
Received: from [] (HELO Jinxed)
  by mail02.infosat.net (CommuniGate Pro SMTP 4.1.8)
  with ESMTP id 275854128 for *snip*; Mon, 11 Jul 2005 19:23:17 +0200
From: "Callum-Lee IT Solutions" 
Subject: Toshiba Notebooks - 7 Options with a Printer & USB Flash Drive
To: "Jacques" <*snip*>
Content-Type: multipart/alternative; boundary="_Boundary_2mlksmuasadvnqk5prcsiwy"
MIME-Version: 1.0
Sender: Callum-Lee IT Solutions 
Date: Mon, 11 Jul 2005 19:24:25 +0200
X-Mailer: MailList King

July 15, 2005

Perlbal with IO::AIO support

Noticed that Brad has committed to IO::AIO support to perlbal, so in theory perlbal should be a happy camper under FreeBSD.

I'm the 'bugmaster'

It seems to me that I have turned into the bugmaster at work writing bug reports for software which has been developed for work.

Makes one realise that in certain cases that both the bug master and the developer overlook the obvious when things come to common modules getting out of sync, but that is another whole story.

July 14, 2005

Movable Type 3.2 Beta 1 has been released

The folks over at Six Apart have released a beta version of Movable Type 3.2.

Various members of the SixApart team have been blogging about their 32 favorite features in Movable Type 3.2:

  1. System Overview: A home for administrators
  2. Feedback rating framework
  3. The Junk Folder
  4. TrackBack moderation and editing
  5. Blog feedback settings
  6. Better Listings Pages Throughout Movable Type 3.2
  7. Search Globally, Replace Locally
  8. Powerful plugin management
  9. Trusted commenters
  10. Simpler Templating for Comments and TrackBacks
  11. Commenter management
  12. Improved Documentation
  13. Activity Log improvements
  14. Main menu display improvements
  15. More to come...

The SixApart team have been busy enhancing the user experience by various user interface improvements.

July 11, 2005

Differences of opinion

Tobias Schlitt has an blog entry titled A clash of asociality on his blog which made a bit of amusing reading considering certain commit messages to the PEAR website code.

Open sources are great things, annoying things too. For example, take the PEAR project. There is a huge croud of developers in the project (more than 800 registered users on PEARWeb, more than 200 maintainers), which every day try to improve the project, try to work together and try to learn from what they code and from the code they read. They feel the spirit of open source, they invest much time and train their hard skills in coding and their soft skills in the cooperation with a team.

But every now and then it happens that there is a black sheep under those fine 800, someone who even doesn't seem to know, what "soft skills" means. Surely, it happens not often, but some there are. Those re-appear now and then, vituperate as much as they can, hastily commiting some code ("fixing up other peoples crap"), which does not even work or better to say, hasn't even seen a syntax check. Finally those people bring project internal problems to the public perverting the facts as much as possible for their own advantage. But thankfully, those people tend to disappear again as fast as they have appeared before...

Maybe certain people who don't run syntax checkers against their code before committing should loose cvs commit to pearweb for a few days while they learn how to use command line syntax checker? ;)

PHP 4.4.0 has been released

php-version4.gifPHP 4.4.0 has been released!

The PHP Development Team would like to announce the immediate release of PHP 4.4.0. This is a maintenance release that addresses a serious memory corruption problem within PHP concerning references. If references were used in a wrong way, PHP would often create memory corruptions which would not always surface and be visible. The increased middle digit was required because the fix that corrected the problem with references changed PHP's internal API. PHP 4.4.0 does not have any new features, and is solely a bugfix release.

Release Announcement.

July 6, 2005

Europe says NO to software patents

I'm sure programmers in Europe are celerbrating the fact that the European Parliment REJECTED the passing of making software patents in Europe by voting against it in a huge margin of 648 votes against to 14 for the directive and 18 abstenstions.

Via Derick Rethans:

So, it seems that the European Parliament did the only correct thing today. They voted massively against the proposed directive "Patentability of Computer Implemented Inventions Directive". 648 voted against, 14 for and there where 18 abstenstions. Now the European Commision has to restart the whole process, if they are going to do this at all.

Local organisations challenge Microsoft XML patent here in South Africa.

July 2, 2005

Remote subversion backup script

I wrote a script to backup a subversion database from a remote host mainly for syncronising a huge subversion database containing over 9300 changesets and just incremently retrieve changeset data rather than downloading compressed dump which takes over an hour to do.

Feel free to download the script (1.8Kb) and modify for your own usage.

Progress on PEAR Cache_Memcached

Still working on the my PEAR Cache_Memcached project. The proposal is still in first draft stages as I still have certain things to do prior to changing the proposal from 'draft' to 'proposed'.

July 1, 2005

PEAR Cache_Memcached Proposal

Regarding my PEAR Cache_Memcached proposal it is still in 'draft' stages. I still have a small amount of work to finish prior to 'proposing' the proposal. Please feel free to comment on this on this blog post.