/usr/portage βeta — Lars Strojny - Entries from June 2007

Planet Websecurity launched 0

Christian Matthies, one of the developers of PHP IDS, launched Planet Websecurity today. Good shit!

Filed under Planet, Security, Websecurity & no comments & no trackbacks

Wir suchen bei Neu.de einen Senior Software Developer (also einen, von dem ich noch was lernen kann) und einige PHP-Entwickler, die ruhig neu im Geschäft sein dürfen, aber wenigstens programmieren können sollten (das mit OOP und sinnvollem Software-Design bringen wir schon bei). Beide Stellen sind auf unserer Job-Seite genauer beschrieben. Ein paar Keywords, die einem Bewerber wenigstens gefallen sollten: Test driven development (PHPUnit), Acceptance tests mit Selenium, objektorientierte Entwicklung in PHP5, Einsatz von Jabber-Technologien, Dojo JavaScript Toolkit, AJAX, Design patterns, UML, APIs (Rest, XMLRPC), JSON. Achso: wir stehen ganz massiv auf Bewerbungen mit aussagekräftigen Referenzen, die dürfen auch ruhig so aussehen, als wollte ein Bewerber ernsthaft bei uns arbeiten.
Benefits sind Kaffee und Vittel for free, beste Musikerziehung im Bereich independent Pop/Rock/Elektro, gut gefülltes Mate-Reservoir, die Abwesenheit einer Kleiderordnung und eine Dart-Scheibe, die bespielt werden will.
Wer noch weitere Fragen hat, darf sich gerne bei mir melden (per Mail oder per Jabber)

Filed under Dojo, JavaScript, Jobs, Neu.de, PHP, PHPUnit & no comments & no trackbacks

Liebes Internet, 4

wo kann ich denn in Köln diese unglaublich lässigen Sneakers kaufen?

Update
Eine Stunde lang durch Köln gelaufen und niemand hat diese Schuhe. Hallo liebe Sneakers-Dealer, vielleicht weniger Ballerina-Schühchen, weiße Mini-Treter mit rosa Swooshes, »the n^th revision of good ol’ chucks«, sondern einfach mal ein paar aktuelle, schicke Schuhe. Danke.

Filed under Nike, Sneakers & four comments & no trackbacks

Easy friend-finding for social retarded 0

Found an XSS-injection on Qype which has enabled a user to inject malicious JavaScript into his profile in order to automatically become a friend of every visitor. As Qype is implemented in Rails they are using Prototype as a JavaScript library which made it pretty easy to implement a fitting exploit:

"&gt;&lt;script&gt;new Ajax.Request('/contact/create?to_user_id=16992', {method: 'post'})&lt;/script&gt;

Qype has fixed the issue.

Filed under Security, Websecurity, XSS & no comments & no trackbacks

XSS holes on dapper.net 0

Dapper is a web service which provides webservice creation on the fly. You can create your own APIs, feed etc. by just meshing selected areas from different websites. It is pretty similiar to Yahoo Pipes. Switch/Twitch already pointed out, that dapper completely breaks the same origin policy, which is the basic security concept for rich web applications (it is partly broken by Flash anyway, but this is written on another sheet of paper). But even worse, dapper itself was vulnarable against XSS injections which I found out two weeks ago. The vendor replied quickly and fixed the issues I had demonstrated. The combination of breaking the same origin policy and vulnarabilities on dapper is pretty dangerous. Hopefully the developers really know that they are playing with fire.

Filed under Dapper, JavaScript, Security, Websecurity, XSS & no comments & no trackbacks

Convert an array of strings into an array of integers 4

The traditional way:

$array = array('0', '1', '2');
foreach ($array as $key => $var) {
    $array[$key] = (int)$var;
}

The nice way:

$array = array('0', '1', '2');
array_walk(&amp;$array,
    create_function('&amp;$value', '$value = (int)$value;');
);

Update: Another nice version with array_map():

$array = array('0', '1', '2');
$array = array_map(
    create_function('$value', 'return (int)$value;'),
    $array
);

Filed under Lamda, PHP & four comments & two trackbacks

PHPIDS 0.2 tarballs done 0

We are proud to roll out the 0.2 tarballs for PHPIDS 0.2. This version could be considered relativly solid and we recommend to update. Please take a look at our site for more information.

Filed under PHP, PHPIDS & no comments & no trackbacks

Magical PHP 0

Tobias Schlitt on »Doing Magic with PHP«. A great overview but I do not agree with the property part of it.
(I found this __set(), __get()-magic pretty unintuitive and unreadable. If I want to learn the API of a Zend Framework class, I just read the source, if I need to learn the API of an ezComponent, I’m forced to read the documentation, which is in fact pretty good. I prefer setters and getters over virtual properties.)

Filed under ezComponents, Fluent interfaces, PHP, SPL, Zend Framework & no comments & no trackbacks

The worker design pattern 1

I want to provide you a pattern I which I thought about a lot in the last days. Comments are appreciated.

Problem

You have a small object which is data and large set of operations which could be performed to that object

You want to keep the object’s method list small

The operations can be done in different ways, including different implementations

Your small object only knows how to read and save itself from the data abstraction layer

You want to batch process a number of small objects

Solution

You have a worker interface which defines the accessor API for the worker and how to add subjects
You can have multiple workers per subject
Your worker does the transformation, your subject is transformed
Your subject is kept light weight

Example

Your ImageBinary object represents the image binary including height and width (metadata is decoupled). You perform various operations on this object like resizing, cropping, scaling.

$image1 = new ImageBinary(array(‘id’ => 1));

$image2 = new ImageBinary(array(‘id’ => 2));

$image3 = new ImageBinary(array(‘id’ => 3));

	$worker = new ImageWorker;

$worker->add($image1);

$worker->add($image2);

$worker->add($image3);

$worker->rotate(90);

Related patterns

Manager, Adapter

Filed under Design patterns, Patterns, Software design & one comment & no trackbacks