Author: Brandon (Page 27 of 29)

I’ve been working with RoundCube, which is an Ajaxy webmail interface to an IMAP server. The software is still in beta, but I’ve been impressed with it so far.  I’ve integrated into hooah.com‘s site, so that it matches the rest of their site and had to hack it up a bit to add some dynamic content.  I’ve also just installed it for testing on another mail server that I use to see if I can find any bugs in it.

There are a couple features I’d like to see implemented.   It would be nice to be able to change your email account password from the preferences section.   Also, I’d like to set up a more transparent way to have it look up the backend server based on your email domain.  Guess I’ll subscribe to their dev list and see if I can contribute any code.

I’ve just spent the last week or so replacing the core networking infrastructure where I work. It involved plenty of late-night work to avoid disrupting service during peak hours. We ended up replacing two of our major routers and implemented a simple tiered architecture which should allow the company to grow much bigger than they are currently.

Since starting work here, I have been the Cisco expert, because I had my CCNP certification (which has since expired). Although I did well on the exams, I had very little practical experience working on live routers. In the couple years that I have been working here, I have learned a lot about configuring routers and switches, and setting up BGP and OSPF routing.

I’ll probably won’t get into a job where these are my primary functions, but I think that its good to understand how networking and routing works. It makes debugging and troubleshooting much easier

I’ve been looking for a while for a web-based todo list that I like.  I’ve tried a bunch, but finally decided on gubb.net because it is the most useful to me.  It makes good use of Ajax functionality, and just functions the way I like.  Thanks to WebWorkerDaily.com for pointing it out.

My friend, Kevin, over at www.utahsysadmin.com has a much better grasp of PageRank than I do. He recently noticed that his sites got a PageRank assigned finally, which prompted me to re-look at some of my own sites. GamePriceWatcher.com has just increased from a PR of 2 up to a 3 finally. Google’s index now shows a few more of the links pointing at me too, which is nice.  I’ve been spending time recently, trying to get some links to my sites, which is evidently paying off.

Lately, I’ve been working on numerous projects where I’m debugging or updating other people’s code.  I’m constantly amazed at the poor programming that goes into a lot of these sites.  They are filled with SQL injection vulnerabilities, confusing file structures, even remote code execution problems.

Properly escape database queries – By including a user provided variable directly into a query, you are opening yourself up to SQL injection problems.  For example this code:

mysql_query(” SELECT * FROM sometable WHERE somecolumn = ‘”.$_POST[‘somevalue’].”‘);

is just plain bad! You are allowing the user to insert arbitrary data into the query without sanitizing it first.    Always sanitize your variables before using them in a query, or better yet, use a database abstraction layer like PEAR::DB that does the escaping for you.

Don’t store user passwords in clear text!   I hate it when sites do this.  Combined with SQL injection attacks, this could allow hackers to view all of the usernames and passwords in your database.   At the very least, you should store the password as an MD5 hash, preferably with some salt so that even if an attacker manages to read the values of your table, they are much more difficult to use.   Since most users tend to re-use passwords, it also allows hackers to potentially use stolen user credentials to access other accounts not even associated with your site.

Poor file structures can be extra confusing.  One of the site’s I’m working with now has no less than three copies of most of the code spread between a half dozen directories with no clear association between them.   Files in one directory are including library files in a completely unrelated directory.   In this case, a development branch was using a combination of production and development usernames to access a remote resource, causing extreme amounts of confusion, and destroying the integrity of the data.

I’ve also recently become converted to using Subversion to track code changes over time.  I used to keep multiple copies of a file (include.php.OLD, include.php.1, OLDinclude.php, you know the drill) but Subversion makes it far easier to keep backup coies and refer back to them if something breaks.

This recent story on Wired caught my attention

https://www.wired.com/news/wiredmag/0,72506-1.html?tw=wn_story_page_next1

It’s about a new company called Joost that has plans to reinvent the television market as we know it today.

Essentially, the designers of Kazaa and Skype are applying a lot of the concepts that they have learned with those ventures to the Television marketing where they could announce any kind of product no matter what. Encrypted 10 second video clips, will be streamed from peers and assembled back into a full program.  Their design also adds a lot of modern social networking concepts, like inviting others to view your show, and applying tags to clips.
Television will be huge for marketing but expensive.

It will be interesting to follow how this technology develops.