I'll be taking a couple of weeks off from hacking on my pet project as I'll be in the US for a friend's wedding, but in the meantime, I can still have ideas percolating in the back of my mind. What I'd like is some of your ideas percolating in the back of my mind.

Maybe you love adventure, you're bored with your home country, you prefer the politics of other countries, you want to travel, etc. Whatever your motivations, you probably have been annoyed trying to find "one stop shopping" for information about moving to other countries. Turns out it's a hard thing to do, but there's a lot of possibilities out there, if only you had the information.

Most Web sites dedicated to this topic restrict you to a single country or are old school sites like www.expatriates.com or hideous commercial sites like www.escapeartist.com with no social aspects.

I think it would be interesting to build an online community of world travellers (or would-be travellers) with an ability to share stories, experiences, tips, etc. Search for countries by ease of entry, languages spoken, government stability, job prospects, immigration laws, etc. If such a Web site appealed to you, what would you want to see in such a site?

Because you were just dying to know (ok, you weren't), I've been building a Web site. There's nothing terribly exciting and most of you would be bored to tears by it, but geeks might be interested in the technology used to build it.

The site is running from the built-in Catalyst server on a friend's box and the database is SQLite, so don't hammer it too hard :)

Naturally, the source code is public.

I am not responsible for this. I merely found out about this from another developer, whom I'll call 'Alice', who told me about the task she was given.

Customer: we need you to write a script which synchronizes two directories.
Alice: why don't you just use rsync?
Customer: because the target box runs Windows and the admin says it doesn't work.

Alice wrote the script and it works just fine. All it does is call rsync.

A few weeks ago, a call for speakers at London.pm and I offered to do a short talk. I never heard back and I'm pretty sure that Yahoo's curious spam filters have something to do with this. Yesterday I found out that I'm speaking tonight. Oops.

I threw this together last night. If you don't understand OO programming, it will make no sense. Heck, it will still probably make no sense, but them's the breaks. This is not a tutorial. It's primarily an exploration of why inheritance is such an awful idea and how roles solve the problems found.



Roles are also known as "traits" in SmallTalk, but these are not the same thing as traits in C++. They are also not abstract classes, Java interfaces or Ruby mixins. I really wish people would stop saying they're the same. It's like saying a Lamborghini and a tricycle are both modes of transportation.

So far I am very, very impressed with Livemocha. People are really taking this seriously and I'm getting email and chat requests from complete strangers wanting to practice their language skills and mine. One lady from Cameroon just emailed me and told me, in English, about her day today and asked me to tell her, in French, about mine. I replied, in part:

Aujourd'hui, j'ai essayé d'apprendre le français mieux. C'est très difficile pour moi, mais, j'adore la langue et je voudrais parler couramment. Je suis allé au magasin pour acheter des livres et maintenant je veux lire un peux plus français.

I struggled with some of the words and I know it's ridiculously simple, but it's lots of fun connecting with people all over the world and practicing. Because you can record some lessons with your computer's microphone, people can hear you speak. One native French speaker even said that I sounded Parisian (my last girlfriend -- she is French -- would have laughed at that thought and she would be right -- my accent isn't that good). I'm now pretty handy at typing all of those funny characters on my Mac. As an added bonus, because I got tired of Firefox telling me I was misspelling all of those French words, I've installed a French language pack and switched to French. Now Firefox is telling me I'm misspelling all of my English words.

LiveMocha is really making language fun for me. The only annoying bit is how lazy people seem to be in their writing. Often when I'm trying to give feedback on people's English, I see stuff like this:

the man is at the store he is not at home he is going to school she does not want the cabbage

So, that's probably four grammatically correct sentences, but it's very hard to read. I usually mark stuff like that as high on spelling and grammar, but low on quality and I add a note about spelling and punctuation. I suspect that our Internet culture is harming people's communication skills.

Update: the lady from Cameroon has gotten back to me. Apparently it's not "j'ai essayé d'apprendre le français mieux", but "j'ai essayé de mieux apprendre le français." I've been corrected on this before. I should remember it.

My brother Greg (yossarian69) moved in Yesterday. We'll probably stay here for a couple of months prior to moving closer to central London. Meanwhile, my temporary housemate, Armgard, who speaks English, German and Afrikaans (she's Nigerian, if you're curious), is studying Spanish. She told Greg and myself about a wonderful Web site named LiveMocha, another social networking site. Why would I join yet another site like this? Because they are centered around offering free language lessons. So far, they seem to be pretty good. Greg and I have signed up to learn French. I thought about jumping ahead to French 102, but decided to play it safe and stick with 101. Good thing I did. The lessons are much more comprehensive than I thought.

The site requires Javascript and Flash, but that's OK because the quality of the courses is fairly rich. You'll need speakers to listen to people, but you'll also need a microphone to record your voice and let other people listen to what you say and give feedback on how well you say it. The "social networking" aspect is that you can add friends and you can ask complete strangers to review your work. This is pretty common and I've reviewed the English of people from Japan, the Russian Federation, Brazil, and quite a few other places. Enjoy!

Update: even though livemocha is a social networking site, I do find it a bit odd that you can set your "Relationship Status". If I'm looking for a relationship, I certainly wouldn't be doing that on a language learning site.

If you don't know what the title of this post means, then you're not affected by this :)

I was going to post a comment to Modern Perl Books, but didn't. Seems that when I try to use my LiveJournal OpenID, I get an "unclosed token" error.

As it turns out, it's an MT error. If you have "too many" friends, LJs FOAF (Friend Of A Friend) response is too large for MT to handle. The fix is to create a "FOAF-knows" friends group and only add yourself to it.

Hmm, that's an interesting remix of Roxanne, by the Police.




Did you think Johnny Cash's version of "Hurt" was too depressing? Let's fix that.



All courtesy of Microsoft Songsmith.

Want more? Just search for Songsmith on YouTube. "White Wedding" was so incredibly painful that I couldn't bring myself to link it here.

Haven't posted in a while. In fact, much of my time has been spent with Perl 6, the upcoming version of Perl. And it's sort of been an accident.

A long time ago I stated the Perl 6 Cookbook project and recently I took another look at it. A few people have updated it, but not many. Unfortunately, I realized that the examples wouldn't run due to documentation formatting issue, so I started updating them. In trying to get them to work, I encountered the trimming blanks example.

$string = $string.trim;
$string = trim($string);
# or more concisely:
$string .= trim;

This was a snippet of code which removes whitespace at the beginning and end of strings. I fixed the formatting issues and tried to run the code, only to discover that no one had implemented the .trim method in Perl 6. What's worse, there weren't even any "spec" tests to verify the behavior once implemented. So to make a long story short, I wrote tests for this function and submitted a patch to implement .trim in Perl 6. It's written in PIR (a sort of "object oriented" assembly language which I had to teach myself) and looks like this:

.sub 'trim' :method :multi(_)
    .local string s
    .local int start, end, temp, len
    .local int is_whitespace
    s = self
    start = 0
    end = length s
    if end == 0 goto donetrailing
  trimleading:
    is_whitespace = is_cclass .CCLASS_WHITESPACE, s, start
    unless is_whitespace goto doneleading
    inc start
    goto trimleading
  doneleading:
    temp = end
  trimtrailing:
    dec temp
    is_whitespace = is_cclass .CCLASS_WHITESPACE, s, temp
    unless is_whitespace goto donetrailing
    end = temp
    goto trimtrailing
  donetrailing:
    len = end - start
    s = substr s, start, len
    .return(s)
.end

The patch has been accepted and now I've implemented my first core Perl 6 feature. So why weren't there any tests for this? Because it turns out that .trim was never in the Perl 6 specification. Larry Wall, however, has agreed to the basic idea and it's going in the spec. After a few other issues are hammered out, I'll be extending this (probably .trim_start and .trim_end) and the spec will be updated.

So the Perl 6 spec is being changed and I've added a new core feature to Perl 6 all because I didn't double-check the spec when I should have. Go figure.

Also, it turns out that the test system for Perl 6 needs a lot of work. I started updating it to make it easier to test my changes, but that exposed other bugs in Perl 6. Looks like I'm going to be busy ...

Once again, Internet Explorer has been found with a huge security hole which affects all supported versions. This flaw can be used to install data stealing software on your computer. Ever type anything, um, sensitive on your computer? Like passwords, credit card numbers, etc? One of Microsoft's ways of dealing with this problem is suggesting that users deregister a system file called "oledb32.dll". Yeah, right.

Download Firefox. It has a record of far fewer security holes and they get fixed much faster.

This is a paste from rafb.net entitled "Differences between PHP 5.2.7 and 5.2.8" and this is a problem. Andy Lester diffed the tarballs for PHP 5.2.7 and 5.2.8 and posted the result on twitter. He also pointed out the whopping huge problem we have here.

diff -urN php-5.2.7/configure php-5.2.8/configure
--- php-5.2.7/configure	2008-12-03 10:07:36.000000000 -0600
+++ php-5.2.8/configure	2008-12-07 13:31:12.000000000 -0600
@@ -2429,7 +2429,7 @@
 
 PHP_MAJOR_VERSION=5
 PHP_MINOR_VERSION=2
-PHP_RELEASE_VERSION=7
+PHP_RELEASE_VERSION=8
 PHP_EXTRA_VERSION=""
 PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
 PHP_VERSION_ID=`expr $PHP_MAJOR_VERSION \* 10000 + $PHP_MINOR_VERSION \* 100 + $PHP_RELEASE_VERSION`
diff -urN php-5.2.7/configure.in php-5.2.8/configure.in
--- php-5.2.7/configure.in	2008-12-03 09:54:02.000000000 -0600
+++ php-5.2.8/configure.in	2008-12-07 13:23:25.000000000 -0600
@@ -1,4 +1,4 @@
-## $Id: configure.in,v 1.579.2.52.2.116 2008/12/03 15:54:02 iliaa Exp $ -*- autoconf -*-
+## $Id: configure.in,v 1.579.2.52.2.119 2008/12/07 19:23:25 iliaa Exp $ -*- autoconf -*-
 dnl ## Process this file with autoconf to produce a configure script.
 
 divert(1)
@@ -41,7 +41,7 @@
 
 PHP_MAJOR_VERSION=5
 PHP_MINOR_VERSION=2
-PHP_RELEASE_VERSION=7
+PHP_RELEASE_VERSION=8
 PHP_EXTRA_VERSION=""
 PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
 PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION`
diff -urN php-5.2.7/ext/filter/filter.c php-5.2.8/ext/filter/filter.c
--- php-5.2.7/ext/filter/filter.c	2008-11-02 16:04:40.000000000 -0600
+++ php-5.2.8/ext/filter/filter.c	2008-12-06 11:16:36.000000000 -0600
@@ -19,7 +19,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: filter.c,v 1.52.2.43 2008/11/02 22:04:40 lbarnaud Exp $ */
+/* $Id: filter.c,v 1.52.2.44 2008/12/06 17:16:36 scottmac Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -275,7 +275,7 @@
 {
 	php_info_print_table_start();
 	php_info_print_table_row( 2, "Input Validation and Filtering", "enabled" );
-	php_info_print_table_row( 2, "Revision", "$Revision: 1.52.2.43 $");
+	php_info_print_table_row( 2, "Revision", "$Revision: 1.52.2.44 $");
 	php_info_print_table_end();
 
 	DISPLAY_INI_ENTRIES();
@@ -403,7 +403,7 @@
 		Z_STRLEN(new_var) = val_len;
 		Z_TYPE(new_var) = IS_STRING;
 
-		if (IF_G(default_filter) != FILTER_UNSAFE_RAW || IF_G(default_filter_flags) != 0) {
+		if (IF_G(default_filter) != FILTER_UNSAFE_RAW) {
 			zval *tmp_new_var = &new_var;
 			Z_STRVAL(new_var) = estrndup(*val, val_len);
 			INIT_PZVAL(tmp_new_var);
diff -urN php-5.2.7/main/php_version.h php-5.2.8/main/php_version.h
--- php-5.2.7/main/php_version.h	2008-12-03 09:54:03.000000000 -0600
+++ php-5.2.8/main/php_version.h	2008-12-07 13:23:26.000000000 -0600
@@ -2,7 +2,7 @@
 /* edit configure.in to change version number */
 #define PHP_MAJOR_VERSION 5
 #define PHP_MINOR_VERSION 2
-#define PHP_RELEASE_VERSION 7
+#define PHP_RELEASE_VERSION 8
 #define PHP_EXTRA_VERSION ""
-#define PHP_VERSION "5.2.7"
-#define PHP_VERSION_ID 50207
+#define PHP_VERSION "5.2.8"
+#define PHP_VERSION_ID 50208
diff -urN php-5.2.7/NEWS php-5.2.8/NEWS
--- php-5.2.7/NEWS	2008-12-03 09:54:02.000000000 -0600
+++ php-5.2.8/NEWS	2008-12-07 13:23:25.000000000 -0600
@@ -1,5 +1,8 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+08 Dec 2008, PHP 5.2.8
+- Reverted bug fix #42718 that broke magic_quotes_gpc (Scott)
+
 04 Dec 2008, PHP 5.2.7
 - Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371) (Ilia)
 - Updated timezone database to version 2008.9. (Derick)

As explained in a blog entry about the PHP 5.3.7 release, there was a major regression in PHP where they broke a security fix with something called "magic_quotes_gpc". Basically, it's a deprecated feature in PHP, but it helps to prevent against something called SQL injection attacks. These attacks are trivial to execute and are very serious. PHP has long been notorious for security holes, but re-opening an old security hole was so serious that PHP pulled this release and released it with the change above.

Notice anything interesting about that diff? Anything missing, perhaps?

CAN WE HAVE SOME FRIGGIN' TESTS, PLEASE? You re-open an old, serious security hole in one of the most popular programming languages, a hole you re-opened because you evidently don't have tests for it in the first place, and now you close it but don't write any tests? Have you learned nothing? Aargh!

I have some code that I've put out there without complete test coverage, but I mark this code as "experimental" or "alpha". And it's certainly not something which is a core technology that underpins much of the Web.

You ever wish you could fire open-source programmers? The next time your crappy bulletin board software breaks, remember this post.

As far as I can tell from reading the archives and checking their Web site, Project Gutenberg does not appear to have an API. The closed I've found is an RSS feed and an RDF document. These don't really constitute and API, but the latter can be parsed for adding to an SQLite database. Still trying to figure this out, though. Trying to grab one version of their catalog in RDF format:

    gutenberg $ tar -xjf catalog.rdf.bz2
    tar: This does not look like a tar archive
    tar: Skipping to next header
    tar: Archive contains obsolescent base-64 headers
    tar: Error exit delayed from previous errors

I was able to unzip their .zip version of the same file, but I was disappointed to learn that their Perl examples are rather old and can stand some updating.

But why would you care? Because I think I want to make this happen:

    gutenberg --read "Art of War"

You know, sometimes I worry about posting neat ideas to use.perl for fear that someone would jump the gun and Just Do It. I realize now that this is foolish for two reasons. First, they Won't Just Do It. Second, if they did, I'd be happy just to have the project done :)

Suggestions welcome. There needs to be an easy way to update the database, track what a user has read, allow them to "bookmark" a book (or better yet, "annotate" a document"), etc. I've never used an eReader. I never gave a damn about them, really, because I like the feeling of a book in my hands. Still, this seems worthwhile.

The news that the Japanese government is officially backing a space elevator doesn't seem like that big of a deal in light of the current financial woes in the US, but this could potentially be huge.

First, a space elevator would lower costs of getting getting things into space to a fraction of what it is today. If they allowed tourists, you could afford to go. It might get as low as a few hundred dollars (long run, not short run, obviously). At first you wouldn't actually be able to go because tons of technology companies would be working like mad to take advantage of this and they'll all be lined up in front of you. The micro-gravity in Earth orbit would be a huge boon to many areas. There could truly be a technological revolution here, not to mention an explosion of business in space.

So who cares if the Japanese build it first? Well, the US should, for one thing. The Japanese price tag of $5 billion is a joke. It will cost them far, far more than that. However, the real cost of building a space elevator is actually the cost of building the first space elevator. If you have the first one, subsequent ones are actually cheap. Not only do you have the technology, you then have the access to space. All of my reading of space elevator technology suggests whichever country or group first builds a space elevator will have such a dominant position in the industry that it will be very difficult for any others to overcome. If the US then tries to put up an elevator, the Japanese can just put up two or three more for a pittance, further increasing their dominance in space.

So if Japan succeeds, the US, like every other country on the planet, automatically becomes a second-rate player. The Japanese will be the ones who could potentially solve our energy crisis. The Japanese will be the ones who be able to chase down rare materials we can't get on earth. The Japanese are the ones who will make huge strides in materials technology. And even though they have almost nothing by way of a military, they stand to become a hugely influential military power ("Oh yeah, we'll just take out all of your satellites!").

Frankly, I won't be too disappointed by this. I want someone to take advantage of this. Better the Japanese than no one.

I'm still in shock. I needed an external hard-drive to back up my data. So I bought one. A one terabyte external drive. Just to put this in perspective, the Library of Congress is only 82.6 terabytes of data. I know these have been out for a bit and most geeks already knew about one terabyte drives on store shelves, but ... damn.

Ten or fifteen years from now, I'll repost this, but it will be about buying a petabyte drive.

Got an annoying little problem. I wrote the following Greasemonkey script. What this does, when I go out to the Web site use.perl.org is ignore one particularly obnoxious user by simply erasing his comments.

// ==UserScript==
// @name           ignore.use.perl
// @namespace      http://publius-ovidius.livejournal.com/
// @description    Hide Annoying Users
// @include        http://use.perl.org/*
// ==/UserScript==

(function() {
    var user = 'some_user_name';
    var href = '//use.perl.org/~'+user+'/';

    var divs = document.evaluate(
        "//div[@class='full']/div/div[@class='details']/a[@href='"+href+"']",
        document,
        null,
        XPathResult.ORDERED_NODE_SNAPSHOT_TYPE,
        null
    );

    for ( var i=0; i < divs.snapshotLength; i++ ) {
        var node       = divs.snapshotItem(i).parentNode.parentNode.parentNode;
        node.innerHTML = '<p><strong>Ignoring '+user+' via GreaseMonkey</strong></p>';
    }
})();

In other words, until they restructure use.perl, I will never have to see that user's comments again. However, the code is annoying the heck out of me. I had to write:

        var node       = divs.snapshotItem(i).parentNode.parentNode.parentNode;

That's because of how the XPath is written:

        "//div[@class='full']/div/div[@class='details']/a[@href='"+href+"']",

Because I have to descend several levels deep into the node structure, I have to keep calling parentNode to walk back up the tree. With Perl regular expressions, we have 'positive look ahead assertions'. These allow me to match text which is followed by some other text, but ignore that other text for purposes of capturing data. If I had that with XPath, I could say "match any top level node followed by other nodes, but ignore those other nodes. Then I wouldn't have that awful series of parentNode calls. Is this possible in XPath?

Today at a BBC historical exhibit in one of our buildings, I read a "strictly confidential" letter. It was from a manager at the BBC replying to someone that yes, they would be interested in discussing whether an "electronic brain" could help reduce BBC clerical staff.

The letter was dated 22 November, 1949.

You know, I really, really get annoyed at developers who don't even have a basic knowledge of security yet make their applications available to everyone. "Available to everyone" frequently means "web pages".

If you've ever heard of SQL injection, you know that any URL which allows its data to be injected directly into an SQL query is a security hole waiting to be exploited. So consider the basic structure of an SQL SELECT statement:

SELECT [something] FROM [table or tables] WHERE [some condition]

So any URL which has that basic structure potentially has a massive security hole allowing you to search their database and possibly cause plenty of damage. So how would you find those URLs? Enter Google Hacking. Google allows you to add a inurl: term to your query. Whatever you include with that term should be included in the URL. So what you're looking for is any URL which has select, from and where (the %3A is the encoding for a colon ':' character):

inurl:select inurl:from inurl:where

Now as it turns out, that returns a lot of questions about SQL queries in addition to URLs which execute queries. So to make it easier to find our target, let's look for anything which embeds 'cgi' in their URL:

inurl:cgi inurl:select inurl:from inurl:where

Bingo. Lots and lots of hackable Web sites. These people keep me employed.

Update: while playing around with this, I stumbled across the following URL (deliberately not made clickable):

http://140.127.211.214/cgi-bin/nlrdf_publ/update.pl?sql=UPDATE%20language%20set%20valid_from=**********%20where%20id=246

Inspired by the latest horror at the Daily WTF

Woken up this morning by my phone pinging me with a text message. This is odd as my phone was downstairs and on silent, but sure enough, I had a text message.

Checked my email and saw that Josh McCadams posted his logic programming interview with me. Unless you're really interested in logic programming, I recommend you steer clear. Nothing I say will make a lick of sense.

As a side note, if you do listen and you heard me say that I only knew of one "relational database" (things like PostgreSQL, MySQL, Oracle, SQL Server, etc., are not relational), gorthx sent me information about other open-source relational databases and I wrote a bit about relational databases on my O'Reilly blog. This blog entry hit Reddit and the comments are show just how far Reddit has declined.

I've recently entered the following curious command on my computer:

PS1='\[\033[01;32m\]api_cleanup\[\033[00m\] $ '

This makes my command prompt look like this:

 api_cleanup $                 

So why would I do that? Well, the prompt on my computer usually shows the current directory name and that name, when I'm developing new code, is the name of the current branch (copy of our code base) that I'm working on. When I asked my colleague Richard what branch name I should give our current work, he said "name it anything you want".

Heh.

So when he comes back from out meeting, he'll assume that the current branch is named api_cleanup. Had I not changed the prompt, when he came back and started pair programming with me, he would have seen this:

 richard_and_curtis_mud_wrestling_extravaganza $                 

It's going to be fun when it's time to check in the code. I'm such a geek.

Since I work for the BBC, I've had some people ask me about the "Perl On Rails" project and I've not said much. Now I have.