Introduction About Site Map

RSS 2 Feed RSS 2 Feed

Main Page | Blog Index

Archive for the ‘Web-based’ Category

PHP Sucks on Backward Compatibility (or How ‘Gallery’ and PHP 5.3 Don’t Play Nice)

As a bit of a dinosaur in technology (I still use a Palm PDA and single- or dual-core AMD), backward compatibility and long-term support are important to me. I am not a fan of PHP even though many programs that I like (the latest being Roundcube) use it almost exclusively.

Many problems seem to occur for those who use old versions of Gallery with the latest PHP, which has become notorious for its backward compatibility deficiencies. One bit of software that I use which is not compatible with PHP 5.3 is Gallery 1.x. It’s a version that I hacked a bit to suit my purposes, so upgrading would flush all my customisations away. Whether a sandboxed compatibility mode is available (such that, e.g., PHP 5.2 is run for specified paths) I do not know yet, but based on what people are saying suppressing the warnings and errors should be possible. It’s not a real solution but a cosmetic hack. If your Web host undergoes a PHP upgrade to 5.3 it can lead to lots of issues associated with out-of-date software. “A short time ago,” wrote my host (with which I host about 10 domains), “we emailed you to let you know that we were upgrading all our servers to the latest version of PHP. This is now complete. We therefore recommend you have a quick check of your site and ensure everything is working as it should.”

The bottom line is, from my personal point of view, is that PHP yet again proves that backward compatibility is too much for it to handle and, as such, one oughtn’t rely on long-term usage of programs written in PHP. Other authors pointed this out before. It’s quite the blunder. In Web-based environments in particular, a case of “lose compatibility or get cracked” may become more common if we become dependent on PHP.

Keeping Web-based Software Updated

One of the problems that’s leading to the cracking of many Web sites is that software is not kept up to date. It is not an easy task unless the process is made simple and at times automatic because people are adverse to change and to risk (associated with updating software, never mind the risk of getting cracked). Keeping abreast of security fixes and new upgrades for Web-based software is not easy unless one uses an operating system like Debian, which can be updated regularly and has strict requirements for inclusion. There are several points worth making here:

1. Some CMSs are better equipped for this type of scenario. In my ~15 domains I have a dozen of so different CMSs and some are antiquated, e.g. php-nuke, and depend upon updates coming upstream, e.g. php-bb with the infamous uploader hole (~2008). Other software, such as WordPress (it’s my favourite as I was also part of the devs community for many years), alerts all users about the need to update the software. They keep up appearance by reducing the number of reports of cracked sites.

2. In recent years people have been using scripts like Fantastico-packaged set to install the software. Softaculous is another one. 3 days ago WordPress issued a security fix (local privilege escalation and XSS for the most part, not too critical for some site setups), which automatically sent me several E-mails like the following (from domains where I used Softaculous to set things up):


"The following script updates are available:

WordPress 3.3.2:

To upgrade these scripts go to your Control Panel -> Softaculous -> Installations.
There you will be able to update the scripts.

>From Softaculous Cron Jobs  ([IP removed])"

Each bit of software typically keeps administrators abreast of security holes, but some software does not do this. WordPress alerts even writers, urging them to contact their admin for updates. Other bits of software require that one subscribes to a mailing list or regularly checks for updates. Back in the old days, and the way MediaWiki still works for the time being, people are advised to subscribe to a mailing list (or blog) with announcements about security fixes. If many customers have Joomla sites, then it’s useful to be subscribed to such fora and then update everything for everyone in batch mode (for WordPress I need to update 8 sites each time a fix comes out, and for some I need to do this manually from the shell due to different server settings).

It helps to have a database of installed software, recording which server is running which piece of software. It would be surprising if no such listed had already been compiled by those who operate many servers. It helps know what can be updated at the same time by the same person with the same files.

Some updates are merely about new features and might not even be backward compatible. Some software, like WordPress 2.0, is LTS (for inclusion in Debian stable), so it’s unlikely to require much updating. So, one can just look at what has changed and only update if the update is security related or has a data-jeopardising bug (in WordPress 3.2, for instance, people who rushed to update not for security reasons merely suffered from bugs and then had to update again to 3.2.1).

Join Diaspora… But Maybe Not Just Yet

Up and down all day long


SEVERAL months ago I joined Diaspora and enjoyed the good uptime of the service. The community was thriving, everyone was friendly, and the site reacted to input as one would expect. But then, just like, the site began having performance and uptime issues. At one point the site was down for a week. People soon lost those withdrawal symptoms and perhaps just moved on; some returned only to see sporadic operation of the site, which fairly enough is still in alpha (the software it runs is). But the bottom line is, in the early days people reviewed the site harshly for technical shortcomings. Now it’s just the really terrible uptime and low reliability. Unless this gets fixed the site is likely to lose its most ardent supporters and participants.

When Diaspora becomes “stable” it may all be resolved, but by that point, how many people will be on the JoinDiaspora pod?

What’s the Point of LinkedIn?

Old chain

LIKE most people on that site, I joined LinkedIn several years ago after a friend had invited me. For many years I did nothing with the account, but in more recent years the site grew rapidly in terms of popularity and is now a status symbol by some people’s imagination. It’s a bit like Facebook for professionals. But what really is that point of it all? It’s all rather superficial and the process of connecting to peers and friends (or ex-colleagues) is very time-consuming. When one considers what can be gained from having one’s name in a database associated with many other names, then the reality of the matter becomes clearer. Have we come to a point in the lifecycle of the Internet where we score people’s popularity based on the hours they dedicate to clicking to modify some proprietary database of some private company? Frankly, I stopped spending time in LinkedIn and my profile there is very much outdated (last updated properly in 2006). Can there finally be consensus on the irrelevance of public profiles that are merely the entry in someone else’s Web site? It’s just a MySpace for adults and the function is tracking other people’s careers is often overstated as crucial. It’s more like gossip or stalking.

The Culture of Renting

Früher Bankautomat

THE more we move forward, the more we stay the same and sometimes step back. The Internet was created to facilitate the use of one’s space and one’s own material, but in this age of mashups and ‘free’ hosting by so many companies, a lot of people simply subscribe to be a guest at someone else’s platform, thus conceding of the main features of the World Wide Web.

It is saddening to see the number of people who willingly (or due to peer pressure) choose to upload ‘public’ photos that will only be visible to those who give away their personal details to creepy Mark Zuckerberg. It is scary to see how many people still manage their E-mail (professional and personal) on servers in other countries — servers that can be snooped without even informing those affected. Those two problems are not the same, but they illustrate how much different today’s Web is. Once we go there, there’s no going back.

This whole thing boils down to a culture of renting. People purchase machines that are only rented in the sense that they are not general-purpose machines; they are controlled and thus owned by just one company. People also subscribe to other sites where they rent space and sometimes a mail box. People rent a ticket to some database which determines who their “friends” are. When life is “rented” from big corporations rather than bought to be owned, self-determination is assured a destruction. The whole “cloud” media hype makes this worse.

The Dangers of an Advertising Monopoly

THERE have been some heated talks recently about the market distribution in the online advertising sector. An observation worth making is the fact that most companies are in the business of making other companies runs out of business, whether deliberately or not.

With the rise of software as a service, many business rely not on acquisition costs and not on subscription for revenue, either. They use advertisiing instead. It appeals to newcomers and facilitates rapid expansion. But what happens when these businesses rely on a middleman for advertising? What happens when the advertiser itself in among those that compete against Web-based services that rely on it?

Ad BlockingSadly, many businesses rely on companies such as Yahoo and Google, which manage their advertising and connect them with the advertiser. Both ends are customers — the advertiser and the service. The middman gains the most. It is hard to compete with companies such as Yahoo and Google when they in fact make pure profit from advertising. It is almost as though any business that uses a middleman for advertising is sharing the revenue with a competitor. The margins simply cannot be compared.

To use an example, if a company uses Yahoo for advertising in its specialised CMS, then Yahoo gets a share of the profits. If Yahoo wanted to compete head-to-head, it would not be subjected to the same third-party ‘taxation’. Therefore, it would find it easier to compete.

With this little load of my mind, perhaps it’s worth adding that advertising will always remain a controversial thing. It is a form of brainwash. Marketing lies.

Divisive Web

InternetAccording to an article that I recently read, the Internet could one day be broken down into separate networks that are isolated and selectively dispersed around the world. This means that the global nature of the Web, as well as the wealth of information, would cease to exist. Moreover, this heralds that final goodbye to a state where little or no censorship barriers can prevail. This changes one’s perspective entirely.

This worrisome move is entirely different from the issue of Net neutrality, which in itself separates the Web into multiple tiers. It is also reminiscent of rumours about ‘Googlenet’, where one submits a site to a dark privatised Web that gets indexed and closely monitored (obviating the need to crawl remote servers and use pings for distant notification).

In the long term, whether this is totally disastrous or not remains to be seen. Consider, for instance, the peculiar extension of resources that are made publicly available. Let’s look a look at the way that the Web has evolved in recent years. Only a tiny crosssection of the ‘visible’ Web involves content spammers (or scrapers), where visibility is grossly defined by search engines (internal sites and intranets aside). However, in reality, the content that exists on the Web–that which is deliverable and which is spam–can actually be a majority (spammers spawn colossal colonies of junk and dummy content). This leads to (or involves) blogalanches, ‘poisoning’ of the index/cache, and it’s subverting search results in the process. All this leads to chaos as search engines diverge from the correct search results and deliver something less meaningful. In the process of struggling for good spots (or visibility) in search engines, spam rises and leads to attacks of various sort. Temptation leads to vandalism, which leads to further maintenance. The Web no longer seems like an appealing place to be. But can division of the Web help? I very much doubt it. It’s all about authorities controlling information. Brainwash is the means for making others think alike, comply, and even be submissive.

Retrieval statistics: 21 queries taking a total of 0.109 seconds • Please report low bandwidth using the feedback form
Original styles created by Ian Main (all acknowledgements) • PHP scripts and styles later modified by Roy Schestowitz • Help yourself to a GPL'd copy
|— Proudly powered by W o r d P r e s s — based on a heavily-hacked version 1.2.1 (Mingus) installation —|