CHXO Internet

Putting PHP to work for the people.

Dec 14, 2005:

Embedding QuickTime

Apple updated their QuickTime site at some point, and now I can't find their "Embedding QuickTime" reference. Or at least, I can't find the page they used to have, which told you the proper < object > incantation for the QuickTime player in MSIE. Thanks Apple, love ya.

Their Embedding QuickTime toutorial is out of date, and there is the merest hint that you might need to wrap your (W3C-deprecated) embed tags in an object tag, but without providing the syntax.

Here's a nice reference to replace it.

Oh, and here is Apple's Embedding QuickTime for the Web (circa 2004), and here is the QuickTime ActiveX Plugin "Important Information for End Users" document it links to.

The QuckTime site is woefully thin on webmaster resources. I'm working on an page dumping what I know from 7 years working with their excellent, but poorly documented, plugin. Stay tuned (or ask me for it).

Nov 25, 2005:

Gmail's Policies Document

The Gmail Program Policies are pretty interesting, especially if you've never looked at them before. Highlights of the things Gmail users may not do:

  • Send spam
  • Promote illegal activity
  • Unauthorized transmission of intellectual property
  • Use of Gmail for peer-to-peer filesharing

  • Well at least they haven't prohibited the transmission of disparaging remarks about Google services or advertisers...

    Nov 17, 2005:

    Firefox Extensions for Text Composition

    Is your web browser really up to the task of creating and editing web content? Online applications are really great, but until web browsers take their role as web editors seriously (Mozilla Composer, where art thou?), users will be forced to cut-and-paste from "real" editors, and risk losing precious compositions because of network glitches.

    Fortunately, if you need your browser to take text composition seriously, there are a few Firefox extensions that will ease the pain. Spellcheck-on-demand just saved me a few hours of programming! (Provided I can convince my userbase to use Firefox, of course.)

    Oct 31, 2005:

    Command Line Wireless Tool for OS X

    I went looking for the Macintosh equivalent of iwconfig today so that I could get a command-line readout of the current wireless signal strength. This is good for sniffing out WiFi reception "sweet spots" in the office, and for tuning antenna positioning on the access point.

    Apple hides their airport command line tool at
    There's no manual page, but the --help switch will tell you everything you need to know. :-)

    Oct 13, 2005:

    Use Your PowerBook's Function Keys As Function Keys

    On most PC laptops, you have to use the Fn key in order to...

    Oct 05, 2005:

    Why PHP Rocks

    I don't know if you've seen this Ning thing, but it looks really fun and weird. I can't wait to start working with it, I really hope they got this right. I mean... open, clonable PHP? Are they mad?

    Ning is the crazy robot that will take over the world, but it's okay because you and I are going to build it, and keep a "social" eye on it.

    Sep 13, 2005:

    Pro PHP Security - quick note!

    If I have any disadvantage as a writer, it's that I work (more than) full time and try to maintain several open source projects. This leaves remarkably little time for marketing.

    All this to say that my book on secure web application programming is on the shelves, it looks great, and it takes a full-system approach that is rare in PHP books. But more on that later!

    Sep 12, 2005:

    Word's brain-dead auto selection fixed!

    Mad, mad props to my colleague Joshua Peskay for digging this out of Word's edit preferences. You'll find it in Tools > Options > Edit tab:
        When selecting, automatically select entire word
    Hallelujah! You really can make Word behave like every other program.

    Solve this usability nightmare for yourself by unchecking that box.

    Sep 01, 2005:

    Apple-Shift-4 I Love You

    Screenshot grabbing on Macintosh OS X... do you use Apple's...

    Aug 25, 2005:

    All I Can Say Is...

    Unicode (and dingbats) rock. So lightweight, so universal.

    Jul 24, 2005:

    How To Build A multipart/form-data POST request

    Need to create a POST request that uploads a file?
    I spent this afternoon trying to figure out what one looks like. This document includes a template that has been successful for me.

    Use of PHP_SELF considered harmful

    Warning: $_SERVER['PHP_SELF'] can include arbitrary user input.

    As discussed in this very long thread on nyphp-talk (thanks Dan and George, for schooling us!), using Apache the request "" will run /info.php, but $_SERVER['PHP_SELF'] will equal "/info.php/attack here". This is a feature, but it means that PHP_SELF must be treated as user input.

    The attack string could contain urlencoded HTML and JavaScript (cross-site scripting) or it could contain urlencoded linebreaks (HTTP response-splitting).

    The use of $_SERVER['SCRIPT_NAME'] is recommended instead.

    This notice was posted to the PHP Manual's $_SERVER documentation page as well (on behalf of New York PHP).

    May 10, 2005:

    Hardening A Default MySQL Installation

    When MySQL is first installed, permissions are pretty much wide open for both the root user and someone called "test". Root gets fixed right away when you set a password, but what about this test character? Turns out that test can connect from any host, has no password, and has full access to the "test" database.

    Apr 16, 2005:

    Making Your Own Unix Fortune Database

    This information is amazingly difficult to find. Which is why I blogged it before.

    The upshot: strfile -r myfortunes.txt myfortunes.dat

    Then you can: fortune /path/to/myfortunes

    This enables the Portable Richard's Almanack.

    Apr 01, 2005:


    PHP Helping Asynchronous Javascript And XML (or something like that) is a Javascript class that imports PHP objects into the DOM, and then maintains an object-brokering session with the server using HTTP requests.

    It is meant to enable a rich front-end gui using an object-oriented PHP backend.

    Server Update

    The bad news is that needs a new harddrive soon. The good news is that it means we're in for an upgrade.

    This will be the fourth server OS buildout in a month. Oh well, it's exciting. We'll get to see if berylium and fotola will work under PHP 5. And shaking out the cruft is always a good thing.

    Mar 07, 2005:

    How To Create Your Own OO PHP Extensions

    In the C++, even, for that fresh OO feeling.

    Using C++ With PHP by J Smith.

    Mar 02, 2005:

    URIs in Stylesheets

    "In order to create modular style sheets that are not dependent on the absolute location of a resource, authors may use relative URIs. Relative URIs are resolved to full URIs using a base URI. ... For CSS style sheets, the base URI is that of the style sheet, not that of the source document."
    Good to remember.

    Using fmt To Format Messages

    I keep forgetting about fmt, but there it is just waiting to nicely format (line wrap, indent paragaphs) messages.

    fmt (1) man page

    The UNIX way: simple tools that do one thing really well.

    Mar 01, 2005:

    PHP cheat sheet

    If only I could get all of the date() formatters on here as...

    Feb 28, 2005:

    Macintosh Startup Codes

    Mmmm, smells like legacy. But bloody useful if you have a sick Powerbook.

    Feb 23, 2005:

    The XMLHttpRequest Object

    Bookmarked for later: Drew McLellan's "Very Dynamic Web Interfaces" article on This is powerful stuff.

    Feb 18, 2005:

    Object Property to Determine Who Can Append Resources

    In general we have a good idea who can append named resources to some object -- a contributor or editor -- and we can finesse role assignments to ensure that only a certain set of people can appendNamed.

    We (NYPHP) discussed creating an open|closed flag, similar to public|private but applying to whether users can deem themselves participants on their own.

    I wonder if it might also be useful to have a flag for whether contributors are allowed to append -- call this the "announce list" setting if you like. Discuss...

    Feb 17, 2005:

    Apache2 WebDAV Can't Make Locks?

    Tried everything, and still getting the following in your httpd error log?
    Could not open the lock database. [500, #400]

    The DavLockDB directive names the file that httpd will create the first time it needs a lock. The parent directory of that file must be writeable by the webserver.

    So you can't say:
    DavLockDB /home/webdav-locks
    ...because then /home would have to be writeable.

    DavLockDB /home/webdav-locks/DAVLock
    works, provided the webserver can write to the /home/webdav-locks directory.

    Feb 11, 2005:

    Objects vs. Collections

    Yes, objects and collections are different. But I see them as different interfaces, not different classes. An object should be able to collect all kinds of stuff, and possess many collections.

    But there will always be meta-collections (collections of objects and other collections), and these are worth seperate classes.

    Jan 31, 2005:

    hex2string and string2hex functions in PHP

    Who knows? Maybe you don't like Base64?
    Whatever the reason you want them, here they are.

    Updated: fixed bug caused by HTML editor!

    Jan 30, 2005:

    XSS Cheat Sheet

    Via BitFlux Blog (via Shiflett's Blog), an excellent compendium of cross-site scripting attacks designed to foil HTML filters and input validation.

    If you let untrusted people post HTML content to your website, you need to check your filter against all of these attacks.

    Jan 29, 2005:

    Creating Personal Copies Of Objects

    Wow, this is nuts. I've been designing ways to make aliases of objects in cms, and the latest approach is one I really like -- the alias has its own metadata, but always uses the original's content.

    But just this morning (the benefits of sleeping in, right Fund-mates?) I realised that I could use this kind of alias to let users create their own presonalized copies of objects.

    Dec 18, 2004:

    Making FireFox Search Like Mozilla

    Sick of having to use the dumb search box instead of the Location bar when looking for a term on Google?

    Try going to about:config, the editing keyword.URL to make it

    In a related customization, you can bookmark any search, replace the query term with %s, and give the bookmark a shortcut, as described here.

    Dec 13, 2004:

    Content Objects That Draw Themselves

    Further to the theme in Chapter 1 of Holub on Patterns that objects should draw themselves (by being passed a window resource).

    Well this can be true in an html+css world. (Notice not xhtml -- the cool kids use xhtml techniques with html because xml isn't shiny anymore.)

    Anyway, if each object "knows" (or can find out) its coordinates in whatever container it happens to be in, then it can draw itself. This is a bit convoluted for the average website, but for the exceptional website... well, I can see that.

    This one isn't going to happen soon, but I'm interested in playing with it. A web version of Stickies, something like that.

    Next page »

    CHXO Internet: a folder

    permalink - RSS Newsfeed

    jump to top