The hard way to write persistent logins:

First create a secret salt:

// For SHA1 hashes
define('SECRET_SALT', 'SHA1 a seekrit salt...');

Then, look for a previous authentication ticket:

// First, check to see if there's an authentication ticket
if($authticket = sha1($_COOKIE['upauth'])) {
  $sql = "SELECT * FROM user WHERE authticket = '$authticket'";
  $result = mysql_query($sql) or die("Failed query: " . mysql_error());
  if($row = mysql_fetch_assoc($result)) {
    if($authticket == $row['authticket']) {
      // Welcome Back
      $_SESSION['username'] = $row['username'];
      $_SESSION['password'] = $row['password'];
      return 1;
    }
  }
}

Set the authentication ticket in the login check:

if($_POST['remember']) {
  $authticket = sha1(SECRET_SALT . $_SESSION['user_id'] . time());
  $sha1ticket = sha1($authticket);
  // Update SHA1 of authticket
  $sql = "UPDATE user SET authticket ='$sha1ticket' WHERE id = {$row['id']}";
  $result = mysql_query($sql) or die("Failed query: " . mysql_error());
  // set authticket in upauth cookie for a year
  setcookie('upauth', $authticket, time() + 31556926);
}

Add the ticket removal code to logout:

// remove upauth cookie
setcookie('upauth', '', time() - 86400);

Note: if you want to make sure that the ticket expiry hasn’t been tampered with, you’re going to need to digitally sign or store the expiration date in the database.

Now, the easy way for permanent logins:

$session_expire = 60 * 60 * 24 * 365;
ini_alter("session.gc_maxlifetime", $session_expire);
ini_alter("session.cookie_lifetime", $session_expire);

I can’t really see anything wrong with this approach actually… Makes your session id’s a bit more exposed (Also, you don’t have a choice for one-time logins, you just have to remember to log out). Not sure how running the ini_alter() affects performance.

Movies to see:

• Control Room
• Garden State – very good, check out Zach Braff’s Garden State Blog
• Hero – hey, Miramax actually brought something over and did it right! Hope they give Infernal Affairs the same respect (out already?)
• Mean Creek
• The Blind Swordsman: Zatoichi
• Open Water
• What the #$*! Do We Know?!

I’ve set up Trac at work twice now. I haven’t had too many problems with that, but it is a couple of steps on Debian.

While not perfect, it is the closest I’ve seen to an integrated SCM/PM/KM tool. Also, it’s progressing pretty well. v0.8 and v0.9 should add most of the missing features that I’d like. It’s written in Python and Clearsilver and is GPL’d.

Similar:

• CVSTrac – similar functionality to Trac but simpler and less refined
• Confluence + JIRA – very nice, in a lot of ways more advanced than Trac (name-spaces, input templates), but commercial software, less straightforward
• Basecamp – 37signals’ ASP’d PM tool, need to give it a spin

The current biggest things I’d like out of Trac:

• Dashboard/Summary page
• Tasks/To-do’s in addition to tickets
• Blog/news for each project
• Centralized system w/ namespaces
• Internal/external messaging/conversations
• Comments/annotations on any item/node
• Versioning for attached files
• Nested components
• Dependencies
• Ticket assignment to multiple users, groups

A bunch of co-workers and I swung by Scott Kelby’s Photoshop: Down & Dirty Tour class at the Convention Center today. A lot of very, very good stuff. Among the best:

• shift + plus cycles blend modes when a layer is selected
• making a eurocollage
• movie poster dirty text is made by threshold images and masking
• making product ad shots is simple (reflections, feathering and drop shadows are your friend)
• the Photoshop CS shadow/highlight adjustment tool is awesome
• dodge and burn w/ brush tools on a separate neutral gray overlay layer
• you can export automated PDF slideshows
• everyone looks better at 95% width

So very worth your time and money.

• Income Gap Up Over Two Decades, Data Show

Hardware edition:

• ATITool – w/ artifact scanner, neat. I just bought an MSI 9800 Pro that booted up recognizing as an XT and went up to 412/365 w/ zero problems. I’ll have to give it a push if I’m feeling bored
• Mike’s Hardware – this is a great site that has product roadmaps for all the latest PC hardware. If I upgrade soon, it looks like Q4 is good. A pair of Raptor HD’s, an NForce4 board, Athlon64 4000, and possibly NV48e. Too addictive.
• Antec Sonata Case Review – this looks like a nice quiet case (not a big deal for me now as all my noisy computers are in a separate room)
• Nvidia GeForce 6600 paper-launch – some pretty amazing performance out of a very reasonably priced card. Too bad it’ll be at least a month or two before you can get your hands on one (this helps my Doom 3 habit how?)

I finally picked up a WRT54G ($61 now, + $10 rebate). This is a v2 model (200MHz MIPS chip), and seems to load up firmware 3rd party firmware ok. The main thing I want is traffic shaping, but stats might be nice too.

• EWRT – a Sveasoft Samadhi2 fork; has NoCatSplash, Wondershaper+iproute2, power selection, RSSI stats reporting, remote syslogging
• OpenWRT – modular system that uses packages for features. Quagga, but no Wondershaper pacakge?
• Wifibox – nice installation, but no QoS
• LinksysWrt54g – might be fun to build my own package

• On CNBC’s Tim Russert, O’Reilly likened MMFA to the Ku Klux Klan, see Jim Gilligan’s clips for more of O’Reilly being a blustering asshole (along w/ facts and corrections to go along w/ his lies). Insightful mefi comment:
  

  I think one would have to concede that the casual observer would come away from this thinking O’Reilly had won decisively. That he did it through bluster, bullying and sophistry is beside the point — he was more effective. And Krugman, alas, looked like he was nervously eyeing the studio door, half-expecting O’Reilly to loose it all and take a swing at him. I don’t fault Krugman. That’s just the state of (what passes for) discourse.

  also:

  Anyone suggesting that O’Reilly somehow ‘won’ either have a different definition of the term than I do ar some pretty low standards for argument. Krugman can be faulted for ever deciding to debate this guy in the first place (especially because he is so soft-spoken), but at least he tried to provide arguments. The standard exchange went something like this:

  Krugman: tries to make a point, offer some form of evidence in support for the point. Cut off By O’Reilly after about two sentences.
  O’Reilly: offers some type of retort, generally in the form of ‘everyone knows that’s wrong. Your sources are all lying partisans.’ Then goes on to attack Krugman in the worst ad hominem fashion. Krugman passively waits for the child to finish or start debating like a reasonable person. Alas, this never happens.

  What’s funny to me is that O’Reilly himself seems tio distrust evidence on principle (and certainly cultivates this attitude among his viewers). If they are trying to offer sources to support their claims, they must be skirting on sophistry.

This RIAA TP is a great idea. Maybe there should be a Bush version.