Posted on by lhl

Nearly 36 Million Americans Live in Poverty

Some 1.3 million Americans slid into poverty in 2003 as the ranks of the poor rose 4 percent to 35.9 million, with children and blacks worse off than most, the government said on Thursday in a report that fueled Democratic criticism of President Bush.

holy typo

Follow-up on mefi about Bush’s latest accomplishment.

Ya’ll don’t get it, do you? Poor people don’t vote. And he controls all arms of the federal government and has corporate media in his pocket. Add electronic voting systems with no oversight, and, well, ya’ll are being tooled.

Posted on by lhl

Stiki Wiki, a WYSIWYG wiki platform has been undergoing a lot of changes in the past few weeks. Very cool stuff. I like the previews for the incoming/outgoing links (the hover lines are a nice touch). These are great for giving context to otherwise hard to visualize structures.

Posted on by lhl

Sony marketing manager Atsushi Kubota said his company wants to promote a wide range of music players in the Walkman lineup, including various types of disks and memory cards, not just the hard drive. Global Walkman sales still total US$20 million a year, according to Sony, compared with more than 3.7 million iPods shipped worldwide so far.

This blurb from a Taipei Times article tries to make it seem like Sony is still in good shape (20M > 3.7M), but when you realize that it’s comparing dollar to unit sales you can see the gravity of the situation. At a conservative 1M units/yr @ $300 (I know it’s more and it’s going up), we’re talking about a 15x (and realistically, probably more like 20x) sales figure difference here. Sony is getting its ass completely handed to.

Don’t worry, I’m sure that converting all music to DRM’d ATRAC is the way to go. People love that.

Posted on by lhl

The hard way to write persistent logins:

First create a secret salt:

// For SHA1 hashes
define('SECRET_SALT', 'SHA1 a seekrit salt...');

Then, look for a previous authentication ticket:

// First, check to see if there's an authentication ticket
if($authticket = sha1($_COOKIE['upauth'])) {
  $sql = "SELECT * FROM user WHERE authticket = '$authticket'";
  $result = mysql_query($sql) or die("Failed query: " . mysql_error());
  if($row = mysql_fetch_assoc($result)) {
    if($authticket == $row['authticket']) {
      // Welcome Back
      $_SESSION['username'] = $row['username'];
      $_SESSION['password'] = $row['password'];
      return 1;
    }
  }
}

Set the authentication ticket in the login check:

if($_POST['remember']) {
  $authticket = sha1(SECRET_SALT . $_SESSION['user_id'] . time());
  $sha1ticket = sha1($authticket);
  // Update SHA1 of authticket
  $sql = "UPDATE user SET authticket ='$sha1ticket' WHERE id = {$row['id']}";
  $result = mysql_query($sql) or die("Failed query: " . mysql_error());
  // set authticket in upauth cookie for a year
  setcookie('upauth', $authticket, time() + 31556926);
}

Add the ticket removal code to logout:

// remove upauth cookie
setcookie('upauth', '', time() - 86400);

Note: if you want to make sure that the ticket expiry hasn’t been tampered with, you’re going to need to digitally sign or store the expiration date in the database.

Now, the easy way for permanent logins:

$session_expire = 60 * 60 * 24 * 365;
ini_alter("session.gc_maxlifetime", $session_expire);
ini_alter("session.cookie_lifetime", $session_expire);

I can’t really see anything wrong with this approach actually… Makes your session id’s a bit more exposed (Also, you don’t have a choice for one-time logins, you just have to remember to log out). Not sure how running the ini_alter() affects performance.

Posted on by lhl

I was telling a friend about the IP minefields I had implemented in various folders to keep snoopers out. I remember that I mentioned this at OSCON and other people had also mentioned that it was a great idea (that hadn’t been done before?). It is a good idea, and trivially easy to implement. So here’s the PHP source:

$deny = '# ' . date("D M j G:i:s T Y") . "
";  
$deny .= 'Deny from ' . $_SERVER['REMOTE_ADDR'] . "
"; 
fwrite(fopen('.htaccess', 'a'),$deny);
Posted on by lhl

A bunch of co-workers and I swung by Scott Kelby’s Photoshop: Down & Dirty Tour class at the Convention Center today. A lot of very, very good stuff. Among the best:

  • shift + plus cycles blend modes when a layer is selected
  • making a eurocollage
  • movie poster dirty text is made by threshold images and masking
  • making product ad shots is simple (reflections, feathering and drop shadows are your friend)
  • the Photoshop CS shadow/highlight adjustment tool is awesome
  • dodge and burn w/ brush tools on a separate neutral gray overlay layer
  • you can export automated PDF slideshows
  • everyone looks better at 95% width

So very worth your time and money.

Posted on by lhl

I’ve set up Trac at work twice now. I haven’t had too many problems with that, but it is a couple of steps on Debian.

While not perfect, it is the closest I’ve seen to an integrated SCM/PM/KM tool. Also, it’s progressing pretty well. v0.8 and v0.9 should add most of the missing features that I’d like. It’s written in Python and Clearsilver and is GPL’d.

Similar:

  • CVSTrac – similar functionality to Trac but simpler and less refined
  • Confluence + JIRA – very nice, in a lot of ways more advanced than Trac (name-spaces, input templates), but commercial software, less straightforward
  • Basecamp – 37signals’ ASP’d PM tool, need to give it a spin

The current biggest things I’d like out of Trac:

  • Dashboard/Summary page
  • Tasks/To-do’s in addition to tickets
  • Blog/news for each project
  • Centralized system w/ namespaces
  • Internal/external messaging/conversations
  • Comments/annotations on any item/node
  • Versioning for attached files
  • Nested components
  • Dependencies
  • Ticket assignment to multiple users, groups