lock Today I'm going to look at how not to handle user authentication in a web application, taking BeTwittered.com authenticating with Twitter as an example (sorry, guys).

BeTwittered is a simple and comfortable gadget that you can add to your site, such as your iGoogle homepage.

Since BeTwittered is just a bridge between you and Twitter, it has to first log you into your account. Here is where things go horribly, horribly wrong.

1. BeTwittered does not use SSL to secure requests to its servers

All authentication information is transmitted to BeTwittered servers in plain text and is easily sniffable by an attacker, both on your own network and outside of it. You can read more about SSL encryption here….

7

Why Are?.. – Presented By Google [PICTURES]


Posted by Artem Russakovskii on January 31st, 2010 in Humor, Politics, Stuff

Google Recently, I decided to conduct a Google experiment and write down what the search engines suggests for the phrase "why are" followed by all kinds of nationalities, races, and localities (alright, "recently" seems to be last March, as evident from the Google theme, but I only decided to post this now).

I did this just for fun and found most of the results funny, some hilarious, and some offensive and controversial.

However, all of them have a reason for being there – statistics. It's what people search for. The cream of the crop. Stereotypes, hilarities, it's all here.

If you can, please don't take them too close to heart. In fact, if you're a righteous conservative thinking of lecturing me, …

Updated: February 9th, 2014

image

Introduction

I don't know about you, but I can't imagine doing my PHP development without an IDE with a debugger anymore.

It autocompletes for me, it lets me step through each line of code, jumping around the project, execute and change the code flow on the fly, and does many other things that make me feel cozy, comfortable, and efficient at PHP development (as opposed to, say, CPP which makes me feel cold and lonely).

There are many PHP IDEs out there and I've tried most of them (including the free PHPEclipse and PDT for Eclipse) but kept coming back to NuSphere's PHPEd every time. The other ones just don't do as good of a job and don't have the …

The Problem

If you use the Recent Comments sidebar widget in your WordPress installation, it's possible that you want to customize this widget's style.

You will quickly find, however, that as soon as you add the widget to your sidebar, it injects the following inline, hardcoded CSS into the containing page (using !important to make things worse): 

<style type="text/css">.recentcomments a{display:inline !important;padding:0 !important;margin:0 !important;}</style>

The code above comes from recent_comments_style() (found in wp-includes/default-widgets.php), which is in turn called by WP_Widget_Recent_Comments() in the same file (this is just an old-style PHP4 constructor – same as PHP5's __construct()), which is triggered when the Recent Comments widget is used:

add_action( 'wp_head', array(&$this, 'recent_comments_style') );

This leaves a bad taste in my mouth because:

18

WordPress Developers – How Do You Make A Living [Poll + Discussion]?


Posted by Artem Russakovskii on January 18th, 2010 in Wordpress

Updated: May 3rd, 2010

The Question

I'd like to pose this question to all WordPress developers – plugin, theme, as well as core ones:

How do you make your living?

And, for clarification, by this I mean: "what are your primary sources of income?"

Open Source

Open source is a beautiful concept but it often comes with a price tag or, rather, the inverse price tag: most of the time you are not being paid for your time (of course, there are exceptions, such as companies hiring dedicated open source developers and keeping them on their direct payroll).

Everyone has to make a living, however, and everyone has their ways.

Developers can benefit from such income sources as:

5

Follow-up To Loading CSS And JS Conditionally


Posted by Artem Russakovskii on January 15th, 2010 in Programming, Wordpress

First of all, I'd like to thank everyone who read and gave their 2 cents about the [Wordpress Plugin Development] How To Include CSS and JavaScript Conditionally And Only When Needed By The Posts post. The article was well received and will hopefully spark some optimizations around loading styles and scripts.

Here are some discussions and mentions around the web:

Sure, there are drawbacks to this method and it does require some more processing on the backend and it's not for everyone, which is why we should always strive for an even better solution.

I stand by my point of view that, for instance, my dedicated …

Updated: January 25th, 2010

thumbnail Introduction

If you follow web design at all, you probably see 5 billion top NN posts on a daily basis mentioning site and blog designs, fonts, icons, etc.

However, nobody seems to be paying attention to these little but important guys: comment forms.

If you have an appealing comment box, you are more likely to receive comments (this is based on days of scientific research that I imagined I did in my head) and your content is more likely to be re-shared, voted up, and saved.

I really do feel that way when I visit blogs, especially when an otherwise aesthetically pleasing site has a plain vanilla comment box.

Let's Go

So here we go. I have looked through hundreds …

Updated: September 16th, 2012

Introduction

wordpress logo In this tutorial, I am going to introduce a WordPress technique that I believe was unpublished until I raised the question a few days ago on the WordPress forums.

In short, the problem I was trying to solve was plugins unnecessarily loading their JavaScript and CSS on *every* page of the blog, even when doing so would achieve absolutely nothing and the plugin wouldn't do any work.

Update #1: I have posted a follow-up in response to some comments received around the web.

Update #2: There is a solution that can be considered a compromise as it works well for loading JavaScript but doesn't handle CSS.

I briefly mentioned this approach here but but Scribu decided to expand …

youtube thumb Don't you just hate it when you visit somebody's blog, see an embedded Youtube video, play it, and find that the player is missing the full screen button.

Yeah, this one: youtube fullscreen button.

Well, I hate it too, so please, try not to be that guy. I realize sometimes you copy the embed code wrong or, on a larger scale, you add the wrong embed code to your generic template.

Not a problem. If your Youtube embeds are missing this button, here is how you can easily fix it.

The Problem

Here's an example video that doesn't have the button (it's really good too, if you haven't seen it yet):

The fullscreen button is nowhere to be found because by default …

It's always important to know for developers what browsers they are developing for, who dominates the market, and what the current trends are.

I have gotten my hands on the Plaxo.com visitors' browser stats for December of 2009.

This information is valuable because Plaxo has a relatively general demographics, as it's not a site only geeks or only moms visit, and the statistics tends to not be skewed. Therefore, as you can see, Firefox doesn't occupy the same share as you might see on a techy site (on this site, more than 50% of users visit in Firefox).

Also, since Plaxo has a couple million monthly visitors and therefore a couple million data points, statistically speaking these numbers are relatively …

Seasonscape - credit alexiuss There are undoubtedly a lot of wallpaper sites. Even more undoubtedly, most of them suck, both in content and filtering capabilities (by resolution, theme, etc).

My preferred way until recently was Deviant Art, because it had a lot of content and very nice filtering – I could specify my exact resolution.

However, as of some time ago, Deviant Art browsing by resolution disappeared, as evident from trying to find it on their site and from the comments on this post announcing the capability in the first place.

The Solution

Sometimes the solution lies right in front of our eyes – we just have to open them to see it.

A while ago, Google Image Search expanded their support for …

2

How To Export/Import Your ExpanDrive/SFTPDrive Drives And Settings


Posted by Artem Russakovskii on January 9th, 2010 in Linux, Tips, Tutorials

ExpanDrive logo ExpanDrive (formerly SFTPDrive) is a very handy Windows and Mac application that lets you take any SSH connection and mount it as a local drive. It saves me countless annoyances because I don't have to use a proprietary sftp uploader – in fact, I can simply open any file with my favorite editor, directly on the newly mounted drive.

The Problem

The problem with ExpandDrive is – it's quite simplistic. So simplistic that it doesn't offer an easy way to export its drive list and the associated settings. Because of that, you will have to enter all the drives all over again in case you reinstall Windows or want to replicate them to another computer.

Of course, there is a …

13

How To Fix Intermittent MySQL Errcode 13 Errors On Windows


Posted by Artem Russakovskii on January 5th, 2010 in Databases, MySQL, PHP, Programming

Updated: September 16th, 2012

13

The Problem

I've had MySQL on my Windows 7 laptop for a bit (as part of wampserver), mostly for local offline WordPress development.

However, even though MySQL is relatively stable, I've been observing a vast quantity of intermittent MySQL errors, as reported by WordPress in the PHP error log (C:\wamp\logs\php_error.log). Here are some examples:

[05-Jan-2010 09:47:51] WordPress database error Error on delete of
'C:\Windows\TEMP\#sql17e0_1a2_6.MYD' (Errcode: 13) for query SELECT t.*, tt.*
FROM wp_terms AS t INNER JOIN wp_term_taxonomy AS tt ON tt.term_id = t.term_id
INNER JOIN wp_term_relationships AS tr ON tr.term_taxonomy_id =
tt.term_taxonomy_id WHERE tt.taxonomy IN ('category') AND tr.object_id IN (3)
ORDER BY t.name ASC made by require, require_once, include, get_footer,
locate_template, load_template, require_once, dynamic_sidebar,
call_user_func_array, widget_rrm_recent_posts, RecentPosts-&gt;execute,
ppl_expand_template, 

image Ever since the introduction of the official Retweet button, I've wanted it to be a little more interactive. I usually want to add my 2 cents into the tweet I'm about to retweet but the default RT button just doesn't allow for it – Yes is the only option:

image

Troy's Twitter Script

Enter Troy's Twitter script for Firefox that I reviewed in detail a few months ago.

Troy's script added the RT button to my stream (along with inline picture and video embed, auto url expander and shortener, name autocomplete, and other things) way before Twitter introduced it.

It also allowed me to add a couple of words or rephrase the retweet to make it more relevant to my followers….

image As a backend developer, I don't get to work with JavaScript much anymore. However, from time to time, a project would come along that uses JavaScript (specifically, AJAX) to load some backend data on the fly. Of course, nothing works 100% right away*, so I would often have to tweak this JavaScript and massage it until it does what I need.

Here's where Firebug comes in with its JavaScript debugger. I'm used to using a debugger in every language I deal with, so using Firebug is a no brainer. Since it supports breakpoints, stopping execution and inspecting local variables and the rest of the scope generally beats alerts and console.logs for me.

Here's what a typical breakpoint looks …