Kristian Lunde

Last week I got a job in Newcastle

I will step into the position as “Head of development” at Orange Bus in November.

I really look forward to join the talented team at Orange Bus. Have a look at http://www.orangebus.co.uk where you can see some of their work.

I’m on twitter, http://twitter.com/kristianlunde.

I’d never thought I would go and create an account on twitter but there I am with a brand new twitter account.

I will be posting on twitter next week when I visit Newcastle (UK) if I get my phone number registered on twitter during the weekend, twitter seem to have some problems accepting Norwegian phone numbers today.

Today I came over a a post on dzone.com about Eclipse and templating. It turns out that you can write small templates of code snippets you use a lot and bind them to a keyword. When typing the keyword, press “ctrl” and “space” and a list of possible templates available will appear, select the prefered template, press “enter” and the code snippet is inserted into your working code. I works just the same way code completion. This actually means that you do not have to write the boring “for” loops or “if” tests anymore, just write a template and become a more efficient developer.

The original post explains how to set up templates, so I will not go into that in this post, but since I am primarily a PHP developer and the post describes templating for Java, I’ll just give a description of where to go if you use the PHPEclipse.
To edit and create templates for PHP, HTML or css, even javascript you have to use this path:

window -> preferences -> PHPeclipse Web Development -> PHP -> Templates.

To write and edit the templates, just follow the guidelines from Mr. Graversen, or have a look at the links below.

For further reading have a look these sites.

• http://firstclassthoughts.co.uk/java/eclipse_tip_templates_public_static_final.html
• http://www.phpeclipse.de/tiki-index.php?page=Howto+use+the+templates+system
• http://help.eclipse.org/help21/index.jsp?topic=/org.eclipse.jdt.doc.user/concepts/ctemplates.htm

I guess if I had read the PHPEclipse manual when I first started using Eclipse, I would probably been using it from the start

Good luck with your Eclipse templates, I know I will be using them extensively.

Developing MVC (Model View Controller pattern) applications in PHP or any other language often require a lot from the view tier. The view needs to process data received from the model tier and form it into presentable data, it also has to manage user input and form that into data understandable for the model tier.
This might not be a big issue while working with small application, but when it comes to midscale and large applications the view helper pattern can be of great help. The view helper pattern is one of the J2EE core patterns and the documentation can be found on:

http://java.sun.com/blueprints/corej2eepatterns/Patterns/ViewHelper.html

What does the helper pattern do?
First of all the helper pattern adds an extra tier to the system, this tier can be seen as a mid tier which has some understanding of the logic of the system, it knows a little bit about the view and a little bit about the model. Another cool thing is that the view helper pattern makes your code more reusable. When moving complex structures from the view and into a view helper it can with ease be used by other views.

Example:

You are writing a web application where the user writes a review of some product, the application should do auto saving of the user input every 20 second using Ajax functionality. The application should of course also save the user input then the user submits the data. The ajax request and the user submit does almost the same thing but the when the user submits the data the view should also store a rating of the product. This require the ajax request and the user submit to be two different views, or one complex view.

In an ordinary MVC system you would have to implement two views with very much of the similar behavior or one complex view. Using the view helper pattern you extract the storage of the user review in a helper which can be reused by both the ajax request view and the user submit view.

I have written a very simple implementation of the example in PHP. The implementation is not complete at all, but it is meant as a proof of concept that the reusability of code in your application can increase using the view helper pattern.

I am sure that the view helper pattern has helped me to write better and more organized code, which is easily understandable and very reusable.

If you do not use the view helper pattern, and still have solved the problem with reusability of code in the view tier please feel free to leave me a comment describing your solution.

Wordpress 2.6 was released the other day, and today I took the chance on upgrading from 2.5.1. The installation went without trouble, but when I came to log on to the admin panel I got a:

"403 Forbidden"

A quick google search gave me the solution for this problem. Earlier you logged in by typing:

http://someurl.com/wp-admin

In wordpress 2.6 you should use:

http://someurl.com/wp-login.php

.

I have not got around to test all the new functionality in wordpress 2.6, but so far the new features seems cool, at least the automatic update of plugins was particularly neat

Dansnetwork has a short an simple article explaining the simplest way of securing user passwords on the web. If you are new to authorization on the web, this article will give you a quick introduction to hashing methods and what not to do when dealing with authorization information.

URL: http://blog.dansnetwork.com/2008/07/15/unsafe-password-storage-practices/

Still this article is a bit to basic, since it does not discuss rainbow table attacks, which could with ease break most of the passwords. My previous article discuss how to avoid rainbow table attacks.

A recent post on dzone.com linked to a article about “password encryption using PHP” written by Stefan Ashwell on total.php.com. In this article he illustrate a how to save user passwords and authenticating users using the sha1 hashing algorithm.

First of all lets all agree that hashing passwords are basics requirements for a secure web application, but is a simple hashing of the password enough? I do not think so.

Here is the scenario, Someone breaks into your system (not through the web application, but for instance through an ssh connection), they get access to your user database or file where you store user account information.  The intruder is now in possession of the password and user name of all your users, but still the passwords are hashed with md5, sha1 or an similar hashing method. If the intruder is determined to get into your system and mess up, he may now try to decrypt the passwords using a  dictionary word file and brute force (also known as rainbow tables). This method is quite common and is not advanced at all, all it does is looping through the dictionary file, which contains all words and common password phrases, do a md5 or sha1 hashing of these words and see if it matches up to the hashed password, if it does it has found a match, and the intruder is able to log into the account.

Even though this brute force method might take some time, he will eventually get the passwords and get full access to the users account. There are however methods to complicate this and even make it impossible for the intruder to get the password using brute force method and that is called salting your password.

Example:

As you can see the salt is an secret string which is only used by your application, it is prepended and appended to the password. You could of course also go the extra mile and split the password in two and add the salt in the middle of the password, but there might not be any point in doing that.

This makes the word not like any word you will find in an dictionary and therefore the brute force method will not find the password.

The point is that if the intruder get a partial access to some of your system, for instance the user database, it will not be enough to get access to the total system because the security system is layered, one layer in your code, and one layer in your user database.

I do not say that this method is a 100 percent secure but it is is way more secure than not using a salted password.

John Resig posted a note on his blog about whoisi.com, a social network aggregator. The system is ingeniously simple, do a search for the name you are looking for, I did a search for myself :P.
All similar names are listed, if the name is not listed, just add it. To each name you can attach a bunch of links, as for instance facebook, twitter, linkedIn, blogs and so on. Everyone has the possibility to add a person and attach a links.

My page on http://whoisi.com/p/1383

Tonight I encountered a rather strange problem on my Ubuntu box. While doing nothing special on my machine, just surfing and listening to music and suddenly there are no sound?!?

Doing a quick search on ubuntuforums.org I quickly found the solution. The problem seems to be Firefox, killing the firefox sessions and restarting the alsa-utils did the trick for me, and voila the sound is back

The howto get the sound back is found here: http://ubuntuforums.org/showthread.php?p=2742327

BTW: starting firefox again did not cause any problems

I attended the PHP vikinger unconference in Skien on Saturday. Rather than writing my own wrap up of the unconference I choose to link to the wrap up written by Mats Lindh and Derick Rethans

Notes from Mats: http://e-mats.org/2008/06/php-vikinger-notes/

Notes from Derick: http://phpvikinger.org/news/news-2008-05-23