YUI 2.2.0

It’s been like forever since the last version (ver. 0.12.2) of Yahoo! User Interface (YUI) was released. Some said they had stopped developing it and choosed another alternative instead. But Yesterday, YUI blog announced the release of version 2.2.0, and they’re going to have a party too.

It’s a pretty big jump from 0.12.2 to 2.2.0. But i personally don’t see that much of improvement. Although i must admit there’s certain features i’m thrilled to see next (currently still in beta), which are browser history manager and DataTable control.

The YUI Browser History Manager is an experimental component designed to facilitate the creation of web applications in which the navigation buttons are fully functional and in which broad aspects of an application’s state — what panels are open, what tabs are active, etc. — can be bookmarked.

The DataTable control provides a simple yet powerful API to display screen-reader accessible tabular data on a web page. Notable features include sortable columns, pagination, scrolling, row selection, resizeable columns, and inline editing.

The DataTable’s debut featureset includes:

  • Progressive enhancement: DataTable is built on the foundation of HTML table element markup, providing a solid progressive-enhancement path.
  • Nested column headers
  • Custom sort functions
  • XHR data sources: Integration with Connection Manager offers robust support for pulling in off-page data.
  • Inline editing: Contents of cells can be editable, allowing users to update the information they’re reviewing.

Interesting to see how they can compete with the same DataTable component in Dojo.

MyBlogLog's Plan to Stop Spam

I’m glad to know MyBlogLog finally took some serious actions to stop spam on their system. As Eric from MyBlogLog said in his blog, they have done and are going to do several plans to stop spam:

  1. We’re going to post an official Terms of Service (ToS) and hold people accountable. It’s hard kicking people’s asses for breaking the rules when the rules aren’t posted anywhere. That will change. Things like blatant advertising in profiles will not be tolerated.
  2. By default, you now see only message from your own contacts. You’ll be able to click a radio button to see messages from everyone else. Further, you’ll only receive an email alert when a contact leaves you a message. Lastly, public views of your profile will reflect your message view setting, so other people viewing your profile won’t see random requests to visit their community or site.
  3. We will include the text of the comment and associated controls (delete,reply, etc) in the alert email. You won’t have to go to MyBlogLog to manage comments on your profile or community page any more.
  4. We will limit users to only five requests for co-authors a day. If you want to request more co-authors, come back tomorrow.
  5. We will limit users to join 15 communities and add 15 contacts during any day. The others will still be here tomorrow.
  6. After the first five are complete, we will set up a comment approval system where community members can automatically post messages and everyone else’s comments gets queued for approved (a la Typepad comments).

I’m relatively new on MyBlogLog, but I do not mind at all with these new rules. Anything to stop spammer.

Habari – a new open source blog software

Do we need another blog software? well, it depends on what you really expect from blogging tools. If you’re absolute end user who use blog software just for blogging, then you have more than enough.

But if you need to do more or you want to add certain customizations or you’re a never-satisfied programmer, then you’d want to have choices.

You’d better take a look at this, a new open source blogging software, Habari.

The Swahili word habari translates to ‘news’, as in ‘what’s the news?’ Blogs — personal and professional — are all about spreading the news, so what better name to apply to blogging software?

Habari represents a fresh start to the idea of blogging. The system is fast, easy to use, and easy to modify. New users should have no problem using and enjoying Habari. Advanced users should have no problem tweaking Habari to do exactly what they need it to do.

Habari relies on PHP5 with PHP Data Objects (PDO), and your choice of SQL database (MySQL, PostgreSQL, SQLite). Habari is strongly object oriented, and implements the full suite of the Atom Publishing Protocol. User-created plugins make Habari do nearly anything imaginable, and a robust theme system permits the use of several popular templating solutions.

There are three reasons why you might want to try this out,

First, it’s built from scratch, i.e it’s a clean state .

Imagine starting on the ground floor. There were no presidencies, no set stringent codebase that couldn’t be altered, no existing userbase that might be confused and the list goes on.

Second, it’s using object-oriented PHP5 style. Which mean it’s more simple, elegant in design and easily extensible. No need hundreds more lines of code when you have several simple function which already exists on PHP5.

Third, the developers behind this project has enough experience on another popular blogging software .

Don’t get me wrong, WordPress is great. But it was build then when we’re still using PHP4. As Stefan Esser said ,

From my point of view, WordPress is not well designed. This starts for example with the fact that they are escaping all input for the database in the beginning, and later when issuing the queries they just put variables directly into the query. The bug I released (charset conversion SQL injection) would not have been possible if they had chosen the more common design, to escape everything right before it is put into the query. Others might argue that they should better use prepared statements and variable binding, but WordPress has to be compatible with old MySQL databases and PHP installations that do not support this. Another problem of WordPress is that it is sooo user friendly that it spits out detailed error messages when a SQL query fails, such that a potential attacker can gain information about the query. This for example leaks the database table prefix.

The problem with many of these big PHP applications like WordPress and PHPBB is that they were started in the days when security was not taken so seriously, and from that day they have grown and grown. In many cases it would have been better to just rewrite them from scratch, but that is of course a lot of work and most people don’t like the idea.

Alright, kids. Grab the source, join the group and spread the words, habari !

Interview with Matt Mullenweg

180px-Mullenweg matt

Many of you use WordPress as blogging platform, but only view of you might know who’s the guy behind this popular web apps.

Matt Mullenweg is the founding developer of WordPress. He is a young talented developer lives in San Fransisco, California. He writes a nice blog at photomatt.net which i believe the first wordpress blog in the world.

Edgework’s Brian Oberkich talked to Matt in 49:30 minutes interview. You should listen to this. Matt talked about WordPress, Akismet and the zen of web product development.

[mp3]http://pod-serve.com/audiofile/filename/4988/Matt_Mullenweg.mp3[/mp3]

As many other open source project leader, Matt is a nice and wise guy. He knows very well how to manage team of developers, how and when to deliver product to the end users, including take an action of any feedback from them.

There’s a part on that inteview where he shared a funny story behind Akismet, anti spam system for blogosphere. Some time before he released Akismet to public, his mom gave him a visit to San Fransisco and lived with him for five weeks. Until at certain point when she decided to make a blog of her own.

Worrying his mom would also get spams offering porn site and would think this as what her son’s doing all the time, Matt pushed Akismet’s team to make a release version as soon as possible. 🙂

SVN for Developer Like Me

svnku

Alright, i’m going to reveal some of my dark secrets. I can’t go through a day without doing certain things. Two of them are reading feeds and SVN updating using my Tortoise SVN .

Reading feeds might be a common activity for most people now. But checking out SVN repository? i don’t think so, especially when you’re not involved in the project.

But i’m telling you, it is a good thing to do for a developer. Following everything that happens in your favourite project’s repository can give you a clue whether it is actively developed or just an empty house that has been abandoned.

For example, i can easily know that projects like Zend Framework or Dojo Toolkit are still actively developed. While project like Ngeblog has been practically dead, since there’s no activity for the last four months. 🙂

Sorry guys, i have to stop Ngeblog for now on, since i don’t have much time to maintain it. But don’t worry, there is Zend_Gdata that has similar feature and even more. And since version 0.7.0, Zend_Gdata has been moved into ZF core.

I also have signed Zend CLA last december to submit some of Ngeblog code to them (Client Login authentication). So officially, i am one of ZF developer now. Although there’s no single code i submitted yet till now. Arrgh, still got so many work to do in my daily job.

Anyway, back to SVN. For some projects like Dojo or ZF, getting files by SVN gives you more than by downloading the release package through their website. Dojo for example, gives you buldtools and test utility that i think it’s pretty useful.

The other advantage, of course, you’re always be the first to know the upcoming release. But you should beware, there’s always chances to any updating or even deleting some files in its repository. So keep your local files updated.

So, You're a Big Fan of PHP 4.x Series

“If my apps run well on PHP 4, why would i be bothered to take a risk upgrading them to PHP 5?”

That’s what most people says when they’re asked to upgrade to PHP 5.

Well, if you are really a big fan of PHP 4, you should think to upgrade it to PHP 4.4.5, the newest release of PHP 4.x series. As Derick said, this release addresses most of the same issues as PHP 5.2.1.

Anyway, people are still complaining about incompatibilty issue between PHP 4 and PHP 5. They’re screaming about blank pages or bunch of errors found when they’re upgrading to PHP 5.

I don’t know about you, but I don’t really mind with that. Sometime, it is a good thing to have your apps doesn’t work when a new patches applied. That tells us something wrong with our codes. Maybe it contains security holes which shouldn’t be working at all for our own sake.

When your door stop making sound after you change it with a new one, that must be a good thing, right?

JSR 311: Java API for RESTful Web Services

This is surely a good news. Just found out from Dave’s blog, a new standard Java API for building REST based web services (JSR 311) is on the way.

Here is the intro from the specification,

This API will enable developers to rapidly build Web applications in Java that are characteristic of the best designed parts of the Web. This JSR will develop an API for providing REST(Representational State Transfer – See reference to Roy Fielding’s dissertation in section 3.1) support in the Java Platform. Lightweight, RESTful approaches are emerging as a popular alternative to SOAP-based technologies for deployment of services on the internet. Currently, building RESTful Web services using the Java Platform is significantly more complex than building SOAP-based services and requires using low-level APIs like Servlets or the dynamic JAX-WS APIs. Correct implementation requires a high level of HTTP knowledge on the developer’s part.

This JSR will aim to provide a high level easy-to use API for developers to write RESTful web services independent of the underlying technology and will allow these services to run on top of the Java EE or the Java SE platforms. The expert group will investigate whether a subset of the API can be made used with Java ME. The goal of this JSR is to provide an easy to use, declarative style of programming using annotations for developers to write REST ful Web Services and also enable low level access in cases where needed by the application.

RESTful Web Services is a relatively new area in the industry and there are still a lot of unknowns in this space. For example, a key aspect of RESTful Web Services is for the service to be stateless. However, this often requires the developer to produce boiler-plate state restoration code that could be avoided with state-aware API help. We expect the expert group to be an active and engaged group of people participating to prioritize and help drive issues to achieve the end goal of a developer friendly API.

What i want to see next is the RESTful specification for mobile app. The SOAP based on JSR 172 is too much pain for me.

PHP 5 Slow Adoption

Nexen has released PHP stats for january 2007. These stats were generated from the survey they’ve made with about 9.2 millions servers hosted on 2.2 millions IP’s around the world.

What a bit shock to me is the adoption of PHP 5 versus older version as shown here,

majeure.en

although it keeps rising, the usage of PHP 5 (14.08%) is still so small compares to PHP 4 (85.25%).

I mean, PHP 5 has been around for quite sometime now. It’s been almost three years since the first PHP 5x series was released. So, there is no way that this is caused by unfamiliarity.

The compatibility issues between PHP 4 and PHP 5 are also not the excuse. PHP 5 core team has been working hard to make the migration painless. As you can see from the talk here, vast majority of PHP 4 code will work fine on PHP 5.

I’m not a security expert, but if you take a minute to look at the open PHP 4 bugs, you’ll see that most of them include notes indicating that it’s been resolved on PHP 5. I’m telling you, PHP 5 is more stable and secure.

I think, the only reason for this slow adoption of PHP 5 is the PHP installation base on server, which most of the time is beyond developer’s will.

From the developer’s perspective, it is much comfortable to build web apps using PHP 5. But when they have to host their apps on shared hosting or to install on client’s server, there is nothing they can do except to suite their apps with it.

Currently i’m working on a project for a cellular market leader company in Indonesia. This company has strong rules to protect their internal network security. No one can install any program on their computer without written permission from certain people. Let alone touch the server. And they’re happen to have PHP 4.3.9 installed on their server.

I have to work my a** really hard just to do certain things which in PHP 5 just a matter of using a single built in function. And they keep complaining about the speed. Why not using PHP 5 then?