Stimulated by a bug in a complex and unfamiliar web PHP application with heaps of custom tweaks by other programmers, I decided to try a more professional approach to PHP programming and debugging than the standard var_dump() and family.

As a result, I’m now using Eclipse PDT with Xdebug and Xdebug Helper (Firefox extension). Now I don’t understand how I used to debug my PHP programs before!

After proper configuration (I’m using local Apache, but it is also possible to debug remotely), my work flow is rather simple:

• use my web-app as usual, e.g. tweaking and testing here and there
• if something server-side goes wrong: click the XDebug helper icon in Firefox, and perform some server-request action (e.g. load a page)
• debugging is started in Eclipse PDT, where I can step through the code, set breakpoints, and examine all variables
• as soon as the problem is fixed – click the XDebug helper icon again to continue using the site normally (w/o invoking the debugger)

It takes some time to get used to, but then it’s a breeze.

Some advice:

• don’t use apt-get/aptitude to install Eclipse; it will be much easier both in the short and long run to use some all-in-one package from the Eclipse PDT site; all you need to do – download, extract, run!
• before actually starting to do anything, tweak the eclipse.ini file by increasing heap size from 40 MiB (default) to some larger value (I used 128MiB). If you don’t do this, then at some point your debugging will become painfully sloooow, and then you’ll start getting tons of “out of heap memory” errors, each one suggesting that you quit Eclipse immediately
• install XDebug with apt-get/aptitude – worked perfectly, and there’s /etc/php5/conf.d/xdebug.ini not to mess with php.ini
• do read XDebug guide for PDT 2.x (I’m assuming you got the 2.x version); it should be the only document you will really need to configure everything

I only wish Eclipse was faster – that is, written not in Java but e.g. C or C++.

Giovanni Dall’olio has recently posted a presentation on using make.

Although it has “bioinformatics” on the title page, this is a good and very easy to understand make intro.

Original post is here.

We are pleased to announce the release of GNAT GPL 2009, the Ada Toolset for Academic users and FLOSS developers. It introduces many new features including:

- Ability to generate byte code for the JVM

- Improved support for the .NET Framework

- Addition of the Ada-Java Interfacing Suite (AJIS) that enables native Ada code to be called from Java:
http://www.adacore.com/2008/06/17/ada-java_interfacing_suite

- Availability on the Mac OS X (64 bit) platform

- Automatic C/C++ binding generators

- Addition of the GNAT Component Collection (GNATcoll) providing new APIs that can be extended by the user community:
http://www.adacore.com/2008/06/17/gnat_component_collection

GNAT GPL 2009 comes with version 4.3.1 of the GNAT Programming Studio IDE and GNATbench 2.3, the GNAT plug-in for Eclipse.

It is available for the GNU Linux, Mac OS X (64 bit), .NET, JVM and Windows platforms.

GNAT GPL 2009 can be downloaded from the “Download” section on the new Libre website:
https://libre.adacore.com.

I wonder if the new JVM bytecode generation feature was frequently requested by Ada developers, or is just a move towards popularizing Ada as a highly capable programming language. Either way, it’s good.

Hopefully, I will find time and a matching project to finally learn Ada properly – since a couple of years I believe Ada is a very good programming language. And the D language is better than C and C++ (holy war, anyone? )

Since some WP release, the comment author’s link in comments is broken – it has ‘ external nofollow’ attached straight to the href attribute (which breaks the link).

I assume that the problem is caused by Google Analytics, namely the “track outgoing clicks” feature (as recalled, might be inaccurate feature name). “Track outgoing links” adds some JavaScript code to all outgoing links, and that script has tick characters like this one ‘ which, incidentally, are also used for delimiting the values of comment anchor tags.

To fix:
Read the rest of this entry »

Once I accidentally added circa 300 MiB of archive files to one of my git repositories (which was as small as 5 MiB). I removed those files as soon as I noticed them, but the .git directory still preserved commits with those files, and still occupied over 300 MiB.

I have found the solution at stackoverflow (see also this question).

This method worked for me, but I couldn’t push my rebased repository to the gitosis. I would need to re-init the gitosis repository from my rebased, but I’m not yet prepared to do that.

There is also a slightly different method (which relies on a temporary tag instead of a temporary branch), documented in Git online manual pages; I prefer the temporary branch method.

Below is a full copy-paste of the winning answer by Charles Bailey:

# create and check out a temporary branch at the location of the bad merge
git checkout -b tmpfix

# remove the incorrectly added file
git rm somefile.orig

# commit the amended merge
git commit –amend

# go back to the master branch
git checkout master

# replant the master branch onto the corrected merge
git rebase tmpfix

# delete the temporary branch
git branch -d tmpfix

Also, in my case this thread at stackoverflow was highly useful. I start enjoying the concise and compact style of Charles Bailey :
Read the rest of this entry »

Yesterday I had a look at mod.email.php – the Email module of ExpressionEngine CMS.

It appears that it is very easy to use ExpressionEngine’s contact form (which uses Email module) to send emails to arbitrary addresses – simply put, send spam using someone’s EE.

And here’s why:

• recipients hidden field is passed to the client; it is encrypted, but with access to the mod.email.php code, it is a matter of several minutes to write your own email-encoding function which will produce a completely valid recipients field
• there’s also XID field, which seems to be unique for each page load

Spamming algorithm is clear, so I won’t elaborate. (I could have missed some session variables, though – didn’t check them.)

This information is valid as of ExpressionEngine 1.6.6, but nothing in the change-logs indicates that this mechanism was modified in the newer versions of EE.

Update: I’ve tested, and this vulnerability does exist. The simplest prevention measure is to enable Captcha for Contact Form.

I’ve notified the developers.

Joel Spolsky has an interesting (and useful) post on evidence-based scheduling, as he calls that approach. The post discusses an approach to estimate project volume and key dates (such as milestones and release) based on prior performance of each of the project developers. As Joel argues, this approach provides several benefits, and – among others – allows releasing the software product on the date planned.

I would recommend learning more about “evidence-based scheduling” to anybody who is somehow involved into software development.

Also, for me personally it was useful to read the preceding article by Joel (called painless software schedules), which summarizes some basic ideas you should keep in mind while trying to develop some piece of software (mostly from the manager’s viewpoint). If you are going to read that “obsolete” article – better do so before reading evidence-based scheduling.