{ dubovsky.com rantings }

The Firefox 2.0 beta 2 release is available. Major features appear to be sessions (restoring your tabs, input fields, downloads, etc. from when you last closed), automatic spell checking in any input field, slightly improved tab support, slightly better RSS support, and JavaScript 1.7. The spell checking alone is worth it: I’ve really become accustomed to KDE’s automatic spell check feature in all system and application dialogs.

Download it, try it, and report any bugs you find. Community-supported software only gets better when people support it!

After Windows annoyed me one day too many, I’ve switched over both my daily computers to Linux. Oreo (our file server) has been on Fedora Core 4 for quite some time, and I’ve run FC 4 and 5 on a second partition off and on. I’ve never really been sold on Linux as a desktop OS, but after trying the Ubuntu live CD, I switched both my work laptop and, later, my home desktop. I chose the Kubuntu distribution of Linux, which is Ubuntu with the KDE desktop manager instead of Gnome.

For my work laptop, Linux is an obvious choice since I develop mostly for embedded Linux and I spend most of my day in Cygwin. That was an easy transition. Having run Kubuntu on both machines for over two weeks now, I’m declaring this experiment a tentative success and posting the results here in case it helps anyone else.

The short summary of my experiences: Ubuntu is an excellent distribution and by far the most user-friendly and supportive of all the distros I’ve tried. Most computer-literate users could install instead of (or side-by-side with) Windows, use, and enjoy, but the few hurdles required to enable some key features make it still unsuitable for those afraid to tinker or hack.

(more…)

• If you’re following a bad guy (problem) through a dimly-lit building, don’t get tunnel vision. There’s probably another bad guy hiding right next to you, waiting to bite your neck or otherwise ruin your week.
• If you see a dusty treasure sitting on a dusty temple shelf, look around and think before you pick it up. It probably wasn’t left there because it was useful.
• Spend some time every game looking for a better weapon (skill), but don’t spend all your time looking for it.
• If your teammate dies out in the open, sometimes it’s worth getting shot in order to rez them. Doing this when your teammate is only going to be immediately killed again is neither helpful nor popular.
• If no one else is around, you’re the best tank driver. If a better driver shows up, it may be wise to hand over the keys.

An interesting quote from (the very quotable) The Design and Evolution of C++ by Bjarne Stroustrup (emphasis added):

My impression was and is that many programming languages and tools represent solutions looking for problems, and I was determined that my work should not fall into that category. Thus, I follow the literature on programming languages and the debates about programming languages primarily looking for ideas for solutions to problems my colleagues and I have encountered in real applications. Other programming languages constitute a mountain of ideas and inspiration — but it has to be mined carefully to avoid featurism and inconsistencies. The main sources for ideas for C++ were Simula, Algol68, and later Clu, Ada, and ML. The key to good design is insight into problems, not the provision of the most advanced features.

Also, a C bug-hunt trivia question. Can you spot the logic error in this C code I recently saw?

int i;
int bool = 1;    /* assume success unless function returns 0 */
for (i=0; i < numdevices; ++i)
    bool &= function_returning_number_of_records_processed(i);
if (!bool)
    error("blah blah");

Hint: in the simplest case, the number of records processed can be either 0 (an error), 1, or 2.

Stab, stab, stab to the programmer. The answer appears in the comments.

SSL certificates for a web site are pretty cheap, as is SSL-capable web hosting. However, for development reasons, I need a wildcard certificate and refuse to pay the several hundred dollars (annual) fee to a commercial CA to get one.

Long story short: if you’re trying to log in here (so you can post and such), your browser is probably warning you that my SSL certificate isn’t signed by a Certificate Authority that the browser knows. If you wish to solve this and help support a free community-based CA (CAcert.org), read on. If not, you can skip this.

To import the CAcert’s Root Certificate (allowing you to determine if CAcert’s customer certificates are valid or not), please visit their root certificate page.

(more…)

While experimenting with a new style of looking at mySQL programming, I threw together a simple To-Do application based on AJAX. I don’t claim it will gracefully degrade to non-capable browsers (if you have javascript off, etc.), but it should work in all the major current browsers. Give it a spin as the guest account. Let me know if you have any problems.

I discovered that WordPress doesn’t support outputting secure (HTTPS) links for the login, admin, and registration pages. SSL seeems to be an all-or-nothing thing for them. It also doesn’t provide a way to limit your session cookies being only sent over a secure link. Since I do all my editing over secure links (there is customer data on this site!), this irked me a bit, so I looked for ways to work around it.

Jürgen Kreileder has a great blog entry on how to hack WordPress to use secure administration pages. Alas, it does more than I want (comment spam management) and my web server doesn’t run the mod_proxy required to complete the URL output rewriting. I had to do something a bit more… sinister (read: hackish).

Theory:

• use part of Kreileder’s hack (see above) for ensuring the cookies are secure, the auth_redirect goes to a secure page, the admin_referrer check is for a secure page, and chuck the rest of it.
• replace the mod_proxy output link rewriting with an extremely hackish change to wp-config.php (the only file of which I’m aware that is included in every other page), buffering the output of the page via PHP’s ob_start and then going through and rewriting and “http://” links to sensitive pages with “https://” links. (I’m going to programmer’s hell for this.)
• a fairly simple .htaccess rewrite block to redirect insecure access to sensitive pages to their secure versions

It’s not pretty, but it works. Caveat emptor!

Riad Lemhachheche at the Oregon State University is conducting a survey on how people use and perceive Wi-Fi networks. Go take the survey.