24 Hours with Habari

So here we are, 24 hours after moving nearly 2 weeks worth of work (on and off) and it’s still standing. I’m impressed. :) Anyway, given that I know my conversion is generating a lot of talk about Habari and interest amongst you guys I thought I’d collect together some of my initial thoughts. Let’s start with the negative, because then we can end on a positive note…

  • There is no comment mailing built in. I woke up to a near-empty inbox and spent 5 minutes trying to figure out where the world went to. Turns out, all your comments were hiding in here waiting for me.
  • The feed is doing something wonky with some of my older posts. Three old book reviews are sat in there, despite being backdated in the blog.
  • The Habari autop() function ends paragraph tags before <code>, treating it like a block-level element. It’s an inline element.
  • The Spam Checker plugin is not the greatest. I’ll either be improving it or rolling my own.

With that said, these are easily outweighed by some of my favourite ‘features’:

  • Theming was incredibly intuitive for me. I think if you know what a PHP include does, you should be able to very easily create your own theme after a quick glance at one of the available themes. (It didn’t take long to code up this theme, although admittedly the design is from Scott.)
  • The admin panel is FAST. I’ve had WP Dashboard crash Firefox more times than I care to recall. No such problem here.
  • No MySQL connection errors yet. (If you remember, this was one of the problems I had with my first blog system.)
  • The reception from the Habari community on twitter, in the comments on my previous entry and in the #habari channel has been fantastic.

Of course, this post wouldn’t be complete without a spot of code…

To fix the autop() <code> bug, open /system/classes/format.php and change (line 117ish):

$regex = '/(<\s*(address|code|blockquote|div|h[1-6]|hr|p|pre|ul|ol|dl|table)[^>]*?'.'>.*?<\s*\/\s*\2\s*>)/ism';

to:

$regex = '/(<\s*(address|blockquote|div|h[1-6]|hr|p|pre|ul|ol|dl|table)[^>]*?'.'>.*?<\s*\/\s*\2\s*>)/ism';

(Interestingly, I googled this to see if anyone else had brought it up and noticed a previous version of autop without code, as above.)

I don’t expect to have the time to make too many of these Habari posts, but look forward to seeing how the blog holds up.

I’ve Converted to Habari

I recently asked for recommendations for a blogging script through .net forum to fulfil the requests of those wanting something more professional than FanUpdate, but without the relative bloat of WordPress. @otherniceman was kind enough to point me in the direction of Habari and not only was I impressed enough to have used it as the base of several recommendations, but I’ve also converted my own site to it.

You may remember that it was only last year I recommended Chyrp. Indeed, I still like the quirky little script. Unfortunately however, with over 18,000 comments and nearly 1,000 entries my blog does not like it. Even today where my traffic is half what it was in the summer of last year — not blogging for 12 months does that to ya — Chyrp cannot cope. With my plans to cut the crap to free up some time, I need something that’s going to keep me live without daily babysitting.

Habari is in most respects almost like a “WordPress lite” (weighing in at some 5MB smaller than WP), something which many of us have been crying out for over the years. With that said, it’s not something new and just on the shelf… development started in 2007 as far as I’ve been able to gather, with some of the original WordPress contributors getting it where it is today. The project appears to be maintained by the community, for the community and has a tight security record so far.

As part of the conversion I have, as previously touched upon, cut out some of the crappy older articles from the site and have converted the rest into blog entries. Likewise, old reviews have been moved over and can be found using the tag “review“. The scripts page has been compressed down into one block instead of multiple pages with inspiration drawn from Cine’s script page.

Converting hasn’t been a quick task simply because of the mass amounts of content and entries, and I hope that it pays off in the long run. In the mean time, you’re more than welcome to report bugs to me in the comments below or via e-mail: jem@jemjabella.co.uk

Known Issues

  • Half of my redirects aren’t working. Arse.
  • Most of my entries are untagged, giving some empty links (e.g. Pants on right)
  • Comments lists are as of yet unstyled
  • Feedburner has a cached installer page instead of feed.
  • Feed featuring some very old posts (sorry)

SQL Injection Flaw in FanUpdate

A security issue has come to light in FanUpdate (2.2.1 specifically but likely affects previous versions). This only affects those who are still running with register_globals turned on (a very bad idea).

The problem — for those interested — lies in show-cat.php relying on an unsanitised $listingid. In an ideal world, show-cat.php should only be called by the script from another page where you define $listingid first. However, because there’s nothing stopping direct loading of the file itself, show-cat.php can be accessed (on a server with register_globals on) with a malicious SQL query in the URL.

Quick Fix

Open show-cat.php and change: if (!isset($listingid)) { exit; }

to: if (!isset($listingid) && !is_numeric($listingid)) { exit; }

then change: $query = "SELECT * FROM ".$fu->getOpt('catoptions_table')." WHERE cat_id=$listingid LIMIT 1";

to: $query = "SELECT * FROM ".$fu->getOpt('catoptions_table')." WHERE cat_id=".(int)$listingid." LIMIT 1";

Important note: I am not responsible for any damage incurred by running this fix. I do not have any responsibility over FanUpdate. (Blah blah blah.) I’m only posting this because I know Jenny doesn’t maintain the script now.

Personal Perspective

This is an odd entry in that Karl regularly chimes in (quoted). However, given that what I’m about to discuss affected us both, I’m sure you can understand.

If you’d asked me this time last year my opinions on ‘mommy bloggers’ and ‘mommy blogging’ I’m sure I’d have given you a cynical retort about the standards of these bloggers and where they could, quite frankly, stick their views. I’d have been firmly with the childless 20-somethings, stuck in the mindset of “I know best”, trying to impart my wisdom on things that seem obvious to anyone with half an education. Funny how 12 months changes things, though.

On the 13th of October last year I woke up, stumbled into the bathroom and chucked my guts up. I went back to bed, assuming food poisoning, but within a few hours had a very faintly positive pregnancy test in my hand and my mum on the way with something a little more accurate. Karl came home for a change of clothes on the way to a prior work engagement, I told him, he swore, I cried. It wasn’t the best evening of my life… waiting for the one person I desperately needed to hug me more than any other to decide whether or not he could cope with what I’d just told him.

(Karl: I did indeed swear, but it was more down to the stress of racing home from work to eat, shave and shower, then dress smart and race right back in under 30 minutes due to an open evening. I was a tad shocked, very unprepared, and quite unsure of how I’d make a good father figure!)

I don’t think either of us were prepared for that day, but it was honestly a piece of cake compared to what followed. The couple of weeks after that I was in and out of the doctors being plied with various pills and vitamins to try and keep the morning sickness (later realised as hyperemesis gravidarum) at bay. I missed most days off work, and by Friday 31st of October I was quite badly dehydrated, hadn’t kept food down in around 48 hours, was throwing up blood, and had lost nearly 20kg in weight. I was taken into hospital, hooked up to a drip and had blood taken by the bucketload.

I was kept in overnight and promised a scan on the Saturday. By the time I was finally called for the scan, it had honestly felt like I’d been hanging around for months. My mouth was dry, I’d not eaten in over 3 days and although the drip was supposedly sorting my fluids out I couldn’t recall a time when I felt shittier. The scan revealed that I was actually pregnant with twins. Twins. That’s two potential babies sucking every last ounce of strength out of me. However, neither had a heartbeat. They’d stopped growing at about 8 weeks. I cried a little, although they were tears of relief. Relief only for myself, because I didn’t want to have to go through 9 months of what the previous 2-3 weeks had thrown at me. Selfish relief.

(Karl: We both did, to be fair. It’s still a bit of a point I ponder in my more introspective moments – Never saw them, but they did exist for a while. Odd feeling, and one I do tend to mark in my own way.)

They gave me options for how to proceed. I could wait for nature to take it’s course, take pills to help things along, or have a D&C. I opted for the D&C. I just wanted everything sorted, I wanted to be back to normal… seeing Karl without that worried look in his eyes (Karl: worried I was. You didn’t see the state of Jem. Not a good time.), sitting on the Internet playing with my code, back at work with my colleagues, playing with my animals. Sunday came, 4 days without food, nil by mouth for the surgery. I remember chatting with the theatre nurse about twins running in the family. I remember the anaesthetist talking me through what was going to happen as I drifted to sleep, and then it was all over.

(Karl: During this time I was sat with my mother in the hospital canteen, talking about life and being very open about everything, including everything she went through with me in hospital all those times. It was quite a revealing time. Thank god for parents – I really felt at times like I was coming apart, so tired I couldn’t recall half the driving I was doing, and so on. I don’t think I’d have coped otherwise, especially not with getting the house ready for Jem’s return.)

I wasn’t actually going to write about this. Up until now, only a few very close friends and family had been made aware of what went on, the rest told of tummy bugs and viruses. Yet, as I get closer to my due date — 8 weeks to go — I can’t help but feel that not only did my experience have a massive impact on how I dealt with this pregnancy (which, as you may know, has not been without its own set of issues) but also made me realise that no amount of education, no amount of smart-alec Internet debates, no amount of thinking you know best can prepare you for what life is going to throw at you. Each step you take shapes your next, not what you think you know.

Giving it all up (sort of)

I have spent the past week or so away from the computer for the most part, and in doing so have had time to contemplate where I’m going in life and what my various online dedications mean to me. As a result of this, I have made some decisions to cut back on a huge chunk of responsibilities. Obviously this is, in part, due to pending sprog. However, it’s no secret that I’ve been spreading myself thinner and thinner and I’m beginning to lose the balance between being online and retaining my sanity.

Firstly, I will be getting rid of my fanlistings (contact me if you’re interested in ‘adopting’). It’s cute and fun to maintain these little cliques, but TFL’s annoying “you must update even if nobody joins” rule makes it more and more of a pressure. Of course, one can argue that I could run the fanlistings independently, but it becomes redundant when someone else is running exactly the same site with ‘tfl approved’ slapped all over it. I will still be involved in fanlistings for the sake of BellaBuffs, though.

I’ve dropped out of my position at CSSbake although have offered my continuing support as a guest/part time contributor because it’s a project I feel really strongly about and definitely see continued success in its future.

I’ve already implemented huge changes at the q*bee in terms of responsibility shifts and so on, and want to keep doing this. Not only does it allow other members to become involved in their club and shape it into something they want, but it increases ‘points of failure’… i.e. when I disappear for a few days on the spur of the moment (or because I’m in labour), nothing is going to fall over because people can carry on without me.

I will be contacting those who volunteered an interest in moderating rev.iew.me with regards to taking up those positions, but thankfully the site is pretty much independent (although could quite honestly do with me rolling out upgrades to jumpstart interest again). I’d be interested in teaming up with another PHP developer who is genuinely interested in helping to improve rev.iew.me, so if you’re looking to contribute to a project let me know.

tutorialtastic is… in limbo. Changes were planned but haven’t gone anywhere as of yet and I’m concerned that this is a valuable resource being wasted. Only I can deal with that, though. Need to cut my losses or get off my arse and get on with things. Gah.

Most importantly — and the point of this long and rambly entry — is this site. Jemjabella is my online identity. It is my metaphorical ‘baby’ and I really don’t want it to be usurped by, well… a real baby. That said, the site is too big for me to feasibly update on a frequent basis in its current form, and it shows in some of my old articles and reviews. I keep starting X cool new feature, only to give it up because of the stress of other drains on my time. In an attempt to make things easier for me to keep up with, I’m going to totally pull the site down and restructure from scratch. Anything that can be converted to a blog entry (reviews, articles, etc) will be, I will finally finish the blog (search, proper categories, using tags to their full effect, etc) and I will get rid of anything that either a) doesn’t get any hits or b) isn’t of any actual use.

My various scripts will be moved to a separate site where they can be properly maintained, supported, tracked, updated etc. Exactly where is to be confirmed, although the general consensus seems to be that they should go on jemturner.co.uk (currently forwarding here) in an attempt to build my professional reputation.

It’s a huge deal for me to relinquish control over a growing ’empire’ (for lack of a better word) and I’ve had debates in my head that’d rival even the best Pants Award drama. Nonetheless, I think this is the best for all sites, and all users involved.

Tech Books for Sale

I am trying to clear some space pre-move/pre-baby, as well as making a bit of extra money to put aside for emergencies and so was hoping to sell a few books on Amazon. Unfortunately they require you to have a UK credit card, which I don’t have, and as I’m ebay-aphobic I don’t want to go that route. So, if you’re interested in the private purchase of any of the following tech books, please get in touch: jem@jemjabella.co.uk.

How to Break Web Software by Mike Andrews / James A. Whittaker
ISBN: 0321369440
Condition: New (it was bought as a gift but already own a copy); includes companion CD
Price: £18

Hackish PHP Pranks & Tricks by Michael Flenov
ISBN: 1931769524
Condition: Excellent; includes companion CD
Price: £15

Mac OS X Tiger Pocket Guide by Chuck Toporek
ISBN: 0596009143
Condition: Minor scuffages
Price: 50p

Graphic Design Cookbook by Leonard Koren / R. Wippo Meckler
ISBN: 0811831809
Condition: Excellent
Price: £10

Graphic Design School: The Principles and Practices of Graphic Design by David Dabner
ISBN: 0500285268
Condition: Good, but with minor corner damage on back left
Price: £6

PHP 5 Advanced: Visual Quickpro Guide by Larry Ullman
ISBN: 0321376013
Condition: Very good apart from crease down front cover
Price: £16

Delivery for all is £2.75 as per Amazon, except the Mac pocket guide which is smaller so £2 only. UK shipping only. If you live local(ish) to Telford you’re more than welcome to arrange to pick them up at no extra cost for delivery.

If any of you have any genius ideas as to where else I can flog some of my crap, do let me know.

What a Frickin Morning

I went to see a local property this morning in the hope that, should we find somewhere suitable, we can arrange with the landlord/lady to escape our existing tenancy due to the damp and access issues. Property was quite nice, more than suitable, gorgeous little ‘secret’ garden around the back. Unfortunately I was told at the END of the viewing that it had in fact already been applied for through a different agent and was therefore basically off the market. Talk about a waste of time.

The agent who showed me around kindly took me to a similar nearby property which we’d enquired about at an earlier date and were told was already gone (but wasn’t). It’s not suitable really, and on the way back she dropped me off and it started pissing down with rain. I got soaked walking from the high street to the flat.

Get into the flat, dripping wet, go to fire up my laptop to find the number of the estate agents to confirm that the application for 1st property had definitely gone in, only to discover that my laptop was sat on battery. I knew it was plugged in, so did the usual checking plug socket, adapter etc. Adapter LED was off. Thought initially the adapter had gone pop, so unplugged it from the laptop and in doing so, found bite marks straight through the wire. I know for a fact it was Fudge, because he’s done the same thing to my Acer power adapter. Two fucking adapters in a month. Thankfully the Dell is under next business day warranty so they’re shipping out a new adapter (no questions asked) for Monday morning.

Using what little battery I have left, I look up the bus timetable (we don’t get regular buses out by me, it can be anything up to 2 hours between them) and discovered it was due within 5 mins. Pack my stuff in a hurry, get to the door, and can see from the window that the bus is just arriving. No bloody time to get around the corner to the stop and so I miss my bus.

To top it all off, I tried to add credit to my phone but the Orange website keeps telling me it’s having technical details and so I can’t add a card or use it to top up my phone.

So no house, soaked in the rain, broken power adapter, a missed bus and 23p phone credit. What the fuck else is today going to throw at me before it’s over?

On the Exciting Topic of Damp

I bet you all wish you were leading a life as exciting as mine… tidying, vomiting and coping with damp.

Seriously though, as if it wasn’t the weirdest phase of my life ever these past few months (if you’ve never been pregnant, wait until you have a sprog growing inside you and then try and put that into words) and I wasn’t already panicking about a) pending finances, b) labour and birth (mm, pain) and c) actually buying all the shit that I don’t have like baby clothes, a cot, etc, the fact that we have an ever increasing problem with rising damp is just about ready to push me over the edge. And I’m sorry for the epic run on sentence.

We’ve had problems on and off with damp since we moved into the flat. It wasn’t so big a deal at first, we cleaned it up and got on with things. However, because we’ve had some rain but the weather has still been warm (and thus we’ve not had the heating on) the muggy / humid atmosphere is really bringing it back with a vengeance. We have quite bad mould growing on one of our walls — it just so happens to be the wall to my little ‘office’ room — and it’s badly affecting both Karl and myself.

Now struggling with the idea of breaking out of our tenancy agreement early to get away from it (which may cost us financially) or putting up with it until Feb which will affect both us and sproglet physically (it’s not healthy, let’s put it that way). Landlords are aware and are sorting out replacement guttering, which is apparently one of the causes, but I don’t think that will solve it all as I’m sure we have rising damp down by the front door.

Bah. All very tiresome, and seriously affecting my Internet access as I daren’t go in the little room at the moment.

Sod’s Law

Pretty much every Friday, Karl’s mum pops in to see us on her way back from work. Because Karl and I both work all week, we tend to ‘save up’ housework for the weekend. This means that when she gets here, it’s normally an absolute tip… unwashed cups and plates stacked on the side, cat toys all over the place, clothes that need washing.

I do have some dignity and pride, and so today I left my mum’s a bit earlier to get back and do a bit of a tidy up before Karl’s mum got here. (To try and convince her that we’re not both pigs.) Done the washing up, tidied up snotty tissues and picked up the cat stuff.

Guess who’s away this weekend and thus wasn’t coming ’round anyway?

NinjaLinks Update: Version 1.1

As a distraction from working on my own site, cssbake, and all of the other projects I’m way overdue on, I’ve done a huuuuge round of bug-fixes on NinjaLinks. Version 1.1 is now available to download.

Overview of fixes

Key: ‘M’ minor changes – aesthetic or non-essential fix / ‘N’ normal changes – required bug fix / ‘I’ important changes – security fix (none this release)

  • (M) Fix typo in config.php
  • (M) Allow spaces and dashes in category names – manage_categories.php
  • (M) Fix order of updates displayed – functions.php
  • (M) Add ownername field – addlink.php / manage_links.php / updatelink.php
  • (N) Remove strtolower from URLs (affecting UC links) in addlink.php / manage_links.php / updatelink.php
  • (N) Turn off errors – functions.php (not necessary once live)
  • (N) Undeclared variable error in manage_categories.php
  • (N) Allow foreign chars in link names / owner names etc – addlink.php / functions.php / install.php / updatelink.php
  • (N) Smoother install process – functions.php / install.php / header.php
  • (N) Better install checking (if install file exists etc) – functions.php / header.php
  • (N) Better error reporting – functions.php
  • (N) Improved spam protection – config.php / functions.php / addlink.php / contact.php
  • (N) Option to disallow duplicate links – config.php / addlink.php

Installing a fresh copy

Download the script, set up database, customise config.php and run install.php as normal (as covered on the NinjaLinks page). Delete install.php and update-1-1.1.php. You do not need to run update-1-1.1.php.

Upgrading from version 1

BACK UP YOUR EXISTING FILES AND DATABASE

Download the script, copy over your existing configuration settings into the new config.php (be sure to set the new options where appropriate). Customise your layout (header/footer/stylesheet) or copy over existing data from back-up. Delete install.php from the folder. Upload all of the new files, over-writing the existing ones (or, delete the files and re-upload fresh). Once uploaded, run update-1-1.1.php in your browser (at http://your-website.com/ninjalinks/update-1-1.1.php or whatever your URL is). Once completed, delete update-1-1.1.php.

Any problems with installation or upgrading should be posted in the tutorialtastic section at codegrrl.

Important note: the NinjaLinks install/update now forces UTF-8 character sets in the database to allow foreign characters. If your NinjaLinks database is shared with another script and you aren’t sure if that uses UTF-8 or would the affect of setting it would be, be doubly-triply sure to make plenty of back-ups. That said, it’s fairly common for scripts (such as the likes of WordPress, etc) to use UTF-8 anyway.

Best Phishing Mail Ever

I just found this phishing e-mail in my junk box. I find it absolutely hilarious:

Subject: This is an official notification from United Kingdom Government

For security reasons, you must update your account to protect your bank account from disable.
Please Click Here to complete your account update. Click here then click to your bank logo to start the validation process.

United Kingdom Government.

There’s something about the audacity of the subject… the idea that the UK government — which, incidentally, couldn’t organise a piss-up in a brewery — would start mailing out zomg important bank account security warnings is pure comedy gold.

Unfortunately, the page itself had already been taken down so I couldn’t have a look at it :(

In Which I Poke Fun at Apple

Mactards. Everyone knows one. They’re not just using an Apple Mac because hey, they just like ’em, they actually think it’s a way of life. They think that because their technology is preceeded by the letter “i”, they are somehow superior. Their operating system doesn’t get viruses. Their MP3 players come in multiple shiny colours. Their laptops will outlast any cheap equivalent. Hah, give it up guys: Apple are pulling stunts lately that you’d normally only expect from Microsoft. I wouldn’t go so far as to say that Apple are falling from grace — heaven forbid — but when your favourite news aggregator is reporting several negative stories in quick succession one can’t help but cackle.

Let’s start with the Times Online reporting that Apple have attempted to silence the owner of an exploding iPod with a non-disclosure agreement. Ignoring the cheek of the non-disclosure — apparently this is more common than you’d think — I can’t help but wonder how many others have been affected by similar heat/exploding issues. More than one, that’s for sure:

Interface designer Dustin Curtis posts this on Hacker News:

My PowerBook G4 Titanium overheated and melted. I called Apple support. They took my number and told me to wait for a call.

Ten minutes later, an executive in Cupertino called me and apologized for my “trouble.” Then he made the a similar offer to the person in this story– if I agreed to not talk about the incident, he would send me a fully loaded brand new PowerBook G4 (aluminum model at the time) worth almost $5k, an iPod, and an external hard drive.

I took the deal, of course, but refused to sign anything.

Here’s a picture I sent to Apple HQ immediately after the incident: http://bit.ly/Gv93d

And then a few links for good measure:

If melting plastic and exploding components isn’t enough to get you going, how about pulling apps from the iPhone app store for bogus reasons, or expecting developers of said apps to cover the costs when apps are pulled? And the one about the Federal Communications Commission (FCC) getting frisky with Apple because of potentially anti-competitive behaviour? Still with the iPhone, howsabout the news that Apple have admitted that an unlocked iPhone is a terrorist threat? Isn’t that reassuring.

Of course, my favourite is the story about the flaw that could allow ‘hackers’ to steal data that is supposedly encrypted. The amusing part is not that people are open to having their identities stolen — I wouldn’t wish that on anyone — but that the Mac OS users who insist that “macs don’t get infected” are left with egg on their faces. Again.

George Ou reports on a keyboard firmware flaw that, attached to any Mac, can be used to record passwords and re-infect Macs with trojans even after a total harddrive wipe. The worst news? I quote (emphasis my own):

This type of a hack however isn’t something where you can go into an Apple store and have an Apple “genius” exorcise because once the Apple keyboard is infected and locked; there is no practical way of undoing the damage.

Phew. All this in the space of a few days. Apple must be hurting.

Smug? Me? Nah. I’m more than familiar with Microsoft’s multitude of sins. Just glad to be sat on the other side of the fence for once.