About Johan Cyprich

http://www.cyprich.com

Posts by Johan Cyprich:

Jan 15 2007

Another WordPress Update

Just 10 days after the last WordPress update, another one was released today. Version 2.07 fixes the following problems:

  • Security fix for wp_unregister_GLOBALS() to work around the zend_hash_del_key_or_index bug in PHP 4 versions less than 4.4.3 and PHP 5 versions less than 5.1.4 with register_globals set to “On.”
  • Feeds now properly serve 304 Not Modified headers instead of mismatched 200/304 headers (a.k.a. the FeedBurner bug).
  • Backport of another 304 Not Modified fix from WordPress 2.1
  • Deleting WordPress Pages no longer gives an “Are You Sure?” prompt.
  • After deleting a WordPress Page, you are now properly redirected to the Edit Pages screen.
  • Sending an image at original size in Internet Explorer no longer adds an incorrect “height” attribute.

This was my second WordPress update and, like the first one, it was done flawlessly. I still recommend using the WordPress Database Backup plugin by Scott Merrill. Its the easiest way to backup your database and it should be done regularly.

Its good to see that the WordPress development team are working diligently to fix problems and enhance their product. They expect to release version 2.1 by the end of this month.

By Johan • Applications 0

Jan 13 2007

Laws of Physics Applied to the Software Industry

I found these laws circulating on the Internet.


Newton’s Laws Of Motion:

(ORIGINAL) 1. Every body continues its state of rest or uniform motion unless it is acted on by an external unbalanced force.

(IT) 1. Every software engineer continues chatting or forwarding mails or sending posts on humour unless he is assigned work by his manager.

(ORIGINAL) 2. The rate of change of velocity of a body is directly proportional to the applied force on it and takes place in the same direction in which force is applied.

(IT) 2. The rate of changes made in software are directly proportional to the payment received from the client and takes place at a faster rate as the deadline approaches.

(ORIGINAL) 3. For every action there is equal and opposite reaction.

(IT) 3. For every virus, there exists an equally powerful antivirus, and after release of that antivirus, a more destructive virus comes into existence.

Law of Conservation of Energy:

(ORIGINAL) Energy can neither be created nor be destroyed. It can be converted from one form to another. The total amount of energy in the universe always remains constant.

(IT) Bugs can neither be inserted nor be removed from software. It can only be converted from one form to another. The total number of bugs in software always remains constant.

The Uncertainty Principle of Heisenberg:

(ORIGINAL): “The more precisely the position is determined, the less precisely the momentum is known”.

(IT): “The more precisely the deadline is achieved, the less precisely the quality is maintained”.

By Johan • Humour 0

Jan 13 2007

Is PHP Secure?

PHP has to be one of the easiest programming languages to learn for building dynamic web sites. In less than a week of study, you can be adding PHP code to your web sites and saving form data to a database instead of having it e-mailed to you. The only other language that is just as easy to learn is VBScript for ASP programming (I should note that I’m not talking about ASP.NET programming which is a bit more involved!).

The problem with the ease of learning PHP is that its also easy to write code that is not secure and can be exploited by hackers. This isn’t just a challenge for novices, experienced programmers also can inadvertently write dangerous code.

Apart from coding mistakes, bugs are discovered over time in PHP itself. One would think that once they are found, its developers would move quickly to fix them. According to Stefan Esser, this is not the case. Esser runs the PHP Security Blog and also the Hardened-PHP Project Forum.

He made a post to his blog last month which angered many in the PHP community. In it, Esser announced that he resigned from the PHP Security Response Team which was originally his idea to create several years ago. The main reason he quit was that PHP Group constantly blocked his attempts to improve the security of PHP. The Group preferred blaming the developer for any security issues that occur with PHP.

Esser, while still having faith in the potential of PHP, developed Suhosin. You can find it on the Hardened-PHP Project site. Briefly, to plagiarize his site,

Suhosin is an advanced protection system for PHP installations. It was designed to protect your servers on the one hand against a number of well known problems in PHP applications and on the other hand against potential unknown vulnerabilities within these applications or the PHP core itself.

Its highly recommended that you use Suhosin for any web site that is exposed to the Internet. You probably don’t have to worry much if your site is just an intranet. The National Institute of Standards and Technology (NIST) reported that PHP applications were involved in 43% of security problems in 2006. In 2005, PHP accounted for 29% of the security issues. With the growing numbers of users and applications in PHP, I expect the numbers to be even higher in 2007. All the more reason to take a closer at Suhosin.

By Johan • Programming, Security 0

Jan 11 2007

It’s Not a Bug … It’s a Feature!

I maintain a Windows server running IIS and SQL Server. Normally, it runs without problems and I periodically check to make sure everything is ok.

A couple of days ago, people were complaining that they had problems uploading documents to the server. I checked it and saw that SQL Server was using about 1 GB of RAM. The server has 2 GB installed memory, but in spite of that, the server was running extremely slow. You could actually watch dialog boxes being painted on the screen!

I restarted the SQL Server service and it was back to using 37 MB of RAM, but I watched it take more and more memory throughout the day. Eventually, it was using around 400 MB of RAM even though the computer had light usage that day.

The first thought was that this must be a bug in SQL Server … a memory leak to be more precise. After some research, it was discovered that this isn’t a bug in the software, but its a feature.

SQL Server by design grabs as much RAM as it can. The more memory it has, the larger its cache will be which will allow it to respond faster to more queries without disk access. If other applications request memory, SQL server will release it to them. The problem is that the database server may not release the memory fast enough and could slow down performance of the entire computer. This is why its a good idea to have a dedicated database server.

You could limit the amount of memory that SQL Server can use, but it should be the only application running on your server. IIS and SQL Server should not share the same computer for commercial web hosting.

By Johan • How To 2

Jan 10 2007

Know Your Users

Most software developers dream of writing a program which will bring them riches. The more ambitious ones have already found the luxury home on beach front property they’ll be eventually owning. Unfortunately, many programs that are created do not succeed.

One reason for failure is the way the software is built. Eager programmers would like to start writing code soon after their revolutionary idea is thought of. While this approach works quite well for writing scripts and other small programs, it falls apart when trying to create large applications.

After it is determined what your software will do, the next thing to decide is who will be using it. The tendency is to assume, for example, that your market is the entire 650 million strong Windows community. Even if 1% of them buy your product, you will be rich enough to retire early.

Unless your writing an operating system, its highly unlikely that every computer user in the world will need your software. Its also not a good idea writing software for the general population unless you have Microsoft’s marketing budget. To build a successful application, you need to focus on what it will do and who will be using it.

For example, software for controlling inventory will likely be used by managers in a corporate environment, while an adventure game will probably be played mainly by college students. If the marketing for an adventure game targets a middle manager, it will not succeed. Your software needs to solve a specific problem for a group of people confronted by that problem. If you can show someone how their life can be made easier with your application, you’ve made a sale.

By Johan • Programming 0

« 68 69 70 71 72 73 74 75 »