Scott Yang's Playground

Via Hacker News. Setting up PHP-FastCGI and nginx? Don’t trust the tutorials: check your configuration! I have in fact written quite a few tutorials and published automated scripts that are vulnerable. Seems the easiest way to prevent this issue is by adding a try_files statement (or a if (-f $request_filename) if Nginx -V < 0.7.27) [...]

On the left hand side, we have multiple vulnerabilities with PHP release 5.2.1 or less. Remote attackers might be able to exploit these issues in PHP applications making use of the affected functions, potentially resulting in the execution of arbitrary code, Denial of Service, execution of scripted contents in the context of the affected site, [...]

Did I just say all my WordPress plugins seem to work fine with WordPress 2.1? It turns out one of the new features in WP2.1, where you can set any static page as the front page, will send your browser into a busy redirection loop, when you turn on Permalink Redirect plugin. Well. The bug [...]

Alrond’s technoblog: The performance test of 6 leading frameworks. Very interesting read, as Alrond tested Django (Python), TurbGears (Python), Ruby on Rails 1.1.6/1.2.1 (Ruby), Catalyst (Perl), Code Igniter (PHP) and Symfony (PHP), using various load and memory testing utilities. His conclusion? Django is fast, and can be very light on memory as well. RoR 1.1.6 [...]

Ohloh: PHP Eats Rails for Breakfast. A clearly link bait title, as it is in fact analysing by the “language”, i.e. PHP vs. Ruby, instead of frameworks. However, the analysis is interesting. As well as Brad Feld’s feedback on this article. Some of my thoughts: I won’t say it represents the “big picture”. Ohloh is [...]

Last couple of nights I have hacked a generic URL-based cache for Gravatar, the globally recognized avatar. If you have been blogging or reading other people’s blog, “gravatar” would not be foreign to you, as it has been implemented on many blog sites of various platforms. Gravatar Cache is an implementation to cache both positive [...]

It all starts with Tim Bray’s little rant on PHP a few days ago. Tim can’t stand PHP, because …all the PHP code I’ve seen in that experience has been messy, unmaintainable crap. Spaghetti SQL wrapped in spaghetti PHP wrapped in spaghetti HTML, replicated in slightly-varying form in dozens of places. I have seen some [...]

Peter Hunt took a look on “How Python wins on the Web”. He argued that framework does not really matter — not all those efforts mimicking Ruby on Rails anyway, as RoR and .NET has already won the hearts of developers. Instead, Pythonists should focus on killer re-usable applications. Here’s what I propose: screw Web [...]

The Server Side reports Caucho adds PHP support to Resin to allow it to run up to 6 times faster. It is done by compiling PHP into Java bytecode so that it can be executed in highly optimised Java virtual machines. From this comment, Quercus (the PHP module for Resin application server) actually implemented most [...]

Via ZDNet News, Marc Andreessen of former Netscape endorse PHP over Java for website development, because it is open source, having easier environment, widely used and have big companies behind it. Interesting description about Java: Java is much more programmer-friendly than C or C++, or was for a few years there until they made just [...]

As discussed on Slashdot, is another PHP library vulnerability that affects PEAR’s XML-RPC module. James at GulfTech has demonstrated this vulnerability with an exploit. It turns out the PHP XML-RPC library uses eval() without checking, which allows arbitary PHP code to be executed if the XML-RPC message is cleverly crafted.

Ryan Tomayko rebuked Daniel Sabbah of IBM’s claim where LAMP cannot scale and the model should “grow up”. He argued the traditional 3/n-tier design cannot scale due to its complexity, and a simple state-less design would be more scalable, faster and easier to develop. I am not really convinced, and I do hope that they [...]

I’ve just got the chance to start visiting my old WordPress plugins after upgrading this site to WP 1.5. Syntax highlighting with Enscript is broken, so I’ve made some changes to get it going again. Here’s a list of changes: Detect whether we are running under WP 1.5+ to pick the unmangling routine. WP1.5 double [...]

Harry Fuecks wrote about his predictions of PHP in 2005, with unrealistic ones like ‘In January 2005 PHP will win an award as “Programming Language of the Year, 2004″‘. To me, PHP has never out grown its stereo type as a web language, and a program who knows only PHP but nothing else deserves no [...]

Thanks to Glen Piper for pointing out the incompatibility caused by Bible Gateway changes, I have made some minor modification to the Scripturizer for WordPress and release it as 1.4. Download Scripturizer 1.4 Changes: Bug Fix: Change the URL so it shall now work with updated Bible Gateway. If you are a user of a [...]