Ayman Hourieh's Blog

Firefox Summit 2008, Day 2

The main piece of news for day 2 in the Firefox Summit 2008 is that everyone is now trapped in the small town of Whistler after a rock slide cut off the highway that connects Whistler to Vancouver. Fortunately, nobody was injured because of this. However, clearing the massive boulders that are blocking the highway will take 5 days according to official sources. Since the summit ends this Thursday, most attendants need to go to the Vancouver Airport on Friday to catch flights to their home countries. The cause of this rock slide is unclear at the moment, but there are people in the summit who are speculating whether a company whose name starts with an 'M' is behind all of this. A bug was filed in Bugzilla to track the issue, and some of the currently-proposed solutions involve riding bears, taking boats, or taking helicopters. In reality however, we will most likely end up going through a different route that takes around 8 hours in bus.

Read more

Firefox Summit 2008, Day 1

The Firefox Summit 2008 started today in the city of Whistler, BC, Canada. Around 400 contributors to the Mozilla project gathered to meet, share thoughts and discuss the 3.0 release of Firefox and plan for the next releases. I'm attending the summit as the Arabic localizer. I will post a daily highlight of the summit on my blog, so let's start with day one.

Read more

A Collection of Vim Tips

Vim is one of the most popular text editors for Linux and Unix systems. Its text-based interface may look intimidating for newcomers, but underneath it there is a wealth of functionality to be learned. Experienced Vim users often feel much more productive using Vim than GUI-based text editors.

I've been using Vim on a daily basis for years to do a wide range of tasks, from casual editing of short text files, to managing large programming projects, and every now and then I come across a new feature that considerably helps in some aspect of text editing. For this reason, I decided to compile a list of such Vim tips in this post.

Read more

Arabic Firefox 2.0 Beta 2 Available

The Arabic version of Firefox 2.0 Beta 2 is now available. The key features of this release are:

• Session management: Ever closed a tab by mistake? This features lets you undo and reopen the tab.
• Phishing protection: The browser warns you about scam attempts and phishing websites.
• Enhanced search: You will receive query suggestions as you type your search strings, and it's even easier now to install and manage new search engines.
• And more: Better theme, builtin support for feed readers, ... etc

This is a testing version. If you are willing to help refine the Arabic localization, please download and test. Otherwise, just want for the final release, which should be some time soon.

Download links for the Arabic version:
Windows
Linux
Mac

Enjoy, and thanks to everyone who helped in the translation effort!

MySQL 4.0 to 4.1 Encoding Problem And Solution

Here is a solution for a problem I read about many times in the Drupal forums, but couldn't find any definite answer to: When upgrading or moving a database dump from MySQL 4.0 to 4.1, Unicode data stored by Drupal becomes gibberish. The attached module iterates over all tables in Drupal's database, and converts text columns to UTF-8. The bulk of work is already in Drupal's code (_system_update_utf8), the module simply makes use of it.

To use the module, install and enable it, then navigate to update.php, and select update 1 for the module, then initiate the update process. You may disable the module when done.

Read more

TurboGears Tutorial: Social Bookmarking Application

Anyone interested in web development should have heard about the Model-View-Controller software pattern by now. This pattern emphasizes on separation of application's data model, UI (view), and control logic. The concept itself isn't new and has been around since 1979, but recently there have been many successful implementations of the pattern in the domain of web development.

Like any self-respecting web developer, I started to explore the available frameworks, and quickly settled on Python as a language and TurboGears as a framework. I viewed many webcasts and documents, then decided to practice my newly gained knowledge by writing a basic del.icio.us-like social bookmarking application in TurboGears. Now I'm documenting my work as a tutorial, hoping that other TurboGears newcomers would find something useful in it. The tutorial covers the following concepts:

• Designing data models.
• Developing controller Logic.
• Creating view templates.
• Working with forms and widgets.

There are also sections for the reasons behind my Python/TurboGears choice, and the installation process.

Please read on for the tutorial itself and an attachment of the project's source code at the end. I recommend viewing the code while working with the tutorial, as I didn't include imports or other tiny bits. In addition, the tutorial assumes good knowledge of Python.

Read more

Drupal Security Patches

This isn't actually news, but I'm adding it for reference. In the last few months, and during my work on Drupal (as part of my job or contributions to Drupal), I discovered 2 security vulnerabilities in Drupal core: the first one is an SQL injection vulnerability that I spotted while reviewing access logs for a website I maintain. Some bot was trying to request malicious URLs and one of them triggered an error message in the logs. I investigated and turned out that it was possible to pass input into queries without sanitization in certain cases.

The other one is a cross-site scripting vulnerability. I was analyzing user.module to understand how certain parts worked when I noticed that a variable was printed to page output without passing through filters first.

Both where reported and discussed on the security mailing list, and new versions were released later.

while I am at it, here are a couple of tips:

• Monitor your website access and error logs regularly. This way, you are more likely to notice and stop malicious activities. Linux text processing commands can greatly help in analyzing large log files.
• Keep your web applications up to date, and subscribe to the application's security announcement list (if any). Here's Drupal's security announcements list.

Book Review: Essential PHP Security

I've just finished reading through "Essential PHP Security", a book that deals with security issues related to developing PHP applications, and I have to say, this book is a must for every PHP developer. It covers almost every aspect of web security from a PHP developer's point of view, including SQL injection, cross-site scripting, session/cookie/authentication management, file uploads, file inclusion, and many other topics. It includes a run down of possible vulnerabilities in a given topic, and how to deal with them in a secure fashion.

Even if you are an experienced PHP developer, this book has a lot to offer. While I don't claim to be one, the book served as a reminder of security pitfalls and techniques, and I managed to learn several new things from it.

Interestingly, many concepts introduced in the book are already implemented in Drupal, like the authentication and session systems and session fixation prevention techniques.

Bottom line, if you are remotely interested in PHP, this book is a must, period. Anyone who wants to touch PHP has to read this book first!

Python Challenge

A while ago I came across the Python Challenge. It is a series of programming challenges that require writing short programs in order to advance through levels. The creator(s) of the site put a lot of effort into it. The challenges are a lot of fun to solve, and the whole thing is very addicting.

If you don't know Python then I suggest you read its tutorial and then start solving the challenges, it will be a great learning experience. If you do know Python, the challenge still has a lot to offer on the educational and fun fronts. It will make you explore a variety of libraries and programming domains.

Most of the levels can be solved with other programming languages as well. However, solving them in Python makes the programmer experience the beauty of Python, its power, and ease of use.

To sum it up, if you enjoy programming, the Python Challenge is for you. I don't remember having so much fun on a website in a long time :)

Ah, and by the way, I'm currently in level 27.

Flatforum For Drupal 4.7 Released

Flatforum for Drupal 4.7 has been released, new features include:

• Improved CSS code for both structure and look, changes/improvements should be easier as well (using CSS code).
• Heavily tested with Drupal 4.7, Bluemarine, PushButton, box_grey, and FriendsElectric, under Firefox 1.x, IE 6, and Opera 8.x.
• .install file for Drupal 4.7.
• Forum nodes should appear like normal nodes everywhere outside forums.
• #new and #comment-* link issues should be resolved.

Flatforum is a template that changes the look of Drupal forum so it resembles phpBB/vBulletin style flat forums.

Enjoy the release!