Blogs
The main piece of news for day 2 in the Firefox Summit 2008 is that everyone is now trapped in the small town of Whistler after a rock slide cut off the highway that connects Whistler to Vancouver. Fortunately, nobody was injured because of this. However, clearing the massive boulders that are blocking the highway will take 5 days according to official sources. Since the summit ends this Thursday, most attendants need to go to the Vancouver Airport on Friday to catch flights to their home countries. The cause of this rock slide is unclear at the moment, but there are people in the summit who are speculating whether a company whose name starts with an 'M' is behind all of this. A bug was filed in Bugzilla to track the issue, and some of the currently-proposed solutions involve riding bears, taking boats, or taking helicopters. In reality however, we will most likely end up going through a different route that takes around 8 hours in bus.
Read more
Submitted by Ayman on Thu, 2008/07/31 - 4:13pm.
The Firefox Summit 2008 started today in the city of Whistler, BC, Canada. Around 400 contributors to the Mozilla project gathered to meet, share thoughts and discuss the 3.0 release of Firefox and plan for the next releases. I'm attending the summit as the Arabic localizer. I will post a daily highlight of the summit on my blog, so let's start with day one.
Read more
Submitted by Ayman on Wed, 2008/07/30 - 8:54am.
A couple of weeks ago I posted an article on creating a drag/drop portal interface with Drupal and Script.aculo.us. Many comments were interested in a jQuery port for Drupal 5.0, and Mark recommended building such a module on top of the brilliant Panels module. I finally had time to continue working on this, so I created an initial drag/drop module built on top of jQuery and Panels. It's far from complete (doesn't save user settings for example), but it's step in the right direction. I also posted an issue to Panels' tracker, pinging merlinofchaos (author of panels), so let's take the discussion there.
I really am looking forward to polishing this module, as I believe it'll be a timely addition to Drupal's arsenal of modules, now that jQuery is part of Core and Drupal 5.0 is around the corner.
You may download the module here. It's only meant to demonstrate functionality. It's for Drupal 4.7 (because Panels hasn't been ported to 5.0 yet), and requires Panels module. To use it, try to add a new panel and you will find a new type called "three column with drag-and-drop". I tested it with bluemarine; it may not work with other themes for reasons outlined in the issue I posted.
Submitted by Ayman on Mon, 2006/10/02 - 11:32pm.
screen is one of my favorite GNU utilities; it provides a quick and easy way to have several open terminals and do multiple things at once. Another cool feature about screen is that it stays running even if the user logs out or disconnects. This enables the user to detach from their session and resume it later. This feature is a life saver when working on a remote machine through SSH. If I was disconnected for some reason, I can easily reconnect and resume my session.
screen is very easy to use. Below is a list of its main commands. Read on, experiment with them, and you will become proficient in screen in minutes. Believe me you will appreciate it.
Read more
Submitted by Ayman on Sun, 2006/09/17 - 9:03pm.
I've just had a fascinating experience that I wanted to share here. For those not familiar with it, GnuPG is a system for digitally signing and encrypting emails and other data. Since I created my GnuPG key pair, I used to sign all my outgoing emails, but unfortunately this caused many troubles to those not familiar with digital signatures. I often received replies from people not able to view my emails in MS Outlook (because it ignores standards), or found random garbage at the beginning/end and thought the message was corrupted (not realizing that the actual message was in between). Until a couple of weeks ago or so when I decided to only sign messages when required, or when the receiving party is familiar with GPG. And it just happened that I didn't have to sign any emails until tonight. I clicked "send" and a window popped up asking me for the key's passphrase (a long password). I sat there for a while trying to remember what my passphrase was. I entered one but it was wrong. I tried a couple more but no luck. Finally, I realized that I forgot my passphrase!
Read more
Submitted by Ayman on Fri, 2006/09/01 - 12:40am.
The Arabic version of Firefox 2.0 Beta 2 is now available. The key features of this release are:
- Session management: Ever closed a tab by mistake? This features lets you undo and reopen the tab.
- Phishing protection: The browser warns you about scam attempts and phishing websites.
- Enhanced search: You will receive query suggestions as you type your search strings, and it's even easier now to install and manage new search engines.
- And more: Better theme, builtin support for feed readers, ... etc
This is a testing version. If you are willing to help refine the Arabic localization, please download and test. Otherwise, just want for the final release, which should be some time soon.
Download links for the Arabic version:
Windows
Linux
Mac
Enjoy, and thanks to everyone who helped in the translation effort!
Submitted by Ayman on Thu, 2006/08/31 - 10:44pm.
Here is a solution for a problem I read about many times in the Drupal forums, but couldn't find any definite answer to: When upgrading or moving a database dump from MySQL 4.0 to 4.1, Unicode data stored by Drupal becomes gibberish. The attached module iterates over all tables in Drupal's database, and converts text columns to UTF-8. The bulk of work is already in Drupal's code (_system_update_utf8), the module simply makes use of it.
To use the module, install and enable it, then navigate to update.php, and select update 1 for the module, then initiate the update process. You may disable the module when done.
Read more
Submitted by Ayman on Tue, 2006/08/29 - 5:51pm.
A few days I go I received Ubuntu Linux CDs from the Ubuntu ShipIt program, I ordered them back when Ubuntu version 6.06 (Dapper Drake) was released (1st of June), they took a bit longer that expected and the package was obviously opened at the customs, perhaps because of the recent events in the region, anyway they arrived, and I need them badly for my laptop, as the current Gentoo Linux installation is quite outdated and updating it will take a considerable effort.
Perhaps the first thing I'd install after the distro itself is Xgl, it's a 3D desktop environment, I tried a demo live CD and the results were fascinating on both visual and productive fronts, Xgl provides some really cool visual effects such as dropdown shadows and translucent windows, it also features an improved multi-desktop model with many enhancements to common features such as alt-tab functionality.
Although I'm going to install Ubuntu on my laptop, I'll remain a loyal Gentoo user on my workstation.
By the way, those who live in Syria and are interested in Ubuntu but can't find any CDs, please let me know and I'll try to provide copies.
Submitted by Ayman on Thu, 2006/08/17 - 3:54pm.
This isn't actually news, but I'm adding it for reference. In the last few months, and during my work on Drupal (as part of my job or contributions to Drupal), I discovered 2 security vulnerabilities in Drupal core: the first one is an SQL injection vulnerability that I spotted while reviewing access logs for a website I maintain. Some bot was trying to request malicious URLs and one of them triggered an error message in the logs. I investigated and turned out that it was possible to pass input into queries without sanitization in certain cases.
The other one is a cross-site scripting vulnerability. I was analyzing user.module to understand how certain parts worked when I noticed that a variable was printed to page output without passing through filters first.
Both where reported and discussed on the security mailing list, and new versions were released later.
while I am at it, here are a couple of tips:
- Monitor your website access and error logs regularly. This way, you are more likely to notice and stop malicious activities. Linux text processing commands can greatly help in analyzing large log files.
- Keep your web applications up to date, and subscribe to the application's security announcement list (if any). Here's Drupal's security announcements list.
Submitted by Ayman on Tue, 2006/08/15 - 12:11am.
I've just finished reading through "Essential PHP Security", a book that deals with security issues related to developing PHP applications, and I have to say, this book is a must for every PHP developer. It covers almost every aspect of web security from a PHP developer's point of view, including SQL injection, cross-site scripting, session/cookie/authentication management, file uploads, file inclusion, and many other topics. It includes a run down of possible vulnerabilities in a given topic, and how to deal with them in a secure fashion.
Even if you are an experienced PHP developer, this book has a lot to offer. While I don't claim to be one, the book served as a reminder of security pitfalls and techniques, and I managed to learn several new things from it.
Interestingly, many concepts introduced in the book are already implemented in Drupal, like the authentication and session systems and session fixation prevention techniques.
Bottom line, if you are remotely interested in PHP, this book is a must, period. Anyone who wants to touch PHP has to read this book first!
Submitted by Ayman on Thu, 2006/07/06 - 1:33pm.
