Jim's Depository

In coding femtoblogger I wanted a simple way to avoid SQL injection attacks. I think I’ve settled on one simple rule:

“Never paste any variable into a query string.”

That is much simpler than the “never paste user input into a query string” or the “always call the proper escape function for variables” methodology. I use the ‘?’ and bind all variables.

Somethings come out in two lines (prepare,execute) instead of one (query), but overall I think the code is more legible without having to read through the concatenation, string delimiting, and escape functions.

48 hours in and I’ve crossed the 1000 line mark for combined HTML and PHP. I will soon need to add a ‘next page’ function to the front page as we go past the 10 article cutoff. I think I’ll take that opportunity to shrink the code somewhat.

I’m not happy with the

getting duplicated in all the primary files, but sometimes I want to tweak it and I’m not sure how to best do that. Maybe I can leave some expandable markers in the standard , and when the primary page calls the WriteHead() function it could pass in a dictionary of marker expansions.

Likewise the DIV structure to make the left and right columns on the pages is replicated in all the primary pages. I’d like to make that go away, but somehow the WritePageFront()…writemystuff…WritePageBack() does not appeal. I dislike having the front code and back code split apart like that. Pasting up the inside as a string is ugly. Passing in a function to write the middle might be the way to go. Perhaps as an entry in a dictionary like WriteHead(). It would be much nicer in a language with continuations.

I added comments to femtoblogger. Just in case someone wants to say something. You can comment anonymously, but you will have to pass the captcha. People logged in can comment freely. That isn’t too much of a hardship. You can create yourself an account if you would like.

I’m not releasing femtoblogger for a while. I am enjoying the luxury of changing things willy-nilly without worrying about converting deployed databases. I’m not even worrying about sometimes breaking the screens while I change code.

The road map looks thusly:

• Develop in secret until the datastore schema seems relatively stable.
• Move the svn library to googlecode and have a quiet release.
• Maintain.

I added a browser type tally to the right hand column. I have very little idea why. It is another database query and update for each page load, but it doesn’t have significant impact on the performance. I’m still loading 280 front pages/second which is 5 times my available bandwidth. No worries yet.

I’m measuring my page load capacity with “openload”. There is a debian package and it is trivial to use. I like that in a tool. They can be found over at sourceforge, http://openwebload.sourceforge.net/

The ‘C’ key started to miss and got progressivly worse on my Powerbook G4 Aluminum 1.25GHz. First, go read about putting keycaps back on… http://docs.info.apple.com/article.html?artnum=88106 … then it is time to take the bad keycap off.

1. Depress the key in front of the bad key.
2. Lift the bad key gently.
3. Peek in.
4. Get a knife point in between the white scissor piece and the keycap.
5. Twist gently to pop the front of the keycap off.
6. Repeat for the back of the keycap.
7. Notice the size of the plunger top.
8. Cut a dot of tape big enough to cover the plunger top, but small enough not to interfere with the scissors.
9. Stick it to the back of the key.
10. Reassemble.

With any kind of luck you have just repaired your keyboard and saved \$160. I think the plungers wear out a bit and no longer reach the key contacts. That extra bit of tape lets you push it down just a bit further.

Good luck. (I had to try twice. My dot was too big the first time and kept getting caught on the scissors and holding the key down.)

Because I used nanoblogger, but found it too large and complicated and there was already a reference to picoblogger in google.

When I write a new improved version in a new improved language I will call it attoblogger or perhaps zeptoblogger. Ain’t wikipedia grand?

I wonder if people will think femtoblogger has something to do with women?

Femtoblogger is my (Jim Studt) miniature blogging tool. I suppose there are reasons why I wrote it…

• I wanted something with which to write notes to myself and the googlebots.
• I loathe giant, complicated software packages written by the sort of people that use PHP or perl. They are a problem waiting to happen and a nuisance to manage.
• As I think about better ways to approach web development I thought it would be nice to have a dataset collected and a ‘standard’ solution to compare it against.

It is day one of turning on femtoblogger. It supports searching, user accounts, access control, categories with filtering, and article editing. Things it will likely gain are:

• ✓ Some sort of HTML in the articles.
• ✓ Hypertext links would be nice. This is the web after all and the googlebot won’t like me if I don’t link.
• I think I’d like to make a way to embed images in the articles. Maybe.
• Some sort of invitation only policy for creating accounts. For now I rely on obscurity and will simply delete any idiots that show up.
• Some sort of TODO or “Look at later” type list would be nice.
• ✓ An RSS feed so I can notify myself when I have written something?
• ✓ Comments, right, it should have comments.

It ended up taking about 70 lines of code for all the access control, but I added an “edit post” function. Now maybe I can leave femtoblogger alone and get back to the language.

AH, well ok. That first post looked like crap. I added 8 more lines and now insert <p> and <br> to preserve formatting of the text, a bit at least. I suppose I’ll make a post editor before I get back to the language.

Update: When I added HTML support I had to get rid of the “one newline turns into a <br>” rule. I had to fix all the existing entries. There is a lesson in there somewhere.