Fri, 6 May 2011

CMS Made Simple Development Cookbook

— SjG @ 10:32 am

I just received my paper copies.

You can get a copy too!

Crypto Interoperability: .NET and PHP

— SjG @ 10:28 am

(I wrote this back in October of last year, never bothered to post it. I probably had a reason for that, but it’s long forgotten by now, so I might as well post what I had.)

So I wasted a great deal of time trying to get my SHA-256 hashes from a .NET application to match up in a PHP application. It seemed really like it should be straightforward: make sure your string has a known character encoding, SHA-256 digest it, and then base64 encode it. How hard could it be?

Well, after a day of ripping my hair out, I concluded it’s harder than it seems. Here’s what the problem is: the application I’m trying to match encodes the strings as UTF-16 before hashing them. Unbeknownst to me, the double-byte strings are big-endian in one case, and little-endian in the other, even though they’re on the same Intel box. Took longer than it should have to track that down.

Oh, but is that the end of it? No, no, no. No, it’s not.

I also had to decrypt some strings. It was encrypted using the ManagedRijndael class, and I had the key and iv string. Those strings also got encoded into wrong-endian UTF-16, which was easily fixed (once I knew what was going on). But I was still getting gibberish. Well, to make a very long story short, the ManagedRijndael class in .NET and the mcrypt_generic function using Rijndael256 algorithm in cipher-block chaining mode in PHP aren’t exactly compatible. The mighty Google finally pointed me to the solution, which is using the Rijndael128 algorithm. The ManagedRijndael class creates actual AES-256, which mcrypt_generic is using Rijndael, which differ in the length of the initialization vector. Switching to the Rijndael128 but still passing the 32-bit key is equivalent to the AES-256.

What’s all this mean, then? This is all stuff that’s probably pretty obvious to anyone who knows anything. I, however, found this bewildering and confuzzling.

Mon, 4 Oct 2010

More Plausible User Data

— SjG @ 4:44 pm

Back a few years ago, I posted a quick’n’dirty tool for generating plausible user data. I had a need for some improvements, so I’m posting the new version here.

The new version supports back-references, composite fields, and SQL output. So, for example, you could do:

./ -t id:lname:fname:city:state_code:zip:company -f i:ln:fn:c:s:z:/1+^+[Cars,Trucks,Boats,Planes,Motorcycles,Ships,Trains]+^+of+^+/3 -s -m tbl_dealer -n 5

and get the following output:
-- generated data from ./
INSERT INTO tbl_dealer (id,lname,fname,city,state_code,zip,company) VALUES (0,'Nelson','Leslee','Akron','OH',44311,'Nelson Boats of Akron');
INSERT INTO tbl_dealer (id,lname,fname,city,state_code,zip,company) VALUES (1,'Bowen','Beatriz','Miami','FL',33176,'Bowen Trucks of Miami');
INSERT INTO tbl_dealer (id,lname,fname,city,state_code,zip,company) VALUES (2,'Hammond','Raymond','Ninilchik','AK',99639,'Hammond Motorcycles of Ninilchik');
INSERT INTO tbl_dealer (id,lname,fname,city,state_code,zip,company) VALUES (3,'Kim','Arielle','Columbus','MI',48063,'Kim Ships of Columbus');
INSERT INTO tbl_dealer (id,lname,fname,city,state_code,zip,company) VALUES (4,'Estrada','Warner','Iuka','IL',62849,'Estrada Cars of Iuka');

Nothing earth-shattering, but useful to me. Maybe to you too!

Download it here:

Fri, 4 Sep 2009

Why I love being an Open Source developer

— SjG @ 10:14 am

I was private-messaged this morning. I’ve redacted the nick-name of the person contacting me, and made a few minor typo fixes. Unfortunately, this is not all that unusual…

[09:56] [redacted]: [link to bug report]
[09:57] [redacted]: I need these features.. ๐Ÿ™‚
[09:57] _SjG_: hi
[09:57] [redacted]: very good module but not working.. ๐Ÿ™
[09:58] _SjG_: it’s been a long time since I’ve done any work on the module
[09:58] [redacted]: any other guys?
[09:58] _SjG_: well, I do intend to do some upgrades on it, but paying work keeps getting higher priority
[09:59] [redacted]: i see
[09:59] [redacted]: it is method to get money? ๐Ÿ™‚ leave small bugs and do works for money?
[10:00] [redacted]: i see this not first time
[10:00] _SjG_: no, it’s just that I only have so many hours in a day
[10:01] [redacted]: i am not asking you to do this
[10:01] [redacted]: just asking wht to do?
[10:01] [redacted]: its not working..
[10:01] _SjG_: I understand. It’s on my list of things to fix
[10:02] [redacted]: any other solution? other developer who can finish this small thing?
[10:02] _SjG_: you can ask
[10:03] _SjG_: I don’t know if anyone’s working on it
[10:03] _SjG_: Maybe [redacted] — he was doing some FormBuilder work
[10:05] [redacted]: strange..
[10:06] [redacted]: i had so much doubt about choosing this cms..
[10:06] [redacted]: now i see
[10:07] _SjG_: if you’re trying to make me feel guilty for not immediately fixing the problem, you’re not going to succeed. I do this as a volunteer. I have a full-time job in addition.
[10:09] _SjG_: You can try Joomla, and see if they’re more responsive.
[10:09] [redacted]: so other have too ๐Ÿ™‚ but they not publishing modules with bugs I spent so much time and now i see that i should do everything with other cms
[10:10] _SjG_: You can always fix it yourself, and be a contributor
[10:10] [redacted]: i am not programmer thanks god ๐Ÿ™‚
[10:12] _SjG_: no, you’re just a person with an unreasonable expectation of everybody doing your work for you. Sorry. Try being a contributor (in any way whatsoever), and I’d be more sympathetic.
[10:13] [redacted]: what?
[10:13] _SjG_: but coming in with a sense of entitlement and insults isn’t going to win you much support.
[10:13] [redacted]: i am just person who choose product like idiot
[10:14] [redacted]: i made a research it fits my need or not
[10:14] [redacted]: and that damn module is buged
[10:14] [redacted]: thats it
[10:14] _SjG_: yes, and it’s on the list of things to be fixed. what’s your point?
[10:14] _SjG_: I’m not dropping everything to make you happy?
[10:14] [redacted]: and developer say that he need money for this or i can fuck off
[10:14] _SjG_: That’s actually not what I said
[10:15] [redacted]: ha ha ๐Ÿ™‚
[10:15] _SjG_: I said that it’s on my list of things to fix, but paid projects have taken priority
[10:15] _SjG_: I have bills to pay, you know
[10:15] [redacted]: you think other is too stupid?
[10:15] [redacted]: ok
[10:15] [redacted]: now i see situation
[10:16] _SjG_: I have a list of projects, each of which I go through and fix bugs as I have the time
[10:16] [redacted]: i will do some work in forums and so on to clear the situation for other people who can be fished like this
[10:16] _SjG_: I also get hundreds of feature requests
[10:17] _SjG_: and everyone is just like you, thinking that their project more important than my life, so I should just do their work for them and thank them
[10:17] [redacted]: so i am guilty to choose not working module ? ๐Ÿ™‚
[10:17] _SjG_: no, you’re guilty of being impatient
[10:18] _SjG_: and insulting me when I try to explain the situation
[10:18] [redacted]: ๐Ÿ™‚ ok
[10:18] _SjG_: accusing me of extortion by intentionally leaving in bugs
[10:18] _SjG_: do you know how many hour a week I put into writing this stuff?
[10:18] [redacted]: how much do you want for fixing this?
[10:19] _SjG_: it’s on the list to be fixed. I have several paying jobs I’m working on now. It will be done after I complete them.
[10:20] [redacted]: i talk with you just 10 min, but i understand that it will be fixed in 5 years ๐Ÿ™‚
[10:20] _SjG_: well, there’s just one of me
[10:21] _SjG_: I’d work faster, but I do occasionally like to sleep, talk to my wife, etc
[10:22] [redacted]: maybe do the work till the end? ๐Ÿ™‚
[10:22] [redacted]: and only then post them?
[10:22] [redacted]: or dont think that other stupid? ๐Ÿ™‚
[10:23] [redacted]: ok i will find some person and pay the money
[10:23] [redacted]: but not for you mtf
[10:24] _SjG_: Dude, with your attitude, I would have charged you the “go to hell” price anyway

Mon, 20 Oct 2008

Fixing crap PHP applications

— SjG @ 1:18 pm

I regularly end up in the situation where I have to fix a crap PHP application.

The latest one has lots and lots of PHP 3.x-era code, that references hashes without quoting the index, e.g.,

$foo = $bar[baz]

Now, the PHP interpreter understands this in actuality. It figures out that since the constant is not defined, the programmer probably meant that the index should be ‘baz’. It does, however, throw a well-deserved warning.

The code I’m trying to fix throws lots and lots of warnings. Rather than wade through all the warnings to find which ones are important, I started with the following:

find . -name \*.php -exec grep -ne '\[[^\$0-9\'\''\"]' {} \;

The thousands of lines of output convinced me bigger guns were needed.

So we got ugly.

find . -name \*.php -exec perl -p -i.bak -e 's/\[([^\$\d\'\''\"]+)\]/\[\'\''$1\'\''\]/g' {} \;

Note that that’s one line, and that WordPress seems to want to change some single quotes into back-ticks. Don’t be fooled!

All those extra backslashes and single quotes are to allow passing single-quotes within the regex, and not have bash consider them problematic.

Also note that this could be catastrophic if you have regular expressions in the code you’re operating on — do a diff with the backup version, and merge back the regexes.

I’m sure there are far more elegant solutions… primary among them, not using crap PHP apps in the first place!