I’m Mike

Ugh. Have not blogged in a while, but it seems my buddy Richard Crowley’s recent blog post explaining why he doesn’t like duck-typing has forced my hand. Since Richard and I have been having this discussion for a little while, and since he refuses to allow comments on his blog (which, in my opinion, makes it not-a-blog-at-all, but that’s a different post), I’m forced to defend my position here. Which is fine, it gives me home field advantage and whatnot. Read the rest of this entry »

Anyone who’s interested in security on the web has probably already heard of OAuth. I’ll skip the details of how OAuth works, since that information is available elsewhere, but here’s the short version (OAuth veterans may choose to skip the next three paragraphs):

Before we get started, let me define a bit of terminology from the OAuth Spec:

• Service Provider: A web application that allows access via OAuth.
• User: An individual who has an account with the Service Provider.
• Consumer: A website or application that uses OAuth to access the Service Provider on behalf of the User.
• Protected Resource(s): Data controlled by the Service Provider, which the Consumer can access through authentication.

Read the rest of this entry »

Rewind a little more than 10 years to December 18, 1997. Internet Explorer 4 had been released 3 months earlier. The Mozilla Foundation had not yet formed, and their Firefox web browser was years away from public release. There was no XMLHttpRequest… there wasn’t even XML. On that day, over a decade ago, HTML 4.0 was published as a W3C recommendation. Read the rest of this entry »

Yesterday, Comcast came by to install their digital voice package at my apartment. Comcast has a special deal going on now: $24.95/month for 6 months, unlimited long distance. Skype’s even cheaper — $3/month for outgoing calls and $5/month for incoming (when they’re up). But here’s what I’m wondering: why’s it so cheap? Why is VoIP cheaper than a traditional plain old telephone service (POTS) line? Or, put another way, why is a POTS line more expensive than a VoIP line? Read the rest of this entry »

After working on several large scale PHP projects, and writing a lot of PHP code, I’ve discovered a number of tools that improve code quality, streamline rollouts, and generally make life as a PHP developer a whole lot easier. Many of these tools probably deserve a post of their own. But, since some people aren’t even aware that these tools exist, I figured I’d start there. So, without further ado, here’s my list of tools that every PHP programmer should know about. Read the rest of this entry »

A good model and a proper database design form the foundation of an information system. Building the data layer is often the first critical step towards implementing a new system, and getting it right requires attention to detail and a whole lot of careful planning. A database, like any computer system, is a model of a small piece of the real world. And, like any model, it’s a narrow representation that disregards much of the complexity of the real thing. Read the rest of this entry »

WordPress seems to have a bad reputation when it comes to scalability. Maybe it’s deserved, since a default WordPress installation doesn’t really scale well. But making WordPress scale isn’t hard. I recently hit the Digg home page and got roughly 70,000 pageviews in under 12 hours. Another post hit the home page later the same day, and another 10,000 clickthroughs followed. As a result, I’ve been asked by a few people how I managed to keep my site up under that sort of stress. Honestly, I haven’t done anything that fancy. But for future reference I figured I’d document my configuration, and let people in on one trick that saved my butt. Read the rest of this entry »

Following nearly five years of FUD and barratry, Judge Dale Kimball has issued a 102-page ruling [via Groklaw] concluding that “Novell is the owner of the UNIX and UnixWare copyrights.” Furthermore, the court found that SCO owes Novell quite a bit of money — “[B]ecause a portion of SCO’s 2003 Sun and Microsoft Agreements indisputably licenses SVRX products… SCO is obligated… to account for and pass through to Novell the appropriate portion relating to the license of SVRX products.” Read the rest of this entry »

I wrote last week about how DNS rebinding can bypass browser same origin policies. Since then I found a paper titled Protecting Browsers from DNS Rebinding Attacks that describes rebinding attacks in greater detail. It turns out that there are several varieties of rebinding attacks, and a couple of proof-of-concept DNS rebinding demonstrations already exist. Read the rest of this entry »

I’ve had “redesign blog” on my to-do list for more than a month now. Over the weekend I finally got around to doing something about it [screenshot]. The stock WordPress theme I’ve been using since I launched my blog is great, but I’ve noticed it showing up on more and more sites and I wanted something unique. The changes I made are evolutionary, not revolutionary. And I’m the first to admit that I’m not the best designer around, but I think it’ll do for now. Read the rest of this entry »