iFrames / Content Theft Take Two

StarGeek IM'd with me yesterday after my posting on his use of iFrames and has taking a very different approach - pulling the RSS feed entry into the context of his blog.  I'm impressed that he made the change so fast (damn near real time actually and that is tres cool).  Still, what do others think of this approach?  [_Go_]

8:57:52 AM      Google It!   comment []    IM Me About This   

You Do Know that You Don't Always Have to Buy the Book, Right?

As a book author, and also an O'Reilly author, I probably shouldn't post this.  Oh well.  Yesterday I needed a quick little php code snippet to display a calendar.  While I could have done this by searching phpclasses, google, any number of books I already have, ripping it out of another application (I've done it before), I decided instead to do it by NOT BUYING the book.  In specific I wanted to see that if a book had the source code online, could I use it without the book.  I decided to use the O'Reilly PHP Cookbook as my test case.  So I found its home page.  Then I downloaded and unzipped the code.  (Note that I did NOT look at the table of contents).  Then I went into an editor which can search across directories and told it to look for "calendar") and I got this (source).  Here is a working version. 

Side Note: An interesting thing to me is that in the default version included in the book, the navigation arrows DON'T work.  I had to add the if empty tests at the top to make the code work.  Otherwise the code just generates the same calendar regardless of clicking on the arrows.

So the bottom line here was I spent about 5 minutes to find pretty much exactly the routine I was looking for and then fix it so it worked.  That's probably just about what I would have spent with Google or another site.  And I didn't even buy the book.  That's not to say that I'm opposed to buying books.  Or that I think you shouldn't.  It is more just food for thought than anything else.

8:53:36 AM      Google It!   comment []    IM Me About This   

Good PHP Blog

I mentioned PHP Traveller yesterday and I should add it to my list of PHP blogs I read regularly.  Nicely done.  All kinds of good stuff here.  [_Go_]

8:42:16 AM      Google It!   comment []    IM Me About This   

Cool Blogging Feature: BlogTime

Sanjay has added a feature to his blog which shows the time distribution of his posts on average over the past 30 days.  It is definitely pretty cool.  And he even has (php) source for it.  It was neat to see php code for a bar graph.  Thanks!  [_Go_]

8:41:02 AM      Google It!   comment []    IM Me About This   

BlogBack: Doing Book Source Code Right - WROX

I ranted last July? about how book publishers don't organize book source code well.  In particular I vented about the PHP Cookbook (Sams) where the code doesn't even seem to be online.  Then yesterday I saw the WROX site and they do it beautifully -- just one simple list with links to every book's code.  Very cool.  Well done.  [_Go_]

8:35:27 AM      Google It!   comment []    IM Me About This   

PHP and OWASP Security

I should have blogged this a few days ago, the PHP version of the OWASP security guidelines. I really liked this technique which I haven't seen a lot:

If you're expecting to receive data in a cookie or a hidden form field that you've previously sent to a client, make sure it hasn't been tampered with by sending a hash of the data and a secret word along with the data. Put the hash in a hidden form field (or in the cookie) along with the data. When you receive the data and the hash, re-hash the data and make sure the new hash matches the old one:

// sending the cookie
$secret_word = 'gargamel';
$id = 123745323;
$hash = md5($secret_word.$id);
setcookie('id',$id.'-'.$hash);


// receiving and verifying the cookie
list($cookie_id,$cookie_hash) = explode('-',$_COOKIE['id']);
if (md5($secret_word.$cookie_id) == $cookie_hash) {
    $id = $cookie_id;
} else {
    die('Invalid cookie.');
}

If a user has changed the ID value in the cookie, the hashes won't match. The success of this method obviously depends on keeping $secret_word secret, so put it in a file that can't be read by just anybody and change it periodically. (But remember, when you change it, old hashes that might be lying around in cookies will no longer be valid.) [_Go_]

8:31:57 AM      Google It!   comment []    IM Me About This   

Linux from a Browser

Thanks Dave.  Here's a way, WorkSpot, to run graphical linux (a Redhat Desktop) via a web browser using a Java applet.  Pretty cool.  And this feature is particularly cool:

One of greatest features of the Workspot service is the ability to make one desktop available to multiple users simultaenously, for collaboration over the web. The user that creates a desktop session sets up who has access to it, using the "Share the Desktop" function. [_Go_] [_More_]

I would comment that this isn't feature new at all -- I used, back in 97? 98? or so, a Java applet called Hipbone which let you share your desktop over the net with another user.

8:27:24 AM      Google It!   comment []    IM Me About This   

So How Many Paying Subscribers Can You Get?

Here are some interesting numbers on what happens when you charge for content. 

Wes Jackson, VP of Sales at Belo Interactive, noted that Belo made a mistake last year in trying to impose a $9.95 fee on its popular Dallas Cowboys e-newsletter. "We went from a registered base of 98,000 to 800," he said. Even though Belo was eventually able to grow circulation to 1,500, those revenues amounted to just a fraction of a single advertiser's value with a broader reader base. Belo's future is better assured by building up a solid base of registered users that will accept targeted, opt-in advertising, he said.

Elaine Zinngrade, Assistant General Manager at LATimes.com, noted the exceptionally slow growth of its NewsDirect product, a $64.95 a year "push" product based on the old Pointcast architecture, combined with email and screenphone alerts. Just 250 customers have converted to the pay model out of 5,225 takers of a free, 7-day trial, she noted. One challenge: the paper needed to set prices relatively high in order to meet ABC rules that subscribers need to pay at least 25 percent of print costs in order to be counted for advertising purposes. That effort's going to shot anyway as LAT raises its cover price next month, she muses. [_Go_]

If these numbers are indicative of the norm when you charge for content then it does makes you realize that advertising instead of subscription fees are the way to go.  And that is something that the New York times endorsed this week when they added large format ads.  Of course I still wonder if anyone pays any attention to advertising at all -- whether online or offline but that's another issue.

8:22:34 AM      Google It!   comment []    IM Me About This