Jul 17, 2014

What is wrong with these pieces of code?


CREATE TABLE tt_news_cat_mm (
  uid_local int(11) DEFAULT '0' NOT NULL,
  uid_foreign int(11) DEFAULT '0' NOT NULL,


$selectConf['leftjoin'] = 'tt_news_cat_mm ON tt_news.uid = tt_news_cat_mm.uid_local';
$selectConf['where'] .= ' AND tt_news_cat_mm.uid_foreign IS' .
($this->config['categoryMode'] > 0 ? '' : ' NOT') . ' NULL';

Your opinion?

Jan 27, 2014

If you use Forge&Git for your TYPO3 extension...

If you host your TYPO3 extension on Forge using Git, you need to change URL for your remote. Here is the information from the server team: link.

One additional note: if you need a write access to the repository, you will need a second command.

Direct write access:

git remote set-url --push origin ssh://yourusername@git.typo3.org:29418/TYPO3CMS/Extensions/yourextkey.git

For Gerrit push:

git remote set-url --push origin ssh://review.typo3.org/TYPO3CMS/Extensions/yourextkey

Jan 17, 2014

Speed up Samba share access in OS X

When you connect to external Samba shares on OS X (especially if you use VPN), you may encounter slow speeds. If you do, most likely you connect using smb:// protocol. In OS X Mavericks in the “Connect to server...” Finder dialog try cifs:// instead of smb://. This is many times faster than smb://.

Dec 26, 2013

Fix for Apple's Latvian keyboard layout

Programmers, who use Apple computers with Latvian keyboard layout may find it disappointing that the single quote key is made a "dead key". (Dead keys let you type characters that are not usually on the keyboard, such as ā or š). Single quote is often used in programming, so having it back in the Latvian keyboard layout would be an advantage.

I made a little addition to an excellent KeyRemap4MacBook app, which can remap many keys on the keyboard. My additions include:

  • Change dead key (single quote) back to single quote
  • Change backquote to quote (does not work in Terminal unless you deselect "Use option as meta key" in Terminal's Settings>Keyboard)
  • Use tilde key properly
  • Map Option+Shift+2 to produce a euro sign as on the US keyboard (the default Option+Shift+Q) works as well.

The fix is here. You can install it by pasting the relevant part to your private.xml. See  KeyRemap4MacBook for more information about private.xml.

Oct 31, 2013

Three useful Subversion commands

If you still use Subversion, you may want to know these three commands:

svn diff -c revision

This will show you modifications made in the particular revision.

svn diff -c revision --summarize

This will show you what files were modified in the revision but not the content of the change. Useful if you just need a list of files.

svn merge -c revision source_url wc_path

This will make a "cherry-pick" (hello, Git users!): pick up the content of that revision and merge only it into your working copy.

Oct 30, 2013

OS X lid sleep and Google Chrome

Found a problem on Mountain Lion & Mavericks: if you use Google Chrome, you may experience Macbook Pro sleep issues when closing the lid. It may take several minutes until MacBook goes to sleep. Testing if the issue exists is easy: just keep Chrome running (preferably with heavy content, like YouTube) and close the lid. If the sleep indicator does not start to "breath" in 2-3 seconds, you have the issue. Open it, quit Chrome and try again. You will see that MacBook goes to sleep much faster. Apple Safari has no such issue.

Why this can be a problem for you? Because when you are on the move, you need every bit of power you can scrap from the battery. Even though OS X Mavericks increased battery life for me from 4h to 6.5h, I still prefer to save all the power that my battery has.

So I migrated from Safari. Incidentally, it is faster than Chrome in Mavericks.

Oct 27, 2013

Assigning a backtick key as a shortcut to the Safari Reader

Safari includes a nice feature called "Reader". This is a feature very similar to what Readability extension in Google Chrome do: it takes the main content of the page and presents it for easier reading by stripping all other elements of the web site and changing the font to a big nice and easily readable.

All is good but Google Chrome uses a back tick key for invoking Readability while Safari uses Command+Shift+R, which is much less convenient (try that on your keyboard!). Normally you can change this in the OS X Keyboard settings. The problem is: that panel accepts only keys with modifiers (you cannot have anything without a Command, or Alt, to Control). So how to add a back tick there?

Terminal comes to help (this is one line below!):

defaults write com.apple.Safari NSUserKeyEquivalents -dict-add "Show Reader" "\`"

This command will set the back tick as a reader invoker. Back slash is needed there, it escapes the back tick for the Terminal and will not be a part of the final key sequence.

Jul 7, 2013

"Book license"

Looking through some old, historical software packages, found a very interesting license, called "Book license". No full text anywhere, unfortunately, so just an excerpt:

"You must treat this software just like a book ... [it] may be used by any number of people ... may be freely moved from one computer location to another, so long as there is no possibility of it being used at one location while it's being used at another."

Nice, isn't it?

Jul 6, 2013

Break in using the "signup key"

Today I read several reports about a break in technique that attackers used to compromise user accounts of several large online companies. Two of them, for example, are Facebook and Dropbox. I read also about others because I was interested if there are more cases like this.

The general idea is that the service gives you, a legitimate user, a chance to change access to your account by sending you a link with a profile id and a certain key, which looks like 27934e96d90d06818674b98bec7230fa (this particular key is not random, if you search for it, you will find another interesting information to educate yourself). Next the code takes the key, searches the database for the key. If the key exists, it signs-up/resets/resends/does-whatever-else-to-give-you-the-access to the profile identified by the profile id in the link.

Can you spot the problem in this logic?

The code checks that the key exists but it does not check that it belongs to the profile in question. So if you got the key, you can reset anyone's password and get access to his account only by using a different profile id. This seems like an obvious error. Yet the programmers of many large companies fail to see it and implement the "reset" functionality correctly.

Now you know what to avoid in your implementation. Are you running to patch your code already? You should!