Dec 30, 2011

How to solve any kind of problems

I planned to write this post for a long time. The post is long and it provides detailed instructions on solving any kind of problems. Surprisingly, when it comes to solving problems, the same algorithm works for everything. I came to this algorithm after 15 years of being a software developer, a manager for my own company projects, a family man and a dad. It is not importatnt where the problem is as soon as you folloe the algorithm. You can solve the problem with it, if it is solvable according to laws of the nature and means you have under hand. The algorithm consists from six steps. Let's begin.

Realize that the problem exists

This may sound dumb but this is where the failures start. How much time did you say to yourself: "Oh, it is not a proble!m" only to regret later that you did not address it in the beginning? Son has bad marks in school? Ah, well, he will recover. Customer complains? Ah, well, they always find something to complain about. Sorry, it does not work. Listen to your instincts. If they say, you might have a problem, than most likely you have it. The cost of solving the problem increases with time. The later you realize you have the problem, the more effort you have to make to solve it. The more you delay, the more you loose. So, the very first step to solve the problem is to realize that it exists. Be honest with yourself and say it to yourself: "I have a problem to solve". With that you are closer to solving the problem than you was before. This helps you to commit to solving the problem.

Realize what the problem is

This is a different step. If you realize that you have a problem, it does not mean you realize what the problem is. Your son is getting bad marks? Is that a problem? Most people will say "yes" and be wrong here. Getting bad marks is not a problem, it is a result, an outcome of the problem. This is why it is important to realize what the problem is. Uncovering the real problem could be difficult but this is the time when you should not rush. If you rush now, you may end up solving an imagined problem, not a real one. Really, bad marks - what else could be a problem? Well, tons of them. It can be bad relations with classmates or teachers, wrong course, even medical issues! You must invest time to understand the root, the cause of the problem! If your head aches, you would not chop it, right? For the first time you may take a medicine to ease the pain but if the pain returns, you go to see the doctor. Same with any other problem: get to the root of it, see if your "problem" is not a sympthom of something deeper.

Research possible solutions

This is what most people never do. That just catch the first idea that comes to their mind and go for it. This rarely works satisfactory. The first solution is almost never good. Therefore for years I nver take the first thing that comes to my mind as a solution. I know that there always exists a better solution. It only ta,es time to get it. Cool down. Stop. Don't rush again. Think! Depending on the complexity of the problem and your familiarity with the topic it may take from minutes to months to discover the solution. Months is extreme, of course. Usually it does not take that long. For technical issues I take about 3-4 hours to do something else while putting the problem somewhere to the back of my mind (I imagine it like an old closet of 18th century with many small doors where I can put the problem to "cook" for a while). For something related to kids I usually must sleep ovErnight to Find a decision. It really works. Everytime when I find a better solution, I am surprised how better it it than the first idea that came to my mind. May be this is why my work is usually good: I take time to think about it while doing other tasks. It does work!

Make a plan

Yup, this is another thing very few people do. You do not have to write a detailed plan on a roll of paper or in the spreadsheet. Well, you can, if you want or if the problem is complex and sution is lengthy, but a menthal plan do in most cases. The reason for having a plan is simple: You must know what to do exactky to solve the problem and in what sequence. Chaos is not your way, believe me.


Only now, when you are clear about the problem, solution and plan, you can go and execute your plan. Remember, that there are no plans without flaws. Even brilliant plans have flaws. So be able to readjust dynamically by temporary going back as many steps as you need. This may sound complicated and time consuming but it is not. When you become used to this algorithm, you will discover to your amazement that you can do it automatically. It is simplicy practice.


It is a good thing to make a wrap-up after the problem is solved. I rarely write down what the problem was and what I did to solve it (right and wrong) but if you can write it down in a personal diary, it would be good. You can come to it later if necessary. Why don't I do it? Well, I do not like to write on paper and I could not find a good app for that. At least, I do a quick analysis afterwards and try to see what I did well and what I did badly. That helps to avoid the same mistakes later.


What do you think of this? Does that sound like a good algorithm to you? I you have anything to add, please, write in in comments. P.S. No, my son does not have bad marks :) It was just a common example.

Dec 27, 2011

Transferring domains from GoDaddy

I am transferring all my domains from GoDaddy to protest against their SOPA support. This means my blog may become unavailable for a short time in the coming days until the domain name is fully visible with a new registar. In case, if you cannot see this blog, do not panic. It will be back online.

Dec 13, 2011

How to make a Macbook Pro DVD drive region-free in Lion

Apple ships Macbooks with drives without a region set. However, before you watch the movie, you have to set a region. Later you can change it but not more then four times. The solution is to this problem is to flash your DVD drive with a modified "RPC-1" firmware. The risks are as usual: anything can grow wrong, you can brick your drive, warranty is under question, etc. So don't do that unless you are ready to take the risk.

There are lots of instructions on the web how to make it. For my drive, Google leads me to two pages: one and two. They are all ok except that they require a Matshita Flasher application, which does not work in Lion (PPC applications are not supported). However, this application is only a wrapper around the real flasher, so you can flash your Macbook under Lion too. Notice: I did not tell you to do it! I am just providing the information.

Dec 5, 2011

Improving battery life for Apple devices

There is an ongoing discussion on the Internet about troubles with iPhone 4S battery and iOS 5. Many users got decreased battery life with iOS 5. While it is definitely a problem in the firmware, there are ways that can help you increase battery life of any Apple device. I am talking Apple here because I used that for every Apple device I owned. Apple designs batteries themselves and all batteries I had, were made by a single manufacturer. So other devices may need a different way to extend battery life.

When I got a new iPhone 4S, it came with iOS 5.0. I upgraded to iOS 5.0.1. The phone did not survie a day of charge. Now it survives 3 days with using e-mail, twitter, facebook + location services. How did I do that?

Dec 4, 2011

Efficient e-mail communication

Frech IT company named Atos (74,000 employees) will completely ban all internal e-mails in 1.5 years. Its CEO, Tony Breton, said that an average employee gets about 200 e-mails daily. Of them, about 18% are spam and only 10% are useful. They already reduced e-mail traffic by 20% and happy with results. Atos management says that employees will continue to communicate using instant messaging and Facebook-like posts.

Atos made a step towards better efficiency in business communication. This is a great and clever decision.

I agree that e-mail channels often become a major distraction way. While it is possible to filter out spam effectively with relatively simple measures, other e-mail message often remain inefficient. Many mails come with extra words, long disclaimers, polite but needless "how are you"s, etc. I believe that business correspondence should be strictly about business. This position may seem extreme to some readers. We all know that business often grows due to personal relations. But it is a good thing to separate personal and business when you want to talk about tasks. Time is extremely valuable, so loosing it for inefficient e-mails is not a good thing. If it is a business e-mail, it is about business, so let's get straight to business without personal stuff. Personal stuff is ok in personal e-mails but if person A needs person B to do something, just ask for it. The clearer A does it, the more chances that he will get it.

Here is an example of a great e-mail I got recently:

Hi Dmitry, 
for our XYZ customer, we have a new request to extend RealURL. It sounds quite simply. Could you please check if this is possible an how much effort it takes you to do the changes with RealURL? 
With RealURL it is possible to ...
This is an excellent e-mail: short, concrete, easy to read, clear. When I communicate, I prefer the same style:

Dec 2, 2011

Importance of tools

Quite often I hear an opinion that tools do not matter. If the person is good at his work, he will do it well with any tools. Well, this is both true and false.

When tools do not matter

When I was in school, I went to a photography class after official lessons. It was not like a school class, it was more like a community of pupil with an adult teaching us how to make photos. He owned a very good camera (6x6 cm) and we all complained that he can do good photos with his good equipment, while we can't do it with our cheap cameras.

Once he became annoyed by our complaints and took us to the outside for a three hour training in the forst. We were to photograph freely what we see and like. Some went do their work alone, our followed our teacher trying to make the same photos as he did. He gave everybody the cheapest possible camera (we had a stock of them in the class) and took one of them too.

Nov 30, 2011

PhpStorm 3.0 is out

Just got a message from JetBrains:

PhpStorm 3.0 is now available and introduces the Smart Duplicated Code Detector to help you quickly find similar blocks through your entire code base and securely get rid of them without losing the intended functionality.
Also a new integrated UML tool allows you to quickly get a bird’s-eye-view of your project structure, or even a semantic view of the changes in the recent VCS commits made by your colleagues.
Furthermore, to ensure that your code works fast and doesn’t cause any performance bottlenecks, the IDE now includes a profiler, a new PHPUnit test runner and JSTestDriver.
The new key functionality in PhpStorm 3.0 includes:
- Smart Duplicated Code Detector
- PHP UML roundtrip diagrams
- Profiling results browser for Xdebug and Zend Debugger engines
- PhpUnit 3.6 integration
- CoffeeScript support
- Significant improvements to FTP/SFTP Sync
- TFS support and revision graph for GIT
- Streamlined UI across all operating systems

Submitting FLUID forms

If you use f:form view helper and submit data using GET requests, make sure you add noCacheHash="true" to the f:form. For example:

<f:form action="register" method="post" id="tx_myext" noCacheHash="true">

If you don't, you will put a copy of the page to the cache for each submitted request. That's not necessary.

It is good to put this option also when you submit using POST because there is no need for cHash in such case.

USER_INT is not evil, your code is!

Quite often I hear a wrong idea that USER_INT plugins is a source of all evil when it comes to TYPO3 performance. I have to bust this myth into dust.

When TYPO3 renders a page, it has to do a lot of stuff. What happens when you request a page under /profile/details/ URL? Firsts, TYPO3 has to resolve the URL to a page id. It calls RealURL to do that. RealURL makes a lot of stuff internally. In the happiest case it makes at least one database query. In the worst case number of database queries will be more than a number of tree levels to the page. TYPO3 page tree implementation is not optimised for performance at all, so you start loosing speed already here. Did anybody thought “nested set”? Nope, no such thing in TYPO3.

Nov 29, 2011

Two types of developers

I divide all developers into two types: team developers and solo developers. Any developer can be good or bad but these two types are fundamentally different in their thinking and approaches to work. It is important to know with whom you work and adjust accordingly.

Team developers

Team developers work well in a team. They need other players. They can work on their assigned tasks but only if those tasks are a part of a whole. Team developers do not like to assume a complete responsibility on the project.

Typically team developers usually communicate well with others, they like to communicate and socialize. They can do the assigned work of any kind but they generally do not have or strive to leran new stuff. They are not entrepreneurs at heart. However they work great in the team. So they are especially useful in big projects when management needs "resources" to fulfil the task.

Team developers can become good team leaders because they understand the environment they work in.

Blog migration, RSS feed woes

As you may have noticed, I migrated to an external blog service. Domain name is the same but I am using Blogger now. There were several reasons to migrate:
  • I do not want to maintain the infrastructure. The blog ran on my own server, so I had to watch logs, do updates, etc. I rather not to do that because this blog is a hobby and not a real project. 
  • Better blogging capabilities. As a wrote already, TYPO3 is not really good for blogging at the moment. Blogger gives far more power tools
  • RTE is much better. When I prepared posts in the past, I always had to fight the TYPO3 RTE. It inserted &nsbp; all over the place, it changed markup all the time, added new paragraphs. So I sent at least 20∞ of time reformatting the article after it was published. Now I simply type and it works. 
  • Better spam handling. There is one guy from India, who regularly tries to abuse my blog by posting offensive words in his language together with phrases like "TYPO3 is great". Other Indians (for whom I have a great respect as a nation), would come here and see all that junk and turn away. This abuser is filtered away automatically now. Never could understand why would people do such destructive things...

About RSS

The side effect of changing the blog is that everybody, who subscribed to my RSS feed, got a lot of old articles marked as unread. I apologize for that. It happens when the blog platform changes. Just mark them as read.

Also I ask subscribers to check the feed they use. The right feed is If you use anything else, please, subscribe to All other feed links will cease to exist soon.

After using Blogger for a day I feel excited. It is very convenient. I think I'll blog more now. I have ideas for the whole set of articles on TYPO3, better coding, doing stuff in a right way. So stay tuned :)

Nov 28, 2011

Internal knowledge

There is one way to introduce problems in the code, which I'd like to discuss today.

Suppose you have a module, which creates database records. The module has an integer field with a set of flags (each flag is a single bit in the integer). Flags 2 and 4 mean thing X. Flags 2 and 6 mean thing Y. Flag 1 must be used only together with flag 3 or flag 5. The module knows how to manage those flags and what to make of them. Let's name it “module 1”.

Now imagine another module (“module two”). It needs to get information from the first module, that matches certain criteria. Module one would be able to provide that information by matching flags.

Here is the tricky part. The most obvious solution would be simply to query the database directly from module two. Proper solution for module two would be to ask module one for the information. Querying module one's tables using a combination of flags is wrong. Such query uses the internal knowledge of module one outside of the module one. Thus, the implementation of module two becomes dependent on the implementation of module one.

Do you see potential problems here? If module one changes, module two breaks. This "solution spread" introduces unnecessary dependencies between logically separate modules, which is neither necessary, nor good.

A proper way would be to create an API in the module one that returns records, required by module two. If the internal implementation of module one changes, module two will work because all internal proceedings happen inside a single place.

Next time, when you are about to introduce cross-module dependencies, think of minimising them in favor of API usage.

This article was inspired by a in TYPO3.

Nov 27, 2011


Instead of giving you a full post about productivity, I'll give you a link to much better information than I was going to write. The Ultimate Productivity Blog gives you a 100% productivity recipe.
Read it. You will love it.

Frustrated by the tt_news upgrade

Today I wanted to write a blog post about productivity. Coming to the BE I noticed that I still had TYPO3 4.4.9 running. So I went to upgrade. It usually takes 10-20 minutes to upgrade a TYPO3 version for me. Well, it took nearly 2.5 hours and I had to revert from tt_news 3.1.0 to old good tt_news 2.5.0 because 3.1.0 simply does not work properly. Here is what does not work:
  • When the plugin is inserted as a content element, it does not appear on the page. The reason is that it does not add itself to TypoScript anymore (to tt_content.list.20). I had to investigate and add it manually.
  • New page browser in tt_news does not replace certain markers out of the box. Why couldn't the developer simply use a pagebrowse extension instead of doing a complex thing himself?
  • The formatting is changed too much.
You can tell me that TYPO3 4.4.9 and tt_news 2.5.0 is too old. Yes, that's true. You are absolutely right. But there is one important thing to know. I had no problems updating TYPO3 core or any other extension. However I had huge problems with tt_news. As usual.
People, when you write your code, remember a gold rule: the less problems people have with your creation, the more they will like it. Upgrade should be smooth. Behavior should be compatible!
I hate tt_news. (Georg, yes, I know about news2 but I am not ready to migrate to it. I am out of time.)
No productivity blog post for today because my productivity for today is out of order, thanks to tt_news.

Nov 18, 2011

Future from Microsoft

I came across a video, which is a Microsoft's version of the future. Here it is:

This is beautifully rendered video but... it is fully Microsoft video :) Microsoft is different from many other companies in the way that they never invented much. They worked on inventions of others. For example, almost everything in this vide is either multitouch, or iPad-like or a 3D monitor from a science fiction. Nothing of this is new, everything was seen in movies already (take "V", for example for interfaces).
The other thing that bothered me, is that Microsoft believes it is the future, while most of it is present. HUDs (head-up displays) are quite common. BWM has them in cars, there are even eyeglasses with HUDs now (you can read e-mail with them or see geographical pointers). Multitouch exists for years in all Apple products. Gestures without touching was recently patented, which means implementation is is the labs already. 3D holograms exist for years. You can read news with phones, which are getting very slim, donate, set appointments and send instructions. Nothing of that is new! So where is the future in this video?
The kitchen has the same microwave (which makes your products less healthy for you). It is all present, nothing is from the future.
Pumps? In future??? Nuh.
If Microsoft wanted to show more of the future, they would not look to pumps or luxury cars. They would show holographic meetings (like in "Resident Evil: Extinction"), all green energy, voice controlled equipment ("Hi, Siri!"), less traveling and more time with family. That would the future.
But that's Microsoft: shiny outside, no new ideas inside.

TYPO3 developers, say "no" to memory leaks!

There is one small mistake I often see in TYPO3 extensions that I review. It is related to freeing resources after you have done with them. Many people forget to do that. PHP is a language where you do not have to free memory. That's true. But resources (such as file handles, recordset, etc) are different. You have to close them explicitly! PHP may close file for you sometimes but even that is not guaranteed.
Let's see the problematic code:
function memoryLeakingGetDatabaseRow() {
    $resource = $GLOBALS['TYPO3_DB']->exec_SELECTquery(...);
    return $GLOBALS['TYPO3_DB']->sql_fetch_assoc($resource);
What is wrong here? This code fetches a recordset from the database but does not free it. This means that all structures MySQL had to prepare live in memory. This may include portions of the data retrieved from the database. That data lives for the whole request. If you make multiple calls you accumulate more and more such data in memory. That leaves less memory for other processes on the server. This data is tied to the database connection. If you have persistent database connections, this data is not released when your script terminates because the connection is not released. Thus you have data accumulating all the time. The result is slow down of the server after a certain period of time (low memory means more swapping and that is slow).
How this can be prevented? Code:
function memoryLeakingGetDatabaseRow() {
    $resource = $GLOBALS['TYPO3_DB']->exec_SELECTquery(...);
    $row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($resource);
    return $row;
This releases the recordset properly and frees all allocated memory.
[Note: of course, for a single result you can use exec_SELECTgetSingle but the point of this article was to show the problem and the solution]

Nov 17, 2011

How I came to TYPO3

In the comment to my previous article, I was asked how did I come to TYPO3. Here is the answer.
Me and my wife have a project in our country. The project has started in January 2001 as a set of static pages and grew to a large family portal with elements of a social network.
In 2001 it was just a diary, which my wife made online. Blogging was not a hot area at that time but she was blogging. People came and read, they were interested. So she asked me to make a forum on the site. So there was a forum. People asked for more: they wanted more articles, more information. The amount of information grew.
In 2003 we had our own rudimentary CMS. It allowed to manage pages and connect them to menu items. So menu structure was separate and pages were separate. Menu could be two levels deep maximum. The CMS was simple and fast, it could run on inexpensive shared hosting with a very limited CPU power, memory and disk space.
Number of articles grew and navigation became harder because we needed more nesting levels and greater editing capabilities. I worked full time on my daily job, so I could not create a “full force” CMS. I started to look around. I went to the and tried several CMSes there. At that time there was only one CMS there, which I more or less liked: Mambo (now it is called Joomla). TYPO3 also was there but the text said something like “the system is too heavy and complex to be installed as demo”.

Nov 15, 2011

Looking back at my professional life

I am 38, which is an age when people start looking back and see what they went through and evaluate their path. So do I. I am a software developer and I was like that for all past years. Have a look back with me.

Nov 7, 2011

Does your blog/forum help spammers?

Do you know that your blog or forum may help spammers to gather e-mail addresses of commenters even if you hide their e-mail addresses?

Recently I discovered one interesting blog and made a comment on one post. There was a checkbox to subscribe to updates of comments. I ticked that because I was interested in the topic. When comments started to come to my e-mail, I noticed that they were sent from the e-mail address of people, who commented. E-mails were hidden in the blog but as soon as you subscribe to comments, you get e-mail addresses of all commenters. That would help spammers a lot if the blog uses Gravatar service for user pictures. Gravatar binds e-mail addresses to pictures. Blogs can show pictures of users if the user provided a valid e-mail address. Thus, if the blog is known to use Gravatar, many users will supply a real valid e-mail. Here you get spammers subscribing and catching a lot of valid e-mails. Update/clarification: this is not a problem of Gravatar! This is your blogging software that can send such e-mails. Gravatar only shows pictures and it is not vulnerable at all.

There is another view on this problem: the blog says that e-mail address will not be revealed but, in fact, it reveals the address. So it may have legal privacy implications. I notified blog's owner about the issue.
Conclusion: never use user's e-mail to send anything from the web site.

Oct 24, 2011

Backend search improvements in TYPO3 4.6

TYPO3 4.6 brings a lot of great enhancements. I would not tell you all of them in this post but you will learn about one of them. The reason to choose this enhancement is that it has a certain effects on TYPO3 extensions. Extension authors need to be aware of this change and adjust their extensions accordingly.
The enhancement I mean is an improvement of the Backend search. What was wrong with the old search? The old search worked like this:
  • Take all numeric fields and add them to the list of searchable fields (including uid and date/time fields)
  • Take all input and text fields and add them to the list (including, for example TSConfig field)
  • Use LIKE %...%
  • Search every table in the database if the table is in $TCA
  • Search 4 levels deep maximum but never say it to anybody. So people would wonder why can't they find results deep in the tree.
That causes too many fields to search for each table (most of them unnecessary). Also it searches numeric fields for string patterns using LIKE, which is a very slow operation. In case if there are many extensions installed, searching could take minutes.

What was changed? The search was adjusted to work like this:
  • Use only specially configured fields for search (i.e. we can search "bodytext" field but generally there is no need to search "TSConfig" or i18n_diffsource field)
  • Use numeric fields in search only if search phrase is numeric
  • Skip tables that are not configured in $TCA
  • Search regardless of pid unless searching "current page only" from the List module.

Oct 23, 2011

Using TYPO3 for blogging

From time to time I see questions in the TYPO3 mailing list about using TYPO3 got blogging. Since I have a blog made with TYPO3, I am going to compare several solutions and describe their advantages and disadvantages. I also share my own views on choosing the best blogging tool.

Oct 13, 2011

"Your computer was restarted because of a problem"

That message appeared each time after I restarted my MacBook Pro. It looks like a flag was written somewhere that this message should be displayed. While it takes a simple click to get rid of the message, I wanted to get rid of it once and forever. After a small search in Terminal I found how to fix it:

  • Open Terminal (use Spotlight to find it)
  • Type sudo rm /var/db/PanicReporter/current.panic

That's all. You can now reboot without errors.

Oct 6, 2011

Tribute to Steve Jobs

Steve Jobs, the former Apple CEO, the inventor of iPhone, the most innovative man in the world and the world's best CEO, died tonight.

I met Steve Jobs in 2008. Not personally, of course. I saw an old colorful iMac in 2001 and liked that. But I did not buy it and did not become an Apple fan. Next I got in touch with Apple products at TYPO3 developer days in 2006. There I really liked MacBook Pros and OS X. They were fantastic compared to my Windows notebook (I had a new good looking Fujitsu-Siemens). In the end of 2007 I bought my own MacBook Pro. And soon I heard about iPhone. "Nothing special", - thought I - "just another phone". Then I saw it and wanted it very much.

Accidentally I came across a Macworld 2007 keynote, where Steve Jobs introduced the iPhone. I had no idea about Steve Jobs at that time. I never heard his name before. So I was not pre-engaged. But the man hook me from first minutes. The power was radiating from him. I watched it again and again. This is the first time when I saw such an inspiring and energetic man. He did not jump like Steve Balmer. He did not speak in high voice like many politicians do. He spoke with love. Love and that feeling of "changing the world" really hooked me. I became a great fan of Steve Jobs and Apple.

Many say he is a paranoid dictator, who engages patent wars and secrecy. But this means nothing to me. To me, Steve Jobs will be always a man, who revolutionized the world of music, computers and mobile phones. He is the one, who inspired others. He is the man, who thought that highest quality is the top priority. He is the man, who wanted to leave a dent in the world. And he definitely did it.

Steve Jobs principles, as I saw them, were quite simple:

  • do original
  • do it best
  • love what you do

That's the goal to success and happiness. You can't do great stuff by mediocre copying. You can get money with this but money do not give happiness. The feeling that you made a good change in the world, makes you happy. And I think Steve was happy in the end.

Good luck to you, Steve Jobs, wherever you are now. Thanks for the lessons given. Your principles will live in many people's minds.

Sep 22, 2011

Mac recovery partion: revisited

Update (Oct 23, 2010): readers posted a lot of valuable comments to this article. Make sure you read them at the bottom of this page.
Some time ago I wrote an article about recreating a Lion recovery partition. The way described in hat article was very technical, complicated and risky.
While any way of adjusting partitions is risky, I found a safer way to recreate recovery partition after my Mac crashed again (looks like its life time is coming to an end). Here is how I did it the second time.

Sep 20, 2011

Life principles

“Believe nothing, no matter where you read it, or who said it, no matter if I have said it, unless it agrees with your own reason and your own common sense.”

-- Buddha

Sep 14, 2011

How to create a Mac OS X Lion recovery partition

Update (Oct 23, 2010): while this article still provides a working way to (re)create the recovery partition, I now recommend a simpler way. But if you decide to go with the way described here, make sure you read comments too! This article was written by extracting shell commands from a list of many successful and unsuccessful commands. Therefore there are some mismatches in numbers in this article. However the workflow is correct. If you use this article, you should carefully calculate your own numbers. But really, use the other way. It is easier and less risky.
Recently my old (42 months) Macbook Pro had a problem and I had to restore it completely from the Apple Time Machine backup. This Macbook is my primary instrument, so I do everything to keep its information safe and alive.
As a part of being "safe", I always encrypt my hard drive. Before Lion I used PGP Whole Disk Encryption. It was a bad experience (2x slower, troubles after each OS X update, etc) but it worked. With Lion I happily threw away PGP without being sorry at all and encrypted my hard disk with new shiny FileVault2. FileVault2 also encrypts the whole disk and requires a pre-boot authentication to unlock the drive. Information cannot be recovered without a proper password.
After recent crash and recovery from a Time Machine, I went to encrypt my drive again. But now Lion showed me a message that my disk cannot be encrypted because it does not meet the requirements for FileVault2. I knew what was the problem. FileVault2 requires a hidden "recovery" partition that Apple creates on the disk. It seems like I did not have that. Searching the Internet revealed that if I install a clean system, recovery partition is silently created. However, if I restore from a Time Machine Backup, it is not created.
This is bad news. I need FileVault2. So I have to make that recovery partition in some way.

Aug 28, 2011

How to make your web site insecure

This article describe how you can make your site insecure. If you follow every point here, every junior hacker will be able to break in.

1. Never follow guidelines from the TYPO3 security cookbook

TYPO3 security cookbook contains generic information about securing your web site. Never read or follow it.

2. Do not hire TYPO3 professionals

Do not go for expensive but secure offers from known TYPO3 agencies. They know how to make sites secure. Instead, hire the cheapest and least known freelancer you can find. Preferably find the one, who claims he can create web sites with a dozen of CMSes. It means he does not known any of them well enough but this increases your chances to get insecure web site. This is what you want, isn't it? So, go for it! Be careful though. There are many freelancers out there, who actually create secure web sites. You do not need those. Search for the cheapest, preferably from outside of economically-developed countries. They will make sure your site is insecure. Seek also the fastest one: he will not pay attention to such minor thing as security.

3. Use some ancient TYPO3 version

The older TYPO3 version – the better. TYPO3 never had many vulnerabilities compared to other systems but some bugs were found and fixed in recent versions. So use TYPO3 3.6.5 or 4.0. It is much easier to break in.

Also never update extensions, especially if security vulnerabilities are fixed there.

4. Do not subscribe to TYPO3 security announcements

TYPO3 security announcements inform users when security issues are fixed. Ignore them. If you need an insecure web site, you do not need these announcements.

5. Do not protect directories

Make sure you have directory listing enabled. This will allow anyone to see what you keep in fileadmin/.

6. Do not use salted passwords

Salted passwords (through a TYPO3 system extension) make it much harder to discovere your passwords for hackers. Do not use salted passwords!

7. Make a database dump and put it to your web server (in fileadmin/)

If you enable directory listing and put a dump of your database to fileadmin/, anybody will be able to find it and hack into your computer. If your site has user registration, hackers will be able to get passwords and contact data of all your users. They will be able to use this data to login to other services that you users use.

8. Use FTP to transfer data to your site

FTP is a very insecure protocol. It transmits passwords in clear text. Thus anybody on the network will be able to get your password and login to the site. Makie sure you use FTP from your laptop in hotels, cafe or airport.

9. Make sure files are writable by anyone

Adjust permissions on file so, that anybody can modify files. In some time you will have your files modified, spam links appear on your web sites and PHP shells installed.


This post is a joke. Of course, I do not want anybody to make their web sites insecure. But the information presented here is very typical for sites that suffered a security breach. So see it as a security checklist. If you find anything from the list above on your web site, you are in danger. Go and fix. If you do not know how, contact TYPO3 security team.