It’s a typical story. Dan on a rescue mission, fixing a mess that some clown(s) left behind. PHP. No framework to speak of, riddled with SQL injection holes, a TABLE-based layout – and it doesn’t get any better from there.

For the love of all things holy, why do people have to do stuff like this:

$sql = "SELECT user_id,user_status FROM users WHERE user_name='$username' AND user_password='$p'";
$r = mysql_fetch_assoc(mysql_query($sql));

For the record, $username and $p were just grabbed right out of $_POST.

If you spent 30 seconds to write even a crappy inefficient function to actually do something intelligent, not only would you not have code that’s riddled with SQL injection vulnerabilities (did I mention that this snippet of joy came out of a 3112 line file without a SINGLE comment?), but it might actually make your life easier because your code won’t suck so much – and you can stop repeating yourself.

I’m no 1337 PHP h4×0r, but how about – oh, I don’t know – something like this:

function fetch_associative_array_safely( $array ){
  $sql = $array[0];
  foreach ($array as $index => $value) {
    $sql = str_replace( "?".$index, addslashes($value), $sql );
  }
  return mysql_fetch_assoc( mysql_query( $sql ) );
}

And just execute that bad boy like so:

$r = fetch_associative_array_safely( 
      array( "SELECT user_id, user_status FROM users WHERE user_name='?1' AND user_password='?2'", 
             $username, $p) );

It’s not overly elegant, beautiful or efficient. But I don’t think that really matters. It helps me to not repeat myself, and by golly – at least someone can’t drop tables from my database anymore. It’s a bit Rails-esque, at least as far the the conditions portion of ActiveRecord::Base.find(...).

What do you think? I haven’t done any significant PHP coding in years.

I’ve just been doing some reading up on some various Java documentation – and came across the list of new language features in Java 5 (yeah – I know, we’re at 6 now).

At any rate, I came across this gem about static imports, copied verbatim from Sun’s online documentation:

So when should you use static import? Very sparingly! Only use it when you’d otherwise be tempted to declare local copies of constants, or to abuse inheritance (the Constant Interface Antipattern). In other words, use it when you require frequent access to static members from one or two classes.

So that begs the question, why bother adding static imports as a core language feature at all, if the documentation basically says (in PR Speak to English, with apologies to John Gruber):

We have wicked awesome new language features including static imports! But FOR THE LOVE OF ALL THINGS GOOD, DON’T USE STATIC IMPORTS, IT WILL TURN YOUR CODE TO SLOPPY CRAP!

Thanks, Sun. Next time, add some language features that we have your blessing to actually utilize.

Note to Sun: I like closures, and if you build them into the language, try doing it using syntax that doesn’t suck (I’m looking at you, generics).

On my way to the airport in Calgary on Sunday, I drove past a billboard for Q9 Networks that said:

Our data center client lists reads like a who’s who of Calgary businesses. Are you in it?

Marketing like this has always bothered me. It makes me want to flip the bird in their general direction, because climbing past the drivel it reads like this:

If you’re not hosting in our data center your company sucks.

Peer pressure for the enterprise. I thought we got past that in tenth grade?

Note to Q9 (this one’s free): Hire better marketing people.

I just wanted to blog about this because there are a ton of people having this problem and Apple is doing jack about it.

For examples, please see some photos on flickr (broken G5 iMac screens).

I purchased a G5 iMac (w/iSight, 1.9GHz, S/N W85422*, conveniently out of the range of those covered under the iMac G5 Repair Extension Program) on October 31, 2005. About one year and one week after the warranty expired it started to grow pretty vertical lines on the LCD. Today we’re up to 3 pink, 2 blue, 2 yellow and 1 grey line that stretch vertically top to bottom on the LCD panel. Each line is about 2 pixels wide, and each one is aggravating.

Oh, and by a ton of people, you can find about four million threads on the Apple Discussion Forums. This link alone contains a link to about 20 other topics with the same problem.

Apple: Do Something About It.

It’s been officially 16 days since arriving back in Canada. At last my cell phone works (which, incidentally, was purchased brand new and activated at a Rogers store), but not without several days of a non-usable phone, while I waited for Rogers to “look into it”, a bunch of phone calls to tech support, and snotty customer service people.

The long story short: Rogers assigned my new phone (and my wife’s new phone) telephone numbers that were specifically “reserved for internal testing purposes”. I know a good three letter acronym (Dub-Tee-Eff) that could be used somewhat appropriately in this situation.

What I continue to be amazed at is that these monstrously large corporations (all but monopolies, with not nearly enough Government control over the rights of consumers, in my opinion), still haven’t clued in to the fact that it’s no longer considered cool to gouge their customers for every last penny, nickle-and-diming for every “value added service”.

After two years of being in Singapore and paying the equivalent of CDN$12/month for my cell phone plan, which included 100 anytime minutes, 1000 text messages, call display and voicemail – I came home to the abomination that is our Canadian cell phone industry.

Now, in my opinion, I don’t consider a cell phone “usable” without voicemail and call display. Those are now considered standard features in my books. If you hand me a cell phone without these, it’d be like handing me a new car and saying I had to pay extra if I wanted it to come with an engine and a transmission.

Between Bell, Fido (AKA Rogers), Rogers and Telus – the main four up here in the GWN, your “choice” as a consumer basically amounts to who you want to get screwed by. You can do research and make “choices” all you want, but in the end, your research will be for nothing, and you might as well choose the company based on how pretty their logo is, because no matter who you pick, you’re going to get screwed.

All companies advertise their most primitive, basic plan as a plan that costs about $25/month. But none of them tell you until you look into the fine print that on top of that, you have to pay a “non-governmental System Access Fee” of $6.95/month for “maintaining the network” (or $8.95/month if you choose to be screwed by Bell).

Also, you can forget text messages, voice mail or call display. Any of these things costs extra. And I’m not talking like $2/month either. If you want to get a standalone voicemail package from Rogers (if you choose to get screwed by the company with the bad logo and terrible web site) you’re going to pay $8/month. Fortunately (if you can call it that), all of our lovely providers offer you some “Excellent Deals” if you bundle services together. So I get to save a tremendous amount of money, and feel slightly less screwed because I can get a “Special Bundle” that allows me to have voicemail, call display and 125 text messages for the low, low price of only $10/month!.

Don’t forget that extra $0.75/month for the “911 fee”. I mean, seriously? Are you fricking kidding me people? And if that wasn’t enough add some good ol’ Government style GST to chalk on another 6%.

That means, if I do the math correctly, my $25/month cell phone plan, made usable by purchasing the engine and transmission (voicemail and call display) separately, plus other random and special fees works out to

($25.00 + $10.00 + $6.95 + $0.75) * 1.06 = $45.26

WHAT IS GOING ON HERE??! Why in the name of all things pure and holy should I have to pay $45.26 per month for a $25/month cell phone plan? When are you big giant corporations going to get a clue that profit is not the be-all-end-all, and that your customers are sick and tired of being repeatedly screwed over by your greed. When will the government finally step in and do something about it? When are consumers going to start to demand better?

After about 7 weeks on the road (Jordan, Israel, Italy, Austria and Germany), my wife and I finally made it back to Canada.

It’s taken only a couple days for the Cell Phone companies here to frustrate me beyond belief. Having gotten used to paying the equivalent of CAD$12/month for a cell phone plan in Singapore, I’m back to North America, where I’m looking at about CAD$46/month (including taxes, a gouging for voice mail and call display, a special $6.95 ‘System Access Fee’, and Other Random Charges™) for about the same amount of service.

If that weren’t enough, we got our phones home, and they don’t even work. If anyone tries to dial my number, they get a busy signal or a message saying “Sorry, all circuits are busy”. Rogers was good enough to say they would try to get back to me with a resolution within “48 business hours” (are you fricking kidding me?) – and customer service said that I could “call us back when your phones are working, and we can credit your account with the number of days you missed”. The customer service lady wondered why I thought that was unacceptable, seeking some sort of reasonable compensation for such a screw up. She politely played her broken record entitled “Sorry, that’s all I can do” for me – over and over and over until I got so fed up that I told her I’d call back later and talk to a manager.

Welcome home.

On the plus side, I have a new article to write for IBM developerWorks, and it looks like a pile of projects that are looking like they’ll actually materialize sometime in the next couple weeks. Yay.

Updated: Shortened and fixed some grammar.

Seth Godin has posted (a number of days ago) an interesting piece on how even governments market themselves (in this post he is describing his experience at an Indian consulate).

I find that what Seth describes here, relates on a certain level to how a lot of businesses don’t need more technology, better web sites, or online e-commerce systems. Granted that these are all good things, and heaven knows there are a lot of businesses out there with really crappy websites. What a lot of businesses need are better ways of doing business, aside from the technology. Better workflow. Better customer experience. Knowledgeable employees. Common sense.

Never, ever deploy Rails on a shared server. GRRRRR! I’ll be off DreamHost as soon as I’m not too busy writing code and doing work.

The nice thing about writing a little ‘signup’ application for a class that your wife teaches is that you have full control over the hijacking of that application any time you feel like it. See figure one:

Fortunately for me I didn’t get shot down, and we got some Gold Class seats at VivoCity.

Today, unfortunately, is not turning out nearly as good as yesterday. My mac is seriously on the fritz exhibiting the following completely random and seemingly unrelated ‘features’.

1. Adium can not connect to any of the IM protocols I have configured including Yahoo, MSN, AIM and GTalk.
2. Microsoft Word opens all files as Read-Only so if I want to modify them I have to “Save As…” first.
3. Although CPU usage is completely normal, the entire systemm locks up at random, and I can barely switch between applications or type at a normal speed.
4. My Airport signal strength indicator is in a “permanent off” state. My laptop is 100% convinced that my Airport is turned off, but I’m connected wirelessly to my network as I post this.
5. DNS is completely screwed. I have to hit Shift-Reload sometimes 3, 4 or 5 times to get a page to show up in FireFox or Safari because it can’t seem to resolve random hosts. (This could partially, maybe, explain the Adium behavior.)
6. Random applications terminate as soon as I start them. Yesterday it was Remote Desktop Connection. I would start it up to connect to a Windows box, and it would terminate before I could do anything. Today it’s photoDrop droplets that are crapping out.
7. Mail.app won’t download any of my Mail (potentially also could be related to network issues, I suppose).
8. Often when I start an application (say, TextMate or iPhoto for example) – I can’t click on any of the menu items in the menu bar. They’re locked. Which means I’m limited to only being able to use the functionality of the app that I remember via keyboard shortcuts, until it magically decides at some point in the future (20 minutes, 40 minutes – it’s all a great guessing game) when it decides it will permit me to now click on said menu items.

As I’m typing this, SuperDuper! has just finished backing up all my user files, and Mr. Laptop is now going to receive a full enema. I sure hope that this isn’t a hardware problem, or I’ll be severely unimpressed. At least the thing is under warranty. But if Apple is going to take my laptop for a week while they try to figure out what’s going wrong – I might have switched to Ubuntu by the time they give it back to me.

Over the past 3 days, I’ve found that more and more of the searches that I do on Google via the little Google search box in FireFox is sending me off to this page:

Now, these searches have been anything from stuff like “rdoc syntax” to tourism information on Laos. I’m really not sure why I keep getting dumped to this page, but it’s starting to get freakin’ annoying.

My favorite podcast, hands down, is the JavaPosse. There’s nothing quite like sitting back with a cup of coffee and listening to Dick, Carl, Tor and Joe yammer about Java (and/or technology in general) – especially if they’ve been drinking.

A few months ago they launched a Google group in which I am an avid lurker, and very occasional poster. One of the more recent threads was surrounding third-party iPhone application development. I think that the winning comment in this thread was this one:

The simple question here is therefore “Is this phone of any further interest to the Java community/Java Posse?”.

He might as well have said:

If it’s in the world, and it has nothing to do with Java, we shouldn’t discuss it or have any interest, and said object might as well be used as toilet paper. If it’s not Java, it can kiss my bleeeeep.

Forget the fact that it’s a phone – and I could care less if it had anything to do with Java whatsoever. I don’t care if I can write or run 3rd party apps on my phone, or my iPod. I want a phone so I can (go figure) phone people. Of course, all the other iPhone stuff is awesome as well (calendaring, sms, voice mail, iPod, photos, videos, etc.). Why, for the love of all things good, would a community write off said device claiming it no longer deserves “any further interest [from] the Java community” – because it doesn’t have Java on it? Maybe the Java community should stop having interest in hard disks, or RAM, or digital cameras, or iPods for that matter – simply because they don’t allow for third party Java application development on them. I’m making a pact right now. I’m not going to purchase another stick of RAM until I can plug it into a USB port on my laptop, and write a third-party Java app for it that makes it light up, or sing, or something.

Unfortunately, this is the collective wisdom that (stereotypically speaking) the Java community now tends to bring to the table. Let us look at a fictitious (but not fictitious at the same time) example:

Jim: Hey there, have you played with Ruby at all?
Greg: Are you crazy, that stupid thing?
Jim: It’s got some really powerful syntax, and I can’t believe how fast you can prototype apps in it.
Greg: Nothing more than a stupid toy language.
Jim: Have you used it? Have you seen how powerful some of the APIs are?
Greg: No. I’m a Java developer.
Jim: Why don’t you just take a look, see what you think?
Greg: No. If it’s not Java, it’s stupid and useless.

Right. Thanks.

And yes, there’s a difference.

I started researching AllOfMP3 about a month ago after hearing about it for the first time from a friend, while at their place for dinner. I read through all the spiel, the Russian Federation, Russian Licensing, The Russian Multimedia and Internet Society (ROMS), lawsuits, et cetera.

One of the best presented articles on the legality and ethicality of using a site like AllOfMP3 was a piece that I found here.

I’ve been looking to find new ways to purchase music (yes, I have been using the iTunes Music Store) mostly because I find that music, as a commodity, is priced way too high. Well, maybe it’s not even that the music is priced too high, but what really bothers me is knowing that the amount of cash that actually returns to the pockets of the musicians any time I happen to purchase an album is a measly pittance, compared to the amount that goes to the labels. To add insult to injury, we have this “association” (I’m looking at you, RIAA) that in its so-called pursuit of justice starts to randomly sue thousands of Americans whose names they might as well have pulled from a baseball cap. Didn’t they try to sue an 11-year-old girl? And a dead person? At any rate, the RIAA clowns think that it would make them look really smart if they seriously laid the smack down on AllOfMP3 with a $1.65 TRILLION dollar lawsuit, which in actuality (in my opinion, anyways) made them look like confounding idiots more than anything.

At any rate, now that I’ve made clear my disdain for record labels and the RIAA, I’d like to point out that I find it interesting the number of discussions floating around on the Internet about the issue of whether or not it’s “OK” to download music from a “legal” service like AllOfMP3.

What I notice is that there is a severe muddying of the water as people discuss this, because most people take the approach that if something is legal, that there is no reason whatsoever that they should feel as though it is ethically or morally questionable to purchase music from a company like AllOfMP3. To be honest, I have been seriously toying with the idea for the past few weeks, and probably can’t count the number of times I’ve visited, wanting to sign up, but ultimately deciding against it. And today I think I’ve reached my conclusion that even though I feel that the way that AllOfMP3 is operating their business in Russia is probably legal, it’s certainly not ethical. Granted, I don’t think that the RIAA or record labels in general treat people, customers or artists with any sort of decency either, generally speaking. But using the questionable ethics of the RIAA and record labels as they shaft artists and sue customers as a personal excuse to justify purchasing music from a company that is shady at best, ethically and legally, is just jumping into the mud with them.

In a way it’s frustrating. It’s frustrating that the most ethical way to purchase music puts money in the hands of the grimy RIAA and record labels much more so than in the hands of the artists whose music we love. But regardless of that fact, I’ll be continuing to give Apple my money for my music purchases for the foreseeable future.

I totally love John Gruber (albeit in a very manly, platonic sort of way). After waking up to knowing you have a 90+ page API manual from UPS to go through to integrate some simple shipping costs, his Conjectural Transcript between Apple and Universal for the upcoming negotiations for iTunes pricing gunk had me in stitches.

Also, I’ve been working on some new marketing slogans for TextDrive. I’ve been so <gag>pleased</gag> with their service of late, that I thought I could spend some time on this. Pretty sure this is a winner:

TextDrive. We Go Down. A Lot.

The server that my site is on seems to have crashed twice in the past few days, requiring a hard reboot. If that weren’t enough, it would appear that ‘at boot’ cron jobs are a mere tease and fallacy, because I can tell you that mine sure don’t run.

I’m looking forward to getting away from this steaming pile of TextDrive crap as soon as I possibly can (I wonder if my slogging is against the Terms of Service?).

There was something else I wanted to write about, but when I came to do so my site was throwing the Joyous 500 Internal Server Error for the third time in as many days. As soon as I have the time – I hope to get off this steaming pile of crap (TextDrive) and go somewhere else. In the meantime I’ve managed to switch to Mongrel to see if that helps. I’m not holding my breath.

Did I mention that a part of my “strong feelings” come from the fact that a couple weeks ago – I wanted to log back into my Joyent account (which I haven’t done in months) but seemed to have forgotten all my usernames/passwords.

Technical support was so kind as to email me my usernames and passwords to me in plain text (thanks for that, really) – because you know, hashing the password in the database so it’s not readable is really an overrated and stupid practice. Pffftt – who cares about security these days anyway? And who needs a “Forgot Password” feature?

If that weren’t enough, after all the bragging about their “new and improved” email interface, I proceeded to get 500’s from their new mail interface for several hours before it bothered loading. I’m not sure if the Internal Server Error was the new and improved mail interface, or if they had something else in mind.

I recently started working on a project that requires integration with QuickBooks via a web service, and needed to create an “Intuit Developer Network” account in order to download the QuickBooks SDK.

As I’ve found out, here are the steps to create that account, accompanying some great screenshots:

1. Open FireFox
2. Go to developer.intuit.com
3. Click “Member Login”
4. Click “Join Now”
5. Fill out the form
6. Submit the form
7. Give up because it gives you a JavaScript error telling you that you haven’t filled in your email address, even though you really have.
8. Close FireFox
9. Open Safari
10. Repeat steps 2 through 6
11. Give up because something in their JavaScript screws up that disables a mandatory select field that you don’t have access to
12. Close Safari
13. Fire up Remote Desktop Connection to connect to your Windows Box
14. Open up Internet Explorer
15. Repeat steps 2 through 6
16. Success (if you can call it that)

Full Size

Full Size

Admittedly, I’ve been spending a lot more time with Ruby these days then I have with Java. And in the meantime, it seems like everyone has started talking about this EE-JAY-BEE-THREE thing, and stuff like that.

Ok – well – admittedly, I’ve seen the new JPA stuff (Java Persistence API) and have used the Hibernate Annotations stuff on a few projects – and I read a ton of the EJB3 spec stuff since, at least when I was using Hibernate Annotations – the documentation was so abysmal that it forced me into the spec to figure out how to do some stuff.

At any rate, I’m a long time IntelliJ user, and frankly – every time I open up Eclipse I almost vomit. I tried it again today, and mostly, when it opens up, I stare at all the menus, and the way the whole thing seems like it was randomly assembled by a tornado, and after about 10 minutes, I shut the thing down and go make another cup of coffee.

Currently I’m downloading NetBeans to give that a try (not that I’m seriously considering switching IDE’s – it just seems to me that NetBeans and Eclipse are the two Java IDEs that get the most hype).

I’m a little dubious about whether NetBeans will be any good at all, especially when, on their Top 10 reasons to switch page, they can’t seem to come up with even one good reason. Let’s take a look at reason number nine for example:

9. It’s Cool
NetBeans is cool. You can add your favorite photo as a background using the substance plug-in. It also allows you to change the look and feel of the IDE completely.

Now, when did crap like “It’s Cool” – and the ability to set the background of your IDE to be your favorite photo of Auntie Margie become more important than stuff like “Increasing Developer Productivity”. Does anyone really care about the Netbeans Mobility Pack? Does anyone really care that the IDE has ANT support integrated? If it didn’t have ANT support integrated, no one who writes Java these days would probably even consider it to be a Java IDE. And how about actually being fast, instead of just claiming to be fast. And since when does “Best out-of-the-box experience” be a top-ten reason to switch – when every IDE can claim exactly the same thing. Why not get the developers to write the reasons to switch – and not the marketing team.

Do I sound like I’m ranting a lot these days? Sheesh.

I get a lot of email these days from recruiters / headhunters / whatever-you-want-to-call-them. Sometimes, they like to refer to themselves as “Agile Talent Specialist”’s – as I recently found out in a bout of emails last week.

This particular “Agile Talent Specialist” (name and company removed to protect the guilty innocent) managed, over a period of three days, to send me FOUR separate emails about the SAME position. And that was AFTER I replied to the first email, indicating that I was nowhere near California (the location of the available position), and not interested in relocating.

If that wasn’t enough, the emails were littered with spelling and grammatical errors. I’m not claiming to be the greatest spellar[sic], or to have the bestest of the grammar, but doesn’t Outlook have spell check people?

I’m not quite sure how these recruiters make a living, and if that’s the kind of (in?)competence that we see demonstrated from some of them, I’m afraid to know the quality of the consultants they’re recommending to their clients.

Jim Louderback, editor-in-chief of PC Magagine has recently posted an article entitled Boot Camp: Apple Bobs for Suckers.

He rambles on and on about how Boot Camp is a snore, and that the only reason people want an Apple Computer these days, is because they look sexy. Hello? Jim? Where have you been for the past 5 years? He says that “there are dozens of better-looking notebooks out there than those tired, industrial-looking iBooks and PowerBooks that dribble out of Infinite Loop.”

He goes on to give some examples about one of the Toshiba Portege’s and the Acer Ferrari, of which I must say I find neither at all appealing.

Following this, he bashes the Mac Mini saying that it can’t do high-end graphics. Jim, wake up for crying out loud. The Mac Mini is a budget PC for home users, not a high-end workstation for graphics professionals. When’s the last time you picked up a $500 Dell box and handed to a professional graphic designer telling them that this 512MB machine with an 80GB disk is all they’re getting.

Unfortunately, the pain doesn’t end there. He starts rambling on about how useless it is to run Windows on a Mac right now, because there aren’t any Desktop machines with expansion slots. So we’ll never know if we can use our ancient legacy SCSI adapter on the Windows install on our Mac.

One quote that I’m afraid I just can’t leave alone is this one:

The really creative computer users are the case modders who build extravagant designs to house their systems.

Jim? What are you talking about? I thought the really creative computer users were the ones who build awesomewebapps, wrote amazing webframeworks, utilized technology to improve business, and made completely unreal artwork, among other things. But then again, clearly I’m mistaken. Apparently the only really creative computer users are ones who do build “extravagant designs to house their systems”.

The remaining sections of the article are labeled “Reliability”, “Flexibility” and “Price”. But I’m afraid I’m out of time, and feeling rather nauseous at how biased and clueless Louderback seems to be. The whole point of Bootcamp is to:

a) Ultimately, to get people to switch from Windows to OS X.

b) Help you run that one windows-only app you just can’t live without.

The hypothetical situation, I’m sure, is that your PC user Joe will buy a Mac, install bootcamp, and maybe use 80% Windows and 20% OS X. Then they’re going to get a bunch of malware and viruses on the Windows install, at which point they’ll be using 60% Windows and 40% OS X. Then they’re going to go through Driver Hell to try to get their new digital camera to work on Windows, and realize that if they use OS X, they just have to plug the camera in and it works. Now we’re up to 60% OS X and 40% Windows. Can you see where this is going?

Wake up and smell the coffee, Jim.

...and it’s about time, too.

I’ve been wondering for the past two years what on earth he was still doing at the helm of Sun. Whether he intended it this way or not, it has seemed to me that for the past two or so years, his intent has been to drive Sun into the ground, not make them competitive.

“Let’s just open source every product we have, and give everything away for free. Heck, we should even give our servers away for free.”

I can’t say that “make your strategy controversial” (quote from McNealy on some of the latest paraphernalia I received at Sun Tech Days) is the best way to keep your customers and shareholders happy.

Who knows if Schwartz can do any better, we can revisit again in another 2 years and see.