Todo: Fix This

Yesterday, I wrote about UTF-8, what it is and how it works.

Today, we’re going to explore why it’s such a pain for developers… but why it’s the only viable option available if you want your site to be internationally-friendly.

(more…)

Posted in: PHP Development
Tags: habits, i18n, quirks // 1 Comment »

This is an actual excerpt from the Unicode Cyrillic chart.

Posted in: Uncategorized
Tags: // Add Comment »

Unicode: It’s supposed to “just work,” but in reality it is responsible for more headaches than a wheelbarrow race on a frozen pond.

Today, I’m going to explain how the most common release of Unicode works (known intimately as UTF-8).

Tomorrow’s article will cover why it’s a pain and how you can deal with it once the Excedrin wears off.

(more…)

Posted in: PHP Development
Tags: habits, i18n // 1 Comment »

You might have heard a little controversy surrounding the use of the $_SERVER['REMOTE_ADDR'] variable to restrict access to a page or feature on your site.

As it turns out, IP addresses *can* be spoofed, and this *does* represent a potential security risk. But it’s a lot more difficult to ‘hack’ a site by faking an IP address than you might realize.

When a server receives a TCP packet, it gets a single IP address, which serves as the return address for the request. In other words, whatever IP gets sent to the server, that’s the IP address that the server sends the response to.

So while a User could tinker with a few packets and make them appear to be coming from a different IP address, he wouldn’t be able to get the server response because it would go to the fake IP instead.

That’s the good news; you don’t have to worry about a hacker faking his IP address to *view* internal pages on your site.

Now for the bad news. He can still do some pretty hefty damage if he knows how your site’s infrastructure works.

(more…)

Posted in: PHP Development
Tags: security // 3 Comments »

As you may have guessed by the fact that it took me so long to get around to writing this post, ITEC Day 2 was not particularly exciting.

There were some neat moments, but for the most part, it was a winding down period that lasted from 8:15 in the morning until 1:00 in the afternoon.

I also found out that, no, I’m not special; everyone got free admission and free lunch. Ah well.

Unfortunately, several of the vendors were so disappointed by the turnout on day 1 that they didn’t bother to show up for day 2. I thought that was a real shame, especially because I didn’t get a chance to talk to the MailFoundry guy. From what I gather, MailFoundry’s anti-spam technology focuses on the message headers more than the message content. Companies that have installed MailFoundry hardware have bragged about getting ZERO spam, and no false positives! I grabbed some literature, but I was really hoping to spend some time talking with the sales guy about how it works.

There was a security panel, where we learned that on the software side, the #1 problem security facing developers today is input validation. XSS is a major threat these days, especially because it can be used to inject code into a legitimate site to exploit a Drive-By Download vulnerability in Internet Explorer.

If you haven’t had a chance to check out WatchGuard’s Videos on Botnets, do so now! It’s better than reading a Stephen King novel around a dying campfire in the middle of the woods at night.

Other than that, there was some free lunch, a little networking, and then it was time to go home.

I might go next year, or I probably won’t. But it was a good introduction to what to expect from an IT convention.

Posted in: Reviews, Work, Work
Tags: Reviews // Add Comment »