AJAX, Asyncronous Javascript and XML. A phrase we're all too familiar with these days. I was pointed down a road to JSON land from a fine developer named Owen. In JSON land things are serialized for you as native Javascript objects and I might not turn back. I've been playing around today with JSON "AJAX" transactions today and I must say it was so much faster to develop than traditional XML based messaging from server to client. I've never been a big fan of bloated AJAX frameworks like SAJAX or JPSPAN which tries to map PHP to JAVASCRIPT. Personally I think its a waste of parsing overhead if you're a capable developer.

If you run a high performance, heavy load server you're really looking to maximize every byte of data you can to keep your bandwidth costs down. XML can become beefy at times, consuming more bandwidth than really needed for most applications. Being able to take a php array and return it as a serialized native Javascript object can be quite powerful and easy! I chose to start out with a pear class called JSON.php http://mike.teczno.com/JSON/JSON.phps

With one method call you can serialize a native php type into a native javascript type, then eval that code and use it right away in your javascript code.

Security should be at the forefront of all developers minds these days and XSS has been coming up as the latest technique to try and extract personal information from your users.

There are two things you need to be concerned about when developing against these attacks.


I have yet to find a response by anyone from Zend on this matter but it seems sites are popping up all over the place that can decode Zend Encoded scripts. Since my company is a customer of this product and rely on this product I'm quite scared as to the slowness of Zend's response. Being in a competitive security businesses if our competition can decode our scripts and use that new information to release security bulletins about our product it could be horrible for us. 20% of our code was written by a guy who barely knew php years back so I'm glad no one can see it. This is bad indeed.



Javascript is a powerful tool in the web programmers toolbox however, it's also one of our greatest headaches. Dealing with browser inconsistencies is always a source of great pain. You test on multiple platforms, find everyone you know with a mac running safari and think you have your code locked down however it rarely always works out this way. Being able to detect javascript errors in the wild can be a great resource for you to really see how your code is performing on a day to day basis. Mozilla and IE support a powerful event handler called "onerror" used like window.onerror = function(){};

You can create a custom function at the top of all your scripts that will record any parsing or exception errors generated. You can create your function to accept 3 parameters, the message of the error, the URL of the error and the Line number of the error. Creating this function is as simple as so:

Thank you allofmp3.com for doing things right.

What are your choices for "legal" online music these days? iTunes, Napster, Rhapsody to name a few top players. How do they like to deliver your music? Through proprietary encoding formats that cannot be played in the devices you want it played in. I figured by now these asshats would have gotten it right as allofmp3 does. Give me a choice of kbs and the format I want it in, mp3 for example, and leave me the hell alone. Don't tell me I can only burn your song 5 times, don't tell me I cannot transfer my song anywhere I want and don't charge me the same amount of money as a real CD.

A album in a store costs around $10.00 on average, an album online costs $10.00. Ummm seriously people WTF? How about passing the savings on to the consumer? No packaging, distribution costs, art design...all you have to do is push some cover art and a file. You still expect me to believe it still costs $10.00 an album? Online music will continue to suck until they come up with a realistic model of purchasing music. I don't mind buying music, but don't tell me how I can use it. I buy a cd in a store and I can play it wherever I want. I can burn it to mp3s and transfer them wherever I want. THATS WHAT WE WANT. Don't waste money on programmers to come up with clever DRM techniques to use. If you charged reasonable prices and gave me mp3s you wouldn't have the piracy problem you have today. You were late to the market and now you're still reactive, not proactive and you will continue to lose. Suing your customers is ludicrous, nice work on that. I guess when you have more lawyers than talent this is what we get(thanks harvard).

I'm willing to bet if I post the right words in the title of a story that is submitted on digg that it can make it to the front page without anyone even reading the story. Lets try shall we. Please don't hate me fellow diggers, however I noticed that more and more people seem to be digging stories based on title only. Perhaps this will help spur a solution to the problem of Digg spam. Linux and Ajax seem to get auto diggs for title alone. I would have thrown in xbox 360 but I didn't want my server to crash ;)

I was adding my digg feeds to my RSS reader I wrote in PHP and noticed file_get_contents wouldn't let me connect to the RSS feed. Turns out they want to be tricked and have you set the user agent. So if you need to get RSS feeds working with PHP, just use ini_set and the user agent and you should be just dandy.

// sites like digg like to be tricked

Someone wrote up a great little article on where the Goonies have landed in their lives. Worth a read


New code sample released today shows its possible to find a collision on an MD5 hash within 45 minutes on a P4 1.6 GHZ machine.


code sample:

Came across this site on Digg and it seems to be a pretty nice little listen if you have some spare time to listen about computer security. They have a new episode each week where they focus on a varity of different security issues that are out now.

Steve Gibson and Leo Laporte - SECURITY NOW