Circle of Friends

Some (geeks) may recognise it right away.  For those of you that don’t, other than it being a cool design (I think so, anyway), there’s a bunch of meaning to it.

The symbol is that of Ubuntu Linux.  From their website:

Ubuntu is an African word meaning ‘Humanity to others’, or ‘I am what I am because of who we all are’. The Ubuntu distribution brings the spirit of Ubuntu to the software world.

It’s about community, caring, sharing, acceptance, diversity, and the ideologies that the culture embraces.

In addition to that, I’ve gone up 10 points in a) geekiness b) coolness or c) both! Hehe.

The photo doesn’t quite show it off properly yet, since the light grey areas are still a little dark (and look black).  Look here to understand it better.

A big thanks to Kay from Skin Deep Tattoos who left his mark on my virgin skin.

I’m sure not gonna miss out on the opportunity to get myself some of their awesome wine!  (I opened my last bottle of Stormhoek last week)

Hope you’re all well!

Basically, what MobilePress does is take your current WordPress blog and re-renders it when being viewed from a mobile device in more mobile-friendly way.  So, instead of hoping that your (user’s) phone’s browser is smart enough to display a site that was meant for a 1024×768 display on a 320×240 mobile display, you can now make sure it renders the way you want it to.

This is done as follows:

1. Detect if the site is being accessed from a mobile device
2. If so, the plugin kicks in and determines which device is being used
3. We then ‘hijack’ WordPress’s rendering, and switch to an alternate theme (one designed just for a mobile device)
4. Control is returned to WordPress, so that the rest of your site/plugins get to run, as per normal.

There are a few other cool things happening here.  If you design WordPress themes, you can now design a mobile theme that matches, and not have to worry about mobile domains and custom routing.  Just activate the plugin and it takes care of the rest.

In addition to ‘generic’ mobile devices, we’ve provided the ability to specify custom themes for the iPhone, Opera Mini & Windows CE.  This allows for a tiered approach, allowing the designer to take advantage of a device’s capabilities, and still have a failsafe for simpler devices.

Some have pointed out that there are already plugins to render your site for mobile.  This is true.  Why did we choose to write our own?  Well, for one, the existing plugins just didn’t cut it.

The ‘WordPress Mobile’ plugin does not pass control back to WordPress, and uses a custom, hardcoded theme.  In other words, you need to hack php to customise it.  In addition to that, the author has a bunch of sneaky ads and backlinks all over the place which will render on your blog.  Want to get rid of the ads? You’ll have to pay for that privilege.

WPTouch gets closer, but is geared only to the iPhone, and has a lot of hard coded elements in the code.  Also not quite up to the standards WordPress advocates.

MobilePress aims to provide standards-based flexibility to the designer, with no financial implications for the user.

Hope you guys find this useful.  Go check out the official MobilePress site or grab your copy directly from the WordPress repository,  here.

PS: Any feedback and comment are appreciated - we will use them to improve the next release!

Friday, 22nd August, 2008

WordCamp weekend kicked off with Tyler and I heading out to the airport on Friday morning at 5am, meeting Vincent Maher on the way.  Upon landing, we were taxied around by Jason Bagley.  A few client meetings later, we made our way to the hotel we were staying at, which happened to be a mere 20 meter walk from The Wild Fig (where the event took place).

After dropping off our luggage, we made our way back to Cape Town International to meet Warwick Poole and Matt Mullenweg, both of Automattic.  After waiting an hour or so, Warwick came out and informed us that Matt’s bags were missing.  Fantastic!  There were still held up US side.

After stopping to do some essential shopping for Matt, we made our way to none other than Spur.  Not quite South African gourmet, but certainly a home-grown experience.  From there we went to the pre-un-conference geek-meet at Asoka.  I’d love to be able to link to all the people we met, but I’m afraid Google might turn on me.  Needless to say it was an awesome evening, with me introducing Matt to his first Jaeger Bomb!

Back at the hotel, Tyler and I worked until about 2am, sorting out last minute details, and spending a bit of time on Project Wolf.

Saturday, 23rd August, 2008

The event that got 100+ geeks and their laptops assembled in Cape Town: WordCamp SA 2008.  Organised by Younique, with the likes of Matt and Warwick as guest speakers, it was a day of note.

Kicking off at 9am, with coffee and muffins, the venue quickly filled up.  Prominent bloggers and entrepreneurs alike were crammed into the The Wild Fig.  An awesome line up of speakers kept everyone interested (and awake) throughout the day.

Matt is a very natural speaker.  He spoke about running a business, and making money, utilising a business model based of free software.  Warwick, also of WordPress, gave us some incredible stats about wordpress.com - its traffic and infrastructure.

The day, however, was not without incident.  As Tyler was giving the closing speech, I managed to knock a glass of water over into his brand new Macbook.  It’s amazing, but in those few seconds following, I was photographed more times than all the key speakers combined.  *blush*

That night we went off to Sinns at Wembley Square for dinner.  Sinns is the type of place that charges twice as much as Spur, serves half the amount of food, but makes it look pretty.  It wasn’t bad at all, though.

Chris Rawlinson, of Stormhoek (who were kind enough to sponsor wine for the day) invited us back to his place after dinner.  A special word of thanks to him for putting up with us until 5am, even after having parts of his apartment demolished.

Sunday, 24th August, 2008

I managed to surface at 10:30.  I felt like ass.  Now, normally, I do not suffer the after effects of consuming too much alcohol.  This day was different.  I blame Matt.  Those Mohitos (sp) were lank dodgy, oke.  After dragging my sorry ass out of bed and getting showered, the only logical thing to do was to go to KFC and buy out half their shop.  After buying enough for 17 people, Tyler and I were happy that we had enough for the 2 of us.  We were also kind enough to share with the other guys when we got back to the hotel.

From there, we made our way to Stormhoek Wine Estate.  Graham Knox was simply awesome, giving us a private tour of the farm, and treating us to a wonderful lunch.  I have never had so many open bottles of wine in one sitting.  Stormhoek is an estate that is full of history, and really takes pride in the wine it produces.  I shall certainly be buying many many bottles from them in the future.

After a great day out in Wellington, Jason once again taxied Tyler and I back to the airport for the last flight back to Joburg.

A very big thank you goes out to Tyler, who is responsible for the weekend.  Though he will try pass credit on to other people, WordCamp would not have happened without him.  His guiding hand, his generosity, his huge personality and his ability to bring people together and enjoy themselves.  Thank you, mate!

This post is VERY short compared to the sum of the events of the weekend.  I think the best suggestion I can make is that you don’t miss next year’s!

What is WordPress?  For my even less-informed friends, WordPress is primarily a blogging platform, which is very extensible.  My site is built on top of WordPress.

The event has been organised by Younique, and takes place at The Wild Fig.  With a diverse array of guest speakers, including WordPress founder Matt Mullenweg, it’s sure to be an informative and enlightening day!

What does this mean? Well, for one, you’re going to inspect the data and make sure that it doesn’t contain any malicious code such as ill-intentioned javascript.  Another is to prepare the data so that when it gets added to your insert/update SQL it doesn’t break the SQL (or do other nasty actions). Otherwise know as a SQL injection attack.

The technical details of the types of attacks we’re protecting against are a bit out of the scope of this post, but there are numerous resources available which will explain far better than I am able to.

After a form has been submitted (via get or post) it gets stored in the global array $_GET or $_POST.  Once we have this data, we can and should do a bunch of things to it, such as:

Stripping out malicious code

We’ll scan through the input, searching for anything that shouldn’t be there, like html code, <script> tags, etc.

<?
function cleanInput($input) {
 
$search = array(
    '@<script[^>]*?>.*?</script>@si',   // Strip out javascript
    '@<[\/\!]*?[^<>]*?>@si',            // Strip out HTML tags
    '@<style[^>]*?>.*?</style>@siU',    // Strip style tags properly
    '@<![\s\S]*?--[ \t\n\r]*>@'         // Strip multi-line comments
);
 
    $output = preg_replace($search, '', $input);
    return $output;
}
?>

’slashing

This part can sometimes get tricky, but not to worry, the code’s not too bad.  Basically we’re adding a backslash before any of the following: ‘ (single-quote), “ (double quote), \ (backslash) and NULL characters.  Depending on your server configuration, there are a bunch of ways of getting this done.  PHP has something called magic_quotes, which does this automatically.  Note, however, that as of PHP 6 this feature has been deprecated and removed.  Another PHP function, addslashes(), is the manual version of magic_quotes.  addslashes(”Where’s Wally”); will return “Where\’s Wally”.  A better option, if your server supports it, is mysql_real_escape_string().  It performs pretty much the same function, but is apparently better.

<?
function sanitize($input) {
    if (is_array($input)) {
        foreach($input as $var=>$val) {
            $output[$var] = sanitize($val);
        }
    }
    else {
        if (get_magic_quotes_gpc()) {
            $input = stripslashes($input);
        }
        $input  = cleanInput($input);
        $output = mysql_real_escape_string($input);
    }
    return $output;
}
?>

To use, we simply pass any input to the function. The function works on single strings, as well as deep arrays.

<?
$bad_string = "Hi! <script src='http://www.evilsite.com/bad_script.js'></script> It's a good day!";
 
$_POST = sanitize($_POST);
$_GET  = sanitize($_GET);
$good_string = sanitize($bad_string);
// $good_string returns "Hi! It\'s a good day!"
?>

Typecasting

Making sure that the data we’re inserting matches the expected type;  i.e, someone’s age should be received as an integer value, and not a string.

<?
$age = (int) $_GET['age'];
?>

This is a very gentle introduction to sanitizing your database input, and I would certainly recommend that you do a lot more research on these methods in order to use them correctly in your given environment.

That’s it for today. If you found this useful, of would like to improve it, comments are always appreciated!

I’ve ordered the following:

Intel Core 2 Duo T9300 (2.5 GHz, 800 MHz FSB, 6 MB L2 Cache)
4096MB 667MHz Dual Channel DDR2 SDRAM [2x2048]
17.0″ Widescreen WUXGA+ CCFL (1920×1200) TFT Display with TrueLife
160GB Free Fall Sensor (7200RPM) Hard Drive
8X DVD+/-RW Drive
256MB ATI Mobility RADEON HD 3650
9-cell 87 WHr Lithium Ion battery
Biometric Fingerprint Reader
Wireless 1510 Half Mini Card (802.11n)
Wireless 370 Bluetooth Module
AVerMedia AVerTV Hybrid NanoExpress DVB-T TV Tuner
2.0 Mega pixel Integrated Web Camera
Travel Remote Control Express Card

I can’t wait for it to arrive!