23 Aug

CSS-Tricks – Functional CSS Tabs Revisited

The idea of "CSS Tabs" has been around for a long time. If you Google it, a lot of what you get is styled CSS tabs, but less stuff on the building an actually functional tabbed area. At least, functional in the sense as we think of tabbed areas today: click a tab, see a new content area with no page refresh.

Tackling functional CSS tabs has less of a deep history. Brad Kemper was messing around with it in 2008 trying to utilize the :checked pseudo selector with radio buttons and adjacent sibling combinators. This is a really cool technique that can be utilized to do things like an expand/contract tree style menu or visually replace form elements with graphics (pioneered by Ryan Seddon).

I personally tried messing with functional tabs a while back, and came up with seven different ways to do it. Most of them centered around the use of the :target pseudo class selector and most of those techniques sucked. One was OK. They all had one major flaw and that was that URL hashes needed to be used, which "jumps" the page down to the element with the matching ID, and that is totally unexpected, jerky, and just a bad overall experience.

Working with the radio-button/:checked technique is way better, but there was a long-standing WebKit bug that prevented pseudo class selectors and adjacent sibling combinators from working together. Good news! That’s fixed as of stable browser releases Safari 5.1 and Chrome 13.

So let’s get this thing done the :checked way, which I think is the cleanest way to do it for now and for the next few years.

via CSS-Tricks – Functional CSS Tabs Revisited. Very nice, pretty decent support if you don’t need to worry much about IE.

19 Aug

Ars Technica – Does not compute: court says only hard math is patentable

On Tuesday, the United States Court of Appeals for the Federal Circuit rejected a patent on a method of detecting credit card fraud. The result was unsurprising, but the court broke new ground with its reasoning. Citing the Supreme Court’s famous rulings against software patents from the 1970s, the court ruled that you can’t patent mental processes—even if they are carried out by a computer program.

Of course, all computer programs implement mathematical algorithms that could, in principle, be implemented with a pencil and paper. So is this the end of software patents? Unfortunately not. The court ruled that the no-patenting-math rule doesn’t apply if the math in question complicated enough that "as a practical matter, the use of a computer is required" to perform the calculations.

In order to justify this result, the court gives the most thorough defense of software patents that we’ve ever seen from the judiciary. We don’t think the line they draw—between ordinary math and math that requires a computer—makes much sense from either a legal or policy perspective. But the ruling at least signals that, for the first time in over a decade, the courts are thinking hard about how to apply the Supreme Court’s old software patent cases in the modern world. We’re hopeful that as the confusion in this week’s decision becomes more obvious, we’ll see further progress.

via Ars Technica – Does not compute: court says only hard math is patentable. It’s nice to see the courts limit patents somewhat, but the logic still has a real problem which is that practically speaking all math can be performed by a human being it may just either be tedious or time-consuming. The other question becomes raised if the math is complicated enough that a computer becomes required does that mean that the math itself is patentable (which the courts have said no math isn’t patentable)? The court seems to be trying to not rule against all software patents while acknowledging they are broken and need to be reformed.

The core of the legal problem with software patents is that they are just algorithms, logic and math, neither of which is patentable. Combine the two and describe a possible computer program and bam, that logic and math is now patentable. Ignoring all practical aspects of patents and software patents in particular, legally speaking software patents seem to me to be indefensible.

18 Aug

Neal Poole – Cross-Site Scripting via Error Reporting Notices in PHP

A PHP application that displays error reporting notices and contains specific code patterns may be vulnerable to a cross-site scripting attack. I’ve confirmed this issue on PHP 5.2.17 and a snapshot of PHP 5.4 (I assume it affects other versions of PHP as well). This issue was filed as Sec Bug #55139 back in July, but it was recently closed as “bogus” by a member of the PHP team, making the report public.

When display_errors is enabled and a PHP notice is generated, none of the text of the notice is HTML-encoded. That means if an attacker can control part of the notice text, they can inject arbitrary HTML and JavaScript into the page. Certain specific coding patterns make such an attack possible.

via Neal Poole – Cross-Site Scripting via Error Reporting Notices in PHP. Though to be fair you probably shouldn’t be using display_errors in a production site.

18 Jul

Fabien Potencier – The PHP Ternary Operator: Fast or not?

On my laptop, snippet 1 takes more than two seconds, whereas snippet 2 takes about 0.05ms. That’s a big difference! But if the variable to test does not host many data, the speed is almost the same.

So, why does the ternary operator become so slow under some circumstances? Why does it depend on the value stored in the tested variable?

The answer is really simple: the ternary operator always copies the value whereas the if statement does not. Why? Because PHP uses a technique known as copy-on-write: When assigning a value to a variable, PHP does not actually create a copy of the content of the variable until it is modified.

via Fabien Potencier – The PHP Ternary Operator: Fast or not?. Huge speed hits using the ternary operator on larger variables. Fortunately it looks like there is already a patch to resolve the problem.

18 Jul

The Watchmaker Project – How to fix the broken iPad form label click issue

Mobile Safari, the browser found on iPhones, iPod Touches and the iPad, does not (currently) implement the same label behaviour as other browsers. Clicking on labels doesn’t do anything—possibly, as Ben Darlow suggests, it is because it would interfere with the tap-to-select-text functionality, although personally I think that usability trumps obscure text-selection use cases.

What’s even weirder is that, in over an hour of googling, I couldn’t find a single reference to this issue. Surely someone, somewhere must have noticed that clicking or tapping on labels in forms on iPad doesn’t select the input? I resolved that when I published a fix for the issue, it would include a couple of clunky sentences stuffed with as many keywords related to the tap click form label input select checkbox radio button problem as possible…

via The Watchmaker Project – How to fix the broken iPad form label click issue. Nice and simple fix, defiantly not quite as common a problem on the iPhone (rarely do I find myself wanting to hit the label vs. the input field).

16 Jul

Hacker News – Self Extracting PNG

I’ve been working on this for a couple weeks, attempting to get it looking perfect and get it to 1kb. It’s going to be going on stage at http://solskogen.no/ shortly, so I figured now is the perfect time to post.

As far as I know, this is the first ever case of a self-extracting PNG — the file is a PNG that first is interpreted as HTML, which then unpacks the compressed code within the PNG to start the second stage. I plan to write a blog post about how I got the size down as far as it is, but feel free to ask any questions you may have, as I’d love to see this technique spread!

Edit: Requires Chrome and Firefox — has been tested heavily on Windows and OS X, but this will eat your CPU and GPU alive.

via Hacker News – Self Extracting PNG. Wow that is some impressive work.

28 Jun

Utoxin’s Random Insanity – CakePHP + Symlinks = Pain

Now that I’ve had a day or so to recover, I’m going to tell you about what I just spent 2-3 weeks trying to resolve. By way of explanation, our main product at work is a CakePHP based CMS application. It has a lot of neat features, including the ability for users to upgrade to newer versions any time they choose. We keep all versions present in /etc/precious_core/<version_number>/, and each user has a symlink to the relevant directory in their webroot.

When they upgrade, part of the process is to replace that symlink with a new on that points at their new version. For a long time we’ve known there was a problem of some kind related to CakePHP’s cache that developed after upgrades, but it was never a huge problem, so we mostly just ignored it. However, in a recent release, it started causing major problems, and I got tasked with finding and fixing the actual bug. I figured it would take a day or two, and I’d be done with it. Little did I know just how painful this was going to be.

I initially tried several ways of forcing the cache to get cleared when the app was upgraded. That worked well, as far as it went, but then a new problem surfaced. At least half the time, the cache would re-populate with bad data after an upgrade. Some of the cached file paths would be for the wrong version of the central app, for no apparent reason. I tried throwing even more thorough cache clearing at it. Things got a little better, but it still wasn’t working.

Finally, I fully duplicated our production setup on my local dev machine, parallel version directories included, and installed a PHP debugger, so I could step through the code and figure out what exactly was going on.

via Utoxin’s Random Insanity – CakePHP + Symlinks = Pain. Debugging oh what a joy it is.

28 Jun

Pastebin.com – Ok, I came up with an example. Programming is like doing a massive sudoku.

Ok, I came up with an example.

Programming is like doing a massive sudoku. But you’re not just doing you’re own square, you have to line up the edges with squares that you’ve already done, or squares other people in your team are working on.

And it’s not just squares that you’ve done, you have to anticipate the sudoku’s you’ll be doing days, weeks or months from now, and leave easy numbers at the edges so it isn’t impossible to do those squares.

And that’s why some programmers are so engrossed in it, and get all worked up, because they’re like "You left a 5 in the middle of the square, what kind of asshole does that, now I’m gonna have to line all my square up with that".

And then someone points out a bug, an you have to trace it back to the square it came from, and then redo that square without screwing up all the other ones.

And after a few hours of that, you either surf facebook and go on IM, or you start growing a beard and forgetting to wash and getting weirdly obsessed with star wars, and people look at you weird and they’re like why do you care about it so much, and through the bleary screen-burnt eyes of your insanity you reply "The squares, can’t you see, the squares, they’re so beautiful"

And that’s why programmers don’t get invited to parties.

What was your question again?

via Pastebin.com – Ok, I came up with an example. Programming is like doing a massive sudoku.. Just a little to close to home.