Posted on 30 January 2008 by Demian Turner
Philipp is absolutely right, guessing a photo from among 250,000,000 is easier than guessing a photo from a GUID. It’s still very difficult. I wish I’d done GUIDs when we first started, but to be honest, I just didn’t know what they were. That’s my fault. As I explained to Philipp, we’re willing to overhaul our system to use GUIDs – a very expensive proposition – except that no-one has ever asked for them, to my knowledge, in the 5 years we’ve been in business.
That’s from Don MacAskill, the CEO of smugmug, in response to this article via Chris Shiflett.
Posted on 25 January 2008 by Demian Turner
Well the title says it all, but I don’t think this is a reason for anyone to have a heart attack, aside from me but I’m recovered now 😉
Please download Seagull 0.6.4 which includes the small fix required to solve the file disclosure problem. 0.6.3 is no longer available.
As the release has only been out <24 hours I doubt there are many production sites running on the vulnerable code, but if you were svn updating a live site, a very bad practice by the way, then svn up again 😉
The problem: very simple, some recent code we introduced to merge, compress and cache CSS and js files was accepting arbitrary paths from GET – ouch. The checking is now much more stringent.
Thanks to the gentleman over at milw0rm.com who posted the flaw less than 24hrs after the release went out. While he didn’t inform me or anyone I know of, Google alerts notified me of his announcement. In my view this is open source (with a little help from Google) working at its best.
Finally, please note that the title of the exploit article is inaccurate, it claims versions <= 0.6.3 are affected, this is not true, the affected optimizer.php file was only introduced in 0.6.3.
Posted on 23 January 2008 by Demian Turner
Well it took a bit of time but after quite a few months a new release of Seagull is finally out, 0.6.3. Things have been keeping pretty busy with the startup I’m working on, but it’s been a great opportunity to refine some features of the framework and optimise the performance.
The early indications are good, after less than 10 weeks of going live Kindo users are creating up to 20k profiles/day and the server load is staying comfortably below 0.5.
The latest Seagull release has a long list of improvements and new features, now it’s just a case of bringing the wiki documentation up to date to reflect this 😉 Should happen in next few weeks.
Here’s an overview of what’s new:
- emails can now be stored in a queue managed by the db
- we integrated Horde_Routes, imo one of the better PHP routes libs available
- Zend_Cache, which had clearly overtaken Cache_Lite is now wrapped by SGL_Cache, so devs have easy access to a memcached backend
- Dmitri developed an alternative array-based navigation driver, same flexibility as former driver but lightning fast
- out-of-the-box RTL support thanks to our work on the Arabic translation of http://kindo.com/
- the test suite now runs end-to-end in CLI
- the translation module has been greatly enhanced and was key in allowing us to release 14 languages in 10 weeks, including Arabic, Chinese and Russian
- full support for stored proc multiple resultsets in the SGL MySQL db driver and for storing DDLs for procs, views, functions, triggers and default or test data in your modules
- many performance improvements
- support for multiple attachments in SGL_Emailer
See the CHANGELOG for full details.
Posted on 22 January 2008 by Demian Turner
Thanks to Fabio Bacigalupo for the following article, part of an upcoming mini-series about successful startups built on the Seagull platform.
Running a successful website is a constant balancing act between achieving good performance and scaling smoothly. Read how we have used the Seagull framework to build our portal podcast.de. As a start-up we provide a web-based service to find, comment, play and recommend audio and video podcasts. At the moment the service is intended for a German speaking audience only but we are prepared for internationalisation thanks to Seagull.
Posted on 18 January 2008 by Demian Turner
Andrew sent over this interesting analysis of salary trends for PHP devs in London, was suprised such detailed info was available. The only prob is the salary data is quite understated in my experience, advanced devs can easily find gigs for £50-70k, but it’s certainly true that agencies and often employers do very poor jobs differentiating between mediocre and ninja candidates.
Another shocker, for me at least, is while £200/day was quite a typical rate last year for HTML guys who knew a bit of CSS (PHP guys could get £300), this year has seen a significant jump with the frontend guys able to command £300/day.
Posted on 18 January 2008 by Demian Turner
Robert> In case you haven’t seen it already….. http://www.mysql.com/news-and-events/sun-to-acquire-mysql.html
Kevin> Looks very interesting. I wonder if this means they’ll start making their
Java products a bit more MySQL friendly? At the moment, you’ll be hard
pushed to find MySQL in most JEE apps.
Harry> Or they could do a Microsoft: lay off most of the staff, cease active development and start calling it Sun Java ONE SQL Enterprise Edition…
Although I don’t think that’s likely, hopefully they’ll start focusing on it as more of an "enterprise" competitor while keeping the community edition.
Robert> More concerned it’ll go the other way – MySQL will take 2 hours to start up,
crash after 5 minutes of use and leave a useless log file on my desktop every
Posted on 15 January 2008 by Demian Turner
I find Facebook a great resource for birthday info for all your friends and colleagues – even extended family! Now you can export the birthday data to your own apps like iCal and Google Calendar that don’t require you to check back at Facebook. Check out the Birthday Exporter.
Posted on 10 January 2008 by Demian Turner
We’re getting overwhelmed by support requests from our latest project and are looking for an open source customer support solution, does anyone have any suggestions? The main functionality required is to be able to divert emails sent to a support address to a ticketing system. We also need the following:
- Allow emails from more than one account to be diverted to the system and converted into tickets which can be assigned to team members according to language.
- Have predefined responses stored in a database which can easily be included as a basis for an email
- Allow specific emails from specific accounts to be automatically assigned to individuals
- Have various levels of importance for support requests
- Should allow the creation of different groups with various role capabilities
If you have any suggestions or experience to share please let me know in the comments.
VERDICT: Thanks again for the suggestions guys, we tried pretty much everything suggested and ended up going with Kayako, which is NOT open source, but has great features and solid internationalization support, the rest were quite weak in this area. We’ve been using the system for several months now and are quite happy with it, it’s been able to handle quite a large volume of tickets being logged in around 10 languages and automatically assigned to the relevant country managers.
Posted on 09 January 2008 by Demian Turner
Continuing on the themes of Safari superiority (at least on a Mac) and WordPress, anyone who wants to use this browser for wysiwyg editing of the latest WordPress release (2.3.2) should check out this fix: