I’ve had the joys recently of being part of a code audit for a potential client for a change or re-build of a system. The code in itself was complete textbook…of how not to code a system. It looked like it had been built long long ago when OO principles didn’t exist, and when no-one knew about security unless they were in that field. Certainly developers knew nothing about security.
Open source and widely popular CMS Drupal released a maintenance fix to their 8.x branch a little under a week ago. This release fixes some bugs in the branch, but there’s no security fixes as part of it. The list of changes is available here. The change log also lists April 20th as the release date for Drupal 8.1.0 which should have further fixes and new features.
For those people running a CMS site, keeping up to date with the security and bug fix patches is good practice, and therefore you should look to update as soon as possible.
Once again I’ve been inspired by a stack overflow question, and it made me think about issues of a shared hosting platform. You know the ones; the “host your site for £2.99 a month” sites. There’s nothing inherently wrong with it (I was using them for a long time until I decided I wanted my own server to play with, and still using one for a different project for the moment), but it brings its own risks. Some of those risks are to do with the infrastructure, others are with the people who are hosted on it.
I was having my usual browse around Stack Overflow today (I really want that Fanatic badge) when I came across this question about fatal errors. The coder in question was getting the following fatal error:
Fatal error: Call to a member function Createuser() on string
The code section in question was
Earlier this week I was looking into RESTFUL web services and how to create them, so I set myself a small project. The idea was to do something very basic, but that could be useful for someone rather than just a proof of concept. i had no real direction. With the news recently being about Apple locked in a battle with the FBI about whether or not they should be breaking their security for the FBI to access data on a particular iPhone, I started thinking about how much bad security I have seen in software applications over the years. From this, I decided to build a web service which would take a hash string, and provide the original string for that hash where possible.
I’ve left this site languish a little too long with no posts or improvement. It’s time for that to change, so I’ve started some development on the back-end, which will hopefully lead to a better working front end. Here’s a breakdown of what is in development:
- Splitting “versions” of the site out into individual posts rather than one large post
- normalising the database to introduce performance improvements
- re-writing the gallery section completely from the mess it currently is
- Adding some basic internal analytics (though I’ll still be using google analytics)
- Updating the text editor I use for better code formatting
Once that’s done, some of the changes will be obvious on the front end, but I’ll then look at changing front end pages to improve the experience for all.
Enough for now, this code isn’t going to write itself…
I’ve had a few discussions with some of my colleagues and friends in software development, and one of the things we all agree on is that there is nothing worse than a slow development environment. A lot of us work with IDEs, some need to compile their code, some just have a lot of things open at once. Either way, when a machine grinds to a halt, we want to throw it out of the window and get a new one. Ok, we will accept that sometimes it’s our fault. A typo somewhere can cause an infinite loop, and we only have our selves to blame. Bug usually it’s down to hardware.
Firewalls are not fun. I’ve got to open with that statement as I’ve been doing a lot of work with firewalls in the past couple of weeks. It’s not been the most enjoyable of experiences, but I can see why it is needed.
I’m a huge advocate of taking backups of things. So much so, I’ve got my own home server backing up to “the cloud” with all of my files on it. It needs a bit of an organisational shuffle I think, but the idea is there.
SVN, or any other version control system for that matter, should always be used when developing code. It doesn’t matter if it’s for a single person project, or a huge project involving hundreds of different developers. Version control is essential.