Welcome friend.

User input must never be trusted. It is impossible to emphasize this enough. Please excuse me if I get emotional, it is a sensitive subject for me.

All web developers worth anything know this, but very often even the most experienced developer makes assumptions or simple mistakes that leave a dirty little hole which is ripe for pillaging.

I recently found a hole in an application which was caused by lazy / inadequate / ill-conceived input cleansing. The developers have been notified and will surely correct the problem shortly. I will release more detail regarding this when the issue has been resolved and a fix is in place. Of course, if you are a trusted dot-comrade I can fill you in before hand as requested. For everyone else, check out:

• The Anti-Samy Project
• The ha.ckers.org XSS (Cross Site Scripting) Cheat Sheet - Esp: for filter evasion
• Join the paranoid with NoScript

Good:

• The design has been updated and is much less offensive to the eyes.
• The dashboard has better information at first glance.
• Dashboard widgets will probably be pretty cool.
• The new flash uploader is a big improvement.
• The new gallery feature seems pretty cute, although it isn’t the sort of thing I usually go in for.
• Full screen post writing is nice if you have a lot to write.
• Tag management / tag filling is handy.
• The ability to define permalinks on the fly when writing a post is neat.

Bad:

• The admin has a max-width that is very noticeable (annoying) on a widescreen monitor, especially because it is not centered.
• I miss the categories being on the sidebar on the post pages.
• Tags still are not searchable. Why are tags not searchable?
• There is even more Javascript in the admin than before, for an impressive total of 324Kb, ~2 second load.

TBD:

• Whether or not any of the cute little enhancements break the hell out of plugins that I don’t feel like updating.
• Whether or not nightmarish new vulnerabilities have been introduced. With an update this big, it is almost a sure thing.

Watch Matt’s screencast for a quick overview, I have to update the rest of my sites.

The second day was difficult to start, we had quite a first night. Did not manage to make it to anything before noon. Anywho…

attended the contextual web

This was not quite what I expected, I was hoping that this would be more about data portability, but it ended up just being an iPhone orgy. I did however realize that I was in the non-iPhone possessing sxsw minority.

attended ExpressionEngine 2.0 Sneak Peak

This was awesome. I am and have been a big fan of Ellislab, not because of ExpressionEngine, but because of CodeIgniter. Learning about ExpressionEngine was very interesting, especially when they announced that ExpressionEngine 2.0 has been rewritten to run on top of CodeIgniter. This is very pleasant news. This has gotten me all atwitter about the possibilities of a cms running on-top of my most favoritest PHP framework. Also everyone was very nice, and I desired to be friends with them. This panel was something I talked about throughout the rest of my trip.

attended 10 Things We’ve Learned at 37signals

This was another highpoint. CEO Jason Fried is an excellent speaker. Everything he said made sense, and he answered all questions asked were answered very well. At one point Anil Dash of six apart asked a question that seemed like more of an insult than anything.

attended Behind the Scenes at the Onion News Network

This was pretty fun, it being the Onion and all (which had quite a presence in Austin). I was hoping that it was going to be more about the site backend, and not the actual production of the show / a bunch of clips I have already seen.

went to the Google Party

Wacky google action, got lots of saucy google swag, including pens, flashing plastic pins, and the best thing I have to keep a secret, because it is a present for my buddy Wes. The bar was kinda downtowny and lame, but I also got to meet Dustin Diaz, and tell him that I love him. His girlfriend liked my hair, and took a picture of us.

went to the EllisLab party at Moonshine Grill

This was a wonderful event. Tons of bad ass food, free shirts (I nabbed a bunch and wear them all the time). The highlight of this was definitely hanging out with and talking to Derek Allard. Derek is a development beast, and is responsible for alot of the awesomeness in and around ExpressionEngine and CodeIgniter. You should go to his site, it is awesome.

went to the frog design / SXSW Interactive Opening Party

This was a hell of a thing. There seemed to be thousands of people spread throughout a very large area, lots of loud techno music and so forth. The beer line was long, and the beer was green. I think we only managed to stay there for about an hour.

went to the 16 Bit: SXSWi’s Opening Night Afterparty

This was an amazing party, with an equally amazing line to get in. There was a band / freakshow, which eventually turned into silly 80’s music that made me feel like I was playing Vice City. It was good stuff all around, lots of cool excited people and lots of free drinks.

Towards the end of the party, I met Matt Mullenweg. I have always been amazed by Wordpress, and generally the stuff he gets into. I got to spend some time talking to him about the future of Wordpress, and vented a little bit about the problems I have had with WordpressMU, chiefly the forced support of the no-www.org agenda. I am not even going to link to it because of how much arrogant bullshit I think it is. It should be noted that normal Wordpress does not enforce this. When I was done going off about that, I launched into a drunken rant about how awesome CodeIgniter and ExpressionEngine were going to get. We were talking until the bar closed, and were yelled at to leave by a scruffy bouncer, and then continued to talk outside until his girlfriend got pissed. Anyhow, Matt was awesome, and much funnier than I expected.

ended up at Kerbey Lane Cafe

We stood outside of Scoot Inn (where the last party was) bullshitting with people for about an hour and suddenly found ourselves among the last few there. Me and Cliff (big bad boss) ended up going to breakfast with two complete strangers. One was a local Austin lady who was recently single (which she repeatedly and proudly exclaimed) and a gentleman who, to me, was the epitome of the apple fanboy. I was later informed that I may have been too rough on him regarding this, but I was drunk and he was a friendly stranger.

I don’t remember what I ate (aside from sweet potato fries), and I don’t remember the stranger’s names. If you are one of the strangers: please excuse me, and leave a comment to say hi.

So yesterday, I pretty much just flew from Columbus to Chicago, and then from Chicago to Austin got setup in my hotel, and wandered around Austin a bit.

The flights were a pain as usual, my feet hurt from walking too much, but thats all fine because now I am in the Austin Convention Center, registered for sxsw interactive, and am waiting for the first panel I am going to.

Austin has been cool so far, but it is also cold, which is rather confusing to me. I went from Ohio to Texas during winter, and the tempature difference was two degrees. It is also windy as hell. It is supposed to be nicer tomorrow.

I will update this post later today after the panels and the parties.

attended Dustin Diaz’s book reading

This was only 20 minutes long, and was most meant to promote the book in question. Nothing was said that isn’t fairly common Javascript knowledge, however it was still amusing and worth attending.

He did some of his talking through DomoKun, and told one of the only people who asked a question that their question was stupid, and then answered them.

attended How to Rawk SXSW: The Basics

A look at how to enjoy sxsw from some of the veterans. Rather nerdy and meta all around. This was fun, but I do not think I believe the general message, which was “it is easy to make friends with internet superstars, they want your friendship!”. There are about 7000 people here, and I get the feeling that about 6000 are here for the first time.

attended Mix at Six

This was a pretty cool meet-up, where I met alot of really cool people, including Greg of HUGE, and Simon and Kate of Portable Film Festival.

Went to Ego’s

Ego’s was sweet. Ended up there after mix at six with the previously mentioned Greg, Simon and Kate. It was a Texas honky tonk with some ridiculous classy music. I also met a delightful madman who may or may not have been the drummer for the Butthole Surfers.

I’ll be adding more pictures when I get the chance.

Microsoft Expands Support for Web Standards

Company outlines new approach to make standards-based rendering the default mode in Internet Explorer 8, will work with Web designers and content developers to help with standards behavior transition.

Microsoft has finally been cajoled into standards compliance. For the first time ever, it looks like web developers can create standards compliant pages confident in the knowledge that Internet Explorer will render them correctly - without hacks, and without conditional comments.

Bravo Internet, Bravo.

I know that this is not anything revolutionary or anything, but I found it very helpful when making this site, so I thought I would share.

By assigning the body element an ID, you can check it with Javascript, and then execute what you need to based on this condition, like so(wordpress example):

Some php, for the Wordpress template (in header.php):

code!

<?php
 
if(is_home()) //if we are at the wordpress "home"
	$location = 'home';
elseif(is_single() || is_page()) // if it is a single post or page
	$location = 'single';
elseif(is_some_strange_situation()) // a user function that test for something strange
	$location = 'strange';
else // otherwise, nothing special
	$location = 'default';
 
?>
<body id="<?php echo $location ?>">

Then some Javascript:

code!

<script type="text/javascript">
	switch(document.body.id){
		case 'home':
			runAtHomeOnly();
			break;
		case 'single':
			runOnSingleOnly();
			break;
		case 'strange':
			runOnStrangeOnly();
		default:
			runOtherwise();
			break;
	}
	runThisAlways();
 
	function runAtHomeOnly(){
		alert('You are home.');
	}
 
	function runOnSingleOnly(){
		alert('You are on a single post or page.');
	}
 
	function runOnStrangeOnly(){
		alert('You are somewhere strange.');
	}
 
	function runOtherwise(){
		alert('You are not home, at a single post or page, and you are not somewhere strange.');
	}
 
	function runThisAlways(){
		alert('I always run.');
	}
</script>

The example is a little verbose I know, but wanted to make sure my point was gotten

I just found out today that me and my big bad boss are off to sxsw next week, courtesy of our employer, 2Checkout. I can not help but be inexcusably excited.

I plan on attending talks by some of my heroes: Dustin Diaz, Jeffrey Zeldman, Dave Shea, Matt Mullenweg, Rick Ellis, and John Resig.

If you are going, leave a comment, I would love to meet up.

I have found that while developing for wordpress it is often very useful to be able to quickly and easily drop all the working tables and start from scratch, so i whipped up a plugin to do just that. It will drop every table from the database defined in your wp-config.php that starts with the defined prefix, when you tell it to of course. It will then direct you to the last step of the install, where you will need to define your blog title, and your admin email address.

download DB Reset

here is the code:

code!

<?php
/*
Plugin Name: DB Reset
Plugin URI: http://trickeries.com/16/wordpress-database-resetter/
Description: terribly simple plugin to basically drop all of your wordpress tables.
Author: atom smith
Version: 1.0
Author URI: http://trickeries.com/
*/
 
 
add_action('init','db_reset_delete_tables');
add_action('admin_menu', 'add_db_reset_sub_menu');
 
function add_db_reset_sub_menu(){
	add_submenu_page('plugins.php', 'DB Reset', 'DB Reset', 9, __FILE__, 'db_reset_output');
}
 
function db_reset_output(){ ?>
 
	<div class="wrap">
		<h2>DB Reset</h2>
		<?php if(!isSet($_POST['db_reset'])): ?>
			<?php db_reset_get_tables() ?>
		<?php endif; ?>
	</div>
 
<?php }
 
function db_reset_get_tables(){
	global $wpdb;
	$prefixed_tables = $wpdb->prefix . '%';
	$tables = $wpdb->get_results("show tables LIKE '$prefixed_tables'", ARRAY_A);
	?>
	<div class="updated"><strong>Please make sure that you understand what you are doing before using this.  The following tables will be deleted and replaced:</strong>
		<ul>
		<?php foreach($tables as $k => $v): ?>
			<li>
				<?php echo $tables_to_delete[] = pos($v) ?>
			</li>
		<?php endforeach; ?>
		</ul>
	</div>
	<form action="#" method="post">
		<?php foreach($tables_to_delete as $table): ?>
			<input type="hidden" name="delete[]" value="<?php echo $table ?>" />
		<?php endforeach; ?>
		<input style="font-size:100px; width:100%; padding: 20px;" type="submit" name="db_reset" value="Reset DB" />
	</form>
<?php
}
 
function db_reset_delete_tables(){
	if(isSet($_POST['db_reset']) && $_POST['db_reset'] == 'Reset DB'){
		global $wpdb;
		if($wpdb->prefix != ''){
			foreach($_POST['delete'] as $table){
				$wpdb->query("DROP TABLE $table");
			}
			$location = "..";
		}
		header("Location: $location");
	}
}

Site launched!

Just launched the site with the sexy theme you see here, inspired by lite-brite and the use of cheap effective vector brushes.

The posting here will be mainly focused on the little pieces of code i write during the course of my day. I will release code, themes and plugins here when i get around to finalizing and packaging stuff.

A couple of notes on the creation of this site, in no reasonable order:

• Wordpress is annoying sometimes, but it is still the best publishing platform out there.
• Wordpress widgets are weak. They do not allow for the level of customization that i usually like to have.
• To anyone who has tangled with it, the backend implementation of the tagging / taxonomy system is nightmarish, which is surprising because it is so reasonable in bbPress.
• Transparent pngs are awesome.
• I hate it when flexibility is sacrificed for convenience. I am using several plugins that required way too much work in order to use the way i wanted to. For example, the “add this” plugin uses filters instead of simply allowing template tags, so it shows up where it wants to, instead of where i want it to. The twitter tools plugin only provides its front end functionality via a widget, rather than providing some means of using it in any other way. :p
• IE7 is barely an improvement, it has been an unreal pain in the ass during the creation of this site.
• I desire to do everything in excessively flamboyant ways that are completely unreasonable, inaccessible, and totally lacking in subtlety.
• CSS3 needs to happen sooner.
• so does IE8
• i love making websites.