« July 2005 | Main | September 2005 »
August 31, 2005
File permissions of Linux and Unix systems
What does -rwxr-x--- mean in the output of a Linux ls (list symbols) command?
The first character indicates the type of file system object that the line describes, and the commonly found characters are:
| - | A regular file |
| d | A directory |
| l | A symbolic link |
You then have three groups of three characters, which describe who can do what with the file system object:
| First 3 positions | What the User (owner) can do |
| Middle 3 positions | What the Group members can do |
| Final 3 positions | What the Other users of the system can do |
Within each of the three groups, read as follows:
| First character | r or -An r indicates Readable |
| Second character | w or -A w indicates Writeable |
| Third character | x or -An x indicates eXecutable for a plain file or aXessible for a directory |
If you see an s or a t (lower case) in the third position, it inicates that the "x" is set, and conveys additional information for the administrator. If you see an S or a T (upper case), it indicates that there is NOT an X set.
Note that write permission to a directory allows the person with that permission to add files to the directory and delete files from within it, even if they don't have any access right at all to the actual file being deleted.
Posted by gje at 08:58 AM
More about Graham Ellis of Well House ConsultantsUseful link: Linux training
Linux commands - some basics
| Dos command | Linux command | Description | ||
|---|---|---|---|---|
| File basics | ||||
| copy | cp | CoPy file(s) | ||
| ren | mv | MoVe (rename) file(s) | ||
| del | rm | ReMove (delete) file(s) | ||
| dir | ls | List files / Symbols | ||
| Working on file contents | ||||
| - | file | What's in a file? | ||
| type | cat | Display file contents | ||
| | more | more | display file page by page | ||
| - | head, tail | Display start, end of file | ||
| - | diff | Report differences between files | ||
| edit | vi guidelet | Edit a file | ||
| Directory handling and navigation | ||||
| cd (no params) | pwd | Present Working Directory (where am I?) | ||
| cd (with params) | cd | Change Directory | ||
| md | mkdir | MaKe DIRectory | ||
| rmdir | rmdir or rm -r | ReMove DIRectory | ||
If you're familiar with the Windows / MSDos command line any your're moving across to / occasionally using Linux, the table above may help you.
On both DOS and Linux, you start your command line with the name of the command and then provide any parameters you need, space separated thereafter. Options to DOS commands are specified with switches of the form /x which are placed at the end of the command, whereas with Linux options are specified after the command name, and preceeded with a - sign.
Example:
dir *.*/w ... on MsDos
ls -l * ... on Linux
Posted by gje at 07:54 AM
Useful link: Linux training
August 30, 2005
Charlie on Monday
I thought that those of you who've been here on a course (or have visited us otherwise) might like to see how Charlie spent her Bank Holiday Monday afternoon ...
Posted by gje at 08:05 PM
August 29, 2005
Swindon - Chippenham - Melksham - Trowbridge - Westbury train service
When I talk on a subject, I prefer to do so from a strength of knowledge. So, as I'm campaigning for the continuation of the our train at its current level, Lisa and I went down to the local station at Melksham yesterday to see how much traffic there was on a Sunday afternoon. And ... on something of a whim ... we took the train up to Swindon. What a fabulously useful afternoon!
This picture's one that Lisa took from the threatened train at Swindon as it waited to leave on its return journey to Chippenham, Melksham, Trowbridge, Westbury, Warminster, Salisbury, Romsey and Southamton. Does it just show - very graphically ... How the train gets right to the town centre with no having to queue through the traffic ... how convenient the train is for longer distance travel with cross-platform interchange to other lines ... how convenient it is with luggage - look at those luggage carts all to hand.
The train was much busier than I had dared hope - details - and when we got back Lisa and I commented to each other "goodness - we've been to Swindon and back and hardly feel that we've left Melksham" - that's how efficient the train is!
Links ...
Current Service Details
"Save the Train" campaign
Posted by gje at 08:40 AM
August 28, 2005
The Melksham train - a button is pushed
Bank Holiday Sunday, and all is quiet? Not quite! I've just been interviewed over the phone by Great Western Radio about my Save the train website. In its first two weeks, the site has attracted over 200 different visiting hosts (I think that's a fairer statistic to quote than hits!), and 20 or 30 people have completed the form to offer their support. Oh - and we've drawn publicity in ... to my knowledge ... three local papers. Not a bad start!
A website is a fabulous way to "kick" a campaign - I had the domain name registered within 48 hours of starting, and content up within 96 hours - we have the advantage of having a dedicated server which makes this REALLY easy. Search engines started to index us very shortly after the first version was uploaded.
But I also want to say a word about some lovely people that I've known of for a while, but only really got to meet in the last week or two here in Melksham. They're hard workers for the local community and I think without exception they're pushing like mad to keep the train service. They know the people to talk to, and the buttons to push and I'm delighted to add the extra publicity that I'm getting to assist. It's a real pleasure to find them so receptive to my "hollering" rather than resentful of the newcomer. That's the beauty of Melksham folk and we're delighted to live and work here.
Posted by gje at 11:35 AM
August 27, 2005
Robust checking of data entered by users
10 steps to testing the bullet proofing user inputs or how to avoid being caught by nasties when your script goes live!
1. Test it works with intended entries. It's not going to be much good if it falls over when someone entered a valid piece of data!
2. Test it works (fails correctly) with erroneous entries. Does it reject entries that should be rejected? Does it place the invalid text back in the form for the user to correct it? Does it also "sticky" the other fields, including selects, checkboxes and radio buttons, so that the user doesn't have to re-enter them? Does it offer a good explanation to the user of what the error was, and what inputs are acceptable?
3. Test it acts appropriately with inputs that include awkward characters and sequences such as < and " and ' and & and ../ and .htaccess ... and 3.5 and three where you've asked for a whole number. These are all important "security issues"; you should check that you're protected against ugly display echos if someone enters an HTML tag, SQL injection attacks, and file names that are reserved or navigate the directory tree.
4. Test it against a whole file of inputs There may be some "odd" cases you haven't thought of in the testing above. Do you have a whole file of data / inputs that you can run the script against? Example of what you might find - a user name gets confused with another user name that's a shortened form of it. I recall having "issues" with a computer called seal and another called sealion.
5. Test it works without cookies and on different browsers. This mainly refers to how the output looks, but if your user is refusing cookies, will the site be useable? Will he be irritated by being asked at every page? On different browsers, how does it look? And have you embedded any javascript or tags that are browser-specific and cause problems?
6. How do you implement your acceptable user policy? If your script is publishing the information entered on your site, how do you monitor for acceptable content? If it's a voting script, have you prevented one person rigging the system by multi-voting? If it's an online test, have you prevented your user selecting the back button and correcting his answers when you've told him he got a question wrong?
7. Have your colleague test that it works for him / her. Even with all of the above, you may overlook something. Or what is obvious to you might not be to someone else (e.g. is the submit button clear ...). Better to find this sort of thing out before you've got 000s of users.
8. Have the person who commissioned the script test that it works for him / her. Very much worthwhile having your paymaster on site, and after following the steps above the script should be impressibe in its robustness. Oh - and if it goes pear-shaped later, you did have the approval of the commissioner.
9. Release to some "tame" customers. Chances are that everyone who's used the script up to this point has been deeply involved and knows what it's about. Having a few customers look and provide feedback at a late stage will alert you to anything which is blindingly obvious in-house but not at all clear to Joe Public.
10. Release to the world. ... with a feedback link, and do make sure that you have a look at the log files and see the pattern of use.
Posted by gje at 09:09 AM
August 26, 2005
Caching an XML feed
If you're using PHP to add a newsfeed to your site, please be kind to the news feed supplier and cache the feed if your page is a popular one. I posted a couple of weeks ago ... a link to a piece of code that grabs a news feed .... and I've enhanced it now to do the caching. Here's the modified code:
$feed = "http://thescotsman.scotsman.com/uk.cfm?format=rss";
$copy = 1;
if (time() - @filemtime("haggis.xml") < 120) {
$feed = "haggis.xml";
$copy = 0;
}$fh = fopen($feed,"r");
if ($copy) $saver = fopen("haggis.xml","w");
while ($xmlcontent = fread($fh,1024)) {
if ($copy) fputs($saver,$xmlcontent);
xml_parse($parser,$xmlcontent,feof($fh));
}
Links ...
Previous posting
Original full source code listsing
Running Script
Posted by gje at 06:39 PM
August 24, 2005
How not to run a forum
I'm willing to invest time and energy into something I believe in, but I want to make sure that it's worth my while .... that I'm not wasting my time.
I came across a local forum ... quite quiet, but nevertheless a useful and targetted spot onto which to post a message about a local issue; I filled in the sign up form ... and submitted it. I pressed the "new post button" an dup came a posting window. Great ... wrote my post, and spent quite a while getting my intro and wording just right. Submitted my post. Guess what? An otherwise blank screen with the two words members only in tiny text in the top left corner.
Guess I should tell them that they've got a problem? Guess I WOULD tell them if there was an obvious contact box!
When I get frustrated about something that I feel is very poor like this ... I console myself by thinking that if everyone knew how to do it well, I wouldn't be kept busy training people to write better code. And I'm reminded that if I do a halfway passable job, it'll be streets ahead of the cowboys!
Posted by gje at 07:23 PM
August 23, 2005
A Victorian Lady
My Grandmother - "Gran" - would have been 112 today. She was born when Victoria was on the throne and when the professional classes lived in bigger houses and had servants to help with the running of the place. My early memories are of a sliding door to their kitchen in Ainsdale, Lancashire when 
my Mum took me around to see them living next door (picture). Those are early memories as the family moved to North West Kent in 1959 when my Dad took his first computer job - transferrd South by Midland Bank to work at their "Punched Card Accounting Department" which developed into "Card Services" with a staff of well over 100, with Dad managing. However, this is Gran's story; Dad's remarkable story will keep.
My Grandfather and Gran moved South with the family, but Grandfather passed away a few years later. My childhood in Petts Wood, living with Mum and Dad, with frequent visits to Gran two roads away. She was remarkable, gentle, sprightly right through that time there. Many was the time that I would take her out for a drive. *She* had the famaily car - and old Jaguar bought new in about 1961 by Grandfather, and Dad used the train to commute. And we took longer trips too; Mum, Dad, Gran and me on holiday. Mum and Dad going off one day by train, me and Gran in the car, then swapping around the next day.
I can remember driving the Jag over Beallach nam Ba - the old single track cattle-pass road to Applecross that was the only way in to the village until a few years ago. And I can remember taking Gran on the "King George V" as she sailed out of Oban for the day to visit Fingal's cave on Staffa, and the Holy island of Iona. The only way ashore at Iona was on a tender and the sea was a bit rough; I told Gran to "Let the burly sailors" who were standing either side of the doorway help her ... and she did. She was always game for such an adventure and the island was worth it. But she did remark that "the sailor on the left wasn't all that burley ...."
I owe all of my family a lot. Today's a day I remember and celebrate Gran.
(N.D.Ellis (Dora), 1893 - 1986)
Posted by gje at 06:26 AM
August 22, 2005
PHP Magic Quotes
Do you want to read a string from a form and save it into a database? "Easy" you might say ... and indeed it is ... but if you just take the exact characters that were entered into the form and embed them in your SQL, you're laying yourself open to an injection attack. That's where a user enters a string that includes quotes, which are used as delimiters by SQL commands.
Early / more advanced / sophisticated users of PHP know of this risk and use the addslashes function before they place user inputs into SQL strings. But with huge growing popularity and use by beginners and more casual programmers, there was too much risk of PHP getting itself a bad name for insecure systems. So "Magic Quotes" were introduced. With Magic Quotes, the input arrays $_GET, $_POST, $_COOKIE and $_REQUEST are all encoded with extra \ characters in front of any user entered quote character ...thus making the input directly and safely transferreable into an SQL table - but at the expense of it appearing on the screen if the programmer prints it back out. See the example picture provided ....
For the sake of compatability with existing code (and to appease the people who were quite happy to carefully add slashes all around), Magic Quotes were added to the list of configurable options in PHP and to this day it's probably one of the first things that I look at when I'm using a new host. Personally, I don't care which way it is set but I regret the incompatability it can cause as an application is moved between servers.
Want to make your application portable? You can - since you can check the setting of the magic_quotes_gpc variable from your script, and if it is set, use stripslashes to regularise your input. We've a demo showing how you can do this on a single input field ** Link ** and there's a further discussion and more examples at the PHP manual site ** Link **
Posted by gje at 07:57 PM
Useful link: PHP training
August 21, 2005
Don't repeat code - use loops or functions
I've just answered a question about completing a whole series of radio boxes in a form, where the questioner provided sample code that had the same line, slightly modified, appearing time and time again. But if you find yourself repeating something, there must be an easier way and that way will be either a function or a loop ... the initial coding may be more complex, but when you come to expand your list of options from 5 to 15 to 50, you'll be thanking me for the advise!
I've coded an answer to the original question, written in PHP, and you can try the example here. I've included a call to the highlight_file function so that you can see the code ... and I've even commented my PHP!
Posted by gje at 07:29 AM
August 20, 2005
Towards Tebay
I'm home ... three days in Edinburgh, 2 days in Cambridge, and I even have a one day course today in Melksham - such is how busy we are. I've been taking the opportunity to take some pictures ... we live on a beautiful island, and even some of the views from the motorways, such as this one here, are pretty (and verging on the spectacular). The picture here is heading up between the Penines and the Lake District towards Tebay (more pictures) which is home to one of the few (perhaps the only) independent service area on the motorway network. A regular stop on my journey north - sit in the restaurant with what's usually a better-that-average motorway meal, looking out over the pond and the scenery beyond.
.
Posted by gje at 06:17 AM
August 19, 2005
Most popular courses
Lunch question. "What's your most popular course?".
I think I have a finger on our business, but that's a very difficult one to answer. We don't keep all of our eggs in one basket; no one subject accounts for more than a quarter of our business and no one client accounts for more than a tenth of our income in any year.
So far this year, Perl, PHP, Python, Tcl and MySQL has each accounted for over 10% of our training course bookings and there's just a few percentage points between the top two subjects, so "what's top" could easily be reversed by the next order we receive.
Technology develops ... and looking back to 2001, I note that the significant courses were Perl, Java and Internet. Both those latter topics have become more mainstream in the last few years and move away from the niche training arena that we're set up to service well. You can download copies of our old Java notes from our Open Training Notes site; the Internet notes covering HTML and the like have long since been superceeded and you wouldn't WANT copies of them ;-).
We write all our own training notes and update them constantly to reflect the changing market we operate in. The last changes that I made to a course module were last weekend, and I have a couple of notes that I've made while I'm travelling this week.
We've learnt that nearly everyone in the training business claims that their notes are constantly being updated, but that it's often not the case. Scanning the web last weekend, Lisa visited the web site of the folks that I trained for in the last Millenium and a description of one of their courses. Dates were current, but the list of content was remarkably similar to the course I wrote for them in 199x. Oh - and the description had the line about "we revise our material regularly"; I think the wording of that phrase too was as I left it, years ago.
Posted by gje at 08:30 AM
August 18, 2005
Difference between import and from in Python
Python's "import" loads a Python module into its own namespace, so that you have to add the module name followed by a dot in front of references to any names from the imported module that you refer to:
import feathers
duster = feathers.ostrich("South Africa")
"from" loads a Python module into the current namespace, so that you can refer to it without the need to mention the module name again:
from feathers import *
duster = ostrich("South Africa")
or
from feathers import ostrich
duster = ostrich("South Africa")
Q Why are both import and from provided? Can't I always use from?
A If you were to load a lot of modules using from, you would find sooner or later that there was a conflict of names; from is fine for a small program but if it was used throughout a big program, you would hit problems from time to time
Q Should I always use import then?
A No ... use import most of the time, but use from is you want to refer to the members of a module many, many times in the calling code; that way, you save youself having to write "feather." (in our example) time after time, but yet you don't end up with a cluttered namespace. You could describe this approach as being the best of both worlds.
Posted by gje at 12:11 AM
Useful link: Python training
August 17, 2005
Telephone Preference Service - we're registered
If you want to talk to us about a course, please call us. If you're a newcomer to Open Source or have a project you want to talk about - even if it's unlikely that you'll be wanting to be trained, please feel free to call. If you want to sell us a telephone service, holiday, double glazing, or a Jacuzzi... we're not interested.
We're registered with the Telephone Preference Service - a free registration - which adds our numbers to a list that cold telephone callers are supposed to check against ... and most do. We still get the odd one, like the call the other day from a lady who though we would be interested in her (leisure) products because we're listed in Yellow Pages.
I'm aware that we need to keep an open mind and occasionally - VERY occasionally - there will be an idea introduced to me by a salesman where I say "actually, there's something in that". If you're a salesman targetting a paricular niche that we happen to fit into, you're very welcome to send me a personal email. Such emails will be read and carefully considered if there's an indication that you've actually visited our web site, read it a bit and undestand a little bit about the organisation you're approaching and why your product suits us. After all, that's the mark of a good salesman.
Posted by gje at 06:58 AM
August 16, 2005
Mixing up swallows and martins
Annandale Water, 6 a.m. Yesterday morning, I woke early at Annandale Water, near Lockerbie, Southern Scotland and took these pictures from my bedroom. Quite remarkable, as I was staying at the Premier Travel Inn that's attached to the motorway service area there; I have to record this as one of the better service area hotels.
There are certain birds I always recognise, and others I never remember. Is this a swallow or a martin that was sitting directly above the door so the balcony (or should I call it a railed patio as I was on the ground floor) that I had?
Posted by gje at 07:15 PM
August 15, 2005
Campaign Drift and efficiency.
My heart strings were pulled when I read the appeal for 700 pounds in the local paper for a special wheelchair for a local teenager, as the NHS standard one provided was so inappropriate as to be unusual. A slight worry that there was something very wrong here was washed into insignificance by a feeling of sympathy and an agreement with Lisa that, perhaps, here was something that Well House Consultants could provide significant help with.
It turned out that the chair wasn't 700 pounds but about 1200. Oops. Then it turned out that the teenager needed a special bed too, and the appeal target went up to 2100. It was probably a good job that the appeal was fully funded from elsewhere as my slight worry grew into a feeling - perhaps unjustified - that the recipients might have been being greedy, or that they were unable to manage their affairs / presentation and so perhaps couldn't manage money either.
I guess that's the sort of thing one has to expect from a small, local appeal by someone who's "salt of the earth" but new to managing resources. Better to make charity contributions to a larger charity? Oh - I just wish that were the case; I've heard of, and seen at first hand, instances of charities who are not making the best use of resources, and I think of how many "little old ladies" going from door to door that represents. At the time of a major disaster, money WILL be wasted, things sent just in case and that's absolutley right, but I could quote cases of thousands being paid for something where only hundreds needed to be spent ... and the charity was even advised of this.
We didn't end up pocketing the money we had put aside for the wheelchair, nor did we end up putting it into one of the big charity buckets. We put it to a ringfenced appeal for emergency accommodation and provision packs to be flown to ... wherever ... at short notice. And we KNOW that we have bought x units and what a unit comprises.
I took yet another phone call on Friday from a telephone sales person wanting our business to help fund their charity. We look bigger than we are on line, and in other publicity, so I suppose we have to expect a lot of these calls. And, stopped at Strensham service area as I drove up here (Edinburgh) on Sunday, I negotiated my way past a collector waving a tin in my face. I know her cause was an excellent one but I actually felt clear in my conscience as I failed to contribute; I prefer to target my giving. My conscience is also clear when I tell telephone beggars that our charity budget for the year is all assigned ... as indeed (financially) it is.
There are contributions other than financial ones we can make ... we can offer our time and our skills and perhaps some of our other resources and facilities to help good causes; yes, somethimes we do. And indeed we can even help run / organise such things; the Save the Train website is an example. How can we learn from the experiences / thoughts above and do this in a way that's likely to get a good reception and be effective?
1. Lay down Objectives.
2. Avoid objective creep (or if we must, explain why)
3. Ask for help and not money.
4. Help people help us.
5. Provide clear contact points.
6. Not make exaggerated or far-fetched claims or requests that water down the main point.
1. We want to save the train service to Melksham at its current level (or as close to that as possible) into the foreseeable future. At present there is a threat that we'll loose more that a half of our trains when the new franchise to operate the line is awarded next year.
2. The Objectives are drawn wide enough to carry us through at present.
3. I want you to publicise this, to write to the local MP, to the companies bidding, and to the county council. You can ask them to help subsidise the service, but I don't want your money!
4. Links to all the people I want you to contact to help us are here. Information that you might want to read to help you write is available here.
5. I'm Graham Ellis. My email address is graham@wellho.net. My phone number is 01225 708225. I live at 404, The Spa, Melksham, Wilts. You can lead more about me from my personal web site.
6. I am concerned about a continuing good train service to Melksham, as I believe that a substantial reduction in service would be bad for the town, bad for visitors to the town, and bad for the reputation of any company or organisation associated with the cuts.
Posted by gje at 06:43 PM
August 14, 2005
Form Madness
Filling in an online form a few minutes ago, I was asked ...
"Do you have Internet access" ... with options of "Yes" or "No"
"How far are you from xxxxx" ... with options of less than 1 mile, or 2 miles or over (which should I complete when I'm, truthfully, a mile and a half away)
"Date of Birth" ... complete with day, month and year - when I'm signing up to volunteer to help someone
Oh - and the date of birth offered me any year from 2005 backwards ... I know they're starting them early on computers these days, but that's ridiculous!
Posted by gje at 10:51 AM
August 13, 2005
Save the train
There's a threat to Melksham's train service ... seems a long way off (December of next year) but decisions are to be made soon so it's time to rattle a few cages. Please see web site at www.savethetrain.org.uk. Wow - that was a good domain name to get!
Posted by gje at 06:54 PM
Bristol Balloon Festival
It's the Bristol Ballon Fiesta this weekend ... and the skys above the city are filled with balloons that take off from Long Ashton to the West and fly across to the East, landing in the countryside between Bristol and Bath. Always a glorious site.
The balloons are so ... quiet ...! You don't realise that the'yre close by at all until you hear the gentle hiss of the burner as more hot air is pumped into the bag (I may have that term wrong - envelope?) and there's a great elegance to the shape and colour too (there are some advertising exceptions!). Last night, the sun was shining but there was a backdrop of black clouds and it was spectacular.
Further ballooning pictures available on our ballooning page (where else!) and on the page that covers Beach, South Gloucestershire where the pictures for this posting were taken.
Posted by gje at 08:29 AM
Javascript examples (some PHP and MySQL too)
If you're looking for some simple examples in Javascript (alert window, checking the value in a field, one select box that depends on another, checking window width and browser type), etc, I've just posted some short pieces of code that I wrote yesterday to our client side technology area. So often I find that good examples of Javascript are deeply tied up within beautifully-displaying HTML that's difficult to read if you're looking at it to ask "how do they do that"?
The example that generates a pulldown menu based on what you've selected in another pulldown menu (exactly the sort of thing you'll want to do with - for example - make and model or country and town selections) also includes a PHP form with the Javascript to show how they work together, and use of data held in an SQL database too. Run the example at our demo area
"But I thought you didn't run Javascript courses, Graham". Correct - I don't have the notes and I don't have the in-depth knowledge to feel confident in running a whole course over several days on the subject. BUT ... it's an important adjunct in HTML, in contract work, in our own web site, and also as it relates to web sites that are server side using PHP, Perl, Python or Tcl. So I can and will cover elements of Javascript as needed within other courses.
Posted by gje at 06:56 AM
Useful links: PHP training, Java training
August 12, 2005
Reading a news or blog feed (RSS) in your PHP page
If you want to quote the latest articles from an RSS (XML based) news feed on your site, is it difficult? No - it can easily be programmed in PHP. I was exploring this yesterday and have the source code showing just how easy it is in our training resources.
Want to try it out? This link runs the script in our resource centre 'against' The Horse's Mouth
Truely, the answer "There's a function to do that" really does seem to apply to PHP coding!
Posted by gje at 07:51 AM
Useful link: PHP training
August 11, 2005
Functions and commands with dangerous names
There are some words that we use in our day to day programming life that seem a little scarey and inappropriate to their real task ... and sometimes those words worry trainees on our courses. Examples:
PHP's reset function. It's name seems to threaten to clear our data from somewhere, but all it does is reset a pointer so that following calls to iterators such as each start at the beginning.
global declarations in Tcl and PHP. They seem to imply that a variable is going to be seen everywhere; all they really mean is that a variable in the current procedure or function is shared with the main code (the code not within any procedure or function) of the current application.
And the grandaddy of them all - Unix and Linux's kill command. I'm happy to report that killing is not necessarily fatal, as all it does is send a signal to a specified process. If that process has been written in such a way that it exits, then (yes) it dies ... but if it's been written to perform in another way when it gets an external signal, that's what it does.
Posted by gje at 08:52 AM
August 10, 2005
Can an older person learn a programming language
"After the age of 55, my company no longer provides training for its staff to help in their career development and day to day work. It considers that by this point in their career, employees are fixed in post and that it's not a good investment to train them further".
Well at least that policy was honsetly stated ... and re-told to me by a very bright greyhaired employee who WAS on a course I was giving - through a mixture of his own refusal to take the first paragraph lying down, the necessity for him to learn the topic, and because we only add 50 pounds per trainee per day for extra students that you add on private courses.
If you remain bright and sound of mind, you are never to old to learn. And even if you're not quite a pin-sharp as you were in your youth, the benefits of age and experience make you much more efficient and focused on what you're doing; you'll be overall more effective and not less. It's a joy for me to train people half my age - AND it's a joy for me to train the occasional person who's perhaps even retired at 65 from a regular job and is getting involved in something new - perhaps as a second career, perhaps as a volunteer for a good cause he/she supports, but certainly for the pleasure it brings.
{Index under - Senior Citizen, OAP, Open Source training, Perl, Python, PHP, Programming, Web - and the answer is YES you can ;-) ]
Posted by gje at 11:41 PM
August 09, 2005
Theft of training material
We write our own training notes and examples ... and there's one heck of an investment in that.
We encourage our customers to use the examples we provide in their work, but we do get more that a little upset on those very rare occasions where a customer starts earning his own living from presenting courses from our copied materials ... without even asking first, or offering to make any form of royalty payment.
Imagine my surprise yesterday when I found our training material (complete with our copyright statement!) on line at a reputable UK University. They say imitation is the sincerest form of flattery, and I was duly flattered. But I also felt cheated. And I also felt that the copy didn't reflect our quality as some links in the copy were broken, and images were missing.
A brief email last night has resulted in a short quasi-apology this morning. Apparently it was a mistake that the material was there - but I suspect the mistake was that Google found and indexed it. Included was the confirmation that "it will NEVER appear in my teaching material in future"
Do you like our materials? You are very welcome to link to any of our pages - for a specific topic, you can find the appropriate page within our modules list. Do you want to use our materials from a course you've attended to do a short in-house presentation to some of your colleagues? Please ask us first and we'll be most accommodating. Do you want to license our training notes - see our policy on this. Do you want to learn on our courses? We run both private and public courses. But please don't steal our material - we're skilled at using and presenting them and we can probably do a better job than you can, and at less cost.
Posted by gje at 11:47 AM
August 08, 2005
Assignment, equality and identity in PHP
In PHP, you'll find that there's an = operator (that's one = sign), an == operator (that's two equals signs) and an === operator (triple equals). The single = sign is an assignment - it tells PHP to work out the expression to the right of the = sign and save it to the variable / location named on the left. Both == and === perform comparisons - so what's the difference?
== (double equals) is an equality test - it checks whether the values to the left and right of the == operator have the same value - for example, it could check if they're both the value 10. It will return a true value, though, if you compare the integer 10 to the floaring point number 10.0, or if you compare either of those to the string "10.00" ... they're all the value 10, after all!
=== (triple equals) is an identity operator which checks if the values to the left and the right of the === operator have the same value AND are of the same type, so it can only return a true value if you compare two integers or two floats or two strings ... it is bound to return a false value if you compare a float to an integer, even if they both contain the value 10.
Example:
<?php
$first = 10;
$second = 10.0;
$third = "10";
if ($first == 10) print "One";
if ($second == 10) print "Two";
if ($third == 10) print "Three";
if ($third === 10) print "Four";
if ($second === 10) print "Five";
if ($first === 10) print "Six";
?>
Will print out
OneTwoThreeSix
Posted by gje at 05:45 PM
Useful link: PHP training
August 07, 2005
Horse's Mouth is a year old
I've been writing "The Horse's Mouth" for a year! When I started, I wondered if I would find enough to say but I've had rather the reverse as an issue - which 20% to say and which 80% to leave out; occasionally, I've been tempted to post twice in a day but I think that could be too much.
It's a good time for review. Am I getting repetitive? Am I getting boring? Am I posting up things that are of little interest? It's suprising how little I do find myself repeating ... and in any case, readers will come and go, and readers will forget, so that an minor element of repetition, with update, is no bad thing.
I'm aware that many of the articles I post ARE of little interest to some readers - hey, if you don't know Python, then what use is a clever Python tip? But I'm resisting the temptation to drop those technical posts; although they may be of little interst to some readers, they're golden nuggets for others. My piece on MySQL joins (left, right, inner, etc) has been picked up by the search engines and we get hundreds of visitors every week to the archives, for example. I do try to keep a healthy mix - 50 / 50 - of technical v more general posts, and I try to avoid too many successive days of technical or general content. I am resisting the temptation to fragment the blog into a series of different threads!
As well as The Horses' Mouth, other new content appears in our Solution Centre (that's for longer technical articles), our download area (training note samples, issues of our "Of Course" newsletter) and in our Opentalk forum (our question and answer area where past trainees and others can ask us). New example programs are in accessible from our training module indexi (look under the particular module topic), and we keep a miscellany that includes our calendar, pictures of recent visits to Iceland and Roanoke, and what there is to do around Melksham - our training base - in our Wiki.
Posted by gje at 06:35 AM
August 06, 2005
How to check that a string contains a number in Tcl
In Tcl, all variables hold strings. If you perform an arithmetic operation such as an expr, an incr or a numeric comparision, the incoming strings are converted into a numbers internally, the calculations are done, and the results are converted back to strings and saved. It might not sound very efficient, but it's nice and simple and it works very well for most scripting requirements.
But what happens if you try to run an arithmetic operation on a string that doesn't contain a numeric value? You get an error ... and if you've not programmed to allow for it, that means a number of lines of Tcl error flags that will confuse and worry the non-programmer. What can you do about this?
First option - you can use the catch command. With catch, you'll attempt to perform the Tcl operation, and if it fails you'll get a false (0) result returned by the catch command to tell you that there's been an error, instead of simply having the program crash. This allows you to do your own error handling and (where appropriate) recovery.
See: Example of catch
Second option - you can check your incoming strings using the string is command that was added at version 8.1 of Tcl so should be on all your systems by now!
For example:
string is integer -strict $abcd
will return a true value if the variable $abcd contains (strictly) an integer, and false otherwise. (without the strict option things like leading and trailing white space will be allowed)
The integer keyword is known as a class - there are about a dozen possibilities including double for a floating point number and boolean to test for any valid Tcl boolean string such as 0, false, 1, true.
Posted by gje at 10:44 AM
Useful link: Tcl training
August 05, 2005
Full circle - made it back to an old haunt
(Dateline - Wednesday, 3rd August 2005)
Some 30 years ago, I worked for Tektronix, selling and supporting their range of very high resolution graphics terminals. My territory was the South West of England - "Swindon to Penzance" was how I described it - and my most major customers were the aerospace industry in Bristol and Yeovil.
Tektronix was a long time ago. Since then, I've written a complete CAD system with my own startup, provided technical support and sales services for other products, and for the last 15 years majored on training - starting with SunOS (that became Solaris) with a training company, then moving on to open source languages with our own Well House Consultants. In all that intermediate time, I had never returned to the three big customer sites of my Tektronix days; for sure, I've been ranging over a far wider territory, but there's oft been the thought in my mind that perhaps we haven't really "made it" yet as we haven't sold to these places.
So it was much more of a pleasure than usual to travel out for my on site Tcl course in Filton today ... to go through altered yet familiar gate procedures and to drive around a big site past hangars that I've visited in the past and to be presenting a course here. It really gives me a feeling that Well House Consultants has come of age in a way that those intermediate companies for whom I have worked never did.
Posted by gje at 05:29 PM
Netless
Seen a gap in "The Horse's Mouth" for the last couple of days? For the first time in quite a while, I've been offline ... running an onsite course during the day, staying at a hotel without network connectivity and where even my backup mobile phone is out of range overnight. Contract customers and others please note - the ladies in the office have been receiving copies of your messages so I would have been alerted. In the event of any emergency, I would have been down at the MacDonald's a few miles up the road, or sitting in the field at the top of the hill behind my hotel where, I understand, my mobile would work ... to fulfill my commitments.
OK - I'm slightly peeved at the hotel chain. "We will soon have wifi available at all our locations" has been their claim for six months, and I've seen no lack of service in other recent hotels visited. Am I being unreasonable in thinking that the words "soon installing wifi" kind of implies in the next couple of months - how "soon" is "soon" for getting a network connection fitted?
Hasn't stopped me writing and there's a timelessness about some of the pieces written, so I'll follow up with a couple more posts after this note.
Posted by gje at 05:28 PM
August 02, 2005
What is an SQL injection attack?
It's where an unauthorised user enters illegal data that gets placed into an SQL command, with the purpose of changing the meaning of that SQL command. For example, you might use the SQL query
SELECT count(id) FROM user where uname = "xxxxxx" and pword = "yyyyy"
to validate a user name and password pair when someone logs in to your application, replacing the xxxxxx and yyyyy with the information the person enters on a form. In testing, that will work fine for you, but if your user were to complete the form so that:
xxxxxx becomes hack" or 1 = 1 -- "
yyyyy becomes anything
then returned values will be greater than 0 ... probably allowing an unauthorised login.
How come there's this problem? This is what the command that's run has become:
SELECT count(id) FROM user where uname = "hack" or 1 = 1 -- "" and pword = "anything"
Anything after the -- sign is treated by most SQL engines as a comment (so the password is unchecked) and every line will match because 1 always equals 1!
Can you prevent this problem in your applications? Yes, absolutely, if you know of the potential problems and do something to avoid them. This isn't going to be a complete paper on SQL security, but you'll do well to start by \ protecting any " and ' characters that the user enters ... that way, your query will say "literally a " " or "literally a ' " rather than anything more dangerous.
Posted by gje at 11:33 AM
August 01, 2005
New in the shops
I promised you a report on what's new in the techie and books stores in the USA. In the past, we've found that the USA has been somewhat ahead of the UK and that's been exciting and positive. But it seems that times are a-changing. On this trip, the shelves in the bookstores are sadder than I have seen them and stores like CompUSA seem quiet shells compared to what they were a few years back. And there's little exciting and new to report. So perhaps I should speculate and analayse?
Are we about to see a major crash where no-one wants IT any more? No, I don't think so, but everyone's bought their PC and done their first web site now, has their digital camera, printer, and fast internet connection. An each of these is now up to a standard where the typical user simply doesn't want any more power / more megapixels / still faster connection - so we're largely into a more mature replacement market. Add to this that the technology has itself provided new distribution channels and there's no longer the need for an expensive Mall store to sell your product ...
But amongst the disappointment, what did I notice on the bookshelves? C# and Vb. Networking infrastructure / Cisco. Linux (including Fedora core 4 CDs). Knoppix. Computer security. Oh - and a couple of fabulous new Perl books that I'll be settling down with on the flight home tonight: "Perl Best Practices" by Damian Conway and "Higher Order Perl" by Mark Jason Dominus.
Posted by gje at 12:00 PM