Archive for the ‘Web Servers’ Category
PHP on Windows tip
I have not seen much about this anywhere, but if you are wondering why you enabled extensions (in PHP.ini) don’t work in PHP on Windows, it is probably because your "extension_dir" path is wrong. This does not show up as an error anywhere other than in Apache’s error log, which is the last place where most would look for an error. To get rid of this error, do not use a relative path for the directory and use the absolute path. It is as simple as that.
Password idiocy at Jet Airways website
Whoever made changes to the code on the Jet Airways website should be in the least made to stand in a corner for the whole day. The line of code that’s responsible for a considerable bit of frustration for me on a Sunday is the following:
<input class=”formobject” id=”usrUserLogin_txtPassword” type=”password” maxlength=”8” name=”usrUserLogin:txtPassword”>
What it has done is to limit the password length to 8 characters, which, being longer than that in my case, is not letting me log in to the website to update my details. Basically, anyone with a password longer than eight characters won’t be able to log in to their account till someone fixes this. Ugh!
And what the magic of an industrial strength framework has done (Microsoft Commerce Server 2002, in this case) is to inherit the value of all the login boxes across the website from the same model, truncating it to eight characters before it is posted back for validation, which would fail for all passwords longer than eight characters.
I could find a loophole somewhere, with a mix of the Web Developer and Tamper Data extensions, to log in to my account. But the page that I wanted, to claim missing miles, checks back with the same model again, throwing me back to the log in page. I can only hope that this is an error on the logic front than someone having messed up the database itself.
Akamai gobbles up Netli
Netli, the application accelerator provider (who also powers WordPress.com) was acquired by Akamai in a merger transaction. The acquisition fits snugly into Akamai’s portfolio of services that was sorely lacking in the application acceleration segment. That said, Akamai has been largely eclipsed by Limelight Networks in the business of serving multimedia. Limelight already serves the Flash video content of Youtube and the content of Muvee and Metacafe. While there is a fair bit of cash in doing application acceleration and text-based content delivery, the volumes involved in transferring multimedia files is where the really big bucks are, where Akamai still has not made any significant plays.
Ibibo Pliggs it
Ibibo Labs has a link to one of their new products under testing, a Digg-clone running on Pligg, called Newscola. Strangely, for all of Nasper’s technology muscle, MIH had to use a freely available software to push the product out. Now, I don’t have any problems using open source or free software, but the mistake that most companies make is in rushing to the market just to launch the product, without any thought given to how it would integrate with their existing systems. Ibibo’s other services run on .Net and IIS, while Pligg is a LAMP product and there is no common login. I can forsee that at some point a poor developer will end up having to write hacks into Pligg’s authentication module to integrate the regular Ibibo login into the system or migrate the system wholesale to .Net, which is such a ridiculous waste of time.
A Mint with many holes?
Alongside the print version, HT and WSJ’s new baby (if anyone remembers a strange phenomenon called go4i.com, they would have fairly bad memories about doing a JV with HT) — Mint — also had the online version of the paper switched on today at livemint.com.
The good news is that the site, thankfully, seems to not run on HT’s or WSJ’s platform, of which the former is rumored to be going for a redesign and re-launch soon. The bad news is that, after a 10 minute browsing session of the website, I found more than a handful of problems on the website, some being very critical and others being minor ones.
First problem with the website is that it is hosted with Mirror Image Internet, at a datacenter in Japan, while WSJ and HT are currently hosted in the US. Connectivity between India and Japan is not the best in the world and ideally they should be hosted in India if they are targeting the Indian audience. It could even be a misconfigured CDN, since Mirror Image is based out of the US. On a related note, HT Media Ltd is listed as the netblock owner for the Livemint IP, with an entire Class D range allocated to it. Something surely is cooking there.
In true WSJ fashion, you need to register to be able to read the website, the RSS feeds (partial summary) are available without the log-in and the registration is free. The registration form has a couple of quirks, mainly because of the slow server taking its own sweet time in updating the drop-downs according to your previous choices.
Another problem I had was with the ’Register’ ‘Reset’ and ‘Cancel’ buttons. Of the three, the first two look way too similar and what’s with the arrows on all of them?
Another issue I found was with the templating, which is funny and inconsistent. http://www.livemint.com/SectionPages/SectionEconomyAndPolitics.aspx is the same as http://www.livemint.com/SectionPages/SectionEconomyAndPolitics.aspx?ID=11. So why use the query string anyway? Thankfully, section pages also seem to be real than virtual (since this returns a 404), which is a good thing from a security point of view (we don’t want pesky bloggers trying to pass queries on to the database, do we?) but awful from a point of maintaining things (look up a similar website called www.moneycontrol.com for example).
The guys who have developed the website have been smart enough to have RSS feeds from the word go, though Nikhil complains here that he could not find them. There is no auto-detection code in any of the pages, which will deprive most of the new generation browsers in their quest for auto-discovery glory. Moreover, the feeds don’t validate. And the errors can be easily fixed: line 8, column 4: Undefined channel element: Pubdate <Pubdate>Thursday, February 01, 2007</Pubdate> -- Wrong case used here. line 13, column 6: Undefined item element: Author <Author /> -- Wrong way to close the tag.
And it would be lovely if they could give us the GUIDs too on entries.
Now to the security issues. The email confirmation page is an email harvester’s delight. Changing the Userid gives away the email address of guys who’ve already registered. There is no cookie or session validation there. And in general, the cookie handling is awful, when I wanted to edit my profile, I ended up on someone else’s profile in the edit page, which is very very bad idea.
It might also be a good idea to enable custom errors, preventing errors being thrown up like this. Not a major problem there in terms of information being given away, but it is a good idea to turn errors off on production machines.
Webtrensds Live for tracking? Uh oh. Google Analytics is better, a million times over and free too!
The source code is tag soup of DIV and tables, adding to the already delayed rendering of the page. Go for a DIV-only layout guys, cache the CSS and speed up your pages.
And what exactly is an article feed? http://www.livemint.com/Articles/ArticleRss.aspx. It does not use session tracking and also spews out full text in the description. Update: It is returning a 302, though, due to the funky ways in which the response codes are treated by different browsers, I get redirected to the homepage in IE and the old page in Firefox.
This is by no means a takedown of the work that’s gone into it. I remember when we had launched just over a year ago, the number of mess ups we had made were too many even count with your fingers. I am also sending this link to their customer support and hopefully they should do something about it. Running a widely-viewed media website is a major learning curve and I am sure they’d fix most of the problems before soon.
