Category Archives: silly ideas

Feeling wasteful?

If you have the urge to be wasteful, here’s something fun you can do that may help.

Start Visual Studio’s “Create GUID” utility (Tools|Create GUID) and click New Guid a few hundred times.

As you wantonly create hordes of GUIDs that, unloved, instantly disappear into the ether, never to be seen again, you should take the opportunity to reflect on this task, being one of life’s more fruitless activities, and soon you will be feeling much better.

If this still doesn’t help, write a little program that calls CoCreateGuid, hundreds, millions, or even billions of times. You can even let the program run by itself, unmonitored and unchecked, gleefully consuming this precious resource, while you read War and Peace in its entirety. If that doesn’t fix it for you, nothing will.

PHP security updates are like malaria treatments

Applying PHP security updates is somewhat like taking a malaria treatment: they are, temporarily, worse than the disease itself. Let me explain.

Malaria is not a nice disease. I have had malaria a couple of times. We treated it with chloroquine (this was a few years ago). The treatment dose of chloroquine makes you feel worse than the malaria itself. But then you get better.

A PHP security hole is obviously a big issue for your average PHP site. I have had to apply patches to address these holes numerous times in the last few years. Unfortunately, it seems that each patch version for PHP introduces either new bugs or changes the published API. This causes all sorts of chaos and panic when the upgrade goes through, and lots of scrambling to fix a site that no longer works correctly. Sometimes you may not find the problem for several weeks in an infrequently used area of the site, so running a test server does not address this (besides, who wants to leave a known security hole online for several weeks?)

For example, PHP 5.2.7 was released to address a number of bugs and security holes but then was removed from distribution 3 days later because of an introduced bug changing the behaviour of magic quotes. That didn’t affect me because I did not use magic quotes… (Magic quotes were a majorly broken silly idea in the first place, but even worse is making it a configurable option so any code that I write has to test the setting… But let’s not get distracted.)

Or, to take an even more serious example, strtotime function return values changed in 5.1.0. As of 5.1.0, when strtotime is passed an invalid date, it returns FALSE instead of -1. This change was made without notice, and as far as I can tell, without any reference whatsoever in the huge changelog or even in bugs referenced in the changelog. That would have been better in the first place but this type of breaking change should never be made otherwise. I shouldn’t have to review all the changes to the PHP documentation, and then audit all 150,000+ lines of PHP code each time we update PHP!

That’s just two of the more obvious examples of the horrible PHP upgrade situation. Every time I have to upgrade, I just hold my breath and hope that no one has made any more silly breaking changes.

Why on earth do Network Solutions use so many domains?

I receive (too) many emails from Network Solutions about the various domains I own. Now, before you ask, these are not phishing emails — I have received those too — and I have checked out each message carefully.

In each message from Network Solutions they seem to have created yet another new domain name. It seems that they just can’t help themselves: “hey we’re a registrar, let’s go register another random domain name and tell our customers to use it!”

Here’s a list of a few of the domains just from their recent messages:

  1. (of course) – and various subdomains, ok, I can cope with that!
  2. (how dodgy does that sound to you?)
  3. (some marketing guff I guess)
  4. (why is this domain needed?)
  5. (why not

Now I recently received a message from them warning me about phishing messages. The basic test for a phishing message is to ask whether the domain names referenced in the message are legitimate — and how can we tell? Network Solutions use so many names that it’s just not possible to tell without a lot of work and even some danger.

So what’s the answer? Ignore all their silly domain names and just visit…. or transfer to another registrar.