Brettia

The rich text editor is gone, but in its place are some nice enhancements:

• Markdown syntax is now available for commenters. I like this a lot better than plain HTML and will be using it from now on in entries. The end result is no different from HTML, but the content stored in the database becomes much more readable with Markdown.
• I’ve come up with my first bit of Ajax functionality, a live comment preview system. This is modeled loosely off of a WordPress plugin, I later found, but only after writing most of the code myself. I really don’t like JavaScript because it is so difficult to debug sometimes, so this was really an accomplishment for me.

Please email me or comment below if you have any issues with the live comment preview system. The code has only been tested in Firefox (though it should work in IE 6+). I also haven’t had time to see how gracefully it degrades if users have JavaScript turned off or are using an older browser.

For those who are interested, the preview works by using the XMLHTTP object to open a connection to a PHP script, which takes the data from the textarea of the comment and applies all the filters that comments normally would go through if they had been inserted into the database. The result of this filtration is sent back to the XMLHTTP object and inserted into a special <li> so that it can be displayed as if it had always been there. This happens once every five keystrokes automatically, and you can force it by hitting the Update Preview button. I even took the time to make sure clicking Update Preview doesn’t steal focus from the textarea so that you can continue typing. I might try to make this doable via a key combination too.

The only flaw in this system is that the PHP script could become overloaded with requests if multiple people are commenting at once. I really don’t know what would happen, but it’s kind of a hard thing to test. There really isn’t any need to filter the content of the comment through a PHP script at all - it could all be done in JavaScript if I had JavaScript versions of all of my filters. Unfortunately, the only JavaScript version of Markdown is incomplete and no longer maintained because JavaScript regex support in most browsers is flawed or incomplete. However, offloading the work to the server rather than the client should help visitors with old computers that don’t handle JavaScript all that well.

If serious scalability issues are discovered, the only real way to combat those problems would be to either set the interval between updates to ten or twenty keystrokes or to disable that altogether and force users to click the Update Preview button or use a certain accesskey. I’d rather not have to do that, but we’ll see what happens as the previewer gets tested more.

I’m not sure what I want to do at this point. As anyone with my feed in their RSS reader will have noticed, Brettia has had some issues today. Pretty major ones, actually. I fixed a small HTML error in my latest entry about Internet Explorer 7 Beta 1, and then terrible things happened to the database. It disappeared. I don’t know how it happened; it certainly wasn’t my fault. One moment, the .MYI files were there - the next, they were gone, and the .MYD files with them. MySQL stores its data in .MYD files and its indexes in .MYI files, so losing the .MYIs wouldn’t have been too big a deal because they can be regenerated. Unfortunately, no .MYDs equals no data equals no Brettia. The SQL error plastered on every page in an angry red box referred to .MYIs, so I thought I was safe. But as it turned out there’s almost no record of my tables ever being in the database, just a bunch of empty locked ones.

My web host seems clueless about the whole thing. Sometimes I really feel like I know more about Linux system administration - at least when it comes to web application server software like Apache and MySQL - than they do. That’s really frustrating. Luckily, someone was smart enough to back up my database three days ago, so I only lost two relatively short blog entries rather than everything since changing to Langosta. I don’t understand why they don’t do daily backups, especially if things like this happen often.

Now I feel torn: should I make the leap to a Linux virtual server, where I’ll have godlike control over every aspect of my website and the technologies it runs on, or should I stick with shared hosting because of the convenience it offers? A year ago, a virtual server would have been way over my head. But now, I’m not so sure. I don’t know that much about ipchains or iptables or anything to do with security or firewalls on Linux, but I think I could figure it out. It’s not as if Brettia is hacker target #1, anyway. There’s nothing of monetary value here to steal. However, I also have to think about the other websites that I have hosted along with Brettia. There are only two real ones, one that gets only a trickle of visitors each month, and another that is a bit more popular (a church website). Eventually, there might be more, especially if I start attracting more clients here in Wisconsin. So I guess the other sites aren’t too huge of a problem. If they’re down for a week, I doubt anyone would notice, but I’d rather that didn’t happen.

I also have to think about the time I’d have to spend administering a personal server. Supposedly, once you get a Linux server set up, you can pretty much let it run forever and it won’t die or crash on you. But that’s hardly ever true, and I don’t want to have to spend late nights during the school year trying to get my server back up when I should be studying or doing homework.

Those really are the only reasons not to get a Linux virtual server. The main perks are attractive, though: a custom-compiled version of PHP, with all the extensions that I can possibly want. I’d also have support for mod_python and mod_ruby, which means Ruby on Rails support. In other words, I’d be able to do anything I want, and that kind of power would be nice.

The only real issue is the price. Right now, I pay about $95 per year for hosting that includes up to eight hosted domains, 800 MB of space, and more bandwidth than I’ll ever use. That’s a pretty good deal, as shared hosting goes (especially because reseller support is usually much more than that). The cheapest price I’ve seen for a good LVS is $240 per year, which might be more than my parents will be willing to pay for. I’d be able to pay them back after only one or two websites, but still…. Maybe I should just move to a shared web host that has a good reputation for reliability and features. Dreamhost seemed like it would be good, but the control panel is terrible and I was never able to compile my own version of PHP as promised.

Right now, TextDrive is looking like the most attractive shared hosting provider I know of. They have awesome specs, and the founder of the company is also the maker of the Textpattern blogging system, so I know that they know what they’re doing. The only drawback is that I’d be paying $132 per year for only 300 MB of space. However, I’m not using that much space right now, so maybe it’s not that big of a deal. 300 MB split over three domains should work just fine, though it would be a little tight.

At this point I’m not ready to commit to anything, but I’m pretty sure that my time with my current host has just about come to an end. They’ve been the best one I’ve had so far, but I think there are better ones out there just waiting for me to sign up.

I am the lucky recipient of a certain email that about ten million geeks really, really want. What’s funny is, I just don’t care all that much about it. You probably have no idea what I’m talking about, right? Okay, I’ll spill: I have a Windows Vista / Internet Explorer 7 Beta invite. A great big b’HAH goes out to all the Microsoft fanboys on sites like WinBeta, Flexbeta, BetaNews, etc. (This is like Gmail all over again….)

I suppose now that I’ve downloaded and installed Internet Explorer 7 Beta 1, I should be gushing about all it’s great new features that have never, ever been seen before in another browser:

• Tabbed browsing
• PNG alpha transparency
• Built-in RSS support
• A browsing history sanitizer that seems to actually delete everything (no .dat files anymore?)
• A search box as part of the native GUI that defaults to Google

Wait a second…this feature list seems familiar…what other browser do we know that has all these bells and whistles - and more? Hmm…I’m using it to post this entry, but the name just isn’t coming to mind….

Yeah, I’m thinking of Firefox. Internet Explorer 7 Beta 1 does nothing but catch up to Firefox, and it does a poor job of it, at that. Some of the main things I don’t like are:

• The “new” icon that looks suspiciously similar to IE 5.2 for Mac’s
• The disappearance of the Reload button - er, wait, this is Microsoft we’re talking about - I mean the Refresh button. It’s been moved to a small space between the address bar and the search box, right where the Go button is in Firefox. When you type a new URL into the address bar, the Refresh icon changes to a Go icon. This is an interesting feature - creative, at least - but it doesn’t help usability when users are already trying to get used to the next item on this list.
• The menu bar has been moved from its normal location at the top of the screen (just below the title bar) to a spot beneath both the address bar and the tab list, which is just freaky. I know this is how most Windows applications will look once Windows Vista (I don’t like the name, either) is out, but I don’t understand why. I hardly ever use the menu bar for anything anymore - actually, I don’t use it at all. Everything is either a keyboard shortcut or a single click of a big, inviting icon away. Menus just clutter the interface, and I think it’s about time Microsoft tried to do away with them completely. Sure, they’re still helpful with right-clicking, but why make two different ways to do every single thing?
• The strange menu that you get when you click on the information bar when a pop-up is blocked (there’s more than one sublevel!!!)

I know that all of these things are just interface problems that will probably be fixed by the time Internet Explorer 7 is released. Microsoft is notorious for labeling something a beta product when it’s barely even alpha-quality. Under the hood, there are some improvements, including PNG alpha transparency, which make me very happy. Internet Explorer still doesn’t pass Acid2, though, which keeps me wondering why Microsoft doesn’t just admit defeat and use Gecko (I know, because they’re Microsoft).

Now that I’m done picking apart Microsoft’s hard work that could easily have been avoided by rebranding Firefox, tweaking the code to make it support ActiveX (for companies that need it), and changing the icon to the Evil E, I want to call attention to the fact that I predicted long ago that Internet Explorer 7 would be a lackluster release. Sure, this is only Beta 1, but it’s already obvious that Internet Explorer 7, when released, will be far from surpassing Firefox or Opera in terms of features and usability.

If you’ve read the blog entry that I linked to above, you might notice that I also predicted that Internet Explorer 7’s tough system requirements (Windows XP SP2 and higher) would actually help alternative browsers like Firefox and Opera. Here’s what I said:

IE7 will probably only end up being used by about half the browsing community by 2008, and this could actually boost usage of Firefox and Opera considerably for a year or so as users caught between upgrading their OS and wanting a more secure and feature-rich browser turn to the alternatives as a solution.

Five months later, Asa Dotzler from the Mozilla Foundation came up with the exact same “original” idea. I can’t help but feel kind of annoyed (unless he’s an Organon reader, in which case he’s free to loot all the content he wants because that means he’s Organon’s third regular reader (myself and my evil non-identical twin Griselda who lives in the unfinished part of the basement included).

Yay, I wrote something that wasn’t about programming!

Update: Rich Text Editor Will Die

Okay, I can’t handle the rich text editor anymore. It’s nice, but it doesn’t generate nice markup, and I don’t want to go to a lot of trouble to filter it and make it right. I’m going to steal the WordPress editor window like I originally planned.

So much for an entry without mentioning programming. Nice one, Griselda, now you’ve ruined it….

I keep forgetting to say anything about it, but I’m going back to Arizona for a long weekend at the beginning of August.  I’m both overjoyed that I get to go back and see all my friends again and aggrieved that I’ll only be able to spend a few days there.  Maybe I’ll accidentally tear my return ticket in half when I arrive….

Originally, entries were fetched from the database and sent to the template in associative array form.  This was not very elegant, and I wanted to be able to reorganize some code so that formatting the content of an entry would be simpler.  So, now we have Langosta 1.1.3, with a brand-new entry object model where entries are fetched from the database as a numerically-indexed array of entry objects.  Some entry object properties are numerically-indexed arrays of other objects, such as comments, users, and labels.  Much nicer, and the code base actually got smaller because of it.  (It’s currently at 8,086 lines.  Ha!  "8086")

My next order of business is to rip out the "JavaScript monstrosity" that I currently use as a textarea replacement and exchange it for something a little more lightweight.  I also really need to take care of all the tabs that still don’t have any content under them.  After that will come some updates to the user system, most notably email activation and password recovery.  I also need to work on the design a bit to better accomodate a calendar on the blog as well as links to other archives and a search box.

I’ve reworked the old statistics that I used to have on my sidebar in WordPress to work with Langosta.  You can see them on this page.  I’m going to have to figure out a nice way to work in links to my blog archives pages.  Currently, you can view entries by label (do this in the URL by typing the following: http://www.brettia.com/blog/archives/label/<label ID or name here>/.  You can also view all entries from a certain day, month, or year.  For a specific day, do this: http://www.brettia.com/blog/archives/date/2005/07/24/.  For a month, do this: http://www.brettia.com/blog/archives/date/2005/07/.  For a year, do this: http://www.brettia.com/blog/archives/date/2005/.  Make sure you remember the trailing slash; I haven’t gotten around to fixing dropped trailing slashes automagically yet.

I just finished rewriting the user object in Langosta, which handles both authentication and other actions such as user registration and updating your profile.  The "Remember Me" checkbox now works no matter what, and I’ve tested it heavily.  However, I always forget to check for at least one unlikely situation, so any readers with some extra time might want to try the following to help me out:

1. Log in (register yourself first, if you haven’t done so)
2. Try changing your profile (a suggestion is to change your email address and then change it back)
3. Close your browser, wait 10 seconds to make sure it closes completely, open it again, and go to Brettia.com.  You should still be logged in if you clicked the Remember Me checkbox at the beginning, otherwise, you should have to log in again.

That’s it.  Comment if you have any problems.  Before reporting an issue, I suggest clearing your cookies and your browser cache.  In Firefox, go to Tools -> Options -> Privacy and hit the Clear button next to Cookies.  In Internet Explorer, go to Tools -> Internet Options and click Delete Cookies.  If you don’t want your persistent sessions with other websites to be cleared, Firefox has a cookie manager that will let you delete cookies from brettia.com only.  Internet Explorer users are out of luck (just get Firefox already - you’ll be glad you did!).

For those who are interested, here’s how my authentication system works.  Basically, there are only three states that a vistor can be in:

1. Not logged in
2. Logged in, but without Remember Me checked
3. Logged in with Remember Me checked

Every time a page is loaded on this website, the user object goes through a checklist to see what state the visitor is in.  First, it checks the PHP session to see if the user has already been authenticated once.  This would be the case if the user logged in manually or if they were logged in automatically via a cookie (they checked the Remember Me box).  If the user object finds a TripleDES-encrypted hash of the visitor’s username and password in the PHP session, then it goes ahead and decrypts the hash to find out what the visitor’s username and password are and pulls the rest of their information (email address, plus some extra internal stuff) from the database.  You are now logged in.

In the event that there isn’t an encrypted key in the PHP session, the user object looks for a cookie called "brettia_langosta" to see if there is an identical encrypted key stored there.  If so, it means that the visitor has been previously authenticated but is just now starting a new Brettia session.  This would occur if a visitor checked the Remember Me box earlier, closed their browser, and came back later.  PHP sessions expire automatically when the browser is closed, so the user object falls back to the cookie, which does not expire unless the visitor logs out manually.  Once the user object has an encrypted key, it does the same thing as it would if it had found an encrypted key in the PHP session.

If both the first checks fail, then Langosta has no proof that the visitor has been here before and marks them as unauthenticated.  This denies them access to tools like the UCP or the comment area on each entry.  I took particular care in making sure that an unauthenticated user can’t fake their way into becoming authenticated.  Because the keys are TripleDES-encrypted, it’s unlikely that someone would go to the trouble of breaking that encryption so that they can log in as someone else.  Even if a hacker were able to do so, the loginUser action and the user object only accept passwords in plain text (most people don’t type 32 character MD5 hashes of their password into the password field of a login box), and the password in a cookie or PHP session is encrypted with the MD5 algorithm before both the username and password get TripleDESed.  The reason for this is that passwords are already stored in the database as MD5 hashes of the real passwords, so in between logins, Langosta never knows what a visitor’s real password is and therefore would be unable to compare a plaintext password in a cookie against a MD5ed password in a database without MD5ing the plaintext password first anyway.  That might have been confusing for a non-programmer, but the main point is that there is absolutely no way that your password could be revealed to a hacker, and the chance of them authenticating as you is slim as well (they would have to copy a PHP session cookie or a Langosta cookie from your computer to theirs, which would be difficult).  Also, if anyone gained unauthorized access to my database, they wouldn’t be able to look at the table of registered users and copy down everyone’s passwords in plain text form.  I suppose a hacker could steal an MD5ed password and a username from the database, make a fake cookie by TripleDESing the data, and then try to pass it off as a real one, but it’s unlikely they’d get the format of the data correct, and even less likely that they’d manage to guess the string I use as my key for mcrypt (an encryption library for PHP).

The inherent problem with storing passwords as scrambled jumbles of letters and numbers in the database is visitors who forget their passwords cannot view them.  While TripleDESed strings can be decrypted, there’s no decrypting MD5 hashes unless you have some industrial-strength Chinese decryption software.  So rather than show them their password if they forget it, Langosta will allow visitors to reset their password to a new random one that will be sent to them via email.  This is a standard procedure with most forum software out there, and I’ve seen many other applications use this method too.  The only requirement is that visitors ensure that the email address in their profile is a correct one that they can check in case they need to reset their password.  I suppose this makes this procedure even better because it keeps users from using fake email addresses, a major problem with many CMSs.

Okay, I’m done rambling about the wonderful world of programming for now; those of you who fell asleep while reading this can wake up now and start testing out my authentication system.

Ha, the title rhymes.

I’ve been kind of silent about what I’ve been doing (other than coding profusely) over the past few weeks, and I guess it’s time to finally say something about it.  In case you weren’t paying attention, the last thing I blogged about before changing from WordPress to Langosta was my CPU fan problem.  I’m happy to say that the fan has been spinning normally since I changed that setting in my BIOS, so the problem remains solved (unlike the recurring bugs I keep finding in my Langosta code).

I was also happy to receive a new stick of RAM last week, so now Marklar has a full gigabyte of DDR400 PC3200 RAM.  Owners of Intel systems who bought their motherboards at the same time that I bought my system might gloat and say that they have DDR2 RAM at 533 Mhz - to them I say: the speed difference is negligible, and I have a better processor (brag, brag, brag).  While on the subject of Marlkar, I should note that I will have had this machine for a year next week.  Yes, like all computers, mine stopped being top of the line the minute it came through my front door (or perhaps earlier).  My graphics card is last-generation, my monitor is a tiny seventeen-incher, and my DVD-RW drive takes about three minutes longer to burn a full-length DVD than the current Plextor flagship recorder.  And yet…I don’t give a damn about any of that.  Nothing frustrates me more than listening to gamers whine on forums or in the comment areas of hardware reviews about how they have an ATI Radeon X800XT when the latest card is an X850XT.  I want to shout at them: "YOU HAVE A $500 GRAPHICS CARD!  THERE IS NO WAY THAT SPENDING ANOTHER $600 WILL HELP YOU IN ANY WAY!"  But alas, I am one frustrated onlooker, and they are a horde of bored teenagers with too much spending money.  Some of them aren’t even teenagers: I saw an article on THG yesterday about how 19" LCD monitors are becoming the standard among gamers, and 17" monitors are just too small.  What?  How can that be possible?  My 17" LCD feels enormous, even compared to the 17" CRT that I used to use!  What difference would a 19" LCD make?  (Yeah, two inches, very funny.)

I should probably curb my rant before it spirals out of control.  My main point is that there are way too many PC gamers out there who are addicted to always having the best possible "rig" that they can assemble.  I’m amazed that there are actually people out there who buy $5000 systems from Alienware, knowing full well that that system will be out-of-date (as far as gaming is concerned) in two years.  To make the purchase seem more worth it, these people then spend another $1000 each year for upgrades to make it seem like their system is still top of the line, even as it ages irreversibly.  STOO-PIDD.

Yes, I plan on upgrading my system over time.  I got the RAM upgrade; in another year or two I’ll probably get a new video card.  That’s about $400 worth of upgrades over a two-year period.  I can’t imagine needing to upgrade anything else, though.  I lived with a 20 gigabyte hard drive in my old computer for five years, and even though my new 80 gigabyte drive is about half full, I highly doubt it will reach capacity before I move to a new computer.  I don’t edit video, and my iTunes only take up a paltry gigabyte.  The only things that take up space on my drive are game installations (sometimes as much as 4 GB for one game) and Gentoo Linux, which lives on its own 15 GB partition (it’s not anywhere near full).  I am a firm believer in upgrading when my needs force me to do so, but spending $600 for the latest video card (or $1200+, if you want two running in tandem on a SLI motherboard) just so that a few shadows and lighting effects render better is completely idiotic.

Okay, now I’m going to switch to something completely unrelated: Harry Potter.  I mentioned before that I preorderd the book from Amazon.com, and that worked just fine.  I received it Saturday afternoon at about 3:00 and I didn’t stop reading until 3:00 the next morning.  It wasn’t that this book was particularly engaging; I just wanted to know what was going to happen.  My drive to continue reading didn’t come from J.K. Rowling’s excellent writing quality, but from a burning desire to not be the only one who didn’t know which character would die or who the Half-Blood Prince would turn out to be.  (I advise anyone who hasn’t read the book to stop reading here because reading further will probably spoil it for you.)  This might sound unbelievable, but I actually guessed that the Half-Blood Prince would be Snape when Harry found the label on the cover of the Potions textbook.  It made perfect sense to me because Snape was the only person that I could think of who would have that kind of knowledge of potion-making.  I also remembered faintly that Snape wasn’t pure-blood, though I don’t know which book that fact is in.  After that, everything fell into place.  That was the first time that I actually guessed the outcome of a book correctly, though I still didn’t know who would end up dying.

It’s hard for me to call the 6th Harry Potter book a good one.  For some reason, I really didn’t like it.  Maybe it was because it deviated so much from the traditional Harry Potter formula:

1. Something goes wrong over the summer.
2. Harry spends most of the year trying to figure out what’s going on.
3. He gets attacked during the year to keep things interesting, or he almost dies multiple times (playing Quidditch, competing in the Triwizard Tournament, the Sirius Black break-in, etc.
4. He finally gets to the bottom of things, but it’s always too late for anyone else to help him, so he has to solve the problem himself.
5. He fights one of Voldemort’s minions or Voldemort himself (the 3rd book is an exception)
6. He barely makes it out alive.
7. In the first few books, he would have gone cheerfully back to Privet Drive, having saved Wizarddom from the latest threat.
8. In the last three, the books end off key, with Harry happy to be alive but sad because someone died.

In the 6th book, I felt that things were very different. First, Harry’s summer was relatively quiet.  He suspected Malfoy of being up to something, but he didn’t know anything about it.  Then, Harry spent a large part of the year trying to figure out what Malfoy is doing, but he didn’t really try to figure out who the Half-Blood Prince was.  Harry’s obsession with catching Malfoy started to get annoying (I was definitely siding with Hermione by the end of the book).  Yes, Harry was right in the end, but it seemed very drawn out.  He has his close call with death at the Quidditch game when he gets hit by the Bludger, but this doesn’t seem that bad.  Gryffindor loses, but this isn’t the first time, so it doesn’t feel like such a bad thing.  Toward the end of the book, Harry finally realizes what is going on.  However, there is a big difference here between the 6th book and the others: he barely fights the Death Eaters at all.  Dumbledore, in an act of incredible stupidity, decides to render Harry immobile rather than rely on him to save his own life, and though I understand why he would do this (his love mantra), I still didn’t like the fact that Harry had almost no chance to kick ass and take names.  He ends up not solving the problem at all (Dumbledore dies!), and his life is not exactly as endangered by the Death Eaters as it was when his mind was being attacked by Voldemort in the lobby of the Ministry of Magic in the 5th book.  It didn’t seem to me as if he had to do much of anything at all.

Maybe I shouldn’t cling to the hero-Harry that the first five books all had.  Maybe I should just accept the fact that he isn’t perfect, which is why it feels so good to see him succeed in the other books.  Maybe I should read the 6th book again and make sure I’m not making rash judgements considering that I read most of the book late at night in a caffeine-induced stupor.

But still…I feel like everything that I liked about the first five Harry Potter books has either worn out or been completely overturned by the 6th one.  I fear that the 7th book will be so radically different from the first six that it will lack the charm that the earlier ones had completely.  At the end of Harry Potter and the Half-Blood Prince, Harry, Ron, and Hermione make a tentative plan to not return to Hogwarts for their 7th year, wanting to finish collecting Voldemort’s horcruxes instead.  But how can it be a Harry Potter book without Hogwarts?  How can there be Quidditch?  What about all the teachers, and all the stuff that Harry is supposed to learn in the 7th year?  Sure, grades have nothing to do with fighting Voldemort, but you would think that it would be kind of naive of Harry to think that he can just strike off on his own without learning more spells beforehand.  If anything, he needs to know more than the average Hogwarts graduate to defeat Voldemort, not less.  My guess is that Professor McGonagall will convince him to stay at Hogwarts, or something will happen that will keep him there, but one part of me still thinks that Rowling will strike off in that new and strange direction that the 6th book makes possible.  I really hope not.

Now that I’ve written all this, at least one reader is probably saying, "It’s just a book, why all the fuss?"  Well, it is just a book, but it’s also a book that’s sold more copies than just about any other.  Something like 270 million, not counting the 6th book.  It’s a book that millions of people will read and think about.  It’s a modern classic.  And other classics like Oliver Twist or 1984 just aren’t all that fun to write about, nor do they connect with me like the Harry Potter books do.  Rowling does a very good job of taking the classic good vs. evil conflict that rages within everyone and making it into a gripping story.  However, rather than looking at good and evil as black-and-white concepts like many other authors (especially Tolkien) do, she makes sure to add in gray areas.  Those are most often felt at the end of her books, especially in the final scenes of the last three, where a character dies but Harry has survived and must somehow live on.  Being a fantasy series, it wouldn’t seem like the Harry Potter books would be relevant to the lives of normal Muggles at all.  But the basic good vs. evil conflict is the same for everyone; it’s just blown out of proportion in Rowling’s books so that a good accomplishment for a regular person is like Harry foiling Voldemort’s plans yet another time.  We all have Death Eaters and Malfoys in our lives; the Harry Potter books show that what matters is not overcoming or beating these people, but rather the manner that we handle them.  We may not always win, but we should always come out of a tough situation feeling as if we’d tried our hardest.

My problem is that trying my hardest often means trying too hard.

Well, I’m exhausted.  It seems like I can’t upload anything to this server without it breaking out of spite for my pitiable attempts to write bug-free code.  Langosta is now at 7.1.0, with the following features and fixes:

• New editor for comments and entries, works well so far, but inserting HTML source could be easier.
• I now have a working admin panel where I can post entries via a form like the comment form.
• I’ve fixed some problems with the user profile system, and the URLs for the Atom feed should have been fixed.
• I assume that the Atom feed will update normally when I post this entry, but who knows what will happen?

Immediate problems include:

• Lack of style on most form elements, styling issues with the UCP and error messages.
• Inputs in forms should have been named with a prefix instead of just "title" or "content" - this will take some time to fix completely.
• I’ve noticed a weird bug in Firefox where typing in the textarea triggers the find box at the bottom of the screen - very strange.
• I haven’t tested this site thoroughly in Internet Explorer, and I haven’t tested it at all with Safari 1.3 or 2.0, Internet Explorer 5.2 for Mac, Internet Explorer 5.0, Internet Explorer 5.5, Konqueror, or Opera.  I will not take the time to make it compatible with anything below Internet Explorer 6, Safari 2, Firefox 1.0.6, Mozilla 1.7.10, Konqueror 3.4.1, or Opera 8, but it would be nice to know how gracefully it degrades.
• As you may have noticed, my linkblog is non-existent.  The stupid filler text needs replacing.
• There are lots of broken links because of sections that remain unfinished.  (Colophon, Projects, Photos, Links, Services, Contact)
• The editor widgets that replaced my old yucky textareas can be styled; I need to change the style so that it blends a bit better with the other colors on the site.  I would also like to have a large font size in the editor window.  It should also be Georgia instead of Arial, to conform with the rest of the site stylesheet.
• I really hope the editor widgets work in Linux (they should, but you never know).

As you can probably see, I’m very good at completing a milestone and taking about half a second for celebration before pointing out flaws that need to be fixed for the next milestone.  However, I’m going to take a break until at least Sunday - I don’t want CTS.

After a long period of downtime, Brettia is finally up and running again. The changes to the site are numerous, the most obvious being the new design that I just finished today. I’m far from finished, but at least visitors have something to look at while I work on improving it.

For those who haven’t checked my old WordPress RSS feed in a while, the new URL is http://www.brettia.com/blog/feed/. The new feed is in the Atom format rather than the flawed RSS format, but this shouldn’t be a problem for users of competent feed aggregators. Organon should finally get some new posts over the next week or so as I blog about everything I’ve wanted to blog about over the past two weeks.

Before I do that, I want to talk about all the changes to Brettia that have been implemented or will be completed before the end of the summer. First and foremost is the new Langosta CMS that I’ve been coding off and on for over a year. The version of Langosta (the name is Spanish for “lobster”) that has been released with the new Brettia design is 1.0.0, and it has been almost completely rewritten since the 0.2.x days. The codebase recently reached 7,300 lines of code, which is quite a lot considering that there were only about 1,300 lines of code a month ago. For comparison’s sake, I used my statistics script to count the number of lines of code in a standard WordPress distribution, and the total was over 33,000.

Currently, Langosta has the following features:

• Completely dynamic, with all data stored in a database. Switching database servers is easy because of the Creole database abstraction layer (Langosta will work on any database that Creole supports, including MySQL, PostgreSQL, Microsoft SQL Server, and Oracle).
• Protected from spam and other attacks. Langosta has bugs and security holes just like any piece of software, but due to the unique nature of its APIs, it is unlikely that a spammer would wish to spend the time programming a robot to take advantage of them.
• Extensible user authentication system with cookie support. Users must log in using the form above to submit any data to Brettia. This keeps people from commenting anonymously (as spammers often do) and allows me to contact them easily. Using the “Remember Me?” option, their username and password will be remembered for two weeks, making the system less intrusive. Users who already had registered on the old WordPress blog have been migrated automatically.
• Modular in nature. Langosta has been written to be easily extended. Because of this, I can have a weblog and a link log with the same CMS, and a lot of code is reused.

I think that probably covers the main points. I’ve been keeping a TODO file throughout the development of Langosta, and currently the following features are set to be added:

• Improve time-handling, make sure that the server can change to standard time without melting into the ceiling.
• Explore enhancing the design with AJAX and JavaScript, but wait until Langosta is feature-complete.
• Allow users to click other users’ usernames to view their profiles.
• Stop displaying user email addresses.
• Allow users to reset their password via email.
• Validate users’ email addresses by sending an activation message containing a link that must be clicked before their account becomes active.
• Allow users to specify a website in their profile.
• Log IP addresses and user agents.
• Add some way to preview comments before posting them (perhaps a live comment preview using JavaScript?)
• Users should be able to edit or delete their own comments.
• Add a comprehensive search system that searches for keywords in blog entries, comments, user profiles, links, and on static pages, and then displays the results in a easy-to-use format.
• Links and entries should be rateable by readers.
• A stylesheet for the Atom feed is needed.
• Smart 404 errors that search the site for what the user was looking for (using the search system) would be nice.
• Standard blog features such as a calendar and archives pages still need to be added.

There you go, a nice big summary of everything to come. That’s a lot better than 404 and 500 errors, isn’t it?

Before I go back to work, I guess I should mention some of the hoops I had to jump through to make the design work in Internet Explorer 6. Let me just say that, if it weren’t for the 85% of the Internet community that still uses it, I wouldn’t be supporting it at all. When Internet Explorer 7 is released later this summer with major improvements such as PNG alpha transparency support and better CSS support, I’ll probably stop supporting IE 6. Users of Windows XP SP2 will be able to upgrade to IE 7, but anyone using an earlier version of Windows will have to either switch to Firefox or Opera or upgrade their operating system (Windows 2000 is five years old now, get with the program and upgrade to XP already).

If you load this website in Internet Explorer, one thing you might notice is the really ugly login form at the top of every page. This is a strange bug that I don’t want to spend hours fixing. It doesn’t occur in Firefox. Luckily, this is pretty much the only major difference between Brettia in a Mozilla browser and Brettia in a Microsoft browser. If you have an eye for details, you’ll notice that the navigation tabs look much better in Firefox than in Internet Explorer. This is because I used PNG images at 80% transparency so that you can through the tabs to the header image behind it. You might also notice that the tabs have shadows in Firefox but not in Internet Explorer; this is because the GIF format only has binary transparency, meaning that pixels are either transparent or they aren’t, with no degrees of transparency in between. Because the shadows are essentially gradients that become more transparent as they get farther from the edges of the tabs, they need different levels of transparency to function correctly. I was able to keep the shadows on the top, bottom, and sides of the page because those were blended into a solid background in Photoshop. The tabs are not on a solid background, therefore they cannot be blended easily. Oh, and while I’m on the subject of the navigation tabs, I should note that I found the method that I used for displaying them on the Swedish UNICEF website. The final difference between the IE version and the Firefox version is the shadow on the footer element, where copyright information is shown. Originally I had blended that shadow into a solid background like everything else, but I changed it to a transparent shadow for Firefox users so that it blends better with the image in the bottom left of the screen. Compare the design in Firefox against the design in Internet Explorer and you’ll see what I mean.

One last thing before I go back to work: I hate Internet Explorer with a passion. And I hate Microsoft with a passion for waiting so long to finally update the stupid thing. If there is anyone to blame for keeping new web technologies like CSS 3 and PNG alpha transparency (though PNG is hardly new) from taking off, it’s Microsoft. I find it laughable that Microsoft’s marketing name for their antitrust case was “Department of Justice vs. The Freedom to Innovate” when in truth it is Microsoft that stifles innovation.