Date: September 2nd, 2010
Cate: ICT

CakePHP and the SSL connection

So, I’m currently doing a job (well Spire Software is but more on that later) where I’m building a registration form and payment gateway.

It has been a while since I’d done any payment gateways and I was looking forward to using the CakePHP frame work and it’s Security Component. But I’ve had a bit of a * forehead slap* moment which I thought might be worth sharing.

So basically the Security component protects against a range of of things like Cross Site Scripting (XSS – where someone tries to submit data to your site from another) and SQL injection. Being a payment gateway, I also wanted to use SSL.

So I found the Techno Geeks post which contains a very clever way of ensuring that all requests are forced to use SSL.

So I set up my beforeFilter method like this:

function beforeFilter() {
$this->Auth->allow('*');
$this->Security->blackHoleCallback = 'forceSSL';
$this->Security->requireSecure('confirmation', 'processing');
}
function forceSSL() {
$this->redirect('https://' . env('SERVER_NAME') . $this->here);
}

When I implemented it for the two pages that I wanted to use the Security Component I was getting my page, only with several undefined indexes.

Fundamentally, what I wasn’t understanding is what a ‘black hole’ was. Essentially what is meant by ‘Black Holed’ is the site kills the request and gives a 404 Error Page (or Page Not Found). This prevents any nastiness happening and gets rid of any annoying bots out there who just think the page doesn’t exist. So unless you meet the requirements of the Security Component (ie you’re not using SSL) you get black holed.

For the Security component to ‘ok’ a form submission it needs to meet a range of criteria, not least of which is that the request uses a Secure Server Licences (SSL – in other words the web address needs to start with https).

So what was happening is the form was being submitted from a page that was not using SSL and therefore did not meet the security requirements. Instead of just showing a 404 error as the Security Component would usually, it was calling the forceSSL() method which was redirecting me to the same page, only with a https URL. Instead of submitting a form to that page, I was now being redirected to it instead and all the form data that was submitted was being lost.

So to fix it I just changed the parameters I passed to the ‘requireSecure’ methor to an ‘*’ (so that all pages required it). So that line is changed to:

$this->Security->requireSecure('*');

By doing so, I ensure that the form is submitted from a page with SSL enabled (as it automatically redirects me) and the security component is happy, the redirection doesn’t happen and therefore our data is intact.

And we’re done.

Date: August 12th, 2010
Cate: Politics
1 msg

On Compulsory Voting

It doesn’t happen very often, but I think I have changed my mind. It would appear this election has broken me.

I used to be in favour of compulsory voting. Surely a democracy is enhanced when the government is elected by the entire voting population? Well maybe, but isn’t it more democratic if people are allowed to exercise their right to abstain from voting?

I guess, in the past, I’ve supported compulsory voting because, in practice, I thought our democracy was enhanced because the government has a mandate to lead from the entire population. This overrides the democratic trade off where citizens are able to abstain. But the effect of compulsory voting seems to have become greater disenfranchisement of the voting population.

Governments are decided by the handful of electorates that would, presumably, have low voter turnout if voting was not compulsory. They are the swinging voters in marginal seats that are primarily concerned with their lot – their house, their family and their mortgage. They are the product of 50 years of atomisation and suburbanisation in Australia. So the two major parties put the majority of their energy into wooing these voters at the expense of any real vision, safe in the knowledge that their core voters will always vote for them because they have nowhere else to go – it’s a two party system after all*.

Doing away with compulsory voting would, I believe, bust the whole paradox wide open. If you no longer have to worry about wooing those voters and instead have to appeal to your base in the hope that they will go out and vote, you can start to genuinely develop some visionary, if more difficult, policies.

I can’t imagine us moving away from compulsory voting anytime soon, but I’m not in favour of non-compulsory voting.

*There’s not doubt that the Greens are starting to change this for the left of the ALP but they are a very long way off becoming a ‘major’ party.

Date: August 9th, 2010
Cate: Comedy

Ode to the Treadmill

Of all inanimate objects, sure it is the treadmill that has the most comedic potential.

Witness exhibit a)

So what would happen if you tried to do a handstand on a treadmill:

Honestly, what did he expect to happen?

So let’s throw a fat kid into the mix:

And finally to see OK Go’s treadmill awesomeness, go here (embedding turned off).

Date: August 9th, 2010
Cate: Jerk of the Week, Politics

Jerk of the Week: Mark Latham

In the context of my increased anxiety about the potential for Abbott to be elected at the next federal election, the recent actions of Mark Latham defy belief.

Not only did he lampoon Gillard, he made false accusations about the Labor Party having put in a complaint about him being out on the campaign trail for Channel 9. Fortunately, the train-wreck that is Latham became the story as the Channel 9 CEO, David Gyngell, had to unreservedly apologise to Gillard.

What is most frustrating is that Latham was probably one of the best thinkers that ALP has ever had as it’s leader. While I didn’t necessarily agree with his ideas, he was the first Labor Leader since Keating that had a true vision, and a pretty unique and well informed one at that. Margaret Simons’ Quarterly EssayLatham’s World: The New Politics of the Outsiders was a fascinating read about an impressive thinker.

What has grabbed everyone’s attention though, and turned Latham from a proper noun to an adjective, is his unwavering paranoia which renders him incapable of acting in a manner that vaguely resembles sanity.

So for being such wasted potential, you, Mark Latham, are: Jerk of the Week.

Date: July 27th, 2010
Cate: Energy, Politics

Credit where credit is due

It’s important to criticise governments and keep them accountable. It is also important to recognise when they have done good.

The Victorian Government’s Climate Change White Paper is one of these cases.

Victoria now leads Australia in terms of Climate Change policy and action. Whilst it could always go further, the massive increase in renewable energy investment and the decommissioning of Hazelwood are both long over due.

In many ways the efficiency measures outlined, while a little weaker, are probably more important because the issue is not where we get our energy from, but how much we use.

Whilst I support Victoria (and Australia, and the world) running on 100% renewable energy, those that expect this to happen immediately are probably being a little naive. To turn off Hazelwood tomorrow would mean power shortages across the state – something we’d all be pretty frustrated with. We need to reduce out energy demands as quickly as possible and start the switch on renewables as quickly as possible, but this takes time.

And time is the thing we’ve squandered the most.

As for criticism that Brumby has exposed Gillard, I desperately hope it means that she will have to finally take some action.

For the record, in principle, a consensus on climate change is a really good idea. But a “citizen’s assembly” will do absolutely nothing to build a consensus.

What we need is leadership which is what is missing.

Date: July 26th, 2010
Cate: Cycling, Entertainment, Goonanism Websites, Politics, Sommelier.net.au
2 msgs

The week that was

Yesterday afternoon I took myself off to see Inception. I won’t say anything about the film – it’s the sort of film that it is best to go into with few expectations. I do urge to you see it at the earliest convenience though. It is truly incredible – a game changer – one of the best films I’ve seen in a very long time.

I can’t remember the last time I walk out of a film thinking: ‘that changes everything’. The Matrix? Maybe.

Whatever the case, it was a 2 and a half hour film that I didn’t want to end and will probably go and see again while it is playing at the cinema – something I never do.

I rushed home from the cinema to catch the leader’s debate. The contrast could not have been more stark. Moving from something so exciting, so engaging to the most uninspiring, pedestrian leader’s debate I can remember. The only loser in the debate was the Australian public. Does that mean that both leader’s lost?

Waleed Aly said early on in the piece that this election was about nothing. My immediate reaction was ‘oh, about nothing is a bit harsh, it’s about… it’s about… it’s about’.

He’s right and that is really depressing. I’ve never been this disenfranchised with Australia’s political process.

Given our leaders inability to provide me with anything even vaguely resembling intellectual stimulation, I’ve turned to podcasts in a big way. My regular cycling commute has become full of thought provoking material which I’m loving. The podcasts I’m currently loving include:

  • The Bugle (funny and informative)
  • In Our Time (probably haven’t bonded with this one as much as others)
  • NPR: Fresh Air Podcast
  • NPR: Wait, Wait… Don’t tell me (a quiz show that keeps you up to date with news as well)
  • ZDNet: Patch Monday (fully of tech goodness – and Australian!)
  • Tank Riot (too me a little bit of listening to start enjoying but now I’m hooked)
  • This American Life (my favourite – just so interesting)
  • WNYC’s Radio Lab (shorter episodes and very interesting)

Feel free to share your thoughts on podcasts below. Any recommendations?

While riding in to work this morning, listening to a podcast, there was an interesting confrontation on the road. A scooter rider was going a long in the bike lane. This really bothers me. It’s illegal ($50 fine – no demerit points) and dangerous. As a motorcyclist I would never ride in the cycling lane. I knew how much it bothered me when I was cycling and I actually think that it is a much more dangerous thing to do than ‘lane split’. You should always avoid passing on the left… especially when there isn’t actually a lane there as it is the last place a car will look as any cyclist can attest to.

Anyway, on this particular morning a cyclist decided to take issue with the man on the scooter… to the point where he actually tried to push the guy off his scooter. I’m not one for the ‘cyclists-should-behave-well-so-that-cars-are-nice-to-us’ types. I’m all for cyclists being assertive, but this was just going too far.

This week I started doing website support for Prosper Australia (including support for Earth Sharing). I can’t see it being too much work but it’s a bit of fun as they are eager to implement some good changes and it’s always nice when you’re doing some work for someone eager for change that has faith that you can just get it done for them. It also means getting stuck into Pordpress themes and plugins which is something I really enjoy as the API is fantastic.

Unfortunately though, that work meant that I couldn’t get the changes to Sommelier.net.au done that I would have liked to. A few upgrades are coming though and I’ve got a good sense of the next couple of improvements which I’m looking forward to overhauling.

21 weeks to go.

Date: July 23rd, 2010
Cate: This Blog
4 msgs

New look

As you will have noticed by now, this blog has a new look.

I hope you like it. The old template was getting pretty old and I think this one is very neat and easy on the eye. Thanks to MUKI space for making a great template.

What you may not have noticed is that I also have a new home page.

Feel free to leave a comment hear and tell me what you think.

I had started work on a portfolio section of the site but wasn’t happy with it so decided to just get the new site up there without the portfolio. The portfolio will come with time.

I’ve also decided to start using tags.

(PS it seems access to my site is a bit patchy at the moment. It’s BlueHost’s fault. They are aware of the issue and are apparently working on it. For what it is worth, it’s not just my site playing up, it’s everyone’s site on this server.

Date: July 19th, 2010
Cate: Politics
3 msgs

There’s an Election on!?!

(here’s my first mandatory election post, please excuse me, I’m quite jet lagged.)

A little help from Indexed
(an informative graphic from Indexed).

As we all know, 3 weeks ago Julia the Great became leader of the Labor Party. At the time I experienced the familiar wave of excitement I experience every time we get a new leader of the Labor Party. I become so full of hope and optimism. She’s from the Left, she’s done the hard yards, has important links to the Union movement and is Australia’s first female prime minister. How could this go wrong?

This time I really tried to ‘curb my enthusiasm’. I reminded myself of the ongoing disappointment that the Labor Party has left me with and that I’m sure to be disappointed again, but I can’t help myself, I got a little excited. I was even telling some German friends that I met up with how Gillard’s rise was great for Australia. I rushed to revise my position a few days later though as the policies rolled out: we will still be getting an Internet filter; an increasingly inhumane approach to asylum seekers; a absurd population policy; poor response to Climate Change and so on.

I began to get that other familiar feeling… betrayal.

At times I’ve heard myself say: ‘If Malcolm Turnbul was leader of the opposition I would consider putting the Libs above the ALP on my ballot paper’. That’s utter crap of course. Whilst I’m attracted to the progressive liberalism of the Liberal Party’s ‘Wet’ faction, the reality is that with the Libs in power there will be less spending on Health and Education, not to mention a further regression of Industrial Relations. My comment is really intended to point out that there isn’t much difference between the two major parties.

So how can I support a party that conforms to the popularist crap that the ALP does? I can’t. The problem is, that unless the ALP does conform to said popularist crap then they won’t be re-elected, which means having Abbott as PM which means I’m leaving the country (actually, I’ll be doing that anyway, but I’ll blame Abbott if I can).

Being the inner-city intellectual type, I’ve actually got a pretty good local (ALP) member (Kevin Thompson). There’s another dilemma: if the ALP lose Thompson there will be one less moderating voice in the ALP.

So once again, I’ll be voting Green’s this election and I’d encourage you to do the same. Not because I’m a particularly big fan of the Greens, I actually think they are conservative on a few issues, but because they are the party that most closely represent my views. In fact they are often the only ones that speak with any sense.

I’m depressed.

(On a slightly more encouraging note, it is good news for all that the Greens and the ALP have done a preference deal. I may also have a small crush on Bob Brown.)

Date: June 8th, 2010
Cate: ICT

Using PEAR to send Email via SMTP

The php mail() function is great. Super easy to use and no setup required. But it would seem some spam filters are often suspicious of email sent this way and rightly or wrongly I just don’t feel it is reliable enough.

I’m currently redesigning the Goonanism home page – it’s starting to look a bit stale (launch TBA) and I thought it was important that the contact page on the new site was as reliable as possible.

Knowing that my web hosts supported PEAR I decided to use PEAR’s Mail function instead. So I wrote the following script:
< ?php
    $name = $_POST['name'];
    $email = $_POST['email'];
    $message = $_POST['message'];
    require_once("Mail.php");
    $from = 'Website Enquiry ';
    $to = "Hammy Goonan ";
    $subject = "Website enquiry";
    $body = $message;
    $host = "hostdetails";
    $username = "username";
    $password = "password";
    $headers = array ('From' => $from,
        'To' => $to,
        'Subject' => $subject
    );
    $smtp = Mail::factory('smtp',
        array ('host' => $host,
            'auth' => true,
            'username' => $username,
            'password' => $password,
            'port' => '25'
        )
    );
    $mail = $smtp->send($to, $headers, $body);
    if (PEAR::isError($mail)) {
        echo($mail->getMessage());
    }
    else {
        echo("Message successfully sent!");
    }
?>

This gave me an error saying:

Class 'Net_SMTP' not found in /usr/local/php52/pear/Mail/smtp.php on line 210

So, using siteground as my host, I followed this tutorial.

Having uploaded the Net_STMP files and setting up my php.ini files I then got this error:

Fatal error: require_once() [function.require]: Failed opening required 'PEAR.php' (include_path='.:/usr/lib/php:/usr/local/lib/php:/home/goonanis/pear') in /home/goonanis/pear/Net_SMTP/SMTP.php

So it was clear to me that because of the new php.ini file, I would have to upload all the dependant packages to get this working.

Having uploaded various packages I was still getting an error saying:

Call to undefined method PEAR_Error::send()

Reading through various forums I realised that Mail::factory() will return a PEAR_Error object upon failure. So $smtp became a PEAR_Error so when I tried to call PEAR_Error::send() it wasn’t there, hence the error.

When I print_r() $smtp the PEAR_Error Object was actually throwing an error saying:

Unable to find class for driver smtp

A much more useful error message.

I only mention all of this because I had a lot of trouble sorting through forums to find this information out.

Anyway, the long and the short of it was that I needed to have the following packages and file structure for the PEAR Mail function to work:

pear
    /Mail
        /RFC822.php
        /mail.php
        /mock.php
        /null.php
        /sendmail.php
        /smtp.php
        /smtpmx.php
    /Net
        /SMTP.php
        /Socket.php
    /Mail.php
    /PEAR.php
    /PEAR5.php

Which you can find in the following PEAR packages:

  • Pear
  • Mail
  • Net_Socket
  • Net_STMP

I hope that helps!

Date: June 2nd, 2010
Cate: Goonanism Websites, Politics

Vote ’1′ – VictoriaMyCommunity.org

AGrowingCommunity, in conjunction with, Australian Centre for Democracy and Justice, Friends of the Earth Melbourne, the Victorian Eco Inovation Lab and CERES Environment Park have an entry in ‘AppMyState’, a competition to build mobile and web applications that will benefit Victorians.

Our entry, VictoriaMyCommunity.org, lets you add, find and connect with community resources, services and groups in the area around you.

Based on a mapping interface, the Application is a community built tool that allows community groups, local government and individuals, build, document and share information about their community with others around them.

You can see the site at: http://victoriamycommunity.org

You can vote at: http://www.premier.vic.gov.au/app-my-state/view-application-submissions/item/root/victoriamycommunityorg.html

Entries close this Friday (4th June), so make sure you vote today!

« Older Entries