loading…

Why do I need this?

The new Google Maps layout has a chain-link icon on the left that gives you a URL to what you’re looking at. If you’re in Street View, sometimes the given URL doesn’t include the proper parameters and you end up back on the top-down map view. This converter pulls a valid Street View URL out of the embed HTML.

source code

The first two bars I used to play on the electric piano but couldn’t figure out how to make it into a (pop) song. This is more fun.

Use Cases

1. Filtering with ordering: setting visibility and order of group widgets; photo albums; user’s favorite entities
2. Ordering without filtering: sticky items/comments; setting top pages to display in widgets
3. Filtering without ordering: list of users from whom a user does not want to see activity; list of users who can access a resource (possible replacement of separate ACL tables)

The logic of how a collection filters/orders a result set could be stored in the collection to specify a default behavior, but this logic could be overridden to allow, e.g., ordering in reverse order or excluding items in the collection.

Data Model

ElggCollection would extend ElggEntity, storing the following attributes in a new table {prefix}collections_entity:

• key_id (int): metastring id of the key (case-insensitive) used to locate the collection within its container. A container may have only one collection under a given key.
• items_type (tinyint, default 0): 0 = entity, 1 = annotation
• order_direction (tinyint, default 1): 0 = no order, 1 = ASC, 2 = DESC
• filter_type (tinyint, default 0) 0 = do not filter items, 1 = fetch only collection items, 2 = fetch only non-collection items
• items_first (tinyint, default 1) 0 = non-collection items appear first, 1 = collection items appear first
• title (varchar 255, optional)
• description (text, optional)

Note: The collection key eliminates the need for a separate metadata/relationship entity to tie a collection to an entity, and gives a predictable method of finding a collection. It’s likely that keys will be identical among many entities so the metastrings are a good use here.

The table {prefix}collection_items would provide storage for the collection:

• id (AUTOINC): primary key
• guid (int): the collection’s GUID
• item (int): an integer in the collection (e.g. an entity GUID, an annotation id)
• priority (int, optional): the ranking of the stored item.

Usage and Permissions

To access a collection directly, user code would access its container entity, then access the associated collection (which may have a different ACL) via its key:

$stickyItems = elgg_get_collection($group, 'stickyItems');

To use the collection, code would pass the ElggCollection object (or an array of them) to any of the elgg_get_entities() family of functions via the options key “collections”.

$content = elgg_list_entities(array(
    'collections' => elgg_get_collection($group, 'stickyItems'),
    /* other options */
));

During query generation, the order_direction, filter_type, and items_first attributes of the collections would be used to specify how the collection_items table is joined and how the query is ordered.

Creation and Editing

Only users who canEdit() the container entity are permitted to create or alter associated collections.

$faves = elgg_create_collection($user, 'faves', ElggCollection::ENTITIES);
$faves->order_direction = ElggCollection::ORDER_DESC;
$faves->save();
$faves->appendItem($entity_or_guid); // ...alteration methods TBD

Integration Without Rewriting Code

By naming their query and calling a plugin hook like “collections:apply”, an author could allow other authors to add collections to be applied. The following is an example of enabling this in the pages widget query:

$collections = elgg_trigger_plugin_hook(
    'collections:apply',
    'entity',
    array(
        'container' => $vars['entity'],
        'query_name' => 'pages_widget_content'),
    array()
);
$options = array(
    /* ...existing pages widget content options... */
    'collections' => $collections,
);
$content = elgg_list_entities($options);

A less verbose API might allow passing the query_name and container directly into elgg_get_entities(), which could trigger the plugin hook:

$options = array(
    /* ...existing pages widget content options... */
    'collections_query_name' => 'pages_widget_content',
    'collections_container' => $vars['entity'],
);
$content = elgg_list_entities($options);

Notes

• Tying collections (and their editing permissions) to a container (and its canEdit() method) I think makes sense. Only group owners can alter collections tied to their groups. Users can still make their own collections about anything, but cannot hijack a group’s “official” collection by simply knowing its key.
• How do we apply multiple collections?
• If the applied collections just provide order, which collection’s ORDER BY clause comes first?
• A plugin hook could remove/reorder collections. Should they be able to?
• What happens if a collection cannot be accessed? Some queries will not make sense without the collection. Considering this, a collection that’s meant to filter out all non-collection items is a special case where the query should not run at all. What makes the problem harder is that, if the collection can’t be accessed, we also can’t know that it is this type of collection!
• The above point makes me suspect that it’s folly to store the join/ordering attributes. A better idea might be to require the user to specify join/order attributes whenever the collection is fetched. That way, depending on need, an empty, non-savable collection could be substituted.

With 2012 bringing a host of cannabis-related ballot initiatives to voters, Walters’ style of deception is making a comeback. Look at this editorial.

Data also reveal that marijuana potency has almost tripled in the past 20 years. This is especially troubling for use among teens because the earlier a person begins to use drugs, the more likely they are to develop a more serious abuse and addiction problem later in life.

No studies I’m aware of link an increase in THC potency to anything mentioned in the second sentence. Also note that cannabis regulation could actually dictate potency, and kids are getting pot earlier under the current policy. The irony here is that higher THC potency reduces the amount of smoking (a good thing) the user needs to do to achieve the desired level of intoxication.

Would marijuana legalization make Tennessee healthier or safer? One needs to look no further than Tennessee’s current painful experience with prescription drug abuse.

Prescription drugs (generally highly pure synthetic opiates) are not cannabis.

…prescription drugs are legal, regulated, and taxed — and yet rates of the abuse…

Proposed cannabis regulation is generally not by prescription, so this sentence seems purely a distraction. Prescription drugs are scary!

Nationally, someone dies from an unintentional drug overdose — driven in large part by prescription drug abuse — on average every 19 minutes.

Prescription drug abuse is deadly, and is not cannabis use. Surely he forgot to mention cannabis is practically non-toxic.

What would America look like if we had just as many people using marijuana as we currently have smoking cigarettes, abusing alcohol, and abusing prescription drugs?

Why would we have that? It’s true that legalized cannabis would broaden the base of users, but there’s just not a lot of reason to cue scary music.

The bottom line is that laws that control substances have had a real and lasting effect on keeping drug use rates relatively low.

A gem of truth! Prohibition does reduce use, which is only one of many metrics by which you should judge public policy. We could certainly reduce alcohol use, premarital sex, masturbation, swearing, blasphemy and other ills by making them all illegal and giving police endlessly increasing funding and power to stamp them out.

Moreover, other addictive substances like alcohol and tobacco, which are already legal and taxed, cost much more in social costs than the revenue they generate.

It’s true, drugs that are not cannabis are not cannabis, and alcohol excise taxes should be raised considerably. Why has the ONDCP never taken up this cause? As Mark Kleiman put it, a drug policy that ignores alcohol is like a naval policy that ignores the Pacific. Further, you’ll not find a study that shows cannabis causes more damage than alcohol/tobacco.

This isn’t to say that we believe we can arrest our way out of our nation’s drug problem.

AFAIK in no way has the ONDCP or DEA promoted any policy that would lead to fewer arrests, and the federal grant programs that built up local drug task force militarization are still in place (with a nice boost in the stimulus act).

[blah blah diversion treatment programs]

Yes, a small percentage of daily cannabis users will find it difficult to quit, experiencing problems with sleeping, mood, and discomfort (think quitting tobacco). IMO introducing the criminal justice system as executed in the U.S. does not, on net, improve any user’s situation.

(BTW, evidence suggests that involuntary treatment is a waste of money for most people, who can and do quit even highly addictive substances by themselves with a credible threat of an immediate and short jail sentence. Sending cannabis users who happen to get caught to treatment is an incredible waste of money and hard-to-find treatment space.)

Marijuana legalization would be disastrous public health policy, because it would increase availability and increase the use of a substance that we know to be harmful.

While increase in availability and use is a certainty of commercial legalization (it’s not my preferred policy), there’s only a sliver of the accounting on display here. This may come as a shock, but people can enjoy and benefit from cannabis use, and of course the removal of the damaging aspects of prohibition reduce future damage.

On whole I see commercial “legalization” as being a small net win, and a large win if its mandated that users may only use vaporizers (or e-cigarettes); that higher CBD/THC ratios are required; and that it remains illegal to “spike” foods for unsuspecting eaters, which I suspect to be the leading cause of people “freaking out” and seeking ultimately unnecessary ER visits. There’s also some encouraging evidence that suggests that, in medical marijuana states, young adults and teens are substituting cannabis for alcohol use resulting in notable drops in traffic fatalities.

Decades of experience have shown that there are no “silver bullet” approaches to addressing our national drug problem.

So true, but discovering silver bullets requires firing a few; unless I’m mistaken we haven’t actually tried any other approaches over those decades regarding cannabis on the federal level. I think we should.

x-0-2-2-1-1  C#m
x-0-2-2-1-0  (x 2)
x-2-3-2-x-0  D#m7-5
x-2-3-2-3-x  (x 2)
0-x-3-2-3-x  C#m/G#
0-x-2-2-1-x  (x 2)
x-x-1-2-1-x  D#7-9/G
x-x-1-2-0-x  (x 2)
0-x-0-1-1-x  G#7+
0-x-0-1-0-x  (x 2)
x-0-4-2-1-0  C#m6 (C#m the 2nd time)

The final synth harmony is a low C# and slightly flat B with rich harmonics implying a C#7 (major).

Look at the documentation for WordPress’s get_the_title:

Returns

(string) 

Post title. …

If the title is Stan "The Man" & Capt. <Awesome>, will & and < be escaped? Will the quotes be escaped? “string” leaves these important questions unanswered. This isn’t meant to slight WordPress’s documentation team (they at least frequently give you example code from which you can guess the escaping model); the problem is endemic to web software.

So for better web security—and developer sanity—I think we need a shared vocabulary of string subtypes which can supply this missing metadata at least via mention or annotation in the documentation (if not via actual types).

Proposed Subtypes and Content Models

A basic set of four might help quite a bit. Each should have its own URL to explain its content model in detail, and how it should be handled:

Unescaped

Arbitrary characters not escaped for HTML in any way, possibly including nulls/control characters. If a string’s subtype is not explicit, for safety it should be assumed to contain this content.

Markup

Well-formed HTML markup matching the serialization of a DocumentFragment

TaglessMarkup

Markup containing no literal less-than sign (U+003C) characters (e.g. for output inside title/textarea elements)

AttrValue

TaglessMarkup containing no literal apostrophe (U+0027) or quotation mark (U+0022) characters, for output as a single/double-quoted attribute value

What would these really give us?

These subtypes cannot make promises about what they contain, but are rather for making explicit what they should contain. It’s still up to developers to correctly handle input, character encoding, filtering, and string operations to fulfill those contracts.

The work left to do is to define how these subtypes should be handled and in what contexts they can be output as-is, and what escaping needs to be applied in other contexts.

Obvious Limitations

For the sake of simplicity, these subtypes shouldn’t attempt to address notions of input filtering or whether a string should be considered “clean”, “tainted”, “unsafe”, etc. A type/annotation convention like this should be used to assist—not replace—experienced developers practicing secure coding methods.

/**
 * Rot35 with URL/urlencode-friendly mappings. To avoid increasing size during
 * urlencode(), commonly encoded chars are mapped to more rarely used chars.
 */
function rotUrl($url) {
    return strtr($url,
        './-:?=&%# ZQXJKVWPY abcdefghijklmnopqrstuvwxyz123456789ABCDEFGHILMNORSTU',
        'ZQXJKVWPY ./-:?=&%# 123456789ABCDEFGHILMNORSTUabcdefghijklmnopqrstuvwxyz');
}

rotUrl('https://en.wikipedia.org/w/index.php?title=Special%3ASearch&search=Base64#foo')
    == '8MMGLJQQ5EZR9B9G5491ZFI7QRQ9E45SZG8GKM9MC5VxG5391CPcjx51I38WL51I38Vk1L5fdY6FF';
rotUrl(rotUrl($anyUrl)) = $anyUrl;

You could save a few more bytes by encoding the schema (e.g. “h” for http://, “H” for https://). Since your end encoding has to be URL-safe, there’s not much you can do beyond this to compress a URL embedded in a URL.

ValidatePrivatePage <– validates in new window (your pop-up blocker may complain)

If you need to validate the markup of a page that’s not public (e.g. on localhost), you can now use this bookmarklet to auto-submit the current page source to the validator (instead of viewing source, copying, opening the validator, pasting in, and pressing “check”).

Note: this gets the page source making an XMLHTTPRequest to the current URL, so it does not get interpreted by the browser; i.e. this is NOT based on innerHTML(). If the request made returns a different page (e.g. you were logged out in the meantime), that page’s source will be sent to the validator. Not much can be done about that. I once wrote a crusty PHP4 class/bookmarklet combo that helped do this, but thanks to the standardization of XMLHTTPRequest, this is easy in JS now. You should also thank W3C for allowing cross-domain POSTs to the validator :)

But NetBeans is not all smiles and sunshine.

• It does not check that a remote file has been changed before uploading, making it really easy to overwrite changes made by someone else since you downloaded last. It could mitigate this a bit by auto-downloading a file when you open it, but it doesn’t do this either. This makes it dangerous for a team working on the same codebase.
• It sometimes (lately multiple times a day) turns off its “Upload on Save” functionality with no warning.
• There’s no way to know it’s off other than to start noticing your changes aren’t affecting the server! The preferences checkbox remains checked.
• Even worse, you have to exit/reopen NetBeans to turn it back on.
• Recent changes in 7.1 make uploading faster, but no longer is all SFTP activity logged in the “output” pane, meaning it’s even harder to tell when Upload on Save turns off.
• It will recognize file changes made by other processes, but won’t auto-upload those changes, even when “Upload on Save” is on (forgivable, but annoying).
• Similarly, when you diff between files and transfer changes across, the changed file won’t be uploaded unless to know to click a green button that looks like a “refresh” icon. Who would suspect [refresh] to upload a file?
• About 10% of the time when you first open the IDE it gets stuck scanning for changes in your files, especially if you have a lot of them in your projects, which of course you do.
• When this happens, auto-complete doesn’t work.
• If you create a new file/folder while it’s scanning, the IDE will often freeze.
• Killing its process and reopening NetBeans is the only way to get it working again.

Some of these bugs are, to put it dramatically, totally devastating for the world’s PHP developers. NetBeans is—when it’s working—an astoundingly great environment to code in, but, with the latest updates, infrequent annoyances are starting to become regular fist shakers. It sucks that I can’t currently recommend NetBeans to anyone working on remote servers, especially in a team.

As I mentioned, Eclipse’s remote editing lacks code comprehension; I tried Apatana recently and managing remote projects was painful…might as well keep a separate SFTP client open.

How are Zend Studio and PHPStorm for working on remote codebases? I’m on OSX at work, but I’ll run Windows if it means getting a better editor.

Aside: Yes, I’m aware source control is the solution to the team-building-a-single-codebase problem. I use git/svn wherever possible, but setting up a proper environment takes time and developer coordination that’s lacking at the moment.

/* @var $varName TypeName */

After this comment (and as long as TypeName is defined in your project/project’s include path), when you start to type $varName, Netbeans will offer to autocomplete it, and will offer TypeName method/property suggestions. If you rename the variable with Ctrl+r (rename refactoring), Netbeans will change the comment, too.

I usually forget this syntax because type comes first in @param declarations.

Update: PhpStorm supports a similar syntax, but reversing the type and variable name:

/* @var TypeName $varName */