Why is Apache sending a “X-Pad” header?

Apache sometimes sends an HTTP header “X-Pad: avoid browser bug” for reasons that aren’t entirely clear. There isn’t a lot of searchable information about this header, so my coworker Matt dug into the source code and found out what’s going on.
The header was added to deal with a bug Netscape versions 2 through 4.0b2. The bug was that Netscape would hang if a linefeed character was sent as the 256 or 257 byte. Apache checks to see if it’s about to hit the bug and, if so, sends this header to pad the output.
The fix is from April of 1997. If they had waited a few months to report it, they might have earned $1,000 with Netscape’s Bug Bounty.
Hopefully this blog post will make the X-Pad header show up in Google and save future people from wondering what it is.

Continue reading “Why is Apache sending a “X-Pad” header?”

DRYer than thou

At work we have a project (launching Monday, w00t!) that has a lot of cool things happening on the browser side. You know kids these days, what with their jQueries and Web 2.0s, they need whiz bang special effects in their websites. In my day, we only had one type of input field in our forms, and we liked it! Don’t know how lucky they are… but I digress.

One problem we ran into was that we needed to do the same calculation on the server side and the client side. Let’s say for the sake of example that we need to calculate Michigan’s 6% sales tax or California’s 7.25% sales tax. The real calculation was only slightly more complex. One thing to note is that the calculation would need to be very responsive because it would be running a lot and affecting user input, so speed is a concern.

I came up with two options. The first is to write the same calculation in PHP for the server side and JavaScript for the client side. I didn’t love this because it isn’t DRY. If we had two calculations in two different files then when someone was updating the code they would likely miss the other one.

The other option I came up with was to put the calculation on the server side only and use AJAX to run it on the client side. This seemed overly complex, which will sound funny when you see what we decided on. We had avoided AJAX on the site because it wasn’t really needed; adding it for this seemed like a bad value/complexity trade off. I was also worried that server lag could cause a bad user experience, as I pointed out above the calculation needed to be fast.

So I was talking it over with my coworker Matt and he made a joke and we both laughed it off. Then we thought about it, and realized there there were fewer downsides to his approach than my two, so I started coding.

Continue reading “DRYer than thou”

Firefox 2’s great new feature with a horrible UI

Firefox 2 (which is officially released today) has a great new bookmarking feature: Microsummaries.

These are short bits of information in bookmarks’ titles that update from time to time. Imagine bookmarking an eBay auction and seeing the current price in your bookmarks bar, or bookmarking your webmail and seeing your unread messages count, or bookmarking this blog and seeing the latest blog post title. Well with the last one, you can. Here’s how:

First, install Firefox 2.0 if you haven’t already. Bask in the integrated spellchecker, marvel at the extension upgrade process, yadda yadda yadda. Got it? OK.

Go to my blog and bookmark it by either going to the “Bookmarks” menu then “Bookmark This Page…” or using the Cmd-D keyboard shortcut (Ctrl-D on Windows/Linux).

Wait a couple seconds for the “Name:” field to become a dropdown. Finally, choose the one under “Live Titles” and your bookmark will update periodically whenever I make a new post.

Bookmarks properties dialog

That’s it! Thanks to Brian for cluing me in to this, he’s got it working on WordPress with WP-Microsummary. I rolled my own solution for Movable Type, but I’ll leave that for another day.

Hopefully the Firefox team improves the usability of this feature, it’s kind of sad that there’s no way to spot microsummary-enabled sites out of the box. I suspect that extensions and Greasemonkey scripts will fill in some of the gap.

Also, I’m just scratching the surface of microsummaries. It’s even possible to add microsummaries for sites that don’t support them (including the eBay example from above), but now that you know about them you can go find out more on your own.

[Update: OK, the UI isn’t as awful as I thought, I originally thought the only way to get the Microsummary was to bookmark and then to right-click on it and choose properties. I’ve updated the post to reflect the fact that Microsummaries are also available with the “Bookmark this page…” dialog.]

What infuriates me about Rails

Python and RubyDHH, creator of Rails, drew attention to my least favorite aspect of the framework in his wrap-up of the recent Snakes and Rubies throw-down.

To me, such an elaborate administration interface with login, permissions, and groups and what have you is out of scope for inclusion in the core framework.

Show of hands, how many deployed Rails apps have no concept of users?

I’m sure there are some, but the majority have some sort of registration, login and authorization. How many programmer hours are going into either re-inventing the wheel or customizing existing solutions?

Worse, a lot of projects will start with one of the many existing solutions only to realize too late that they need something different. Then they wind up having to maintain a customized solution that doesn’t participate in the network effects of community development.

There is a “less software” solution to this complexity.

Here’s what you do: Make an ActionUser module part of the Rails core. Add a good API for ActionController and ActiveRecord to authenticate methods against the current user. That’s it.

Just as important, here’s what you don’t do: Don’t implement permissions. Don’t implement roles. Don’t implement ACLs. Don’t create fancy permission management views, or even login controllers. That doesn’t belong in the core framework.

Just like ActiveRecord is database-agnostic, allow people to write pluggable auth. modules so that do the dirty work. Need to authenticate against LDAP? Make ActionUser::LDAP. Just need to keep anonymous users out of an admin section? Make ActionUser::Simple. Need to authenticate with cookies, or HTTP auth, or Kerberos? Interchangeable modules. Develop locally with SQLite and HTTP auth, then deploy to production with Oracle and Kerberos.

I know DHH isn’t interested in including this in the core, but it’s not like ActionMailer shows up in Martin Fowler’s Patterns of Enterprise Application Architecture. With so many different auth projects going on I can’t help but think that a standard interface for auth would benefit the community as a whole.

Am I the only Rails developer sick of repeating myself, cobbling together auth for each new project?

PHP on Rails

The funny thing about working with Ruby on Rails is that its made me a better PHP developer.

A client wanted something developed and chose being able to support the app with their in-house PHP experience over Rails’ speed of development. I’m now using tools like DB_DataObject to emulate some of what I love about ActiveRecord. I’m making each PHP file its own controller, and using Smarty for the V in MVC. If you look at my include directory it looks suspiciously like a Rails directory.

Yes, I know about Cake, but I only have so much time to invest in learning frameworks, and I still prefer Rails.

Like pagecurl for web developers

I’m learning Ruby on Rails for a personal project (hopefully announce early next month) and I’m a member of the cult now. One thing though, is they make certain AJAX effects really, really easy. For instance, to add Google Suggest-like auto-completion, it’s two lines of code.

I think it’s great that Thomas Fuchs and the RoR team could make it so easy to make interactive web apps, but at the same time I get the feeling that this will be the most over-used web cliché of 2006:
Autocomplete screengrab, which is a double tease since you can't see the image and you probably can't use autocomplete

Cool stuff I noticed about Google Maps

If you haven’t been to Google Maps yet,

  1. Get yourself some better RSS feeds
  2. Go to http://maps.google.com/

Here are some cool things I’ve noticed about Google Maps. I think this is going to be one of those posts I update a lot in a day.

  • The URLs are fairly clean. You can look up an address from your location bar by putting “http://maps.google.com/maps?q=” before it. For example: http://maps.google.com/maps?q=742 Evergreen Terrace, Springfield
    You can also specify the latitude and longitude by passing ll=$LAT,$LON where $LAT and $LON are decimals. That means you can make a bookmarklet that would show you the location of a blog based on it’s GeoURL. In fact, I did just that: Map GeoURL
  • They use semi-transparent PNGs for routes over street maps (do they get this to work correctly in IE?). That means they only have to dynamically generate route images, all the map images can be static.
    Also, they’re using XSL on the client side, from a brief glance it looks like app uses XMLHttpRequest to query the map server, then rendering the result with XSL (but I could be completely wrong). Update: as simple as possible, but no simpler has an in depth look at the mechanics.
  • Google Local searches are based on what’s on the map by default. For instance, search for your address, clear the search box and search for pizza. Since the map is centered on your address, it will search around you. If you double click somewhere on the map to recenter and search again, it will use the new map center.

  • You can use the arrow keys on your keyboard to move around the map. + and - zoom.

  • On the driving directions, you can click on the step number to see a cool zoom of what you need to do for your turn.

  • Google owns Keyhole, who make a really cool product with pictures of the world. Hopefully those pictures will get integrated real soon.

  • Ted Mielczarek has written a Firefox extension to load the current Google map into Keyhole. I don’t have Keyhole (there’s a free demo, but not for the Mac) so I haven’t tested it and can’t vouch for it.