Rich's Rants

Drupal 6 Performance, Part 3

2011-10-11T09:50:00.000-05:00

After weeks of no problems in STAGING and loadtests looking great, it turns out there's just one teensy little flaw in caching Drupal pages longer than a couple days...

Drupal nukes the CSS/JS optimized/consolidated temp files every couple days.

So the monitoring sees a nice valid HTML from an HTTP 200, but humans see a theme-less site.

Worse, the thing corrects itself somehow, or our guys jump on it and flush the cache, and it's all good...

For a couple days.

Rinse, repeat.

Digging into the Drupal caching source code even deeper, and I'm convinced: This things wasn't architected; It just grew.

It's a spaghetti code mess.

I defy any Drupal core dev to correctly describe the caching "architecture" of D6 pages, CSS, JS, blocks, views, etc in any coherent way.

I officially give up now.

When the VP of Marketing complains the site is slow, I'll just say "Yes, it is. That's Drupal."

We'll have to spider the silly thing after every cron job, actually, instead of doing that. Which sucks, but there it is.

Drupal 6 Performance, Part 2

2011-09-14T10:01:00.004-05:00

First, I was wrong.

I was wrong on two points.

Number 1 Mistake:

I thought that there would be a slow query in the mysql slow query log that, with an index, would magically make Drupal 6 faster.

There wasn't.

There were a few slow queries, but they had perfectly good indexes, and they were slow, as far as I can tell from the symptoms, due to thread contention, as described here:
Facebook Doubles MySQL Throughput with PMP

Unfortunately, there are three problems with the solution there.
1) It would take me forever to figure out what those guys are really doing
2) We'd never be able to run un-approved MySQL patches like that
3) There's no way my VP of Marketing is pounding our server hard enough for this to be the problem I'm trying to solve.

So as much as I'd love to dive in and follow in Domas' and Mark's footsteps, that's not going to happen.

Number 2 Mistake:

In my previous article, I stated that I had attempted to eliminate some obvious candidates, and one of those was:
"It only fails after a cache flush? No."

I was wrong.

So very very wrong.

I had eliminated the manual cache flushes done by our team as a source of the problem.

What I didn't know was that Drupal 6 (and 7) has a brain-dead hard-wired notion that a "Page" in cache_page should be flushed every time cron runs.

Yes, there is a setting for cache_lifetime on your admin "Performance" page, but page_set_cache ignores that silly little administrative option.
(What actually honors that setting is perhaps an even more interesting architectural decision than flushing the Page cache every cron run.)

This is apparently a known issue as described here:
Drupals cron kills you

Note that a couple high-profile Drupal community members who should know better make blatantly wrong statements in the Comments.

I have broken the rules and patched Drupal core, and probably broken polls (we don't use them).

In your includes/common.inc file, you can apply a patch like this:

cat common.inc.patch_cache_page_honor_cache_lifetime 
--- common.inc.original 2011-09-13 09:37:30.000000000 -0500
+++ common.inc  2011-09-13 09:39:04.000000000 -0500
@@ -2701,7 +2701,7 @@
         $data = gzencode($data, 9, FORCE_GZIP);
       }
       ob_end_flush();
-      cache_set($base_root . request_uri(), $data, 'cache_page', CACHE_TEMPORARY, drupal_get_headers());
+      cache_set($base_root . request_uri(), $data, 'cache_page', variable_get('cache_lifetime', CACHE_TEMPORARY), drupal_get_headers());
     }
   }
 }

Our Drupal pages now are cached honoring the cache_lifetime setting in Performance (as I expected for the past 18+ months) and we got consistent 100 requests per second across 15 multisites in loadtests last night, as we should.

I probably should have run more nights of loadtests before posting this, but I wanted to get this typed up while it was fresh, and, really, now that I know what's going on, I'm pretty confident of this solution.

Actually, I might just change that again to CACHE_PERMANENT, as caching a page only for a day when they change very seldom is just silly. But that's probably just us. Most Drupal users probably expect the behaviour of the patch above, based on the UI.

Here's one site's zoomed in graph comparing the 13th (with Drupal pages at 0 for failing to respond at all to 90% of my ab -n 1000 -c 100) but on the 14th, similar pages get ~100 requests per second.

Note that the highest peaks in the above graph are static images and JS/CSS files, not Drupal pages.

I'm expecting my loadtest graphs to get much smoother now, with no 0s littered everywhere.

Drupal 6 Performance

2011-09-08T10:48:00.006-05:00

There are a lot of things I like about Drupal.

Performance, however, is not one of them.

Yes, I turned caching on.
Yes, CSS and JS Optimization are on.
Yes, I used YSlow.
Yes, the GA code is at the bottom.
Yes, the images are small.
Yes, our custom HTML templates validate.
Yes, I have fought off the business unit's demands to install modules recommended by SEO "experts" (cough, cough) which are completely inapplicable to our situation. (Example: When all your content is input by staff, you really don't need that spam detector in the cloud service module. If our staff start putting in Viagra ads, we'll just fire them.)

And, yes, I have a problem.

Well, several problems, actually, but if the preceding example didn't already clue you in that the business process is quite disfunctional, and that was only the tip of the iceberg, you haven't worked for enough large corporations, and there is nowhere near enough room in this blog post to pull that iceberg into view. I'll get back on focus now.

Here's the thing: Most of the time, Drupal is hitting its built-in cache with an indexed query of the entire HTML page for an anonymous user.
This is, naturally, quite acceptable, as it simply bootstraps a few too many PHP files (minor annoyance) and runs a single indexed query on a URL->HTML relationship and spits out the page and exits.

Unfortunately, my performance "pre-emptive monitoring. quasi-loadtest, and let's make sure none of these sites will make PRODUCTION fall over, and let's catch when the Drupal guy didn't turn caching on" ad hoc process, indicates that occasionally, some URL is performing abysmally [viz].

I am not an expert in testing, nor Drupal, nor mysql. But I have spent 25+ years specializing in PHP applications, so know a little bit about all those things. If my methodology is a bit "off", I am pretty confident the results are still "close enough".

Specifics:

I have 15 multisites same-codebase different-database D6 sites on a STAGING box, where business units QA (sort of) and approve (or not, or shouldn't have but did) before launch to PRODUCTION. Staging is a 2-tier setup, with 1 www node and 1 mysql node. We're running stock RHEL plus EPEL builds for the most part. PHP 5.3, MySQL 5.1. If you've done Drupal multisite, I haven't done anything particularly weird or interesting here.

There are also a couple "baseline" sites, with just static HTML pages, "phpinfo();", and a "mysql_connect(); mysql_query('select version');" for comparison purposes with the real sites, just so I know that there's nothing inherently wrong with Apache, PHP, nor PHP-to-mysql.

At night, while real people sleep, I spider each site on a configurable schedule, mostly weekly, and store all the URLs in a flat file per site. In addition, every 5 minutes, an ab loadtest fires for the "next" site in a queue for a randomly-selected URL from that site:


ab -n 1000 -c 100 $random_url_here

Some of the URLs are images. Some are CSS/JS. Some are actual Drupal nodes.

I record the ab result files, prepending a line to tell me which URL was requested.

I also log the requests per second in a database table, counting a big fat 0 for any errors I can detect. For example, if there were any non-2xx HTTP response codes, it's counted a complete failure in my book. If any of the 1000 requests never came back, again, big fat 0. (This is where testing experts are probably crying in their coffee. Sorry.)

I have some kludgy-hand made PHP|GD graphs.
(Yes, I'm old-school and can visualize and draw a halfway decent graph in PHP code faster than I can fight your fancy new-fangled tools to get a really nice graph. Sorry.)

Here is what a sample site graph looks like:

(The density on the left is because I used to run the loadtests all day every day, but scaled back to night-time in the middle of this process. Yes, testing experts everywhere are crying in their coffee. Sorry.)

First thing to look at is the bottom center stats min/avg/max: 0/265/1010
That means this site is getting a very acceptable "average" 265 requests per second across all the ab runs you see in the graph.
And that 1010 means that one URL excelled and had 1,010 requests per second in an ab run.
Alas, there is a 0 for that min, and that's the problem.

In fact, looking at the green lines of the graph itself, you see a fair number of 0 data points.

I won't bore you with hundreds of ab text outputs, nor the tedious process of matching them up with the dots on the graph, but here's the basic trend:
Static CSS/JS and even images come in first place with the peaks in the hundreds of requests per second.
Most Drupal URLs come in acceptable levels around 100 requests per second.
Occasional Drupal URLs just plain bomb out with, for example, only 8 successful requests, and 992 failures and get the big fat 0.

I have also attempted to eliminate the following:

The same URL fails all the time? No.
It only fails after a cache flush? No.
It only fails when a loadtest runs so long it concurs with another? No, I added code to insure only one loadtest at a time. (Testing experts crying over coffee. Sorry.)
Only certain sites? No.
MySQL hasn't been tuned? No. We tuned it.
APC isn't working? No. It's fine.
Uncached Drupal performance isn't that bad. Yes. It is. I measured it with the same (sloppy) metrics above. A simple minimal setup with stock D6 and a few pages / modules falls over after 8 requests in heavy load, without caching.

So my theory, and I admit it's not really proven, since I don't have the mad Drupal skillz to log the info to prove it, is that the setting in Performance "Minimum cache lifetime: <none>" does not, in fact, keep URLs in the cache indefinitely, and something in Drupal purges them, for reasons beyond my ken.

NOTE:
These are brochureware sites with a hundred nodes each, and a couple webforms. There are the usual Drupal modules one would expect for that. Plus all the modules I was forced to add that they never actually figure out how to configure and use that the SEO "experts" (cough, cough) told them they need.

A lot of Drupal experts have recommended PressFlow and varnish and so on. We are considering that. But even a drop-in replacement isn't that easy to manage when we are rapid-fire launching a new multisite each week. We simply don't have the bandwidth for that right now.

And, ultimately, I find it offensive that uncached Drupal falls over after 8 requests on a 2-tier php/mysql 6G RAM setup. (Assuming my theory is correct.)

It's like somebody bolted a billboard to the back of our Maserati.

Then tossed some kind of broadcast instant replay device named "cache" in front of the billboard to mask the problem.

And are now recommeding another broadcast replay device in front of the "cache" called "varnish".

So am I just going to whine about it? No. I'm going to start analyzing queries in log_slow_queries from MySQL and whatever else I can find, and try to see if I can add some indexes to make uncached Drupal reasonably performant.

Of course, real Drupal developers are all madly coding Drupal 8, since Drupal 7 was released a few months ago, and Drupal 6, to them, is just not worth patching, so my efforts will probably be largely irrelevant to the Drupal community at large. Sorry.

You'll have to wait for the next blog post to see if that succeeds or not. I may even have to eat some crow if I can't make any improvement at all.

Again, I do like a lot of things about Drupal. Performance, however, and the architecture to make it performant, is not one of them.

Xdebug and RHEL 5.7

2011-08-16T13:42:00.004-05:00

Much ado and misinformation about how to really profile or performance analyze PHP is all over the Internet.

Rebuffs also exist to much of that misinformation all over the Internet.

How to actually really set yourself up to properly profile PHP, not so much...

So, here's an attempt to provide a step-by-step process, at least for RHEL 5.7

If you run something else, you'll have to improvise a bit.

It's not like I really picked RHEL, so that probably deserves some background...

I'm mostly an old school compile from source guy for Apache, MySQL and PHP to get what I want.

I used to use RedHat/Fedora for the base Linux / desktop, and then download source for Apache, PHP, MySQL.

I switched to gentoo a few years ago, and admit I pretty much fail to update very often, but whatever.

I only have to maintain a handful of boxes, and update when there is a real need.

In my workplace, the sysadmin is a stock RHEL guy, but then he has to maintain hundreds of servers with puppet and monitor them with Nagios and...

Well, let's just say I completely understand that need.

And he HAS opened up to Dag's repos and a UIC or ULC or somesuch to get something I needed.

Alas, when you want to do serious debugging, profiling, or performance analysis, that's not good enough.

So I recently embarked on a task to build a "debug" desktop with the following goals:

have debug builds of php, apache, and mysql
have xdebug
have kCacheGrind / valgrind / callgrind to visualize bottlenecks
this box is used for debug build, nothing else, no other users but me
stray no further from our stock build than I have to

Of course, just installing the GUI is a pretty far straying, and I let RHEL push me into gnome rather than KDE. Not sure that was wise, but there it is.

Still, I tried to have minimal impact on the build.

Testing Experts/Pundits:
Note that I'll exit X windows once I'm ready to really test, and then fire it up again to examine the results. If having the X binaries on the box screws up my tests, so be it. I'm already replacing the REAL binaries of the code with these debug-enhanced ones anyway, so at that level, it's not "the same" anyway. Having a separate desktop with all these tools on it just didn't seem practical in my case. Your needs may vary.

I first attempted to get the debug builds of at least PHP, and hopefully Apache and MySQL, just in case.

Everything seemed to work with yum, but I spun my wheels for hours checking phpinfo() configure line for --disable-debug and trusting its output about debug build.

It turns out that the RHEL debug builds are actually not built into the same binary files that ./configure --enable-debug would do. Instead, the debugging symbols are installed in separate binaries in /usr/lib/debug, and tools like gdb and strace and the all-important (to me) "httpd -X" just "know" to look in there and load those debug symbols in on top of the non-debug binaries in the usual places.

That kind of blew my mind, but whatever, you know?

And why the httpd startup scripts and PHP don't know to look there is beyond me, but I suppose if I really need to force them to do it, I could find a way... I doubt I'll need that, as you'll see shortly.

Anyway, in order to actually get these debug builds, you have to do something like this:


yum install --enable-repo=rhel-debuginfo httpd-debuginfo mysql-debuginfo php53-debuginfo

Note that this installs only the debugging symbol binaries into /usr/lib/debug. If you actually want to install the software itself, you still need to do these if you didn't already:


yum install httpd mysql php53

You also want to install valgrind, which basically allows you to run your binaries under debugging conditions with a whole suite of tools. We'll look at just one tool, callgrind, because a) it's the only one I know so far and b) it's the one that makes pretty pictures that make it blindingly obvious where your bottlenecks are in your code.


yum install valgrind

Just to be sure you installed Apache and PHP, set up your usual PHP script for testing purposes:


echo "<?php phpinfo();?>" > /var/www/html/index.php

(Or edit /var/www/html/index.php with your favorite editor.)

Surf to http://localhost/ and see the PHP status page with lots of blue tables telling you everything you ever needed to know about your PHP install.

Now to prove you can generate a callgrind script, to generate a visual representation of where your code spends all its time:


/etc/init.d/httpd stop
valgrind --tool=callgrind --dump-instr=yes -v /usr/sbin/httpd -X

(Someday, RHEL will catch up to the rest of the world and that httpd will change to apache or apache2...)

Note that you are now running a single httpd instance/child/thread with debugging on full blast, instead of your usual high-performance httpd process.

You definitely do not want to do this on a production box, or even a shared dev box.

You need to be doing this on a sandbox all your own.
Really.
If you can't figure out why, stop reading now and go do something else.

Now, reload that phpinfo page in your browser.

Finally, kill that httpd process. Open another shell and do:


 killall -9 httpd
callgrind_control -k

If you kill the process, and it's built up a HUGE file of data, it just dies before it writes the data. Don't do that.

Back in the shell where you did that valgrind command, it will have exited. It will also have dumped a file whose name starts with callgrind.out. and ends with the PID (process ID) of the httpd process that was started.

You can just safely assume it's a random number, if you are not familiar with process IDs. Actually, if you're not familiar with process IDs, this article is way too advanced for you. Oh well.

You can open that file up in an editor if you like.

It won't make much sense, really, but it's kind of cool to see it.

Don't change anything in that file, for goodness' sake. We've worked very hard to build it.

Since you can't read the silly thing, let's install some software that can: kCacheGrind:


yum install kdesdk

Don't ask me how you're supposed to figure out that kCacheGrind comes as a part of the KDE SDK tool-suite. I used Google. A lot.

Now you can run that tool to see how phpinfo() spends all its time:


kcachegrind callgrind.out.*

You have to do this in the same shell/directory where you did the valgrind, just in case you didn't figure that out on your own.

You ought to see something not unlike this:

Whoa!
What's all that, you ask?

Focus on the big splotches of color. The bigger the rectangle, the more time PHP spent in that function.

As you can see, PHP spent a lot of time calling various _dl_* functions, presumably loading up code binaries, or double-secret internal functions you should ignore for now.

But you can also see a big chunk for good old strlen

Now, obviously, you are not likely to jump in and edit PHP's strlen function and make it faster, but the point is that you now know where PHP is spending all its time in your PHP script.

Of course, with phpinfo() as the only function call, that's pretty boring.

Install your favorite framework or large application project (Drupal, WordPress, Zend Framework) or your own home-brew MVC, and load a few test pages.

Heck, just copy a whole site that you think is "too slow" onto this box in /var/www/html/ and fire it up and find out!

But wait, you say, I'm just a PHP developer. I'm not going to be re-writing PHP internals!

Well, guess what?

This genius Derick Rethans has a tool called Xdebug that you can use to do this same thing for your PHP code.

You'll have to compile it from source, because there are no packages for Xdebug yet.

Or use PECL, if you've managed to install that.

I have not installed PECL yet, so I just downloaded the "source" and did the usual:


./configure
make
make install

Oh yeah. Something should be said here about libedit if you want readline-like abilities in the debugclient.

I pretty much said "Meh." and went on with life, once I realized that I'd have to fight RHEL for another hour or two to get that.

If you need that feature in our PHP debugger, you're on your own. Sorry.

Now, add a few settings anywhere you like in /etc/php.ini:


; Added xdebug settings
zend_extension="/root/installers/xdebug-2.1.2/modules/xdebug.so"

; Disallow usage of @ to suppress errors
xdebug.scream = 1

; Turn on profiling
xdebug.profiler_enable = 1

; Dump the enormous files here
xdebug.profiler_output_dir = "/tmp/xdebug"

And, so apache can dump the files there a couple shell commands:


mkdir /tmp/xdebug
chown apache /tmp/xdebug
chmod 775 /tmp/xdebug

You have to restart apache for the php.ini changes to take effect:


/etc/init.d/httpd restart

Oh. It wasn't started because we killed it and ran it with valgrind before.
Oh well.

Anyway, reload your phpinfo() page (or other) from http://localhost/index.php

Now go look in your /tmp/xdebug directory for some callgrind.out.* files, and load them up into kCacheGrind.

Voila! You now know where your PHP code is spending all its time, just by looking for the "big" rectangles.

kCacheGrind has a zillion options and tools to slice and dice your data, and different ways to show it off.

It also can export the pretty pictures, if you have graphviz and kghostview.

GraphViz is pretty easy. Snag the repo definitions from GraphViz RHEL Repo and put it in /etc/yum.repos.d/graphviz-rhel.repo file.


yum install graphviz

Finding kGhostView was quite frustrating. It seems like RHEL is intent on stamping out KDE, and kGhostView in particular since 2002 or so. I found all kinds of rpms from that era, and not much after.

So we turn to our friends at EPEL, and use their rpm which installs and maintains their repo definitions into /etc/yum.repos.d. Did you follow that?

Just download the appropriate rpm from here:
EPEL rpm to expand yum

Now at this point, with EPEL installed, I pretty much opened myself up to straying very far from RHEL, but all I want is kghostview so kCacheGrind can export pretty images:


yum install kghostview

Woof.

I'm pondering if I should now uninstall the EPEL stuff, just to stay on the straight and narrow, and let kghostview lag, or try to remember to only use EPEL in dire circumstances...

Well, anyway, you probably don't care about that bit.

You now should have a very powerful tool suite to really find the bottlenecks in your PHP code, instead of trying some Voodoo Analysis to "optimize" things like changing all "" to '' or using a single (un-indexed) query instead of two (indexed) queries, because running more queries is slower, or...

I know, I promised not to go there in the first paragraph, so I'll shut up now.

Like A Hole In The Head Benefit Concert

2010-11-10T21:30:00.003-06:00

Like A Hole In The Head - RESCHEDULED

Benefit Concert

Some of my favorite bands on the planet have generously pulled together a benefit concert at Martyrs', which has the best sound system in Chicago!

MONDAY DEC 20 @ MARTYRS'

3855 N Lincoln

Ulele	Suzy Brack & The New Jack Lords
Ellen Rosner & The Bubbly Creak All Stars	Ripley Caine
Jeffrey Altergott	Persephonic
Al Rose	Jade Maze
Lou Carlozo
Silent Auction

CONCERT POSTPONED

2010-10-31T14:12:00.000-05:00

BENEFIT CONCERT POSTPONED!!!
Due to a burst water pipe directly above the sound board at Martyrs', the Benefit Concert scheduled for MON NOV 1 has been postponed...
We do not know the date yet, but stay tuned here to find out!

Brain Surgery

2010-09-13T13:16:00.000-05:00

On August 31, 2010, I went into brain surgery.

This is a "delayed" blog post about that.

It got rather long, I'm afraid, which is why it took so long to get up here...

Plus I've been kind of busy until now, where I have a 2-week lull between post-op and Radiation.

But people seem more interested in the actual surgery than anything else, so here is a play-by-play of what I remember from it.

The day started early, with a 5:45am arrival for a brain-mapping GPS MRI scan
and 7:30 surgery. I had been warned I might lose my hands for a week, as they were probably going to "nudge" my motor strip in that area when they cut out the tumor.

After they put all those circular markers on my head, they scanned me, and then I guess dumped a map of my brain to the surgeon's computer.

I was then wheeled into Pre-op which is a fancy word for hallway with curtains.
Felt kind of like being in the wings of a particularly clean Theatre stage for any
Old Troopers. I guess it makes sense for resource management, but it sure doesn't seem very nice. I was lucky not to be too back-logged I guess. I imagine on a bad day, you could end up waiting there for hours and hours.

Dr James P. Chandler

Then started the introductions. I had already met the surgeon Dr Chandler, but was introduced to at least three anesthesiologist including Dr. Koht and his two assistants, and the Chief Resident, Ryan Halpin, who turned out was my "coach" for the surgery (viz) and he seemed to be the one watching the heart and other squiggly lines monitor that I could also see. Though I daresay there were many others monitoring all kinds of stuff I never even saw.

I think I got re-introduced to some doctors/nurses, and I'm told surgery started 2 hours late, but I didn't notice, so maybe that was their plan... Just keep me trying to remember names and faces and distract me :-)

Anyway, they wheeled me in, hooked up an IV or two, and conked me out. They apparently locked down my head and connected some plumbing then, for which I'm quite thankful I was not awake. That probably seems normal enough for any surgery. Then they woke me up, still on the table!

They had me move my fingers around and monitored stuff on their computers to make sure things looked right. They cut open my scalp and chopped a hole in my skull. Did I mention I was still awake?!

So then I presume he moved the protective water balloon brain sac aside, and went in through the vein above that red arrow, or moved some brain bits aside...

Then they had me touch each finger to my thumb and said they were getting signals on that.

Then he hooked up a wire to my brain and made a nerve in my right wrist twitch at 60 Hz and asked "Can you feel that?" Surreal!

If you've ever gotten a light tremor from house current running through you for a few seconds, it was just like that. Only direct from my brain. And on purpose.

They also confirmed on some med computer that they were seeing the same signal.

Repeated the process, for my right ankle. Then the left ankle. Each time they asked me "Can you feel that?", and confirmed signal with each other.

They didn't do my left wrist, which was disconcerting, but I'm not sure I was able to voice that concern well.

Then they warned me that they were going to do a few more that I wouldn't feel.

There's not supposed to be any nerves inside the brain, but I WAS able to sense each probe in turn as a sort of cool prick. I told them all about it, apparently in more detail than they required: I believe this was the first time they politely told me to be quiet and focus on taking nice deep breaths.

That would be Dr. Ryan Halpin, the "coach" and I have to say he has the patience of a saint. He managed to put up with me and keep me on task while I was halfway zonked out, which is a miracle.

They ran through all the signals again, confirming I could feel the nerve twitching at 60Hz and seeing the signals on their computers. Apparently "measure twice, cut once" applies to brain surgery as well as lumber.

Come to think of it, counting up MRIs (regular, functional, spectroscopic, and mapping) as well as CT scans and the probes, it was more like "measure 10X, cut once." Same principle at least, but I suppose a factor of 10 for Brain Surgery makes sense. I mean, tossing a 2x4 out is one thing... :-)

Then Dr Chandler cut out the actual tumor. I think this may have been another time I was politely told to shut up and breathe. It seemed like the actual tumor removal only took 10 minutes, but my time sense wasn't exactly perfect, eh?

Finally they started putting things back together. There's a chunk of skull held in by titanium plates and screws (Looking for a pic of these). No MRI or airport restrictions on those, which is nice.

There is apparently some glue in there holding something together as well. I wonder if they have a $10,000 hot glue gun just like my $20 one at home, or if it's some kind of packet like a condiment they use.

Then the scalp was stapled shut, as you can see to the right:
I kind of expected some stitches, but if I have any, I sure can't find them, even now that the staples are out.

At some point the doc asked for a 1x3, but the nurse only had a 2x2. They went back and forth a few times on that, which was disconcerting. I mean, who cares about the shape of the scar or whatever, but the wrong size screws or plate inside?... I didn't know exactly what stage of re-assembly we were in, so I tried to make a joke about lumber, but it fell flat. Oh well. Tough crowd I guess.

(Weeks later I found out it was just a gauze swab to wipe out some blood or something. Whew!)

They also didn't like when I broke into a song lyric with a trigger word/phrase somebody said; which anybody who knows me is a habit of mine. Guess I don't sing any better while in "twilight" anesthesia. But I only did that once, so that's not so bad! A musician friend of mine tells me she had the whole operating room staff singing with her. That was definitely one of the times I was politely told to shut up and breathe deeply.

Then they wheeled me out to post-op (read: hallway curtains) where I spent 2 hours needing to be there, and six more hanging around waiting for a room, thanks to construction... I've got a few pithy comments about post-op and a certain nurse, but will save those as I've already made this quite long.

Anyway, that's all the bits I can remember from nearly 3 hours of brain surgery. I apologize if it's out of order, or I've managed to completely mess up what they did. All I know is, it was surreal, but they got the tumor out, and over-delivered as my hands worked just fine, albeit with a bit of tingling and numbness now and then. I'm calling it a "win"

Honestly, the only things I could have asked for:

Advance notice that my main job would be deep breathing. They had described the finger / nerve twitching process in advance. But perhaps the breathing thing is case-by-case. I probably could have kept more quiet and done more breathing if they had.
Check that left wrist, or tell me we don't need to.
Let me know what is going on when the doc asks for a 1x3 and they ain't got it, so I'm not worried about it.

Considering everything else going on, these seem awfully petty!

Brain Surgery Staples Removed

2010-09-10T18:55:00.001-05:00

I got my staples removed yesterday, so here's what it looks like today...

So, what I've got going for me:
I'm relatively young, in good health other than this cancer in my brain, and a wild guess estimate is 90% of it was in the tumor they already took out.
I've got just about the most supportive family, friends, and workplace anybody could ask for.

On the downside, if you lump me in with males up to age 90 with brain cancer, my "live expectancy" is a couple years...

But, hey, let's Do The Math:

A guy 90 years old, already has not much more on "life expectancy"... There's no numbers I can find breaking it down by decade or anything, so let's assume it's some kind of curve, and I'm on the right end of the curve.

It blew up fast, over the course of a couple months or even weeks, so there was not much more that could have been done for "early detection".

The docs have caught it in time to get 90% out already, and will radiate and chemo the other 10%. It will try to grow back, but we'll MRI it every couple months and catch it and chemo it some more, beating it back into submission. So we have a game plan to keep this under control indefinitely.

Do I expect to make it to 70+, like my dad, as I once did?

No, not really. I'll give it my best shot though!

Maybe I'll only hit 65, like my Mom. Still not a bad run.

So what's my "life expectancy"? I expect to get as much out of it as I can for as long as I can, same as anybody else!

Radiation Setup CT Scan

2010-09-09T09:54:00.000-05:00

Radiation Setup CT Scan

So they put this warm stretchy mesh mask on me, and it cools off to the shape of my head, and then they can use it every time after to get my head in exactly the same position.
I suppose it's like getting a facial at the spa, though I don't have any experience to compare really.
I'll be wearing this thing every week day for 6 weeks of radiation treatment, starting 9/27.
I get to keep it at the end, but it's unfortunately too late for Halloween. Oh well. :-)
Meet with the surgeon this afternoon, so might blog more later... Or not.
Much thanks for the prayers and support and donation.
There's no way I could possibly thank everybody "enough", but that's most espeically true of my children and Love Of My Life and my sisters. I'm not the easiest guy in the world to put up with, and this isn't helping, but they've been stellar.

Brain Tumor Pathology

2010-09-08T09:48:00.002-05:00

Tumor w/ Surrounding "Bad Stuff" in active tissue

Brain Tumor Pathology
(translated from Medical to English)

Malignant.
Grade 4 (worst)
The surgeon got the main tumor out.
But it's guaranteed to have a splatter effect of Bad Stuff mixed in surrounding brain tissue.
Aggressive radiation/chemo (6wks/6months respectively) will maybe beat it back.
Then, ongoing maintenance of MRI scans every couple months, and chemo when more tumors appear, for life.

I guess that's not as bad as the old school movie "Go home and die" answer, but I think these days it's about as bad as it gets folks...

On the other hand, the oncologist said that the odds of hearing benign were in the realm of "case study in a journal". I do wish they had just told me that weeks ago. I've been living with a false hope of hearing "benign" and on the hook of not knowing for weeks... Oh well.

I'm staying as positive as I can, but I'm in for a rough ride, and that's the breaks.

Thanks for all your prayers, support, and donations.

I'll try to post more on Friday 9/10. Tomorrow 9/9 is a CT scan with some kind of plastic fencing mask to map where the tumor used to be married with the old MRIs to program the linear accelerator for the radiation treatment. Or, at least, that's my layman's understanding of what the doctor said...

I think I get my staples out of my scalp tomorrow too. That's good, as the changing Autumn weather is making them hot/cold expand/contract in an annoying way. That probably sounds silly/petty in the grand scheme of things, but there it is.

Anyway, expect silence Thursday 9/9 from me, almost for sure. I don't think they let me use my laptop from inside a CT scanner :-)

I also want to thank my employer, Rasmussen who have bent over backwards throughout this ordeal to keep me "employed" and "current" in insurance coverage. I don't know what I'd do without them. If you are looking for a good place to work in the online education industry, check out the openings and tell them I sent you:
Rasmussen Employment Opportunities
They've done right by me, that's for sure!

Surgical Staple Remover

2010-09-04T21:28:00.000-05:00

Today I ran some errands. Well, technically, the girls biked while I walked, as I can't drive for six months...

I blogged yesterday about the "fancy" surgical staple remover...

I brought it home for my daughters to practice with (not on my scalp, but an old deflated kickball)...

Actually, I was gonna let the 12-yo future surgeon practice on one of mine, but Mama said "NO!" [shrug]

Anyway, I looked at it, and it's got 3M etched on the handle and a quick Google finds...

Yup, that's the thing!

I have to wonder if the hospital will charge me (Blue Cross, really) the list price of $71.48 or the Amazon price of $6.50

And they throw them away after each patient to avoid contamination. Which is a Good Thing I suppose, but...

Dressing Off

2010-09-03T17:54:00.000-05:00

So I've been walking around with a small white rectangle dressing stapled to my scalp, covering the sutures and more staples.
They took the dressing off today, so I can post a photo of the actual future scar...
I guess I should have posted a photo of the dressing, but it pretty much looked like a mini-pad stapled to a bald guy's head, so... :-v
Yes, those silver things really are staples.
They have a fancy set of pliers to remove them that bends them just so to pull them out the reverse of how they went in, so the ones on the dressing felt like getting a couple hairs plucked out. I suppose these go deeper and will need a local or something, but I'll find that out next week...
Tuesday I meet with the oncologist to see what we're really dealing with, and the endgame.

SEO For Beginners

2010-09-02T08:40:00.002-05:00

You're probably even more tired of my posts about Brain Tumor/Surgery than I am, so I'll go off on a "rant" on another topic :-)

I still need to draw your attention to that Donate button over there... Okay, done.

A Beginner's Guide To SEO:
#1: CONTENT IS KING
Put content on your site that people want, and make it easy to find/browse in your own navigation.
If you have content people WANT, and people can find it, and search engines can read it (don't bury it in Flash) then you're all set.
If not, you have no "game" and all the SEO in the world won't do squat for you.

#2
Follow some common-sense basics like using HTML/CSS properly, with valid markup, and a good TITLE tag matching an H1 tag relating to what's on the page.
Put your important content first in the text, and use CSS to position it where you like.
Try to use a decent domain name that you can shout to a roomful of drunk people that they'll remember, maybe, the next day.
Even if your target audience is NOT rooms full of drunken people, it's still a good metric for the domain name.

#3
A META Description is good, if it matches the page/site content, and provides a consistent "brand" (theme/mission/image) you want to promote. You'd have to ask some Marketing drone whether it's a "brand" or an "image".
META Keywords haven't been used by any major search engine in years: Anybody who says different is stupid or out-dated. Or both.

#4
Don't try to "game" the system with techniques that misrepresent your content. As soon as the search engine makers figure out what you and all the other idiots are doing, they DEDUCT points for it, and you lose, Game Over.
Unless they just ban your site completely from the results, in which case you've just wasted your oh-so-precious domain name. GAME OVER!!!

#5, #6, #7, #8, #9: See #1

#10
After you have done that, worry about tweaking the so-called SEO junk to improve your site that last 1%.
Image ALT keywords, re-positioning

PS
I believe most SEO "experts" are charlatans, and I refuse to label myself an SEO expert.
Make of that what you want...

Brain Surgery Survivor

2010-09-01T19:38:00.002-05:00

I made it!
Even have fully functional hands.
I feel about like you'd expect when somebody cuts a hole in one's head... :-)
Thanks so much for the prayers of any flavor and donations.
Followup appointments next week are still in pencil due to doctor schedule conflicts, but at lest one of them should tell me something some time next week, regarding malignant/benign and grade/scale or whatever.
Had a screamer on the same floor last night, so didn't sleep much...
Very tired, so I'll end this post here.
Just know I'm alive, and recovering, and will know the Real Story next week...

[EDIT: 2010-09-11]
I added this photo from my sister's phone. Those white circles were some kind of GPS markers for an MRI mapping that lets the surgeon match up the brain images of the tumor with what's actually in my head.
Had I only known in advance, we probably could have gotten my brain on Google maps! :-)

Brain Tumor

2010-08-27T19:44:00.005-05:00

Here is a side-view of the actual tumor.
That darker gray splotch in the top center, shaped somewhat like a guitar pick, only not.
I added a big red arrow, as I realized the the vein above could be mistaken for the tumor.

Richard Lynch Medical Expenses Fund

2010-08-27T16:06:00.003-05:00

In case somebody prefers a Real Bank to this new-fangled PayPal thingie, my sister set up a fund for me:

Richard Lynch Medical Expenses Fund
First Bank & Trust
820 Church Street
Evanston, IL 60201

Any donations much appreciated...

Brain Tumor

2010-08-26T20:44:00.004-05:00

Quick Update:
The neurosurgeon says the Functional MRI and MR Spectroscopy point towards a tumor rather than infection.
Surgery on Tuesday.
Don't know what time until Monday night, as they need to keep their schedule flexible until the day before.
A biopsy for sure, and removal of as much as seems prudent, hopefully all of it.
He can't say for sure until he's in there exactly what can come out and has to stay.
Apparently I'll be conscious while he's operating, so he can double-check various brain bits aren't tied to anything important based on what twitches when he touches it or something.
I'd rather just be knocked out and wake up healed, but I'm sure not gonna argue brain surgery.
I'll probably/maybe have paralyzed hands for a week or so.
Won't have biopsy results for 72 hours after surgery. Guess I'll have a race with the Doc to see if I can walk out of the hospital before he has answers. :-)
Don't be surprised if this blog goes silent from 8/31 through 9/7, give or take...
Thanks for your generous donations!
I'll be swamped in bills soon, so it's much appreciated.

Brain Lesion

2010-08-24T13:52:00.005-05:00

On Thursday August 12, I suffered a seizure.
My daughters found me, got Mama, and they all saved my life.
I was rushed to the hospital, where I suffered 3 convulsions before being stabilized in ICU.
I regained consciousness on Saturday August 14th.
After more blood/brain/body tests and scans than I want to list here, they found a lesion in my brain in the frontal(?) posterior lobe.
Apparently, it's not called a tumor until they figure out if it's malignant or not.
I've got a functional MRI, and an MRS (MRI Spectroscopy) in upcoming weeks.
My employer is being incredibly gracious about discretionary rules, and bending over backwards to keep my insurance current.
That said, there are deductibles and living expenses and possibly even a gap coming, depending on how much pressure I can exert on hospitals and labs to expedite things.
I don't really like it, but I've added a "Donate" button over on the right; I'd appreciate any help you can give, whatever you can afford.
I'm not a tax lawyer, but as far as I can figure, an individual like me can't be a non-profit, so it would have to fall under the generic "gift" category on your tax forms...
I'll be in and out of labs and hospitals for a few weeks; I'm not allowed to drive for 6 months (or longer, if I suffer another seizure) and that's just the beginnings of how this complicates things.
Thanks for all your prayers (of any flavor) and support! I've had a lot of help already from friends and family, and it is much appreciated!!!

Sprint Sample Silliness

2010-06-01T09:41:00.002-05:00

Only Sprint could deliver a camera phone, chock-full of Sample Pictures, which are LOCKED and you cannot DELETE, so you can't take more than ~6 pictures.

And their tech support has no idea how to unlock/delete them.

Innumerable forum threads asking how to delete them exist.

And the only solution appears to be to download the phone OS, hack into it with a JavaLoader or by mounting it on your computer, finding some oddly-named .cod file, and deleting that file before you install the OS.

But the name of the file is version-dependent, and deleting the wrong file gives you a dead phone.

And, really, how tricky can it BE to give users an "unlock" button or just make the sample pictures not locked in the first place?!

PHP, Frames, and Sessions

2009-10-30T09:58:00.002-05:00

Any time you try to use frames and PHP sessions, you are likely to run into trouble.

It's basically a race condition just waiting to blow up in your face:

1. Frame A sends HTTP request, with no session Cookie
2. PHP/server processes request, with no session Cookie, so creates NEW session
3. Frame B sends HTTP request, with no session Cookie
4. Frame A receives response, with session Cookie from Step 2.
5. PHP/server processes request, with no session Cookie, so creates NEW session
6. Frame B receives response, with different session Cookie from Step 5.

See Step 4 the browser *gets* the cookie it needed in step 3 for there to be just ONE session?

Your best bet is to initialize the session in a frame-less landing page, and then move forward with frames. Once the user has the session Cookie, all the frames can "share" it.

You'll have to redirect a session-less user to that frame-less page and back again, however, which uses up a lot of HTTP connections, and so is resource-intensive.

Note that Frame A and Frame B steps could actually interleave in ANY order, really. Each request is completely independent of the other.

And *some* orderings are actually going to "work", so you may not find this bug until your server gets busy enough that HTTP requests/responses start to lag a little bit.

Tethercommute

2009-10-27T21:34:00.002-05:00

Being in the job market, I'd like to make a modest proposal to HR and recruiters:

Please label jobs where telecommute has geographical restrictions such as "same city" as "tethercommute".

I realize, of course, that coining such a term is no guarantee that it will be accepted in wide usage, but I doubt that anybody is going to misinterpret it.

Thanks.

Dear Sprint; Please update your time servers.

2009-10-26T09:03:00.004-05:00

As you may know, I hate daylight savings. It doesn't save anything anymore, if it ever did.

And it's a royal pain.

It's particularly painful to me, since my cell phone is my alarm clock.

And apparently, Sprint / Nextel has still not clued in to the fact that the
United States Congress has changed the dates on which clocks are changed

It is particularly irksome, since I have duly informed Sprint / Nextel of this fact twice a year, every year, since 2007.

Yes, I know I could change the option to take my cell phone off of network server time, and rely on its internal time clock. Unfortunately, the cell phone then lags a minute or two eventually, since it is not synched with a reliable time source.

For $100+ a month, Sprint can find somebody with a clue to update the time zone data on their time servers!

If anybody reads this post and has any contacts at Sprint that can resolve this, please feel free to contact me.

Facebook Performance

2009-06-03T11:53:00.003-05:00

I've been logging calls to Facebook API servers in my DEV environment for some weeks now.

I'm pretty disappointed by the performance, overall:
Facebook API Call Performance Stats

I realize Facebook has scalability issues beyond my ken, but they also have resources beyond my ken as well...

Facebook doesn't wait over 4 seconds for my server; Surely I shouldn't have to wait 30 seconds for theirs! :-)

In fact, it's kind of pointless in the context of a canvas page for their servers to bother to respond at all after 4 seconds...

User --A--> Facebook server request canvas page --B--> Request to my server --C--> API Call to Facebook server.

If C can detect that we are in the context of a canvas page, and Facebook already knows that B will not wait more than X seconds, they might as well issue an HTTP 408 Request Timeout or something similar after X seconds, because there's no real point in them giving me the info they aren't going to wait for...

I went ahead and created a Feature Request in Facebook's Bugzilla. You can vote for it if you think it will help you.
#5528

svn diff in vim

2009-05-14T13:05:00.002-05:00

In the category of "How did I live without this?!" tools, I'm late to the party with this vim plugin from Brian Shire of Facebook / APC / PHP fame:

If you use svn, git, cvs or similar, this plugin shows you a "diff" in vim.

I don't know how often I quit vi or open another shell just to do a diff.

Now, I don't have to!

Lumni I Likovski, Cook County Assessor's Office

2009-02-14T17:44:00.003-06:00

ADVERTISEMENT: Hire Me

So the other day, I had to go down and file for a home owner's exemption on my house.

I got my little queue ticket #96. They were calling out #32, with 5 or 6 workstations.

I had a half hour, max, to get this done, before I had to be elsewhere.

This did not look good...

Thank God for Lumni I. Likovski, Manager, Taxpayer Exemptions.

He was out in the waiting area, checking for people who didn't need a full-blown computer workstation (such as myself) and doing "triage" to get us the forms we needed, get our questions answered, and get us out of there.

He even cheerfully (and I stress cheerfully) photocopied my Driver's License for me, a requirement to hand in the form.

It's not often in this day and age that you get excellent service/help like this, most especially from government staff.

So I'm dedicating this blog post to LUMNI I LIKOVSKI down that at Cook County. I owe you a beer!

PS
I tried to just send in a comment to his boss using their online form, but it blows up like this, every time I try to submit it:

Database Results Error
Description: The conversion of char data type to smalldatetime data type resulted in an out-of-range smalldatetime value.
Number: -2147217913 (0x80040E07)
Source: Microsoft OLE DB Provider for SQL Server

Maybe they should hire me to re-do their website? :-)

Webgrind ROCKS

2008-07-21T21:28:00.002-05:00

Okay, so I'm a Linux guy through and through, and I'd love nothing more at my day job than to wipe the Doze desktop and throw Gentoo or Debian or FreeBSD or even Fedora on it...

Shoot, I'd even be happy to dual boot the thing.

But my current day job is the kinda job where I can't even surf to my own blog at work, because it's blocked.

So, being stuck with Doze [shudder], I was Oh. My. God. happy to find this gem:

Webgrind

It's kind of like kCacheGrind, only a lot less features and through a browser and dog-slow.

But so what?!

The POINT is, I can actually successfully profile my code with Xdebug for the first time ever on Windows without jumping backwards through flaming hoops!

Now if I could just get JIT debugger client to happen...

G is smart!

2008-05-08T08:41:00.003-05:00

is smart. I mean, is really really smart.
I ask a lot of questions, and often knows the answer.
Of course, sometimes doesn't. Though that often turns out later to be that I just didn't ask the question the right way.
Sometimes gives me a lot of extra information. But that's okay. Sometimes 's extra information teaches me something. And sometimes it's strictly for entertainment value, which is also okay.
And likes multi-color rainbow-y things, which is cool.

Now, I've got just one question for you: Am I talking about Google, or my girlfriend?

Is Google an Artificial Intelligence?

I'm serious here.

Is Google's spidering, indexing, search, and response algorithms, in toto, an Artificial Intelligence?

It doesn't know what I'm supposed to be doing Saturday night, for example.

[Girlfriend interjects] Mother's Day dinner at Indie Cafe

Hmmmm. Now that she's added that, Google does know what I'm supposed to be doing Saturday night!

So clearly Google learns, and learns quickly...

I dunno.

I still think my girlfriend is smarter than Google... But I'm not so sure Google isn't pretty smart.

Solaris vi input mode arrow keys fix

2008-04-17T10:36:00.003-05:00

This blog post is not for you to read.

It's for me.

You see, every once in a awhile, I work for a client/employer who uses Solaris, OpenSolaris, Unix, or some other traditional Unix-like OS.

They have their reasons, and they are good ones, and I'm fine with that.

Alas, I then usually waste about an hour of their time (and they pay me for it) to Google for the hack that makes vi (my editor of choice) actually usable from a terminal program (putty, usually).

To wit, the arrow keys in vi do not work in input mode under these OSes.

This blog post is a reminder for ME to know what the heck to do next time this happens.

So here is what I do:
Open up ~/.exrc and type these things:
set t_ku=[control-v][up-arrow]
set t_kd=[control-v][down-arrow]
set t_kr=[control-v][right-arrow]
set t_kl=[control-v][left-arrow]

Then make a symlink from .exrc to .vimrc
ln -s ~/.exrc ~/.vimrc

Finally, alias vi to vim, since this only works for vim:
alias vi=vim

Bonus Tip:
To get vi/vim to use more than ONE LINE when you start up, use:
TERM=putty screen

I believe "screen" is magical pixie dust that gives you a whole screen of line instead of one line, and the TERM stuff obviously tells screen that you need that screen to go to putty.

If "man screen" had been installed, perhaps I would have a better understanding of the magical pixie dust, but so it goes.

:-)

Adobe Spams

2007-09-13T00:26:00.001-05:00

Update:
Today, July 21, 2009, Adobe has once again resurrected the email I gave them in 2007, and has spammed it.

I say again: Adobe spams, boycott Adobe.

For the record:

I loathe Flash.

I mean, even on Windows where it kind of sort of works, it sucks up WAY too much RAM, and WAY too much CPU, and crashes far too often.

Not that anything really works well on Windows (other than their Marketing, Legal, and Bullying Departments) but Flash works particularly badly.

On Linux? Forget it.

I gave up installing the damn thing, even on Windows, about a year ago, and you know what?

I have found that there is not one site with any content worth getting that I am missing out, that I can't find elsewhere.

Maybe your experience is different; Maybe you just can't live without uTube.

Fine.

But for me, no more Flash, ever again.

Oh yeah, the real reason I hate Adobe is that they are spammers.

They added me to their mailing list, unsolicited, and sent me commercial junk mail.

So unless you want to support spammers, stop using their products.

It's that simple.

Thank you.

File Upload Progress Meter

2007-07-17T18:24:00.000-05:00

Every week or two, somebody asks how to do a File Upload Progress Meter on the PHP-General mailing list...

Why the BROWSER doesn't provide this feature everybody wants is beyond
my ken.

Surely the browser has some clue how many bytes are uploaded and how
big the file was.

How tricky could it be for Firefox/IE to poke those values into a
couple variables somewhere?

Instead we have a zillion JS hacks by developers generating tons of
traffic back-n-forth to the server to ask it how many bytes it has
received so far...

In fact, why don't the browsers provide a NICE file upload progress meter in the first place, so web designers don't feel the need to re-invent the wheel?

Or even (gasp) some nice hooks involving CSS and Web 2.0 or whatever so web designers can just do this without even needing to know any Javascript?

This certainly would be way more useful than half the crap the browser wars have introduced in the past half decade that we've been needing this feature!

Too Many "Friends"

2007-07-12T23:18:00.001-05:00

Bear with me here, there's a fairly long prologue...

So, here's the thing:

In one of my alter egos, I'm a Talent Buyer at a music venue.

Now, you may not know much about the internal workings of music venues, but, basically, a music venue has about 1000 bands pounding on the doors wanting to play for every available position.

There's nothing we'd love more than for there to be way more fans out there, mind you, so we could actually accommodate about 100 of those artists, instead of just he 1.

Do note that I said 100 of the 1000, not all of them...

90% of everything is still crap.

Anyway, at the email address we've set up specifically for artists to submit a demo, we tend to get a whole lot of friend-link requests to basically all the big social networking sites.

Now, this is going to sound petty, but it's getting pretty dang annoying.

Most of these friend link requests are coming from artists we don't work with.

Many of them are coming from artists we simply can't work with, as they're not the 1 in a thousand.

I daresay a lot of them are coming from the 900 we wouldn't want to work with, even if the the supply/demand went the other way, with way more fans than artists...

Our website pretty clearly asks bands not to add us to their promotional mailing lists. Do we really need to spell it out "and don't send us be-my-friend emails either"?

Anyway, I'm thinking that all these social networking sites should just stop sending out emails on behalf of their users to non-users to invite them to join.

If I want to join your social-networking site, and buy into the whole thing, then fine, I've agreed to get your emails.

But I haven't!

So, really, all these social-networking sites are just thinly-disguised spammers, when you get down to it.

Or maybe there should be some kind of industry-standard minimum proof that the recipient might actually want these dang things, or that the sender actually has an existing relationship.

Knowing an email address is not an existing relationship!

Because it's gotten to the point where a new entrant in the social networking market, to me, just means yet another flurry of invites that I don't really want.

Then I have to spend 20 minutes digging through their site for a place to contact them to say not only to ban that one user from sending me emails, but to ban ALL the users from ever sending me emails.

I don't even want the dang things at my personal address anymore, really, from friends I actually know. It's gotten that bad.

I definitely don't want them from strangers to an email address that was set up for a very specific business purpose.

Am I being too petty?

I don't think so.

We came up with guidelines for the robots, and that seems to have (mostly) worked out.

Can't we come up with guidelines for these social networking / stay in touch sites?

Here are some suggested starting points for guidelines:

If I'm not a member of your site, don't email me more than one invite ever, period.

If I didn't want to join when Lee invited me, I still don't want to join when Fran invites me, okay?

The invite email should provide links including:
ban this user from ever emailing me again
ban all users from ever emailing me
accept invitation
decline invitation, but join site

Perhaps there should also be a "do not social-network-invite" shared database maintained by the larger existing social networking sites, which other social networking sites could pay a reasonable fee on a per email basis to check against, and a person could register with that one place to not get any invites from any social networking site.

Note that the fee should be large enough to make it prohibitive for spammers to just pay up to garner emails, that it should not actually hand out email addresses but return a YES/NO for a submitted address from the social networking site, but be cheap enough that any serious new social networking site would buy in as a matter of course. Maybe there is no such price-point, but at least give it some thought.

I sure don't want to keep contacting every johnny-come-lately social networking site to ask them to put a ban on their users sending me invites. There are too many of them springing up like weeds.

PHP in HTML

2007-07-11T16:24:00.000-05:00

How come this doesn't work:
<button action='<?php mysqli_query($connect,$query)?>'>Click</button>

[sportscaster voice-over]

Joe: Hey Bob, let's look at a slow-motion instant-replay of this common PHP newbie fallacy scenario.
Bob: Sure Joe!
Joe: Okay, so here goes:
  The user requests a HTTP URL document.
  The webserver fires up.
  The webserver finds that it needs PHP to generate the document.
  PHP fires up.
Bob: Wow, look at PHP go! That's fast!
Joe: Yeah, it is fast.
  PHP has generated the document, and spits it out.
Bob: Boy, it's already finished. Hey, it's quit!
Joe: That's right, Bob.
  PHP has FINISHED EXECUTION, and has exited.
  Now watch this!
Bob: Oh boy, I see it coming now...
Joe: Yep, there it is.
  There's some HTML in the browser, trying to execute some PHP code...
Bob: But you can see, PHP has LONG FINISHED and is OUTTA HERE!!!
Joe: That's right, Bob, PHP is simply not around to execute that code.
Bob: So what can you do, Joe?
Joe: Well, if you can live with the browser going back-n-forth to the web-server, with a significant "lag" time...
Bob: Oooh, well, I can see how that might be useful sometimes...
Joe: In those cases, you can use Ajax.
Bob: Anything else?
Joe: Not really. Until you get back to the webserver and PHP, there's just no PHP available. Unless your user is in the extreme minority of uber-PHP-geeks that has installed this EXPERIMENTAL PHP browser plug-in thingie: http://pecl.php.net/package/PHPScript
Bob: Whoa, Joe, I don't think I've ever even heard of anybody who's ever installed that.
Joe: Me neither, though I met Wez Furlong who wrote it, so I have to assume HE has installed it at least once...

[cue to cool Guinness commercial]

PHP Microsoft Excel Reader and Serial Killer Dates

2007-07-07T00:14:00.000-05:00

So, my sister's ex-company of about 6 years that has shut down operations, but still has outstanding loan accounts to collect on...

They have this arcane accounting system and it generates fixed-width field .TXT files, with the wrong dates (with 2-digit year, of course).

The correct dates are in some Excel spreadsheets.

So they wanted a quick hack script to change columns 254 through 259 in some .TXT files based on a simple lookup in some Excel files.

Some developer told them it would take two weeks, and my sister didn't believe that, and they weren't real keen on spending that much $$$.

I told her it was more like a 2 hour job, which might turn into 2 days, when all is said and done.

It actually only took about 8 hours, all told, and most of that was spent in attempting to use various Excel reader PHP scripts that just plain didn't work.

The one up on PHPClasses ends up using parse_url to try to figure out where a local file is, and bombs out. It's a really nifty stream-filter OOP thingie, if it only actually worked...

And what's with all the annoying ads? Maybe less ads would get more traffic would get more revenue... [shrug]

There were several Excel Reader commercial options in the $100 to $200 range, which didn't appeal at all.

There's an Excel Writer in the PEAR Repository, but I couldn't see how to make it read Excel files.

There was some other Excel Reader script, but I forget now why I rejected it. Oh well.

Finally, I found an Excel Reader PEAR package, only it's on Sourceforge instead of in PEAR.

Go figure.

It also had a bug, where it was doing an include of 'OLERead.php' but the file was actually named 'OLERead.inc'

Not quite sure how that passed by a QA process, any QA process but it's trivial to fix.

I did submit a bug report, so hopefully it will get fixed. That is the nice thing about OpenSource.

The example to read a whole sheet in as an array was pretty much all I needed after that quick '.php' -> '.inc' hack.

I didn't even try the reading as a stream thing, since there are only a few thousand accounts.

So I had a nice Excel Reader to do the account number to date lookup.

Yippee.

Then came the joy of Microsoft Excel internal date format...

It's basically a "count" of days from January 1 1900 for the integer part, and a count of seconds for the fractional/decimal part.

Of course, Microsoft aped Lotus 123 and knowingly left in the bug of 1900 being a leap year (it's not)!

So from 0 to 60, the date is "off" by one, and at 60, the bogus date of February 29, 1900 is output. Everything is great from 61 up to a zillion or so where you get to December 31, 9999.

Now, granted, none of these loans date back to the first couple months of 1900, but it's still pretty irksome...

And you'd want a conversion function to be correct and re-usable, rather than something that only works for a limited input set. (Y2K anybody?)

I found a conversion function in C, and ported it to PHP:
http://l-i-e.com/excel_date.phps

I'm not claiming it's the best code ever, and I don't even know what it does, really, as I just changed the variables to have $ in front, and swapped int() function into floor() function.

Slapped in an sprintf instead of returning the individual month/day/year as pass-by-access args, since it seemed easier.

That pretty much sums up the past couple evenings for me.

I occasionally run into a Microsoft devotee who wonders why I hate Microsoft so much.

Really, if this rant doesn't make it clear why I hate Microsoft, I simply cannot hold a rational conversation with you...

It would have been a 2-hour job if MS wasn't so stupid, but it was an 8-hour job because Microsoft is, well, stupid.

Windows PHP Free Development

2007-07-05T22:00:00.000-05:00

Zoe Slattery of IBM has documented exactly how a Windows user would go about hacking PHP source with all free development tools.

http://www-03.ibm.com/developerworks/blogs/page/phpblog

I'm not sure if I should leap with joy or cringe in fear, but now any PHP Windows user could manage to write their own custom extension.

I managed to stumble through it once, thanks to Sara Goleman's fantastic articles up on Zend.com:
Extension Writing Part I: Introduction to PHP and Zend

I wonder how long it will be before Microsoft accidentally on purpose breaks things so you can't do this?

Refund Policy

2007-06-14T15:57:00.000-05:00

So I was setting up a new domain today for a website, and for the first time noticed Hostbaby's Refund Policy at the bottom of their contact page:

REFUND POLICY: Anyone who wants a refund can get a refund for any reason.

Made me laugh out loud.

Now, the thing is, I'm sure some readers are saying "Yeah, right" sarcastically.

But I've worked with these guys long enough to know, that if that's what they say their policy is, that's actually their policy.

REFUND POLICY: Anyone who wants a refund can get a refund for any reason.

You can tell them you want to shut down your site and get a refund because your dog ate your homework, and they'll do it.

Plus they don't even charge you until a full month, so you get your site up before the billing starts.

I love this webhost.

PS They also run CDBaby.com where you can buy a zillion Indie CDs, but no major label junk. :-)

PHP header location redirect refresh

2007-06-13T11:38:00.000-05:00

I haven't posted much, but at php|tek 2007, Chris Shiflett actually said he liked my rant, and that I should post more.

Well, hey, if Chris Shiflett says I oughta do something, I listen.

So, today's rant is about PHP header Location hacks.

First, let's be sure everybody understands what it is:

header("Location: http://example.com");

will re-direct the browser to the URL example.com

Specifically, the PHP tells Apache to issue to the browser a 301 Redirect header to that URL, and then the browser gets that 301 Rediret header and automatically tries to visit that URL.

EDIT
As pointed out on PHP-General, PHP actually sends a 302 Temporarily Moved rather than a 301 Permanently moved. The rest of the rant still applies, as I simply mis-typed 301 for 302 anyway.
/EDIT

Now this seems really cool at first, perhaps because it is really cool, when used for an appropriate problem.

Unfortunately, many PHP scripters are using this as an Idiom or as a Programming Construct with things like:

if (!logged_in()){
header("Location: login.php");
}

Now, this does "work" but there are several problems with it.

First and foremost, the HTTP Specs require a complete URI for the location. And while this fragment of a URI might "work" on most browsers, it will, sooner or later, totally mess you up when the browser mis-interprets this.

Specifically, some versions of IE will do the redirect, but won't POST the original data as a redirect should, with this URI fragment. Use the full URL, and IE actually does the right thing, and redirects with all the POST data intact.

You shouldn't use an incomplete URI just because "it works" any more than you should use non-compliant HTML just because it works.

But let's look at this header("Location: ") in a slow-motion instant replay:
User requests page X
Browser uses dog-slow Internet to contact web server.
Web server receives request, hands it off to PHP
PHP responds over dog-slow Internet with 301 Redirect to login.php.
Browser interprets 301 Redirect, hopefully correctly.
Browser uses dog-slow Internet to contact web server.
Web server receives request for login.php, hands it off to PHP
PHP finally spits out the login form.

Whew.

Maybe you should consider just doing this instead:

if (!logged_in()){
require 'login.php';
exit;
}

And look, ma, no extra round trip through the dog-slow Internet.

Plus, you're not wasting an HTTP connection, which, on a busy server, is a precious resource. Presumably you'd like your website to be popular enough to be busy someday, right?

You're going to end up reading the login.php file in the end anyway. Why would you spend all that time going back and forth to the browser to do it?

And include 'login.php' is no more difficult to read/understand/maintain than the header().

Reserve a header("Location: xxx") for when you really need it: When a document has actually moved and the URL is being retired.

Don't use header("Location: xxx") as a Programming Construct in place of simple if/else and include logic.

PS This same rant applies to the header("Refresh: ") usage as well. Though why you'd want to use that instead of Location: is beyond me, and probably the subject of another rant...

PHP Downloads, Content-Disposition, Content-type, and other arcana.

2006-06-22T14:08:00.001-05:00

Every damn day, some other poor PHP newbie goes off and finds "advice" in Google about how to force browsers to download things, and how to get the filename they want in the "Save As..." prompt box.

Invariably, these newbies are suckered in by Bad Advice^tm from people who clearly do not read the HTTP specs.

Now I'm not claiming to have read all the HTTP specs, much less memorized them, but did fight through this battle in the days of version 3 and 4 browsers, and it still seems to be tripping people up, while my solution has been working for me since nineteen-ninety-mumble.

So I'm gonna let you in on a few little secrets.

Okay, one of the secrets is widely published in the RFCs, and the other is hard-won experience about how the 1995 johnny-come-lately Microsoft made-up Content-disposition header isn't really widely-supported very well, and how to make 100% certain that your downloads always end up prompting the user for the right filename with a crude but effective hack that leaves the brower with no other reasonable choice.

First, if you Google for this topic, you're going to find a lot of people suggesting a lot of different MIME-types to use for the "Content-type" header:


application/octet-stream
application/download
application/force-download
.
.
.

Note that this is to force a download -- If you actually want a browser to display (or attempt to display) some content, the Content-type: should always be the correct Content-type for that type of document. E.g. text/html for HTML, image/gif for a GIF, image/jpeg for a JPEG (image/jpg will not work on some browsers), image/png for a PNG, application/pdf for a PDF, and so on.

If you are ever in doubt about the correct MIME-type for browser display, find a static URL that works, preferably on the corporate site driving that technology, and find out what Content-type: is sent by their site for their sample content.

For a download, application/octet-stream works because it's a part of the HTTP specification, and has been part of the HTTP spec, from the very beginning of HTTP specifications.

The others "work" only because they are made-up content-types, and the browser currently has no idea what to do with them.

Some equally valid Content-type would be:


asdf/asdf
abc/abc
you-can-put/anything-you-want-here
microsoft/sucks
asdfswetrkhkhkvnknsdbknilghwerthiehl/wilerywnfaksvnklgndiglkghadlgha

Only problem is, tomorrow Microsoft can choose, at their discretion, that "application/download", or any of the other made-up MIME-types means "Put it in the My documents directory", because MS knows much better than you that that is what all their users really want, and your download doesn't do what you want any more.

But they cannot change the meaning of application/octet-stream, because that is specifically reserved, in the HTTP specification, for force a download

So, all of the above boils down to the following question:

Do you want to use a MIME type that happens, by sheer coincidence, to not be "taken" yet and will work today, but tomorrow might be re-defined?

Or would you rather use the documented feature that appliction/octet-stream will always work?

For anybody not well-versed in Tech-Talk the correct answer is the latter, and definitely not the former.

So to force the browser to download a document, the only correct solution is:


Content-type: application/octet-stream

Anything else is a game of Russian Roulette.

With Microsoft pulling the trigger.

Now we come to the somewhat more complicated issue of getting the "Save As..." window to provide the filename you like as a default.

Let's assume, for our purposes, that you want this filename:


iwant.xyz

In an ideal world, the "Content-disposition: ... ;filename=iwant.xyz" would work perfectly for this.

... represents some sort of MIME-type, which is largely irrelevant, for the purposes of this article about forced downloads.

Unfortunately, with some versions of some browsers, this Content-disposition: simply will not work.

In fact, no matter what combinations of headers you try to use, there is some minute version, such as x.y.z.37, that doesn't work even though x.y.z.36 and x.y.z.38 do work

This is complicated by the presence or absence, and/or changes to the Content-type: and the "..." part of Content-disposition: that we're ignoring.

To document exactly which versions of which browsers do/don't work for which combination of headers, mime-types and URLs is well beyond the scope of a blog post. Perhaps a Ph.D. Thesis would be more appropriate, if somebody is desparate for a Thesis Topic and has a lot of time to spare.

And for the love of insert diety of choice here do not ask me to tell you which browser/version won't work with your particular solution. I have neither the time nor the inclination to do your browser-testing QA for you. I don't even like doing my own QA, much less yours.

I can only guarantee you that if you test on every minor version of every browser ever released, you will find one that does not work.

But I do have a solution for you:
Provide a URL which the browser cannot possibly mess up.

For example, this URL will mess up some browsers:
http://example.com/download.php?filename=iwant.xyz

This URL, however, the browser, cannot possibly mess up:
http://example.com/download/iwant.xyz
because it's too damn simple to mess up.
K.I.S.S. priniciple is the watchword here.

Don't give the browser any opportunity to screw up. Because if you do, some browser somewhere will screw up.

"But wait!", you say, "I can't do that! I need my PHP script to do the download work"

Yes, you can.

Follow the bouncing ball:

First, 'download' above may look like a directory, but it's not. It's a PHP script. It just doesn't happen to have .php on the end of it.

And iwant.xyz doesn't have to be in any particular location just because it looks like a boring static URL component.

There are a variety of ways to make this work. Apache's mod_rewrite springs to mind for Apache experts, and there are many articles online telling you how to do PHP mod_rewrite.

But, truth to tell, mod_rewrite is a real PITA to mess with. And Apache/PHP has a much easier technique available which I'll detail below.

So, there are two tasks here for this URL:
http://example.com/download/iwant.xyz

The first is to somehow get 'download' to be a PHP script, even without '.php' on the end.
And the second is to somehow make 'iwant.xyz' from the URL available to PHP.

Fortunately, the mechanics of these are very easy tasks.

It seems to be difficult for newbies to wrap their brains around the concepts, but the actual mechanics are trivial, and I'm hoping this How-To will ameliorate the difficulty of the concepts.

Let us begin by assuming your not quite working download.php PHP script looks something like this:


<?php
  //register_globals is off, of course
  $filename = $_GET['filename'];
  
  //Crude cleansing to avoid ../../etc/passwd hacks
  $filename = basename($filename);
  
  //In an ideal world, you would have a specific range of legal values for $filename
  //And your cleansing would test positive only for valid input
  //The following line is far too restrictive in anything but this sample application
  //But it's definitely the Right Way (tm) for THIS sample application
  //Security can't be bought off-the-rack.  It's a custom job like this
  if ($filename != 'iwant.xyz') die("Did you really think I wouldn't add filename validation here?");
  
  //I can virtually guarantee that the next line is not correct.  Fix it.
  //I personally would recommend that it NOT be in your webtree,
  //so Bad Guys (tm) cannot bypass your application and just get it direct.
  //If your webhost does not provide a non-web-tree directory, find a new host.
  //This should be the complete full path to the "real" iwant.xyz file.
  $basename = '/some/path/to/the/real/files/';
  
  //Compose the actual full file path:
  //If you didn't put / at the end of $basename, add it here
  //Or do some fancy footwork to be sure you have the proper number of '/'s you need
  //Or not, as Un*x systems ignore bogus extra '/' in a pathname anyway.
  $fullname = "$basename$filename";
  
  //For larger files, a decent browser will provide a progress meter, if you do this:
  $filesize = filesize($fullname);
  header("Content-length: $filesize");
  
  //As discussed above, the only Documented Feature,
  //sure-fire guaranteed way to force a download every time is:
  header("Content-type: application/octet-stream");
  
  //Now just read the file and spit it out:
  readfile($fullname);
  //For large files, an fopen/fread loop using feof may be more appropriate
?>

Now, instead of the usual 'download.php' you might expect, name this script 'download' without the '.php'

In order to convince Apache that this script really is a PHP script, even without the .php on it, create a file named '.htaccess' in the same directory as 'download' (or a 'higher' directory) and put this in it:


<Files download>
  ForceType application/x-httpd-php
</Files>

The above three lines of magic force Apache to think of 'download' as a PHP script, even though .php is not part of the script name.

This assumes that your webserver has been configured with .htaccess "on" in httpd.conf. If that's not the case, then you would probably want to put those three lines directly in httpd.conf, or in a file that httpd.conf Includes.

If your Apache webserver host provides neither httpd.conf nor .htaccess to you, the I feel truly sorry for you, but cannot help you, other than to suggest finding a better host.

Your URL would then look something like:
http://example.com/download?filename=iwant.xyz

You should go ahead and build this example application now, and then we can move on to our second task of getting rid of the ?filename= part.

Here is a sample application using the above code:
http://l-i-e.com/blogger/download.php?filename=iwant.xyz

Note that you will, depending on your browser make and model, probably be prompted to "Save As..." with the filename 'download.php'

We'll be fixing that in our next task, so just change the name to 'iwant.xyz' by hand when prompted to download.

But if you can find a browser that does not treat that file as a download, I'll send you a Cookie.

Note that you can configure some browsers to just auto-save all downloads in some directory or, blech, on your desktop. That's a user-configuration choice which nothing in the world is going to "fix". Sorry. Educate the user, or live with their freedom of choice, whichever way you want to look at it.

But the browser itself is still treating the output as a 'download' even if it has been [mis-]configured to just dump the file in some random directory.

Now, on to the task of getting the URL to end in /iwant.xyz so that the browser is "fooled" into thinking it's a static URL and it will use 'iwant.xyz' as the default filename for the download window.

As you can see, your script 'download' is going to have some extra stuff at the end of it.

Apache and PHP collaborate to mostly ignore anything extra tacked onto the end of a URL, except for one crucial input they provide:


$_SERVER['PATH_INFO']

This variable is set by Apache/PHP to contain everything after your script name that is in the URL, no matter what is there.

Now, because your real application might need more input than just 'iwant.xyz' I'm going to go above and beyond here, and provide an include file that will give a lot of flexibility.

Here are some URLs the normal way, and some done my recommended way compared side-by-side:

Normal	Recommended
http://example.com/download.php?filename=iwant.xyz	http://example.com/download/iwant.xyz
http://example.com/download?filename=subdirectory/iwant.xyz	http://example.com/download/subdirectory/iwant.xyz
http://example.com/download?page=42&line=20&filename=iwant.xyz	http://example.com/download/page=42/line=20/iwant.xyz

Keep in mind on that last one, that the browser cannot know that you don't have directories named 'page=42' and 'line=20' no matter how odd that may seem for directory names.

Those are perfectly valid directory names, and the browser has to assume that's what you have.

Only you and I will know that 'download' isn't a directory but a PHP script, and those 'extra' bits are really just inputs to this PHP include:


<?php
  //Consider a URL such as:
  //  http://example.com/scriptname/var1=val1/var2=val2/path/to/filename.xyz
  //Transform it into:
  //  $PATH = '/path/to/filename.xyz'
  //  $PATH_VARS['var1'] = 'val1';
  //  $PATH_VARS['var2'] = 'val2';
  $PATH = '';
  $parts = explode('/', $_SERVER['PATH_INFO']);
  foreach ($parts as $part){
    $pieces = explode('=', $part);
    switch(count($pieces)){
      case 1: /* tack it on as part of a pathname */
        //Also ignore the leading '/' of PATH_INFO which turns into an empty '' from explode()
        if ($pieces[0] !== '') $PATH .= "/" . $pieces[0];
      break;
      default: /* Set up something like $_GET only with $PATH_VARS */
        $var = $pieces[0];
        // value might have = within it...
        unset($pieces[0]);
        $val = implode('=', $pieces);
        $PATH_VARS[$var] = $val;
      break;
    }
  }
?>

I've commented the above script heavily, and all it does is transform the PATH_INFO that Apache and PHP provide into a couple convenient variables:
$PATH_VARS will contain any /var=val/ in the URL as $PATH_VARS['var'] = 'val';
$PATH will contain anything else in the path as '/subdir1/subdir2/filename.xyz';

Save that script above as 'pathinfo.inc' and change the top of your 'download' script from $filename = $_GET['filename'] into this:


require 'pathinfo.inc';
$filename = $PATH_VARS['filename'];

Now, you can surf to a URL like this:
http://l-i-e.com/blogger/download/iwant.xyz
and get a download windows with the only reasonable choice for a default filename to "Save As..." that a browser could possibly infer from that static-looking URL: 'iwant.xyz'

It would be nice if this was a Documented Feature or if something like Content-disposition actually worked in all the minor versions of all the browsers ever released.

But, in this case, consider what else a browser could possibly do with the download window it must provide.

If you really think about this, I believe you'll come to the same conclusion I did, many years ago: This is a hack, but a reasonably safe hack, because what else can a browser do with such a simple URL, given that it must prompt the user for a file download (or auto-save the download by user choice) to remain compliant with the HTTP Spec.

Here is the final source for our download script:
http://l-i-e.com/blogger/download.phps

And the pathinfo.inc file:
http://l-i-e.com/blogger/pathinfo.phps

There are a few caveats worth mentioning here:

Unlike $_GET, $PATH_VARS cannot be made into a "super-global" so you'll have to declare it global within your functions/methods.

Actually, technically, you could use PHP's RunKit extension to force $PATH_VARS to be a "super-global" but if you've got RunKit installed on your server, you probably already know everything in this article anyway.

If you don't know what RunKit is, you should just take my word for it that you don't want it installed, but if you need convincing, let me just point out that the purpose of RunKit is to be able to re-define something like:

if ($whatever) echo $something;

so that the 'if' and the 'echo' don't do what you expect them to do anymore.

I.e., RunKit lets you re-define the actual PHP language on-the-fly, for developing a new version of the PHP language.

Let me also point out, in case it's not blatantly obvious, that savvy users can still put any damn thing they want into the URL in attempts to break your script, take over your server, and otherwise cause you much grief.

This URL munging should not be considered primarily as a "Security Measure" though there may, or may not, be some relative increased security in that finding a ? in a URL and then trying variants is probably a very common Bad Guy technique, but cramming more things onto the end of a static URL generally doesn't do anything at all, so most Bad Guys probably don't do a lot of that.

This falls into "Security through Obscurity" though, which are generally very weak security measures, and only useful, if at all, when layered in with other, more robust, Security Measures.

Or, to make a long story short, you must still validate and cleanse any data coming from $PATH and $PATH_VARS, exactly as you would for $_GET.

Required Reading:
http://phpsec.org/

I aleady know that at least one other PHP Developer thinks I'm daft to put /var=val/ into the URL, and that I should just use 'positional' elements.

Unfortunately, I do not find that very convenient, as some of the elements in my scripts are optional, so the URL would end up needing too many '/////' in it and my eyes are too old and worn-out to attempt to count those correctly.

I can also safely predict some bloggers will insist that "Content-disposition:" works just fine in all browsers, or maybe they'll be smart and qualify it as "all modern browsers"

My only possible responses to that are:

You haven't tested enough minor release versions

I believe backwards-compatible legacy support for ancient browsers is important

If you do not like this particular solution, just don't use it.

I happen to believe, based on my experience fixing far too many bug reports from iconoclastic users of niche browsers you may have never even heard of, that it's the only correct solution to browser insanity, paricularly if you use PHP to output dynamic rich media such as Images (GIF, JPEG, PNG), PDF, FDF, Flash/Ming, and so on, as I have done.

The pathinfo.inc file above works wonderfully for a URL such as:
http://example.com/thumbnail/max_width=100/photographer_id=7/artist_id=15/rockstar.jpg

It also works for the PDF URL embedded in an FDF which tend to drive Netscape/IE crazy if you start adding dynamic elements.

This rant was actually referenced by none other than PHP Security Expert Chris Shiflett in The Adobe PDF XSS Vulnerability

Bogus Blog?

2006-05-18T15:47:00.000-05:00

Truthfully, this blog originally got created just so I could add a comment to:

http://phpgirl.blogspot.com/2006/05/chicago-php-user-group-report.html