Quercus PHP on GAE: pining for file handles

Quercus really is great stuff; it allows nitwits like me to develop crappy PHP-applications and to deploy them on Google’s App Engine. But when you combine the limitations of Quercus’ PHP implementation with those of GAE, you’re going to have to code around some problems you wouldn’t be facing when developing a “normal” PHP webapp.
One example based on my limited experience (while writing a scanner service to detect “foreign” objects in websites for my future wp-privacy plugin): I had a CSV-file that had to be downloaded & parsed. Normally you would fopen the remote file and than use fgetcsv retrieve all data line per line. Or, if you’d prefer, you could fetch the file with mighty CURL and parse it using str_getcsv. But those approaches don’t work when in Quercus on GAE; fopening remote files doesn’t work (blame GAE)  and while you can Curl the CSV into a variable, there’s no str_getcsv in Quercus (yet).
So I did what any self-respecting non-developer would do; I cried for help on StackOverflow. Some of the advice I got there involved obscure tricks like using data-uri’s, fopening php://memory or using SplTempFileObject, but none of those solutions produced anything but errors. So no built-in CSV-parsing for me, but (simple) “manual” parsing of the CSV in a string. Not a huge problem by any measure, but I’m sure there’s a whole lot more limitations, if only for all those functions that rely on file handles. But at least we’re having fun, no? 😉

WP YouTu.be Lyte: a minor release & some meandering thoughts

Yesterday I pushed WP YouTube Lyte 0.7.3 out the gates. The main trigger for that new release was a bug report about the plugin not behaving as expected when using the youtu.be-links that you get when clicking the “share”-button on YouTube.  Being from that TLD mysself I could not but fix this; the new version recognizes and parses both httpv://youtube.com/watch?v=videoid and httpv://youtu.be/videoid links in posts, pages and widgets. Other features: Slovenian translation (thanks Mitja Mihelič @arnes.si) and a small change to the donottrack-inclusion to make it work over https (hat tip; Chris @ campino2k.de).
Speaking of donottrack: I’ve finally started rewriting that privacy-enhancing plugin. It might … No, it WILL take some time, but expect a whitelist-based approach where you’ll be able to get a report of all inclusions of external content (images, css, javascript, …) in your site and where you can just tick a checkbox per domain you want to allow. All other current and future domains that rogue plugins try to smuggle in after you configured, will be stopped. Next to document.write’s I hope to be able to catch innerHTML and DOM methods like insertBefore and appendChild. If you’re a javascript DOM magician, I could sure use your help on those!
Not sure where I’ll be going with WP YouTube Lyte, it feels pretty complete to me. Stuff that might be added at a later stage;

Do comment below or contact me if you have other feature requests though! And thanks for all the downloads (36.000 and counting)!!
And as is traditional of WP YouTube Lyte announcements, here’s a small video to celebrate the new release; Intergalactic Lovers, a Belgian band, playing “Delay” live.

Intergalactic Lovers - Delay - 23-05-2011

Why your WordPress blog needs DoNotTrack

So what’s with all that nagging about tracking and that DoNotTrack plugin, you might wonder? Well, it’s pretty simple actually.

  1. Some very popular WordPress plugins include 3rd party tracking, sometimes even without properly disclosing, often without means to disable this behavior
  2. 3rd party tracking has privacy implications: all your visitors are tracked by the 3rd party, in general for behavioral marketing purposes (depending on what data is captured, tracking might even be illegal in some countries)
  3. 3rd party tracking has a performance impact: every visit to your blog will include between 2 and 5 extra requests for the 3rd party tracking to succeed, effectively delaying full page rendering

It is my conviction that blog owners should be able to install and use WordPress plugins without having to worry about undisclosed tracking and that plugins should provide a way to disable such 3rd party tracking if included.
As this is not the case yet, we have to resort to (messy) solutions to stop unwanted tracking from happening. And that’s exactly what DoNotTrack does. It’s a small javascript-hack in a WordPress-plugin to stop 3rd party tracking introduced by some of the most popular plugins.
Some details from the readme.txt:

  • What works:
  • What does not work (yet): Tracking code added using innerHTML or appendChild/insertBefore is not yet intercepted (but I’m working a solution for that)
  • What else might be added:
  • How you can help:
    • Provide me with links to plugins that include browser-based tracking + domain where the tracking is done.
    • Provide me with known opt-out code (javascript) to disable tracking services on a site.
    • Tell plugin writers you’re not happy with 3rd party tracking!
    • Tell your visitors about tracking & privacy, link to e.g. http://www.privacychoice.org/

And remember: if you host your WordPress blog yourself, you and nobody else should be able to decide who tracks your users!

Quantcast spyware puts selfhosted WordPress blogs in Automattic network

A quick update about the WordPress.com Stats plugin secretive inclusion of Quantcast tracking:

Coding for the New Year

Just a quickie before diving into 2011;

And this is how I feel about 2011:

Jon Hopkins - Light Through The Veins (Full 9 Minute HQ Version)

Have a great New Year!