./klaus hofeditz :: weblog

2010-09-02

admin — Thu, 02 Sep 2010 10:19:19 +0000

How b-tree database indexes work and how to tell if they are efficient (100′ level)

2010-08-17

admin — Tue, 17 Aug 2010 20:45:09 +0000

Investment in Open Source Software Set to Rise, Accenture Survey Finds
How many people do you know that build not only one, but two very successful companies?
PODCAST – Marc Andreessen:A Panorama of Venture Capital and Beyond

GUI elements we’d love to see in ]po[ 4.x

admin — Sat, 17 Jul 2010 13:52:40 +0000

Search Box with Filter and Large Drop Down Menu

http://tympanus.net/codrops/2010/07/14/ui-elements-search-box/

http://www.web-delicious.com/jquery-plugins/

Autocomplete anywhere – includes emacs

admin — Wed, 14 Apr 2010 11:21:51 +0000

http://www.autohotkey.com/

http://www.vasanth.in/content/binary/Intellitype.ahk

http://www.autohotkey.com/docs/scripts/

http://www.donationcoder.com/Software/Skrommel/index.html#AutoClip

Common constructs writing ]po[ update scripts

admin — Wed, 17 Mar 2010 18:34:15 +0000

Sample Script

create or replace function inline_0 ()
returns integer as '
declare
        v_count         integer;
begin
        select count(*) into v_count from user_tab_columns
        where lower(table_name) = ''acs_object_types'' and lower(column_name) = ''icon_path'';
        IF v_count > 0 THEN return 1; END IF;

        alter table acs_object_types add column icon_path character varying(100);
        RETURN 0;

end;' language 'plpgsql';
select inline_0 ();
drop function inline_0 ();

Check existence of column:

select count(*) into v_count from user_tab_columns where table_name = ''IM_HOURS'' and column_name = ''INVOICE_ID'';

Check existence of table:

select count(*) into v_count from pg_tables where tablename = ''im_capacity_planning'';

Check for existing constraints

        select count(*) into v_count from pg_constraint
        where lower(conname) = ''im_hours_project_fk'';

Create categories

SELECT im_category_new (16006, 'Rejected', 'Intranet Absence Status');

Create menu item

SELECT im_new_menu(
        'intranet-timesheet2',
        'timesheet2_absences_bankholiday',
        'New Bank Holiday',
        '/intranet-timesheet2/absences/new?absence_type_id=5004',
        50,
        'timesheet2_absences',
        null
);

Create menu permissions

SELECT im_new_menu_perms('timesheet2_absences_bankholiday', 'Employees');

pg_dump failed – invalid byte sequence for encoding “UTF8″

admin — Fri, 19 Feb 2010 23:14:09 +0000

Using

pg_dump -U projop -E UTF8 -d projop > projop.dump

instead of the usual

pg_dump --no-owner --clean --disable-dollar-quoting --format=p --file projop.dump

I was able to to restore the db.

BCN tips

admin — Wed, 18 Nov 2009 13:15:16 +0000

Restaurants

Classics

http://www.loscaracoles.es/
Barcelona classic, nice ‘ambiente’, very touristic, prices maybe a bit to high for what they offer, but you get the whole spanish experience, crossing the kitchen when entering the restaurant, always packed with people, hams hanging from the ceiling.

Cervecería Catalana
My favorite tapa place

Senyor Parellada

http://www.senyorparellada.com/

Classic in the born area

“Elegancia”

http://www.rte-olive.com/
Take your beloved one to this on her birthday

http://www.hotelcasafuster.com/restaurante.asp

Take your beloved one to this in case you want to propose – Woddy Allen played the saxophon during his stays in the bar

http://www.ladama-restaurant.com/

Back to the good old days, upper price segment.
(… you have one of the best TROBADORS right across the street)

Modern

http://www.w-barcelona.com/

impressive !!!

Hesperia_Tower-Barcelona_Catalonia

http://www.tripadvisor.es/Hotel_Review-g187497-d630596-Reviews-Hesperia_Tower-Barcelona_Catalonia.html

Michelin * (or ** ??)

Pretty Cool

http://www.laparadeta.com/

make your order at the entrance – all “fish” – big portions – student restaurant

Great value – nice ambiente

www.restaurantetrobador.com
Always a great value for the money and a nice and modern atmosphere, many locations city wide

www.flamantrestaurant.com

www.restaurantbalthazar.com

Feelin’ fishy?

http://www.bcnrestaurantes.com/eng/barcelona.asp?restaurante=carballeria

close to port

http://www.botafumeiro.es/

probably one of the best fish restaurants in BCN – try the percebes !

Sea Views

http://www.canmajo.es/ (views only from terrace)

http://www.aguadeltragaluz.com/

Takin’ a coffee in downtown

www.4gats.com

http://www.bcnrestaurantes.com/barcelona.asp?restaurante=el-gran-cafe

Rustic – outside BCN

www.can-borell.com

Day Trips

Torres
Wine tasting outside of BCN

Freixenet
Cava – nice tour

http://www.barcelona-tourist-guide.com/en/tour/montserrat-spain.html – ca. 50km ausserhalb

Estimating Project Costs

admin — Sun, 01 Nov 2009 20:08:31 +0000

This entry moved to http://www.project-open.org/documentation/rfe_Advanced_Financial_Project_Planning

How to prevent SQL Injections

admin — Sat, 17 Oct 2009 08:21:08 +0000

http://stackoverflow.com/questions/1973/what-is-the-best-way-to-avoid-sql-injection-attacks

Golden Rules:

3: Custom-Written Value Sanitation. Avoid writing your own sanitation routines as much as possible except when it’s absolutely the only option remaining (which is very unlikely in any modern language). Input sanitation is a hard problem, and the costs of getting it wrong are huge. It’s best to leave that job to someone else. When you are forced to rely on this method use white-listing rather than black-listing to sanitize input.

2: Framework / Library Based Value Sanitation. Leave the sanitation routines to the domain experts. Sanitation routines in 1st party frameworks and libraries are typically created by the same folks that wrote the DB or the SQL API. They have a much higher chance of knowing, and properly handling, all of the edge cases than you do. An example of this technique would be using php’s mysql_escape_string() function to sanitize values that will be inserted into strings that serve as dynamic SQL statements.

1: Parameter Binding. Instead of constructing a SQL statement as a raw string which includes user data as in-place literal values, create a SQL statement with tokens where the user data would be. Then bind the user supplied data to the appropriate parameters. The key here is that this binds the provided data to a specific type and a specific use and eliminates any opportunity to change the logic of the SQL statement. This can be used in conjunction with library based input sanitation as well.

http://www.tcl.tk/community/tcl2004/Tcl2003papers/cleverly.htm

Luckily for the Tcl programmer who craves laziness, OpenACS provides a higher-level database API on top of ns_db that hides all the mundane house-keeping chores. Additionaly, bind-variable emulation is available which frees the programmer from worrying about always escaping apostrophes in SQL statements. Bind variables are prefaced with a colon.

 set name "Jim O'Connor"
            set salary 40000

            db_dml new_hire {
                insert into employees (name, salary, dept)
                values (:name, :salary, 'Accounting')
            }

http://openacs.com/forums/message-view?message_id=250625

Posted by Dave Bauer on 01/19/05 04:57 PM

In Postgresql the db_* commands extract the “bind” variables and SQL quote them automatically. In the PG driver itself the [] charactaers are escaped as well for safety.

This means that the effective security of PostgreSQL is the same as Oracle.

This is done at the database api layer.

In addition ad_page_contract has filters and validation features to check input. ad_form and the form builder also have validation features for input.

XOWIKI – db structure

admin — Mon, 12 Oct 2009 07:47:39 +0000

xowiki pages are managed with the OpenACS Content repository.

XOWIKI pages:

For each page there’s an entry in cr_items

projop=# \d cr_items
                                   Table "public.cr_items"
      Column       |          Type          |                   Modifiers
-------------------+------------------------+------------------------------------------------
 item_id           | integer                | not null
 parent_id         | integer                | not null
 name              | character varying(400) | not null
 locale            | character varying(4)   |
 live_revision     | integer                |
 latest_revision   | integer                |
 publish_status    | character varying(40)  |
 content_type      | character varying(100) |
 storage_type      | character varying(10)  | not null default 'text'::character varying
 storage_area_key  | character varying(100) | not null default 'CR_FILES'::character varying
 tree_sortkey      | bit varying            | not null
 max_child_sortkey | bit varying            |

Page content

Page content is stored in table cr_revisions

projop=# \d cr_revisions
                             Table "public.cr_revisions"
     Column     |           Type           |                Modifiers
----------------+--------------------------+-----------------------------------------
 revision_id    | integer                  | not null
 item_id        | integer                  | not null
 title          | character varying(1000)  |
 description    | text                     |
 publish_date   | timestamp with time zone |
 mime_type      | character varying(200)   | default 'text/plain'::character varying
 nls_language   | character varying(50)    |
 lob            | integer                  |
 content        | text                     |
 content_length | integer                  |

Finding content that can’t be found using ‘search’ such as links etc.

select
		r.item_id,
		r.title,
		i.name
from
		cr_revisions r,
		cr_items i
where
		r.content like '%en:install_main%' and
		r.revision_id = i.live_revision;

Object Model

Pls. see: http://openacs.org/xotcl/show-object?show_source=0&object=%3A%3Axowiki%3A%3APage&show_methods=1