Passwords are sometimes hard to remember, or at least hard to read, because good passwords are cryptic. That’s a fact and I am still fine with it, because I pay attention to obvious security flaws or risks. However, there are some situations when you do not need cryptic passwords – like “first time passwords”, or “single time passwords”. For this particular case I came up with a nice idea and I’d like to call it pass phrazr (phraser).

Instead of cryptic passwords, use phrases and or simple sentences. If you just enter some phrases as possible pass phrases it doesn’t work very well, but if you use a directory it does. Plus, you can serve i18ln passwords if you add a locale.

The easiest sentence is SVO structured but “Tim like Dogs” sucks and isn’t fancy at all, so I’m going to use a more stylish composition. Factual phrases with *izm nouns instead of boring objects! RaaaaR.

Here’s a simple MySQL Table:

CREATE TABLE passphrazes (
	passphraze_word 	varchar(30) 					NOT NULL,
	passphraze_type 	enum('subject','verb','noun') 	NOT NULL,
	PRIMARY KEY (passphraze_word)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;

If you still wonder about it – the magic goes here:

SELECT concat(
	(SELECT passphraze_word
		FROM passphrazes
		WHERE passphraze_type = 'subject'
		ORDER BY RAND()
		LIMIT 1),
	'-',
	(SELECT passphraze_word
		FROM passphrazes
		WHERE passphraze_type = 'verb'
		ORDER BY RAND()
		LIMIT 1),
	'-',
	(SELECT passphraze_word
		FROM passphrazes
		WHERE passphraze_type = 'noun'
		ORDER BY RAND()
		LIMIT 1)
);

No clue jet? Well, by selecting random rows you can generate funny phrases like:

He allocated nahualism.
She reinforced mithridatism.
They served social-evolutionism.

Then style it and additionally pimp it more secure (replace spaces with dashes, plus signs, or even camelize it) in your favourite coding language:

He-allocated-nahualism.
SheReinforcedMithridatism.
They+Served+social-evolutionism.

The use case is hopefully obvious. If someone sign up at your site and you generate the first time password for the user, why not something meaningful? There are tons of possibilities to combine words unique.

*updated*

It took us quite a while until we were all satisfied but now it’s done and you can view it over here:

» http://areal-records.com/

The site relies on prototype, some web 2.0 gimmickry, scriptaculous and the pear framework, a wonderful combine script for CSS and JS. Firefox 3 still needs some »pimping« but for all the other browsers it should work fine, as far as I can tell.

It’s midnight.

My neighbours just had sex – uhh, ahhh, uuhhhh – well for about 4 minutes – not much longer – then they were done. So I’d call it a quickly. I was quite tempted to have a look but I thought that would be indecent and naughty, even though it sounded like a doggy-style However, I’m no voyeur and it’s a hot night and every cool cat wanna have a kitten – or so…

The only reason I’ve noticed them is, our balcony doors are next to each other and both are wide open. But for my excuse, I’m still fixing a database – or better said, I do a modification. for writershops.com I use the world DB from MySQL plus an extra column for the CIA facts book country code. However, I’m still thinking about to extend it with postal codes and make it public to everyone. Maybe. Time-management is not one of my primary attributes so far.

Tomorrow we have “beer and sausage” at our company, which is quite cool – I mean the fact that we do such things on company time and money. Each first Friday on every new month one department is organizing this little event. Last time we had Becks, this time we’ll have Berliner and sausages.

However (I love this word), I’m currently working on a new JavaScript lib, with a carousel, an interactive navigation and some tab switcher, a lightbox, some fx wrapper and other stuff, based on prototype and scriptaculous. That it nothing phenomenal, but I try to keep it slick as possible and of course flexible. ATM you still can apply any function to the callback functions »beforeStart« and »afterFinish«, via one method call. I’ll post the code when I’ve got something like a milestone release, which seems to be end of July.

I had to update WP, because someone managed to exploit a security hole in my blog. I guess it was the draft exploit – but I am not sure. Also I’ve decided to use the open_base_dir restrictions, because the guys who tryed to hack my/our server, tryed to install a ftp server and if I’m right, then the kids call them self “Caffeine’s Heaven”. I did that ways back in the days too – and luckily I’ve discovered it in time. Also I’ve moved to a subdomain and added some rewriting rules for my blog (301).

Anyhow!

I’ve to hurry, because it is already 9:30am and I’m still sit here in shorts

if you need a very easy regex, to validate emails – here’s some I wrote:

^(([\da-z���\.\_\-\~]+)\@([\da-z���\.\_\-\~]+)+(\.\b[a-z]{2,}))$

once again I have to do stuff for the IE “only” (omfg!) and it’s a not just a pain in the ass it’s like a heart attacking nightmare horror movie. The IE’s debugging capabilities – uhm wait, what debugging capabilities? – are simly not existent and if you try to mention the IE developer toolbar, I could cry. It’s like a mediaval attemp to transform coal into gold. Useless! Well, I’m a Windows user and there are some cool things about the OS itself, but the IE is a piece of shit – a waste of memory – a big fucking mistake in the technical evolution of mankind. The IE must die, disappear from the world of browsers. There is no hope. Not anymore. Not just a little.

According to the Specification (4.1.3 Characters and case), identifiers can contain only alphanumerical characters [a-z0-9] and – big surprise – ISO 10646 characters U+00A1 and higher, plus the hyphen (-) and underscore (_).

That’s totally new to me and I’ve never ever seen someone who uses special characters like that for identifiers. Actually this is really bullshit, because no Validator supports identifiers like that. For instance: when you are going to use the ampersand character, HTML expects an html-entity and will fail. The Validation will not fail, when you use the copyright sign (�?© = U+00A9) – but it will fail, when you not write the ampersand as html-entity (&)

Here is an example CSS which will be displayed correctly in most browsers (ff2, ie7, opera9, safari3):

.A\&A {
    background-color: #D1EDEC;
    border: 1px solid #92C0DA
}
.A\26B {
    background-color: #D1EDEC;
    border: 1px solid #92C0DA
}
.A\000026C {
    background-color: #D1EDEC;
    border: 1px solid #92C0DA
}

Nevertheless: it will fail the �all mighty� validator.w3.org test, when the class names are assigned to elements (because of the ampersand). I perfectly understand why the ampersand fails, but IMHO I think it shouldn’t be allowed plus [a-z0-9] and hyphens should be enough to describe the class/id.

… writing bad and unforgivable code.

There are lot of good looking sites out there and a lot of good looking (w)CMS front and backends but most of the so called *cool* CMS sucks. WP ist cool – I like it – it’s a good piece of code but I think the templating is kinda hard on the nerves sometimes. Well that’s ok, because you can do quite a lot with it – but take Joomla and or OSC for instance and be prepared for a damn rampage.

I don’t know … maybe I should grow botanic things and stop coding instead of them. Why do people code nowadays procedural, when it’s clear they have to recode (or copy and paste) it more than two times. OOP rules – at least most of the time. Sometimes I stumble upon classes which contains 80% echo/print commands. Why not using a good templating system like Flexy or maybe Smarty if necessary?

Why is it so hard to use a validator or RTFM?

Do not misunderstand me – I am not a coding guru – I am just a person who likes good and usable things but the sad thing is – most of the things I am discover are bull****.

Why does so many things sucks anyway?
Like the IE, the media, the fast food throwaway society, the bad smelling people in the streets, Hollywood movies, Sternburger-Beer, ban of smoking in bars, criminalization of graffiti artists, criminalization of soft drugs, less than 25 days of holiday per year, global warming and so on and so forth and etc and pp and yes – you know what I am saying – don’t you?

It’s Sunday.
It is just a livelong dream.
I am sleeping right now and when I wake up – I’ll be surprised how wonderful you all are and everything is

Why:
* do people code in medieval style?
* do people ignore the signs of the time?

I guess I need to find a quick and easy solution to make osCommerce work on php5. *phew*

– 10 minutes later –

here’s some quick stuff which seems to work for the installation:

cd includes
vi php5_enabled.php

$HTTP_GET_VARS 	= isset($_GET) 	? $_GET 	: null;
$HTTP_POST_VARS = isset($_POST) ? $_POST 	: null;
$HTTP_COOKIE_VARS = isset($_COOKIE) ? $_COOKIE : null;

.htaccess

php_value session.use_trans_sid 0
php_value register_globals 1
php_value auto_prepend_file includes/php5_enabled.php

and et voila!

Database Import
The database import was successful!
osCommerce Configuration
The configuration was successful!


but that would have been to easy!

I needed to change also in catalog/admin/includes/application_top.php

// line 131 from $current_page = basename($PHP_SELF); to
$current_page = (basename($PHP_SELF)!='') ? basename($PHP_SELF) : 'index.php';

and now it seems to work

It looks good. Which means it has a nice UI but for somehow some things seems to me me irrational or not logic and besides that I am disappointed by the amount of table layout stuff. Hello Joomla developer: We are in the mid of 2007 and not in the 90’s!

Well the performance is ok and there are a lot of extensions out there but again: do not use f*****g tables for layout!