I have removed the ability to comment, yes, I know a blog without comments isn't a blog. I just need to work out a way of doing it properly. I'd rather not store user details. Hopefully I'll work out how to let you authenticate with facebook/twitter/openid. We'll see. Having looked into this further, it should be possible using OAuth with either Facebook or Twitter. OpenID may well be too hard to implement, seeing as I only want to do a small part of what it is capable of.

Also, I've tweaked the login system slightly, it should now be quite secure, with the use of an authentication token. Both the token and password are stored in the database hashed, using the excelent phpass. There are still a couple of potential weak spots, like session fixation, not sure if I'm secured against that yet.

Till next time. I don't know when that will be though :)

I have been looking after my uncle's dog for the last two weeks, giving me plenty of time to work on this site. It might not look like much has changed on the surface. Though frontend development isn't my forte.

What has changed is the backend. I now use PHP's PDO for the database interaction. This allows much better management of errors for one thing due to the try/catch nature of PDO coding. It should hopefully make it easier to migrate away from MySQL/Oracle calamity. The obvious choice would be MariaDB but I hear good things about PostgreSQL.

I'm also working on the authentication system. I know use PHP sessions, with a cookie for persistent login. I am taking my inspiration from this well thought article about the matter. Though I still need to sure up the security side of things, particularly against CSRF attacks.

One final thing with regards to security, you may have noticed I know require https to browse this website. Why not?

Links now work nicely. Though there's still lots I want to do. Briefly:

• Show 'archives' better - hmm, this might require a bit of recoding.
• Get rid off categories, tagging is sufficient.
• Introduce ability to notify of new posts on fb and twitter - Will do this manually, may not want all posts syndicated.
• Microblogging to twitter/facebook.
• More mobile friendly interface

So all I have left is the mobile interface. :)

So, hopefully my site can handle Unicode/UTF-8. Can I type in Iñtërnâtiônàlizætiøn?

Here's some Chinese:

子列子居鄭圃，四十年人無識者。國君卿大夫眎之，猶眾庶也。國不足，將嫁于衛。弟子曰：“先生往無反期，弟子敢有所謁；先生將何以教？先生不聞壺丘子林之言乎？”子列子笑曰：“壺子何言哉？雖然，夫子嘗語伯昏瞀人，吾側聞之，試以告女。其言曰：有生不生，有化不化。不生者能生生，不化者能化化。生者不能不生，化者不能不化，故常生常化。常生常化者，無時不生，無時不化。陰陽爾，四時爾，不生者疑獨，不化者往復。往復，其際不可終；疑獨，其道不可窮。《黃帝書》曰：“谷神不死，是謂玄牝。玄牝之門，是謂天地之根。綿綿若存，用之不勤。”故生物者不生，化物者不化。自生自化，自形自色，自智自力，自消自息。謂之生化、形色、智力、消息者，非也。”

Now some Greek (ancient):

Ἰοὺ ἰού· τὰ πάντʼ ἂν ἐξήκοι σαφῆ. Ὦ φῶς, τελευταῖόν σε προσϐλέψαιμι νῦν, ὅστις πέφασμαι φύς τʼ ἀφʼ ὧν οὐ χρῆν, ξὺν οἷς τʼ οὐ χρῆν ὁμιλῶν, οὕς τέ μʼ οὐκ ἔδει κτανών.

Hopefully this has worked. Can I still use HTML?

People are saying a recall of the iPhone 4 is inevitable. That simply isn't true. Yes, the iPhone does lose some signal when held that way, but that isn't enough to make Apple recall.

A recall is estimated to cost Apple 1.5 billion USD. That's a lot of money. Apple have no obligation to recall. If, let's say, the batteries were exploding due to a defective design which then caused a risk of injury to the owner, then yes, Apple would have to recall. But honestly, all that's happening is the signal decreases a little. Apple aren't going to spend that kind of money if they don't have to.

What I believe we are actually seeing is a backlash against a company that was once the little guy that posed little threat to people like Microsoft now becoming huge. Once you get big, people stop liking you. It happened to Google, it's happened to Facebook. It's now happening to Apple.