Following from a similar post, where I packaged up my standard web services libraries to avoid repeating myself, I decided to do the same for Events and triggers.

Events provide a very powerful, flexible and simple way of providing hooks for other code to attach to, in a loosely coupled way. I’ve been using event driven development in my PHP code for years, way back since the first days of Elgg. In Elgg, events and triggers proved to be one of the frameworks most powerful, and a major factor in its success, allowing plugin developers to easily change core functionality without changing a line of core code.

Anyway, I’ve used Events in one form or another in pretty much every framework since, and I’ve found myself increasingly cutting and pasting code around, so I figured it’d be sensible to package this up into a reusable library as well. Although it is designed to be simple, the library is pretty powerful.

One particularly useful feature is that event listeners can include regexp!

Triggering an event…

If you were writing a framework that had users for example, and you wanted to allow plugin authors to hook in and do something when a new user is created, you might do something like this in your registration code…

Listening to an event…

So, if you wanted to listen to the user creation event inside your plugin…

You can replace any part of the $namespace or $event string in Events::register (‘user‘ and ‘create‘ respectively in the example above) with regular expression. So, you could, for example, replace ‘user‘ with ‘*‘ to listen with any create event.

Code on GitHub, have fun!

» Visit the project on Github...

heartbleed

CVE-2014-0160, better known as the Heartbleed bug, it a critical, easily exploited, and widespread bug in the OpenSSL library that powers many HTTPS implementations around the world.

It is a memory leak exploit that can be used to potentially expose server keys, and any amount of other private information, so, it’s hard to stress exactly how important it is that you patch your servers now!

Because it may help others, here’s what I did:

Diagnosis

First step is to confirm that your servers are vulnerable. The vulnerability exists in OpenSSL libraries newer than 0.9.8 and persists until fixed in 1.0.1g. This means it is present in both Debian stable and Ubuntu systems, among others.

You can confirm whether your systems are vulnerable with this handy python program (mirror on gist), written by Jared Stafford, which attempts to exploit this bug.

Fixing

  • Debian and Ubuntu users should apt-get update; apt-get upgrade as soon as possible, since the security team has already patched the vulnerability. Other distros are likely to do the same, and I wouldn’t be surprised if patches were already released.
  • If your distro hasn’t patched yet, or you’ve compiled your own code, you should update to 1.0.1g now, or recompile your current OpenSSL binary with the -DOPENSSL_NO_HEARTBEATS. option set.

Thankfully, I run Debian, so my fix was easy. However, it is important to highlight that after updating the library you must RESTART any services that make use of it, notably Apache in my case.

This seems obvious, but until you do this your server is still vulnerable, so it’s worth underlining, and it caught me out!

Verification

Finally, it is important to verify your fix (how I spotted the restart requirement!). Use the same python tool above, and you should see something like:

Happy patching!

Update: seems that lots of people must be after that python script, as we seem to have killed the poor guy’s server. I’ve stuck a copy of it on Gist, hopefully Jared won’t mind!

This is a quick post to introduce you to a little plugin I wrote for wordpress, wordpress-idno-feedwidget.

The plugin creates a wordpress widget that lets you display the latest content from your Idno site in your blog sidebar. It’ll render the first 50 characters of a status update, and the titles of blog posts, with an author picture and a link to both the author profile and original posting. Image posts are also rendered, with a thumbnail view (although this could be made more efficient).

There is plenty of room for improvement; I’d like to render different types better, videos and events with an appropriate player for example, but it’s a start! The widget makes use of the JSONP endpoint, so make sure you’re using the latest codebase.

» Visit the project on Github...