Paul M. Jones

YaWiki is a wiki-ish CMS, or CMS-ish wiki, primarily for collaborative documentation efforts; it uses Yawp and PEAR as its foundation.

This release adds an enhancement that was removed in earlier versions. The AreaMap page, which allows you to add navigational hints such as tabs and sidebars, now allows you to specify an optional navigation title for the element. This was available in early versions YaWiki, before it supported freelinks; after freelinks became available, navigation element titles were taken from the page title. Due to consistent user feedback, it appears I was unwise to take away the alternate titling, so now it's back. Use a pipe character ("|") on an AreaMap line to indicate the navigation title; e.g., "HomePage | Welcome!" will link to the home page, but the navigation element text will be "Welcome!" regardless of what the HomePage page title is.

You can view the list of changes for this release here.

The Belmont Club today talks about bloggers and blogging as an emergent phenomenon made possible by the internet.

The blogosphere is a specific manifestation -- and by no means the only one -- of the networks made possible by the Internet which can be imperfectly compared to the emerging nervous system of a growing organism. Once the software and infrastructure to self-publish was in place, it was natural that analytical cells, or groups of cells would take inputs from other parts of the system and process them. The result was 'instant punditry', which was nothing more than the public exchange of analysis on any subject -- politics, culture and war just happened to be the three most popular. It enabled lawyers to offer opinions on law; military men on things military; scientists on things scientific. And suddenly the journalistic opinion editors found themselves at an increasing disadvantage. While individual bloggers might not have the journalistic experience of the newspaper professionals, they had the inestimable edge of being experts, sometimes the absolute authorities in their respective fields. This is exactly what happened in Memogate. People who had designed Adobe fonts and written desktop publishing programs knew the memos were computer generated and were not going to be overawed by Dan Rather's experts asserting the contrary. They were the real experts and to make an impact they did not have to be correct across a large range of issues. They only had to be right in the one thing they knew best and from that vantage could hammer a mainstream pundit into the dust. Rather's defeat at the hands of Buckhead was not accidental. It was inevitable.

Read the whole thing; Wretchard talks about digital cameras being the sensory apparatus of the internet, and much more.

Yawp is a single PEAR-compliant class that encapsulates a number of other PEAR classes, and ties them all together with a simple configuration file. This release provides a minor functionality improvement.

Previously, when a hook script was called, it would be included directly in the calling code (e.g., a 'start' hook would be include()-ed in the middle of the Yawp::start() method; same for login, logout, and authErr hooks). This means it would be possible for the included script to use (and possibly overwrite) variables in the calling Yawp method; while not a security violation, that kind of thing could lead to unexpected behavior, and requires a much closer knowledge of the Yawp internals than should be necessary.

To solve this problem, I have added a method called run() -- all it does is include a file. It doesn't even need a parameter (using one would create a new variable in the scope of the function, and we want *everything* isolated for the included script).

function run() { include func_get_arg(0); }

This has the benefit of executing a script in its own scope, so that the hook script cannot accidentally overwrite variables in the calling Yawp method. All hooks now use the Yawp::run() method instead of include().

From Belmont Club:

In an abstract way, the information flows surrounding the Tsunami of December 2004 structurally resembled those preceding the Pearl Harbor and September 11 attacks. The raw data announcing the unfolding threat was there, yet the pattern so evident in hindsight was invisible to those who were not looking for it. But if tsunamis and asteroid strikes are rare events, they are comparatively more common than that still rarer object, the unprecedented event: the something that has never happened before. Threats like that can emerge suddenly out of chaotic systems, like WMD terrorism or new viral plagues. Against such events, specific precautions are impossible because no one can prepare for what cannot be foreseen. The real challenge is not so much to create a new dedicated network of staring systems against known threats but to tie current sensors to systems which are capable of cognition. The most valuable survival asset is situational awareness -- the ability to recognize threats you have never seen before and respond in an evolving manner -- and that capability has not yet come to the world as a whole.

And his concluding words: "...the world is not and was never a paradaisal Gaia but a dangerous place filled with peril both natural and man-made. On the days we forget the ocean is there to remind us."

I love it when other people say what I've been saying (although other people usually say it better). This is from Agoraphilia.

Here are some highlights:

Like it or not, some people are just not college material; they would be better served by vocational or on-the-job training (or by a better high school education than our public schools provide).

Moreover, the attempt to provide universal higher education has the pernicious effect of reducing the value of higher education. Radley Balko explains part of the story: as the supply of people with college degrees rises, the wages of people with college degrees will tend to fall (or, more accurately, not rise as quickly as they otherwise would, since other factors like technological progress tend to drive wages up). But the wage effect is not necessarily a bad thing -- competition is good, even (especially!) among people with desirable skills. My point, at which Radley also hints, is that the incentives created by policies designed to universalize higher education systematically drive down the quality of education.

Why? Three reasons. First, the policies in question typically provide education at far below its real cost. ...

Second, and relatedly, the existence of a large class of weak or unmotivated students changes the incentives of educators. ...

Third, the existence of (near) universal higher education has an undesirable effect on the quality of high school education. Students know, because they are told by their counselors, that a C average is sufficient to get them into a state university. ...

But read the whole thing, really.

This story about a professor of applied physics isn't real, but it sure is funny, and highlights the differences between practice and theory (which of course is much bigger in practice than in theory). I found it via Joanne Jacobs.

A typical Gaston exam question involves asking students to choose between catching a small metal box filled with 20 pounds of lead dropped from a height of 1 foot, or the same metal box stuffed with 20 pounds of feathers dropped from the roof of an 8-story building. Each year, about five students try to catch the feather-filled box and end up in the emergency room with concussions.

"I still think it was a trick," glowered Marvin Stoddmeyer, a student who chose the feathers and failed the final exam, breaking his collarbone in the process. "Gaston said something about momentum and kinetic versus potential energy or something during the year - yadda yadda yadda. But at no point did he specifically warn us not to try to catch a 20 pound object dropped from an 8-story building. That's deception, man."

And then at the end of the article:

Gaston did say he was willing to cut his students a deal and add 10 points to everyone's grade before applying a curve to the final grades.

"Now that's fair," said Brandon Marlowe, one of Gaston's students. "At least he's being honest with us."

Lots of fun for kids, but maybe not as much for the parents. Jim Carrey is thoroughly "on" in this movie as the cruel, somewhat disturbing, but imcompetent-when-it-counts Count Olaf who covets the fortune that the children have inherited. I might go so far as to say he's the star of the film, much in the same way the Joker was the star of the first Batman movie.

The children encounter all sorts hardships and have to use their wits to escape both treachery and forces of nature, but as the eldest of them says: "There's always something." That is, there's always something you can use to your advantage; don't give up, keep looking for a way, there's always something that can help you (even if it's not obvious, even if it's not the "intended" use). So we have a continuing theme of self-reliance and perseverance in the face of impending doom, which is great stuff.

There is another theme that is not as prominent, but still worth mentioning. The children face terrifying animals (snakes and leeches) as well as terrifying forces (hurricanes and heights) but these are not the worst. But the worst things they face are other people: malicious people, indifferent and incompetent people, clever and conniving people. I think the lesson here is that nature can be dealt with, but other people, well, you have to watch out for those. (Compare with my "Rule Number 1".) Family, though ... family is sanctuary.

There is one scene toward the end that really disturbed me: Count Olaf attempts to marry the 14-year old daughter (the eldest). Made my skin crawl while I cringed away from Olaf's leer.

Rating: worth a matinee viewing, but take the kids with you.

Pixar's "The Incredibles" (from Brad Bird, who did "The Iron Giant" before this) is simply magnificent. It's a family film in the best sense of the word; everyone will enjoy it immensely for different reasons. The movie is fun for kids (but not too young, 6 or 7 years old it probably the lower limit) and satisfying for adults (and comic book fans of any caliber will love the asides and references).

The film homages a wide range of other storylines, including James Bond, Star Wars, almost every mainstream superhero comic ever written, and Atlas Shrugged (although in a strange way; others have noted that the most Rand-esque character is in fact the villain, but the general themes of individual achievement are in line with Rand).

One bit-part character that I thought particularly funny was their Joker type, a French clown named "Bomb Voyage."

Rating: worth full evening price, more than once. (This is the highest rating. I have seen it 3 or 4 times in the theater now and it just gets better; there's too much going on to take it all in at one viewing.)

This page is to track issues related to the new "secure" compiler for Savant. A number of people (notably and most recently RevJim) have opined that Savant needs a decent secure compiler so that untrusted users can be allowed to edit templates. I agree.

Note: The compiler is not a required element. The normal use of Savant remains; that is, PHP itself is the template markup. The only time you really need to compile a template is when you have anonymous or otherwise possibly mailicious users, and this compiler exists to support that relatively rare case.

So the idea now is to replace the existing "basic" compiler with a more-secure version; you can view the source code here. Note that it depends on Josh Eichorn's excellent PHPCodeAnalyzer script, which itself depends on the tokenizer function in PHP 4.3.0 and later.

I don't know if I like calling the new compiler "secure" or not, but it sure is restrictive. Here are the built-in restrictions and features:

• The markup language is PHP in most cases, just surrounded in non-PHP tags
• Prefix and suffix tags default to "{" and "}", but are user-definable.
• No <?php ... ?> or <? ... ?> tags allowed
• Simple variable echoing via {$var}
• Comments via {* ... *}
• Control structures are regular PHP ( {if (...):}, {else}, {foreach (...):}, etc)
• No support for switch/case, but break and continue are allowed
• Plugins supported via {['pluginName', 'arg1', $arg2, ... ]}
• Certain language constructs are disallowed: eval, global, include[_once], require[_once], parent, self
• The only way to include other templates is via the {tpl} tag
• If the Savant $_restrict flag is on, template requests are restricted to specific allowed paths
• Access to superglobals ($GLOBALS, $_GET, etc) is disallowed
• Access to private $this properties is disallowed
• Variable-variables and variable-functions are disallowed
• Only whitelisted functions are allowed (the whitelist is user-definable)
• Only whitelisted static method calls are allowed (the whitelist is user-definable)
• Use of $this by itself is disallowed; it must be followed by -> (e.g., "$this" generates an error, but "$this_thing" and "$this->property" are allowed)

I think that's it. If the compile generates errors, the compiled script is not saved and the compiler returns a list of restriction violations with line numbers (the number correspond to both the source template and the compiled template becuase the markup language is very close to native PHP).

Comments? Questions? Have I forgotten to take something into account? It's only been a week, so I am sure to have missed some form of sneakiness.

These are my two dogs, Zoe on the left, Wendy on the right. This is a rare picture of them together in calmness.

Zoe is "big dog" between them, but Wendy wants very much to be "big dog." I believe that Wendy is plotting to take over the world, but her immediate goal is to take over the house, starting with Zoe. When they're both awake, not 30 minutes goes by where Wendy does not attempt to bite Zoe on the scruff, or take away some toy that Zoe is guarding. (Zoe tolerates this for about thirty seconds, then lays into her to re-assert her big-dogness.)

The biting thing is not restricted to challenging Zoe; Wendy is a toothy little girl. She loves my shirts, especially dress shirts, because she can pull at the buttons. If I leave a shirt in reach, and she is a very long dog so she can reach far, I will find the shirt later with dried slobber and tooth marks around each individual button -- and sometimes tooth marks where a button **used** to be.

To boot, she's a little butter-thief. If I leave the butter out and uncovered, I will come back to it to find the butter-knife displaced and the butter itself with a big curvy section licked out of it.

She's good when she's not naughty, but she is **so** naughty. It's good that she's cute, otherwise there'd be a problem. ;-)