It has several advantages:

1. SSH into a real Linux shell. It's been a while since I used Unix, but the old habits come back fast and I like having all those tools available.
2. SFTP support. More secure and faster (at least it seems that way) than FTP, especially with Notepad++.
3. It sure seems cheap (only $0.01/day for the site, $0.02/day for as many mySQL databases as you want).
4. Lots of languages besides PHP. Maybe I will learn Python someday.
5. Up-to-date versions of the tools, like PHP 5.3 (anonymous functions!) and Apache 2.2 (FallbackResource!). 1and1 was still stuck on the old versions.
6. They enable file URL wrappers, so I can use get_file_contents('http://example.com') and the like, rather than cURL.
7. A general feel that these guys are more hacker-oriented rather than simple, one-click-install-package oriented.

But there are disadvantages as well.

1. It's not nearly as cheap as it seems. A simple site as above is $0.03/day = $10.95/year, but it's all pay for what you use. They charge for server usage based on storage, $0.01 per megabyte-month, so my 100 megabytes of fonts and images is another $12/year. Domain name registration is $9.49/year, plus $0.41/year for DNS. Bandwidth is $0.20 to $1.00/gigabyte, depending on usage. For my relatively popular blog (about 300-600 visits/day) I'm sending about 100 MB/day or $0.07/day or $25.55/year. That adds up to $58.40/year, basically the same price as 1and1. And I feel like I have to watch every byte stored or transferred. I know it's not really much money, but it's an avocation rather than a vocation so I need to justify the cost to myself. The bandwidth I'm going to have to explore to find out what's going on and possibly stop hotlinking and the like. The storage costs I can hack around by putting the big stuff on Amazon S3 at only $0.14/gigabyte.
2. They don't automatically take the money from a credit card. You have to deposit funds in your account, and if it runs dry, the site goes down. They'll send out low-balance warnings but I'd like an automated method. Alos, every payment comes with a $1.00 deposit fee, so making monthly payments is another $12/year.
3. PHP runs in safe mode, so a lot of file and system functions are disabled. This is deprecated in the latest PHP, so I don't know what NearlyFreeSpeech will do, but right now it makes life much more difficult. There are workarounds, notably using CGI scripts rather than straight PHP, but this is the biggest downside.
4. No cron jobs. You can't run any processes on their servers besides the webserver, mySQL and whatever you're doing when SSH'ing in. They promise they're working on a solution, but no update since 2008. You can use hacks like WP-cron but that is exactly that, a hack.

But overall, it looks like a good thing and I'm looking forward to (slowly, as I have the time) moving all of bililite.com over to the new host (then transferring the domain when I'm sure it works).

1. The correct program is /usr/local/bin/php-cgi (or whereever your server puts PHP), not /usr/local/bin/php. That is the command-line interpreter, which does not output the headers. You can manually do echo "Content-type: text/html\n" etc., followed by a blank line, but who wants to try to debug that?
2. The script has to be executable. You get a 500 Server Error otherwise. Do a chmod +x scriptname.cgi.
3. Scripts need the appropriate file and directory permissions to write to the server. Changing the permissions of the server directory is probably too insecure (though for safe mode it's the only way); it's better to set-uid the script, but then keep it under wraps.

So a sample CGI script would be:

#!/usr/local/bin/php-cgi
<?php echo "Hello, world"; ?>

in an executable file with a .cgi extension.

Note that FTP and SFTP can't set the setuid bit, so that if you upload the file (or edit it with an FTP-aware editor like Notepad++), you need to chmod 477 scriptname.cgi again.]]> http://bililite.nfshost.com/blog/2012/01/12/writing-cgi-scripts/feed/ 0 http://bililite.nfshost.com/blog/2012/01/12/things-i-learned-about-htaccess-part-2/ http://bililite.nfshost.com/blog/2012/01/12/things-i-learned-about-htaccess-part-2/#comments Thu, 12 Jan 2012 16:29:48 +0000 Danny http://bililite.nfshost.com/blog/?p=2200 I've learned some things about .htaccess, but mostly I've learned that programming it is deep black magic. The most important thing is "Don't use mod-rewrite unless you absolutely need to". All the fancy stuff is better off done by the PHP (or whatever language you're using) code.

Don't do:

RewriteEngine On
RewriteBase /
RewriteRule ^([^/\.]+)/$ /index.php?main=$1&part=$1 [QSA,L]
RewriteRule ^([^/\.]+)/([^/\.]+)$ /index.php?main=$1&part=$2 [QSA,L]

to map your site to your index page; do:

FallbackResource /index.php

And in index.php parse the $_SERVER['REQUEST_URI'] to get your page/subpage arguments. Much easier to debug!

And to use FallbackResource you need to be running Apache 2.2, so get a good web host.

If you don't know what that means, you probably shouldn't be using a d.i.y. host like nearlyfreespeech.

And now it works!

Almost. SexyBookmarks's images aren't loading when I use the new code, so I went back to the old version. It slows the page load down anyway, so I may take it off entirely.

And the rest of the bililite site is still at the old host, and some of the sample code (in /blog/blogfiles) uses that, so for now I have a line in my .htaccess to refer it back: RedirectMatch /blog/blogfiles(.*) http://bililite.com/blog/blogfiles$1.

Enter underscore.js, which bills itself as "the tie to go along with jQuery's tux."

It doesn't modify any native objects, requiring you to wrap them as _([1,2,3]).map(function(x) {return 2*x;}), which returns [2,4,6]. Chaining has to be explicitly enabled, _([1,2,3]).chain().map(function(x) {return 2*x;}).reduce(function(memo, num){ return memo + num; }, 0) returns 12.

Looks useful.

Download the code.

Example

<input type="password" id="password"/>

$('#password').showPassword('Show Characters as I Type');

Use

$('[type=password]').showPassword(string) creates a checkbox as above with string as the label. If the checkbox is checked then the password field is unmasked. $('type=password').showPassword(true) unmasks the field directly, and $('type=password').showPassword(false) restores masking.

The logical thing to do is to have a checkbox that would show the characters, and the easiest way to do that is to change the type of the input element from password to text.

For most browsers, this is nontrivial but doable. You have to detach the element first in order to change its type. But in Internet Explorer, there's no way to change it. One solution is to create a new input element with type text and copy all the other attributes into it, but that seems like overkill. All we need is a way for the user to see what he is typing, so a tooltip-like overlay would work.

This is what I came up with (note that it requires jQuery UI position:

<input type="password" id="password"/>
<label><input type="checkbox" id="check"/> Show characters as I type</label>

try{
  $('<input type="password">').detach().attr('type', 'text');
  $.fn.showPassword = function(shouldShow){
    var type =  shouldShow ? 'text' : 'password';
    return this.each(function(){
      /* from http://stackoverflow.com/questions/540851/jquery-change-element-type-from-hidden-to-input */
      marker = $('<span />').insertBefore(this);
      $(this).detach().attr('type', type).insertAfter(marker);
      marker.remove(); 
    });
  };
}catch(e){
  $.fn.showPassword = function(shouldShow){
    return this.each(function(){
      if (shouldShow){
        var span = $(this).siblings('.showPassword');
        if (span.length > 0){
          span.show();
        }else{
          span = $('<span>').addClass('showPassword').css({
            opacity: 0.9,
            background: 'white',
            position: 'absolute',
            fontFamily: 'sans-serif',
            paddingLeft: '2px'
          }).position({
            at: 'left bottom',
            of: this,
            my: 'left top'
          }).text(this.value).insertBefore(this);
          $(this).keyup(function(){ span.text(this.value); });
        }
      }else{
        $(this).siblings('.showPassword').hide();
      }
    });
  };
}
$('#check').change(function(){
  $('#password').showPassword($(this).is(':checked'));
});

Try this in Internet Explorer as well as a standards browser. The details are different, but the functionality is the same.

tl;dr

Download the code. Use $.validateHTML5(callback), where callback (result, data) is a function that is called with the result, a string that can be "valid" if the page validated, "invalid" if it did not, "warning" if it validated but is "in some way questionable", or "not validated" if some error occurred. data is the actual JSON output from the validator.

Discussion

Lots of sites have links like <a href="http://validator.w3.org/check/referer">Valid HTML</a>, which claims that the site is valid and allows you to click the link and check it, but it would be nice to have some way of actually validating the page that is being shown. Nice for me as the author, at least. I'm not sure anyone else cares.

Luckily, I've been doing everything recently in HTML5, and Validator.nu has a web service API with JSON output that we can use programmatically. We don't want to do this on the server side, since that takes time that our users don't need to waste. Also (I did this when playing around with it) you can end up in an infinite loop, where my server GETs the validator output, which GETs the page from the server, which GETs the validator output, which GETs the page from the server, ad infinitum.

So we want to send the page without validating it and then use AJAX to validate it. Fortunately, the validator allows JSONP, so we don't have to worry about same-origin security. Unfortunately, the documentation wiki is wrong about exactly what is returned, so it took some experimentation to get it to work.

See the example.

The W3C validator has a validator and does have a web service, but the only documented output format is SOAP. output=json works to produce JSON, but I can't find a way to get JSONP.