• You are currently browsing the Christian Heilmann blog archives for February, 2009.

  • Archive for February, 2009

    Free PHP security talk on 3rd of March in London

    Tuesday, February 24th, 2009

    Following my talk on web application security at the Web Directions North I had a lot of questions on PHP security and I have to admit I am OK but not an expert on the matter. Luckily enough there are experts I rely on and if you are in London next Tuesday you can go and see them give a talk for free!

    In the second in the series of “YDN Tuesday” monthly events, Jose Palazon, Yahoo’s mobile security expert, will be talking about PHP Security.

    The venue is Skills Matter Limited at 1 Sekforde Street, EC1R 0BE
    London, England.

    Jose will be presenting a series of demos on how to exploit and prevent the most popular security flaws in web applications, such as SQL and blind SQL Injections, Cross Site Scripting, file uploads, file handling functions, global variables and, favorite of them all, programmers ingenuity!

    YDN Tuesdays are tech talks held on the first Tuesday of every month at Skills Matter’s London offices. The events are FREE, but you need to sign up for them at Skills Matter’s website.

    Mozilla Labs meetup in London this Thursday – I’ll be the one with bells on

    Monday, February 23rd, 2009

    If you are a happy user of Mozilla and want to learn what’s brewing in the foundation and you are in London come around this Thursday to Waterstone’s in Piccadilly. As Madame Jane Finette reports there’s a a Mozilla Labs meetup happening.

    When:
    Thursday February 26, 2009 from 10:30am – 12:30pm

    Where:
    Waterstones Piccadilly
    5th floor cafe in Waterstones bookshop
    203-206 Piccadilly
    London, W1J 9LE
    England

    Sign up for the event on upcoming – see you there.

    TTMMHTM: Geek chic, development quotes, passwords, Flickr scalability and the New York Times Open

    Monday, February 23rd, 2009

    TTMMHTM – Rocket Packs, Chiptunes in Ruby, Times People API and Museums and form filling Microformats in YQL

    Wednesday, February 18th, 2009

    Things that made me happy this morning

    Searching Flickr photos by license and text and returning defined sizes made easy with YQL

    Saturday, February 14th, 2009

    We (Nagesh Susarla and moi) are just sitting here at Open Hack Day in Bangalore, India and geek out on YQL trying to find how far we can push it to make the life of a hacker easier.

    One of the things was using Flickr photos and making sure we can only get photos of a certain license for a certain text. Here’s the magic we YQL statement we came up with:

    select * from flickr.photos.sizes where photo_id in (select id from flickr.photos.search(20,20) where text=@text and license=@license)  and label=@label

    The (20,20) means “get me 20 photos starting at the 20th” and to make it easier say we do the first 50 results instead. The @parameter are placeholders which will be replaced by URL parameters.

    As a URL you can use this and send the right parameters, for example find cats with an attribution license and only square photos (75×75pixels):

    http://query.yahooapis.com/v1/public/yql?q=select%20*%20from flickr.photos.sizes%20where%20photo_id%20in%20(select%20id%20from%20flickr.photos.search(50)%20where%20text%3D%40text%20and%20license%3D%40license)%20and%20label%3D%40label&format=xml&text=cats&license=4&label=Square

    Possible licenses are:

    1 Attribution-NonCommercial-ShareAlike License
    2 Attribution-NonCommercial License
    3 Attribution-NonCommercial-NoDerivs License
    4 Attribution License
    5 Attribution-ShareAlike License
    6 Attribution-NoDerivs License
    7 No known copyright restrictions

    Possible labels are Square,Thumbnail,Small,Medium and Original

    To make it easier, you can also wrap the whole thing in a method:

    function display(o){
    var out = '';
    for(var i=0;i<o.query.results.size.length;i++){
    var cur = o.query.results.size[i];
    out+='<a href="' + cur.url + '"><img src=' + cur.source + '></a>';
    }
    var d = document.createElement('div');
    d.innerHTML = out;
    document.body.appendChild(d);
    }
    /*
    leechFlickr()  by Christian Heilmann
    Gets an object as the parameter. Object properties:
    query (mandatory) - term to search flickr for
    amount - amount of photos (defaults to 20)
    license - 1 to 7
    label - Square,Thumbnail,Small,Medium and Original
    callback - callback function name as string
    */
    function leechFlickr(o){
    if(o.query){
    var amount = o.amount || 20;
    var license = o.license || 4;
    var url = 'http://query.yahooapis.com/v1/public/yql?' +
    'q=select%20*%20from flickr.photos.sizes' +
    '%20where%20photo_id%20in%20(select' +
    '%20id%20from%20flickr.photos.search(' +
    amount + ')%20where%20text%3D%40text%20and' +
    '%20license%3D%40license)';
    if(o.label){
    url += '%20and%20label%3D%40label';
    }
    url += '&format=json&callback=' + o.callback +
    '&text=' + o.query + '&license=' + license;
    if(o.label){
    url += '&label=' + o.label;
    }
    var s = document.createElement('script');
    s.src = url;
    document.getElementsByTagName('head')[0].appendChild(s);
    }
    }
    
    leechFlickr(
    {
    query:'cats',
    label:'Square',
    callback:'display'
    }
    );
    leechFlickr(
    {
    query:'parrots',
    amount:10,
    license:3,
    label:'Square',
    callback:'display'
    }
    );

    See the code in action and download the script.

    Does YQL rock or what? No messy user IDs, no mixing and matching all kind of API methods, just plain yummy data.