Via Jeff’s bookmarks, Race Conditions with Ajax and PHP Sessions by Andy “thwarted” Bakun is an outstanding anaylsis of a problem that’s come up before on this blog here.

In fact the title is almost misleading - the first half looks at “parallel processing” in Javascript with some valuable insight - i.e. you want to read this even if you’re not using PHP.

The second half explores building a custom PHP session handler (PHP’s default session handler does not suffer from race conditions but can become problematic the moment you start handling serious traffic), leading up to a very cunning strategy that allows y

Quick factual / historical note regarding Anonymizing RFI Attacks Through Google which Stefan and Ilia both referenced today.

As far as I know the notion of “programming” legitimate 3rd-party web spiders to attack other sites was first raised back in 2001 by Michal Zalewski (also wikipedia) in Against the System: Rise of the Robots.

Not that I’m hunting hacker-cred - ran into it via his book Silence on the Wire (which is a great read BTW - ever thought about how those J

A late but Happy New Year - recent silence related to starting new job at local.ch - more on that another time.

So let’s call this one the Year of OpenID - or at least the part up to March. OpenID is starting to gain traction as a solution to some (not all) online authentication problems.

While some good resources are starting to show up explaining how OpenID works, there’s a tendency towards either “here’s how to add to your blog - don’t ask difficult questions” or significant assumed knowledge. So it’s nice if you have someone around who can explain it directly, which is what happened last webtuesday, Cédric’s providing an PHP Conference London 2007
at 2007-08-12 15:10:17

It’s back! - just doing my bit to support the UK’s premiere PHP event. And hats off to them again for honest pricing - no inflation since last year if I remember right: £50 in advance or £75 on the day. Whether I’ll be able to get there is another story but I’d like to.

This article provided by sitepoint.com.

Posting in the full realization of the futility of doing so, there’s some PHP bashing (as usual) happening on reddit at the moment: PHP vs Python - the real difference, brought on by this mildly amusing image. While I can accept the points - technically it’s actually much harder in handle errors uniformly in PHP and the community is less rich in computer scientists than Python - the corresponding flame war on reddit manages to miss a different point, which is easiest expressed in code.

What’s the most significant difference between these two scripts?

<?php
$hits = 0;
printf ("Hits: %s\n", $hits);
$hits++;

And a web.py controller (absolutely no criticism intended - picked it because I like it - discussion applies to pretty much anything non-CGI and, in fact, t