The blog of Kristóf Kovács

So you want to build a better search engine

Lots of hungarian (and I presume other countries has the same situation) startups are trying to build search engines nowadays. That’s what they believe in, and who am I to doubt them.

This syntax-highlighting plugin does such a beautiful work, I’m seriously tempted to blog more program code. :)

Drop-in XCache emulation with memcached

Recently we had to migrate a project from a server that had XCache installed (like all our servers) to a very different environment. So, I coded up a quick solution to use the same PHP software without any modification, but using a memcached server. I figured it may be useful for other people out there, so here it is.

Exploiting web development worst practices: file upload

If I can upload a file to your website, like, for example, an avatar, a picture, or a document for review, do you protect your website from that file?

Exploiting web development worst practices: file inclusion

And then PHP code that he has written will get executed on your server. It could do almost anything. Download any file you store on the server. Change other users’ sessions, changing their preferences, putting things into their shopping cart, etc. Access the database, stealing passwords (you do store passwords encrypted, I hope?), stealing e-mail addresses, residential addresses, whatever you store on the database. It can create new files, uploading viruses or phishing websites.

Exploiting web development worst practices: SQL injection

Nobody likes to be the guy who coded the “simple” website that later compromised a whole server and was used to leech ten-thousands of dollars out of unsuspecting citizens, and thus dragged an innocent company in trouble. Or the explaining that inevitably follows. Having security audited a few custom websites lately, I got the feeling that there is a need for a resource that in a few simple lessons helps web developers make more secure sites and avoid trouble.

Merry Christmas to all readers!

I’d like to wish a merry Christmas and (a bit late) a happy Hanukkah to everybody!

Businessmen’s guide to open-source licenses

Is it OK to take program code under a given license, add our own functionality, and then… (1) sell/license it as a product? (2) provide it as software-as-a-service?

Cloud power!

We all know in theory the advantages of load-balanced high availability clusters, but we often forget that they are also fun to build and operate.
Yes, I’m at fault of calling it a cloud when it’s rather a cluster, but who can resist the siren call of buzzwords? :) Cloud usually implies virtualization besides using multiple [...]

The Tao of Programming

The text was clearly written in an era when mainframes was just being replaced by personal computers. But from the sayings of “the master programmer”, and other invaluable gems, it’s clear that the human side of our beloved computing, and especially the management of programmers, have not changed much at all.