Anyway, today i programmed a little php script that uses a different approach to determine who is the “Subversion King of the Month”. It’s counting the line delta directly from the svn repository using svnlook. So the developer with the most lines added to the repository (not the most commits) is the number one.
Here’s some example output (names are anonymized):

--- Most productive users for 11/2007 ---
1   usera                6319      42.47%
2   userb                5797      38.96%
3   userc                1990      13.37%
4   userd                 773      05.20%
--- Most active commiters for 11/2007 ---
1   usera                  47         47%
2   userb                  34         34%
3   userc                   4          4%
4   userd                   2          2%
-----------------------------------------

The script reads all commits (revisions) for the current month, counts the line delta (how many lines have been added/removed) and the amount of commits.
You can view the highlighted source here or download the script here. Use it on the command line like that:
php -f /path/to/svn/repository

I know that the number of lines comitted may not be the one and only criteria to measure the productivity of a developer. But its an indicator to start with.
So the question is: Are you the “Subversion King” in your company/project?

P.S.
Again, please, dont take this serious ;)

Check out the little demo of the movelogger here.

This technique may be usefull or not. But some use cases could be:

• Instead of eye tracking, use mouse tracking.
• Analyze the usage of ajax enabled websites.
• Spionage and other Bad Things™ (not recommended).

The whole thing is coded in javascript using Prototype and script.aculo.us with some php code on the server side.

The data recorded on the demo website is stored only in the php session on the server and gets deleted automatically, soon after you close your browser. But theoreticaly it would be possible to store that data in some kind of database for further analysis.

Please let me know what you think about this. Do you have any ideas for other uses of this technique ?

What do you think? Write your thoughts into the comments please. Thanks!

I installed the Chora cvs/svn viewer today to browse our svn repositories. Beside tons of other problems (especially with Horde) I encountered this one:

Chora displays an error message when trying to browse a subversion repository:
Error svn: Can't check path '/root/.subversion': Permission denied

or in german:

Fehler svn: Kann Pfad '/root/.subversion' nicht prüfen: Keine Berechtigung

After 2 hours of googling (usualy takes 2 minutes) I found the following bug report that gave the useful hint:

http://websvn.tigris.org/issues/show_bug.cgi?id=32

Apache now runs as www, and the “USER” environment is set to “bob”.
However, the “HOME” variable is (incorrectly) set to “/root”.

When PHP calls the svn function, it seems that it picks up the HOME
variable. SVN must probably look for it’s preferences inside
~/.subversion, ~ being the HOME variable (/root). Since it runs as
www, it fails and spits out a permission error. I am not sure if the
USER variable changes something in this.

Because upgrading our subversion version (1.3.2) was not possible, here’s the quick-hack solution:
Edit horde/chora/lib/base.php and add
putenv ("HOME=/var/lib/www");
somewhere.
Replace /var/lib/www with the home directory of your apache user (wwwrun on suse 9.3).

Damn .. i hate such waste of time …

The ip 24.141.55.x has added about 400,000 plain text strings to the database.
It started (21 Aug 2006 12:27:50) with “3QOOk28N” and “NtIDSzQ7″, then went over to dictionary words
like “codex”, “hazard”, “strength” to finaly end the mass attack with “Zyzzogeton” (what ever this is supposed to mean) on 02 Sep 2006 06:57:45. For more then ten days the server had a somehow higher load then usual thanks to this guy (although i did not recognized it before yesterday).

In contrast to the “donor of hashes” mentioned above, the ip 195.114.42.x has requested clear text strings for about 53,800 md5 hashes. The attack started on 02 Sep 2006 04:27:24 and lasted until 12:49 the same day. 53,800 queries in 8 hours is a good score.

So, in reaction to this abuse, the web site sleeps some milliseconds with each query from now on.
Normal users should not be affected by this, but these mass query scripts should be slowed down, at least a little bit.

Actually I do not have anything against such mass queries to my server. However the other services running on the machine should not be impaired.

Conclusion: Thanks to the donor, shame on the leecher.

This example demonstrates the use of the MD5 database at http://md5.rednoize.com and AJAX to check password strength during signup on a website. After supplying a username and a password, a md5 hash of the password is generated using Paul Johnston’s md5 javascript library.

The hash of the password (not the password itself) is then sent to http://md5.rednoize.com. If the website returns a result for the given password (hence the hash password combination is stored in the md5 database) it can be regarded as “insecure”. Because the md5 hash of the password, and not the password itself is transferred, no sensitive data will be saved at md5.rednoize.com.

For sure not every password that is not stored in the MD5 database can be considered secure. I recommend adding some extra checks (existence of upper and lowercase characters, numbers, special characters and so on) to increase the password strength.

You can see the example in action here: http://md5.rednoize.com/ajax/

Feel free to use the code in this example any play with it ;)
To implement this on your own webserver you would need some kind of proxy script that redirects the AJAX calls from your own server to the md5 database.

Update:

I recommend saving passwords using salted md5 hashes. Salting in short: “When the user sets a password, a short string called the salt is suffixed to the password before encrypting it; the salt is stored along with the encrypted password so that it can be used during verification. Since the salt is different for each user, the attacker can no longer use a single encrypted version of each candidate password. If the salt is long enough, the attacker must repeat the encryption of every guess for each user, and this can only be done after obtaining the encrypted password record for that user.”

Here’s a little example using salted passwords:

To authenticate users on your website (login) your probably using a SQL statement like this one:
SELECT user_id, username FROM users WHERE passsword = MD5('thepassword');

This is insecure. If someone would know the md5 hash of the password, and the password is weak, it could be “reversed” using the MD5 database.

Use salted passwords to avoid this:
SELECT user_id, username FROM users WHERE passsword = MD5(user_id || 'some_secret_string' || 'thepassword');

Its also possible to store the salt along the password in the database.

Today i found a workaround for a feature that was realy missing in MySQL.
Let’s say you got a really complicated query that requires a lot of cpu and time to complete, but the resulting data is quite static. That’s the perfect opportunity to use a “Materialized View”. The Bad Thing™ is, mysql does not support what’s usually known as materialized views. But today i found a nice workaround for MySQL 5.
But first let’s clarify what a materialized view is. I found a good explanation here:
“A materialized view is a stored summary containing precomputes results (originating from an SQL select statement).
As the data is precomputed, materialized views allow for (seemingly) faster dataware query answers.”

Okay, so a materialized view saves the result of a query somewhere (e.g. into another table) else.

In my case i had to calculate a rating of users based on votes from other users (Website of http://www.hiphop-battles.com btw) . I’m doing this with some nested views (also a new feature in MySQL5). The whole calculation and query took 0.5 seconds on my athlon xp 3200 machine. Thats way to much to run this query on each page impression.

The trick is a new feature that was introduced in MySQL 5. From the MySQL Manual:
“In MySQL 5.0, you can create one table from another by adding a SELECT statement at the end of the CREATE TABLE statement:

CREATE TABLE new_tbl SELECT * FROM orig_tbl;

So its possible to create a new table with structure based on an already existing table. The data of the table gets copied also.
To create a table of a very processing intensive view we run the following query:

CREATE TABLE view_m_demo SELECT * FROM view_demo;

To make it little bit better we put this code into a procedure (also a new feature in MySQL5):

DELIMITER //
CREATE PROCEDURE updateDemoView ()
BEGIN
    DROP TABLE IF EXISTS view_m_demo;
    CREATE TABLE view_m_demo SELECT * FROM view_demo;
END; //
DELIMITER ;

Now we can call this procedure using a trigger:

delimiter //
CREATE TRIGGER T_updateDemoView AFTER INSERT ON some_involved_table
  FOR EACH ROW BEGIN
  /* calls the procedure to update out materialized view on each insert */
    CALL updateDemoView ();
END //
delimiter ;

The same can be done with an “AFTER UPDATE” trigger. dont use database triggers if the data in the original tables get updated frequently.
Another option in this case is to update the view time triggerd via cron.
To update the materialized view every minute use:

*/1 * * * * echo "CALL updateDemoView ();"  |  mysql -u user --password=pass database

I hope this helps somebody as much as it helps my projects website loading time ;)
before: 0,48 sec
after: 0,003 sec

I even found out that some crazy people use my website in their scripts and programs. Someone (not me) created a search plugin for mozilla. Another guy created a PHP Class that uses my site. Again another guy created an IRC bot that “reverses” given md5 strings on command … using my site.
The website currently produces ~300 MB traffic per month, so thats okay for now.

I really never expected that this little project attracts so much attention ;)