Download PHP tidy extension for Mac OS X

Update: You can download the file I’ve hosted and it may work for you, but I’ve come to realize that it’s better to compile the package hosted here

You will need to download and install Command Line Tools for OS X, and then setup proper symlinks after compiling PHP. Be assured that you will have almost all the php extensions, you will possibly need.

Yeah, I bought a Macbook Air 🙂

I cannot deny that it’s an awesome device and all that, but I’m still getting used to a new OS. The major work’s rediscovering the right tools and, of course, learning OS X’s keyboard shortcuts. Thankfully, it seems like a nice OS and all the work seems worth it.


Friggin' spinning wheel

That said, I now have a technology startup and cannot afford to just keep on ‘learning’. And that’s why small problems become big issues. All I needed was PHP-tidy to get on with life. Little did I know that it’d take up half of my day. So I’m putting it up here for people to download.

As most people, I got MAMP to avoid unnecessary complications and get on with “the code that matters to me”. MAMP is pre-packaged Apache-MySQL-PHP stack for Mac. My beef with the project is that they seem to be focusing on things that don’t really matter a lot to the target audience, like shiny-gui interface to configure document root, specify ports etc.. However, they seem to ignore few major bugs which seem to date around 2009.

  1. They do not package tidy extension, even though there have been requests in the forum.
  2. Their “pear.conf” configuration file’s broken, due to which neither pear nor pecl binary works, so tidy installation using pecl didn’t work either. The fix is a simple edit to the php_dir param though.
  3. Sadly, pecl still fails due to some issue with phpize.
  4. One solution is to compile PHP with tidy. However, there apparently is (or was) some bug with tidy, so I decided to avoid it and look around a little more.
  5. Then, I found this post that recommends using pre-compiled php-tidy binary that comes bundled along with Zend Studio IDE. I decided to check it out, and thankfully, it worked.

Sigh! Such a crazy way to solve a simple problem.

Anyways, since tidy is an open source project, I figured it may not be illegal to put the binary up for download. (Zend Studio is NOT free.)

You may download php tidy for OS X (tested on Lion)  from my public Dropbox folder.

Yahoo!’s javascript based media player!

Yahoo! launched it browser based media player written in javascript. All you have to do is link the javascript code (located at in a web page having links to audio file(s) .

Although it takes a while for the “player” to load completely, yet I am pretty okay with it (for now). Moreover, it’s in beta. I, however, sincerely hope that it doesn’t follow GMail beta path. urghh!

Check back again in a few hours. I’ll posting a demo of the player on my portal. A demo is here. The demo would have This demo has a special meaning for the Indians of my age (or older than) because the songs I’ll be using will be the one we all grew up with, viz. Jungle Book, Mile Sur Mera Tumhara, Baje Sargam, Byomkesh Bakshi, Malgudi Days, Surabhi, Tipu Sultan & Mahbharat. 🙂

Special thanks to Madhav for sharing them.

TPM Boys withdraw paper from BlackHat USA

I hope you remember the young Indian security researchers Vipin Kumar (22) and Nitin Kumar (23), the TPM Boys [I guess, that’s the way they call themselves. At least their blog confirms that. 🙂 ]They presented a Paper “Vboot Kit: Compromising Windows Vista Securityat Blackhat Europe – 2007.

The talk explained the (different) booting process of Windows Vista. It also introduced the concept of manipulating an OS during its boot process using VBootkit. Finally, they gave a live demo of VBootkit in action (on Vista).

This event was Slashdotted. VBootkit was also blogged by Bruce Schneier. Here is an interview of the “boys” at SecurityFocus by Federico Biancuzzi. In their own words, “Vbootkit is much like a door or a shortcut to access vista’s kernel……. since vbootkit becomes part of the kernel, it can do anything that Vista’s kernel can do.”

This all, however, is a news of past. The current news stirred more vigour and controversy. They had yet another paper “TPMkit: Breaking the Legend of Trusted Computing (TC [TPM]) and Vista (BitLocker)” scheduled to be presented at Blackhat USA – 2007. They withdrew there paper last week without any comments. This news was Slashdotted and resulted in a (typical) slashdotian variety of comments. Some even doubted if they really had any success in their research. Well, you cannot really blame them. That’s the fussy nature of our FOSS communities… errr… wait. Before you bash me, I’d like to remind you that it’s not (only) me who says that. It was originally cited by Mark Shuttleworth. An amazing number of people opposed Mark by creating a lot of Fuss. 😉

Coming back to the story. A user, by the handle PoliTech, commented on Slashdot and reminded the Michael Lynn’s paper at Blackhat about his research on Cisco Routers. Cisco and ISS sued Lynn and the management of Black Hat conference. It’s worth noting that Lynn was an ISS employee. 🙂

It should be also be noted that Vipin and Nitin’s previous presentation was in Amsterdam, Europe. This presentation, however, was scheduled in US… and the (stupid) US laws can screw things up. Based on Lynn’s case, it is quite apparent that Vipin and Nitin didn’t wish to get caught in any such undesirable situation.

I hope to see them present the paper at some other conference (or location) pretty soon. Best of luck guys.

OffTopic: Coincidentally, my younger brother’s name is Nitin. 🙂

Rediffmail Bug. Anyone Interested?

The title may lure you to assume that I am going to talk about some security bug. Well, I am not… or I’d rather say I haven’t yet thought of any ways to exploit it. If you come up with something, do let us know.

Now back to the topic.
Almost all the huge players are now moving to the AJAX arena. They are in fact coming up with new technologies like Silverlight, Apollo, JavaFx. I am personally not a very big fan of AJAX, but then it doesn’t make any difference. I am, however, interested in these new athletes, particularly JavaFx.

One of the major concerns of any AJAX programmer, IMHO, should be to take care of a situation where the user DOES NOT HAVE or DOES NOT WISH to use Javascript. It should be a growing concern when we have plugins like NoScript (Oh! I Love it.) and we have reasons to use it. Apart from the security concerns, it blocks most of the stupid ads that I am not interested in.

Bottom line, there should be a minimal interface to fall back to (like the one GMail has). The rediffmail coders have done the same and provided a…. ummmm BackUpInterface thingy. However, they probably forgot that the *thingy* is there because the person’s browser DOES NOT SUPPORT Javascript.

My Story, My Words:
I used the NoScript plugin to forbid domain, opened the site, entered userid and password… and said… Khul Ja Sim Sim. 🙂

Bingo I was in and was able to read my mails without any fuss. Then I decided to delete some mails… wait a sec! What the heck!
I am not able to.
Move mails??? Nopes.
Compose? Okay.
Send?? Sorry.
Save Draft? Sorry.
Cancel??? Sorry. 🙁

I concluded that all that looks like a Button uses javascript. However, the links were, fortunately or unfortunately, working.
The Logout‘s like a link. So it’d obvoiusly work.
click.. click.. clickclickclick.
What the Heck!.
Logout operation calls some javascript function do_logout().

So basically, if I am an average internet user and do not have javascript, I’d log into my rediffmail account, read mails, try composing but won’t be able to send… and worse, I won’t be able to logout. Not understanding anything, I might close the browser window.
And what if I am at a cybercafe???

I am sure there is way to revive the session even if the browser window is closed (I remember reading of some similar old Yahoo! bug). If you’re interested, take on from here. 🙂

Now for the other people. I would really like to know how many people actually have a rediff aaccount and actually use it .
I have one too… and I login in… say a month.
I am not at all blaming rediffmail service (Okay! A little :D), I am just interested in the figures.

Open JavaFX, an alternative to AJAX?

Strange things happen to me all the time.
When I came to the office a few hours ago, I came across JavaFX scripting language while reading random blogs.

I found it pretty interesting and decided to check it out.
So I added the module in my NetBeans IDE and started playing with it. Though I could not fiddle for quite long, I found it pretty good. In fact, it looks to be amazing through the initial glances (though I haven’t done any serious coding in it yet). I have bookmarked some of the pages with a motive to get back to the kid.
However, I must mention that it was pretty slow. I am not sure if office’s system has something to do with it.]

I then resumed my other tasks; little did I know that the language has already created waves.
Slashdot is running an article:
Sun Debuts JavaFX As Alternative To AJAX

That was a real surprise to me. JavaFX was unveiled at JavaOne today. I initially thought that the language has been there for quite sometime and I was stupid enough to have missed it somehow.

Finally, I too hope that it turns out to be an AJAX killer; not just because I have never been a javascript fan, but also because it’ll hopefully reduce the dangers of XSS, which according to Jeremiah Grossman is the next Buffer Overflow (and Javascript, the new ShellCode 🙂 ).

Footnotes: Hopefully, I’ll get some time from my official work to play with JavaFX and update on the same.
…and by the way, if it turns out to be an AJAX killer; will we rename it to AJilla??? [For the uninformed, Mozilla = Mosaic + killer 🙂 ]

Is Google Bomb REALLY Diffused?

I posted a very small article on Google Bombs; and quite co-incidentally few days later read that Google has started diffusing the bombs. Now “started diffusing…” makes sense when it has to be done manually, but aren’t we talking about terabytes and petabytes of data? We can never expect it to be done manually. Moreover, Google’s official announcement said the same. It also admitted that “…the impact of this new algorithm is very limited in scope and impact…”.

The phrase, however, seems to make some sense to me now, that I’ve discovered that some bombs are still lying around.
Try making a search for the word “BAD“.
Who do you see as the topper?
Quite interestingly, it was African Development Bank for me. Surprised?
I first thought that BAD might be the acronym for the bank’s name, as in case of NEHA, which is an acronym for National Environmental Health Association.
After a little playing around, I found that a few days ago, appealed to make Stephen Colbert as the Greatest Living American. And apparently, he has become the Greatest Living American 🙂

Quite honestly, I am pretty happy that the algo is flawed.
An attempt to diffuse the bombs, in my opinion, was more public image oriented rather than result improvement oriented.

Footnote: May be BAD is not linked willingly (I firmly believe that it’s not), but then who said Google Bombs are all about linking willingly. May be they have some process which forms an acronym of the same name. But then how relevant is such and acronym if it doesn’t even appear on the home page?

Idle Nights: Devil’s Mind

I stay back in the office during night and return back at around 6-7 am, when everybody is coming :). These nights are supposed to be LONELY as I am the only one in the building (actually in all the four buildings combined), apart from the security guards and office boys, of course. However, I’ve found my companions, and ways to refresh myself. I’ll list some of them.

1. Online Web/Security Cameras: Some of you who know that Google provides an API for refining the search queries (with a capital “R”) also know that the giant’s database is like an ocean. And you never really know what’s inside an ocean unless and until you dive in it. As you dive deeper, your jaw drops in awe.
Long story cut short, I use the query to discover (a part of) all AXIS cameras online.
For curious lot, the query is: inurl:/view/view.shtml AXIS and sometimes intitle:”Live View / – AXIS” | inurl:view/view.sht
[As I am writing this, I wanted check the second query. So I chose one of the results and something spooky happened. Someone was already controlling the camera. hehe.
I was moving it right, he/she was moving it left. We fought for a while but then I closed the window. I am nice guy you see :D)

Okay let’s proceed.
So I have a bookmarked folder called “PastTime” on my browser, which has my favorite cameras bookmarked. My most fave are:
i) A coffee/wine shop camera, which is more lively during the night. Luckily, the camera is provided officially, so I can provide the link without any worries. Find the link to the camera here: buzzjunction_webcam

ii) A camera in the study room of a Polytechnic school of NewYork. It’s a small room with a coffee machine, a microwave oven (?), a printer, a sofa, a bookshelf, and an elliptical table with power connection for the laptops and notebooks.
And that’s the best part. People come here with there laptops, and sometimes I sit down looking at there screens, trying to figure out what they are doing. 😛
I have also become acquainted with some regular visitors.
A spectacled guy with a cap and a laptop. (He is leaving right now. No kidding. What a coincidence [jawdrop])
A black girl, who has the headphones exactly like mine.
Two Muslim girls, with one Dell XPS laptop (probably).
The bad part is, there are no visitors on sundays 🙁
iii) A micro/nano lab camera of one of the world’s most famous universities. There’s nothing engaging about this, apart from the fact that the guys (or girls) roam around in spacesuit sort of dresses.
iv) A set of four surveillance cameras. Three of them pointing to car parking locations and one focussed inside some kind of room. I am still not able to get it yet. The only thing that makes me stick to it is the word “surveillance” 😀

There are couple of others focussed on traffic, colleges, hostels (I guess), lake, parks… but they are pretty boring and pictures are not really clear.
I’d like to try my hands on other cameras like linksys too. Let’s see when.

2. Google Again: Google queries can be real fun.
Have you ever come across a search result when Google tells you that the original number of results is pretty large, however, most of them are sort of repetitions hence they have been truncated.
Have a look at the following two pictures.

This one’s the normal result.


You think that’s funny?
I leave it up to you to decide.

3. Slashdot, and blogs of others friends (and their friends) and some geeks like de Icauza etc. Initially I was a Digg addict, but then got completely fed up.
So guys, keep blogging. 🙂

4. Movies and Documentaries: Net speed during the night is awesome (generally). So I don’t mind downloading them. Though I don’t get time to watch them.

5. Off late I’ve also found some vulnerabilities in the policies and network of my company. I try to keep the management informed.
After all it’s my company. I’d definitely not like any jerk to poke his nose in.

That’s it.
These five (along with the songs being played ALL the time) are currently more than enough to consume my free time (In fact more than JUST the free time).
But even after all this, it gets freaking lonely sometimes… not that I am complaining 🙂

Amazing Interrupt Handling!

Q. Where do you think will you find an amazingly crafted code that would give priority to a Screensaver over a Keyboard/Mouse interrupt? No Kidding. Think.

Ans. If you guessed it to be an Operating System designed by the Redmond Giant, you are stupid. It’s not something to be guessed.
I just posted to let you know that I experienced this amazing feature when a (stupid) piece of Java code (along with Winrtgen, Cain’s Rainbow table generator) resulted in 100% of System process usage.
Lucky me 🙁

A program called "3~" (Om)

I was returning back to my room at around 6:30 in the morning after spending the whole night, as usual, in office. Suddenly this though struck me.
I always talk about codes and related stuff and ask people to map their algorithms to real life while coding, especially in OOP languages.
I asked myself, what would it be like to describe myself as a code, a script… a program.
So I (climbed two my cabin, which is on the second floor) and here is my honest attempt. 🙂

Om, unlike other programs, wasn’t really planned. There were no plans usually made back then in the early eighties; at least not in India. He was an additional functionality (a small script back then) of two programs, M & R.

However, since M & R were pretty solid codes in themselves, Om inherited most of the good features and was pretty healthy (I mean robust 😀 ) even as a tiny script.
So far so good. But it could never rely on conventional ways of compilation and execution. It was a rebel. Some people call such programs as “malfunctioning programs” :). Programs that do not do what they are meant to do.

Time passed on.
It received formal education that helped him access various code repositories to incorporate other functionalities. It gathered data about various modes and environment of operation. It also learnt efficient memory and execution-time management.
However, these all came at the price of dependencies on various libraries, viz., friends, relatives, emotions, money, etc.

Microsoft has some strange reason for assuming that all human beings use IE and are on a windows box. This assumption makes most of their products, even the web applications, dependent on these assumptions.

Dependencies are bad.
Bad were they for Om as well…

It gradually got frustrated (a human emotion).
It got frustrated at lots of things… at almost everything.
It got frustrated on the formal way of code development, the conventional way of execution, the hypocritical nature of the IDEs that are supposed to facilitate development, and lot more.

There’s an unwritten law, which says that all rebels become an outlaw sooner or later.
So did Om.
Most of the libraries on which it was dependent had grown up to be pretty matured libraries and the outlaw was no more supported.
Dependencies are bad…

…but some codes die hard.
Since most of the libraries on which Om was dependent were under GPL, it simply incorporated the required code snippets instead of referencing the libraries. This has made it a pretty complex and buggy code… but hey that’s why the saying goes:
There is code in my bug” 🙂