I started registering over a week ago, and I just got my first rejection. I made a mistake in the registration. I spelled a named correctly, and now I am being punished for it. The contact at the customers company is called “Jens Elkjær”. Well actually he isn’t, but there is an “æ” in his name. I was previously adviced by a colleague that special characters are problematic, and I should avoid them. I just overlooked this one. Copying and pasting name, address email etc. for dozens of accounts numbs your brain, and I overlooked this single character. I also overlooked a couple in the addresses, but those could be changed later.

There was nothing to indicate any kind of error, until I reached a confirmation page. The name was displayed like this: “Jens Elk�r”. (The “æ” is replaced with the “replacement character“.) It was too late. I could not go back and change the name. I could submit the application now or I could rage a while and then submit it.

Today I got this email (anonymized, emphasis is mine):

From: eurodev@apple.com
Date: 17-02-2011 10:13
To: XXXXX@XXXXX.dk
Subject: Re: iOS Developer Program

---

Please include the line below in follow-up emails for this request.

Follow-up: XXXXX

Re: iOS Developer Program

Dear Sir/Madam,

We are in the process of reviewing your iOS Developer Program enrollment information.

In reviewing your Company Enrollment application XXXXX, I have found the following information:

Enrollment Reference Number: XXXXX
Program: Standard Program
Enrollment Type: Company/Organization
Applicant Name: Jens Elkjær
Email: XXXXX@XXXXX.dk

Please know that the applicant’s name does not appear correctly. I have withdrawn your Enrollment XXXXX and you can submit a new Enrollment Request. I would advise you not to use foreign characters, as they are not recognizable from our system.

Should you wish to enroll again for the Standard Program, please submit a new enrollment using a different Apple ID and email address than the ones used for your original enrollment. Before submitting your NEW Enrollment, please clear your browser’s cookies, cache and history, ensure that it is configured to accept all cookies, quit and restart your browser.

Once you have completed the new enrollment, please then contact us back with the NEW Enrollment ID so that we review the NEW application.

We hope that this information is useful to you. Please let us know if you have any questions regarding this information.

Best regards,

XXXXX XXXXX
Apple Developer Support

My list of criticisms is not short.

1. The danish special letters are part of the character set “ISO 8859-1″ also known as “latin 1″. This character set was published in 1985, registered as at internet standard in 1992, and is the default character set in HTTP since version 1.0 published in 1996. However, if international characters is important (such as if you are collecting names from all over the world), you should use the more modern character set UTF, which is rapidly becoming a standard replacing 8859-1. In short, Apple really should just support the danish special letters. It’s not hard, practically everybody else does. It has been many years since last time I saw a system that didn’t support them by default.

2. If the danish special letters is not supported, the website could easily have informed me of this. The primitive solution would be a simple text: “In english letters only.” But the professional way would be to validate the input. This is very easy to do. Very.

3. The confirmation page didn’t allow me to go back and change it.

4. So they don’t support “æ” but they accepted it anyway. And then I can’t just go into profile settings and change it. I can change address, phone-numer, email-address, company name… Anything but the name. If a person actually changes name (this happens quite often, typically when getting married), it cannot be changed in the Apple profile. This reminds me of a phonecompany that got my name wrong in the phonebook and couldn’t change me. They said I had to change phonecompany to correct my name. Of course I did. I don’t do business with amateurs if I have a choice.

5. So there’s “æ” in the name and I can’t do anything about it. Will Apple do it for me? No. (BTW: “æ” will look like that when it is saved or transmitted as UTF-8 and read as 8859-1.)

6. So there’s “æ” in the name and it’s not going to change. Apple just have to accept it. They don’t. They reject the application.

7. It’ no use just applying again. I have to make a new profile, and THEN apply again.

8. The new profile can’t have the same id as the old one. So I can’t use the same id for the iOS app as for the Android app. This complicates managing alle these accounts for my customers.

9. The new profile can’t have the same email-address as the old one. Others have tried, unsuccessfully. But that’s the correct one. That is the one the customer has. Of course the customer has other addresses, but none of those are right one. They have to create a new address, and make it forward everything. I need to tell this to a colleague. He will contact our contact person. He will contact their IT department. They will find a technician to do it. According to my experience there is a good chance it won’t work, and I need to start the chain again.

This is not a list of trouble I’ve had during the process so far. This just one single example from a long list of unnecessary problems. I find it very hard to believe that Apple is so incompetent. Maybe they are indifferent about the quality of their work? Nah, I’ve been told so many times by Apple-fans that quality is what Apple is all about.

No, it’s very simple: Apple hates developers. And I hate Apple.

What I have tested

The HTPC is connected to my TV by HDMI. It automatically chose HDMI output, and the right resolution for my TV (1360×768). I didn’t have any audio, so I clicked my way into audio settings and changed the output to “HDMI Stereo”, and then it worked like I wanted it. I haven’t tried VGA, optical audio out

It’s networked by WIFI (802.11b), no problems there. I haven’t tried 802.11n or wired network.

Reading DVD’s works. I haven’t tried CD or burning anything.

Infrared works with the supplied MCE remote. It probably works with almost any infrared remote, with a bit of work. I haven’t tried that yet.
My Logitech Harmony (programmable universal remote) works fine with the HTPC. I simply autodetected the MCE remote with the Harmony.

I can play 1080p h264 movies.

USB 2 works, haven’t tried USB 3 yet.

Oh, and I can turn the device on with the IR-remote.

Installing the infrared driver

ASRock has two Linux-downloads for the Core 100HT: Infrared driver for Ubuntu 10.4, and infrared driver for Ubuntu 10.10. The latter has a great manual, but there’s a lot of steps. The style in the manual is “click this, click that, type this, type that” etc., which I think is what most people want. I prefer a more terse syntax, with commands I can copy/paste to the terminal. Like this:

sudo apt-get update
sudo apt-get install lirc lirc-modules-source

        Remote control configuration: None
        IR transmitter, if present: None

unzip -d /tmp/ "IR(10.10)2.6.35-22.zip"

Install one of these, ignore errors:
32 bit: sudo dpkg -i /tmp/Ubuntu\ 10.10/lirc-nct677x-1.1.0-ubuntu10.10-kernel2.6.35.deb
64 bit: sudo dpkg -i /tmp/Ubuntu\ 10.10/lirc-nct677x-x64-1.1.0-ubuntu10.10-kernel2.6.35.deb

Again, ignore errors:
sudo dpkg -i /tmp/Ubuntu\ 10.10/lirc-nct677x-src-1.1.0-ubuntu10.10.deb 

cd /usr/src
sudo dkms remove -m lirc -v 0.8.7~pre3 --all
sudo dkms add -m lirc -v 0.8.7~pre3
sudo dkms build -m lirc -v 0.8.7~pre3
sudo dkms install -m lirc -v 0.8.7~pre3 --force
sudo dpkg-reconfigure lirc

        Remote control configuration: Nuvoton Transceivers/Remotes
        IR transmitter, if present: None

Test by running the command "irw", and push some buttons on the remote. It should output the name of the buttons you press.

Using the remote

After installing the driver and confirming that it works, the remote still didn’t do anything. I haven’t studied how this is supposed to work, but after playing around a bit I’ve learning that it’s probably something like this: LIRC (Linux Infrared Remote Control) receives the infrared signal, recognizes which remote it is and which button it is, and then tells about it to anyone who wants to listen. In my case, nobody.

I started XBMC and made sure it knows I have a remote that doesn’t send keyboard signals, and then it worked.

For now, I only want one more feature: Starting XBMC with the remote.

Warning: I tried to configure LIRC with an easy GUI. I don’t remember the name, but it didn’t work and it destroyed what already worked. I removed the software and reinstalled the driver. Please comment or email me if you have anything to add here.

I created the file “~/.lircrc” with this content:

begin
    prog = irexec
    button = Home
    config = ps -e | grep xbmc >/dev/null || xbmc&
    repeat = 0
end

In english, if I understand correct: “If the program irexec wants to know that Home (big green button with the ) is pressed, give it the string from the ‘config’-line.”

irexec then executes the command, which is “if xbmc is not running, run it”.

The final step is to start irexec when the machine is booting, I simply did that with the Ubuntu “Startup Applications” function.

LIRC names of the remote buttons

…as defined by the driver from ASRocks website.

Harmony names of the remote buttons

…in the configution it autodetected. You could make your own configuration with the LIRC-names or whatever you choose. There is a few duplicates and a few buttons not on the original remote.

Additional commands, not on the original remote:

This is fine for the beginning amateur, but professionals should always get this right.

What happens when you don’t do this

If you are very lucky, you will have a lot of extra work and more complicated code. If you are less lucky strange things will happen on your website. Maybe “2<3″ is displayed as “23″ or “don’t” is displayed as “don\’t”. Maybe it’s even saved like that in the database, which just makes it much harder to fix.

But worst case is a gaping security hole. Do one little thing wrong, and you can get serious security vulnerabilities like XSS and SQL injection.

What is layers

Any non-static website has layers. It’s just a question of how many, and if you are using them correctly. To make a simple blog you need at least three:

1. The presentation (HTML, CSS etc.)
2. The application (maybe written in PHP)
3. A database (like MySQL)

A layer should only know about what is above it, and what is below it. In this extremely simple scenario, the HTML knows about the PHP (filenames for the links etc.), but should never know about the database (table names and certainly never ever login information). And SQL statements (or even snippets) should NEVER get more than one layer away from database layers.

Usually there is many more layers in the application part to simplify things. Maybe there is a layer for translating pretty urls to actual PHP filenames. And there should be a “database abstraction layer”, which makes database access look the same no matter which database you use.

En example of how even abstraction layers that hardly adds any features are useful: It adds flexibility. With a good database abstraction layer, you can change the entire database (maybe from MySQL to PostGreSQL) without changing your actual application. You just edit the abstraction layer, which sits between the application and the database. The advantages becomes clearer further down.

In this article I will only talk about a few layers, enough for most simple web-projects. But the idea is the same with any amount of layers. I will use:

1. The presentation (HTML, CSS etc.)
2. The application (maybe written in PHP)
3. Database Abstraction Layer
4. A database (like MySQL)

My recommended solution

When the user performs an action (like a search), data from the user (for example search terms) travels through the layers, probably all the way to the bottom, and then results (for example search results) travels all the way back up, possibly including the original data.

Here comes the important part:

When data moves from one layer to the other, make sure all necessary conversions are done correctly, and preferrably automatically.

When data moves from the browser to your application, you will probably get it as normal plaintext. So far so good.

Then you transfer the data to the database. The database interpretes certain characters specially, like percent, underscore and apostrophe. The amateur is tempted to fix this with search-and-replace, and will often do this the wrong place so that the fix ends up in places outside the database.

This is a task for the database abstraction layer. My favorite way is parameterized statements. A simple example:

result = db.getAll("SELECT id, name FROM students WHERE name=?", name);

The questionmarks gets replaced with the parameters after the query.

The variable db containts an object from the database abstraction layer. Which you may have made yourself, maybe one provided by the system you use (PHP has several), or as I prefer – a simply one build on top of something good someone else has made.

The results from the database should be in plaintext. No special handling of any characters, special to SQL, HTML or any other technology. Any layer should only know about the layer above and below, and the HTML and browser is far above the dabase and database abstraction layer(s).

Now you have the input and the result from the database, and it’s time to display them. But data is sent to the browser in HTML format, not plaintext. So transferring data from the application to the presentation layer, means translating from plaintext to HTML.

There are tons of ways to do that, depending on the framwork you are using. Here’s a very primitive way of doing it in PHP:

<p>
Search terms: <?=toHTML($terms)?><br />
Results: <?=$result_count?><br /><!-- No need to escape, this is numeric -->
</p> 

In this primitive example, you need to remember “toHTML()” every time you print out text, which is a weak spot. In some systems it takes extra code to NOT encode it in HTML.

The toHTML()-function will replace < with &lt; etc. Maybe it inserts <br /> at the end of lines, but then you should check that the search terms doesn’t have more than one line. Maybe you should check for that anyway. If it’s a comment for all users to see, maybe you want some extra checks here. like collapsing 500 newlines in a to two. Maybe like this: <%=toHTML(sanitize($terms))%>

But why not sanitize it while getting it from the browser, so we get sane data? Well, it is a good time to check for very bad input, like binary data. But I like to have the original input in the database. That is always a good thing, for example if you change something in how you display your data. Maybe you want to change how you handle newline characters. Maybe you have improved your sanitizing method.
With this method you just change your code, and you’re done. If you change the data before you put it in your database, you will need to change your old data. This can be very complicated, sometimes impossible. (For example if a bug removes data.)

Summary

• Know that you have layers, and which ones
• Insert abstraction layers when they add value
• A layer can only know about the layer directly above or below
• When data moves from one layer to another, convert it accordingly
• Do the conversion in a common place so you only have the code once, and maybe even in a way so you don’t need to remember to do it every time

Doing this the right way makes simple code, pretty results and solves most security issues.

Normal

This is a typical spider web. This is the goal, what you should compare the other images with.

Marijuana

This spider was given marijuana (or “hash”) before making the web. Marijuana makes you slow and makes it hard to concentrate. The spider started just fine, but then it got lazy.

Benzedrine

Benzedrine made this spider active. So active, it forgot to plan anything.

Chloral Hydrate

Chloral hydrate is (among other things) a sedative. This poor spider started nicely, and probably fell asleep.

Caffeine

This is the interesting part. This is what happens when you get too much caffeine. No planning, no system, worthless. Like the sedated spider, it never got to the part with the spirals. Now let me ask all you software developers like me out there: Do you really want to create software, with large amounts of caffeine in your body? And everybody else: Do you want to use software created like this?

This experiment was invented in 1948, but these images are from a similar experiment performed by NASA in 1995.

Source: Wikipedia - Effect of psychoactive drugs on animals

And by the way:

In large amounts, and especially over extended periods of time, caffeine can lead to a condition known as caffeinism. Caffeinism usually combines caffeine dependency with a wide range of unpleasant physical and mental conditions including nervousness, irritability, anxiety, tremulousness, muscle twitching (hyperreflexia), insomnia, headaches, respiratory alkalosis, and heart palpitations.

Wikipedia – Caffeine

Så er det endnu engang tid til en ny hjemmeside. Alt hvad der stadig er aktuelt fra den gamle vil blive flyttet, men nogle sider forsvinder.