Runyourjs drupal module

Done, as said in, I created a sandbox project:

I attach here an archive as git archive –prefix=runyourjs/ HEAD |gzip – > ../runyourjs.tar.gz

I have wrote this for my personal use, if you found it useful, share and give feedback (in drupal). Thanks


p.s.: of course filename is protected 🙂

Commissione europea e open standard … source … cosa?

Punto informatico ( and ( talks about an direction approved by European Commission on adoption of open standars, then later, they use open source, as synonimous.

Some time ago I had an argue in linkedin during which I sustained that public administration should adopt opensource software because it is open and cheap, a microsoft supporter enlight me on difference between open source and open standards, and point out that Microsoft has an offer of software that respect open standards.

Open standard concerns the openness of data, while opensource spoke about source code. It is less simple than it appear to discern what is data and what is code. Java define a language, that has semantic, and class prototypes, that is code. Spreadsheet standard has function syntax and semantic definition, macro language defininition (syntax and semantic), and so on. PDF is a programming language, so if you send a PDF you send a program code.

The ratio is that everything you exchange with other, in this case public administration offices, should have a deterministic interpretation, free from a give software producer fee, or a patent fee to be paid in order to read, thus be an open standard format.

So, what are talking about European Commission? Open standard, of course. Because the direction is to endorse freedome of choice, and freedom of choice is to be able to choice closed source, or opened, with the advance of one or another, but without restriction neither to the citizen, nor to the public procurement, that should accept only documents that can be read without restriction.

This, immediate rest apart, favorite a polite concurrence: less marketing, better software.


Image taken from no copyright in exif datas, there is the name of a internet site that I can not interpret, nothing that look like “copy”

Upload a javascript as attachment to drupal entity (and run it) … and what is it munge?

I am in the need to attach javascript code to my content for tech blog purpose, and give capability to run it by visitors.

Do you think there are security concerns? Me no.

PHP filter is there in Drupal core from the begin, and it was not a security concern, unless you give permission to everyone to post content or comment in PHP format. What does it make javascript a security concern?

Well, writing such a module (yes, I want to make something useful and versatile for this, I am tired to upload it and write < script src=…. with php filter everytime), I googled and found

the interesting suggestion to use variable_set('allow_insecure_uploads',1); because of munge mechanism make me curious about what is mounge. That is from (drupal 7.22):

 * Modifies a filename as needed for security purposes.
 * Munging a file name prevents unknown file extensions from masking exploit
 * files. When web servers such as Apache decide how to process a URL request,
 * they use the file extension. If the extension is not recognized, Apache
 * skips that extension and uses the previous file extension. For example, if
 * the file being requested is exploit.php.pps, and Apache does not recognize
 * the '.pps' extension, it treats the file as PHP and executes it. To make
 * this file name safe for Apache and prevent it from executing as PHP, the
 * .php extension is "munged" into .php_, making the safe file name
 * exploit.php_.pps.
 * Specifically, this function adds an underscore to all extensions that are
 * between 2 and 5 characters in length, internal to the file name, and not
 * included in $extensions.

so, be warned on this apache behaviour that can make things unstable. Note: it is Apache filter behaviour not php, so it work with anything else that has an Apache module. (The use of a dedicated data directory is the best practice).

 I decided to let it be and go with drupal security, changing the src attribute to load that .txt file, that is perfectly legal.

The module would be named runyourjs, I have just done the upload file part, then I want to add a default load button (interactive), then just upload it to a drupal sandbox.

Unesco World Heritage List

Ok, following I can not find a good export of unesco world heritage sites, interested in Italy.

first step is to download xml format (, use an online service to translate to csv (, save it (download), then transform from dos to unix, import in libreoffice calc (google docs does not work), saved as ods format, imported to google docs.

The file in google docs:

All those for some tests … next toys I am going to do are … (the mapsengine is

… import the “Notes” part at the end of

(PHP) CurlParallel around the world

About the project:

Selfing on the net this morning I discovered at least another interesting implementation of parallel fetch of network resource via PHP curl, that is of, and is older than the one I take as starting point.

Also that solution put focus on tasks to be managed not in curl by itself, thus giving more weight to the use of network resource, and less on the implementation specific part. He also does a good and extended use of Standard PHP Library (SPL). Definitely areas on which my implementation have to pay attention.

Seeing from different point of views (and implementation) make clear that it does not parallelize execution, but parallelize waiting of I/O, the client classes are not executed in parallel, but executeted with an undefined order, say you know that the whole block of code is executed from start to the end without interleaving other client’s instruction.


This can cause some problem in term of memory required, and balancing how much elaboration has to be done during consume phase: it should be done at least all elaboration that warrant to throw out unuseful data that occupy not needed memory, but it might be needed to defer some operation on following code, say, instead of write report, there is a collector class that can destroy some instances and require more processing for some else. The need to do this operation could arose from the presence or absense of a specific resource, part of the requested pool. Obviously act early is better e things become complex when the same consumer asks if it is the case to throw out the received buffer because the “main” resource “has said no”.

(specials thanks to dia developer

Consigli SEO per javascripter: Se ‘o sai è meglio. (ricapitoliamo)

What does is indexed by search engines? Of course the static pages are, but what about javascript originated content (i.e. AJAX)?

By the end of 2011 Google indexs comments loaded via AJAX (i.e. Facebook, Disqus, …). this is the last specs, that means (reading that the web server must provide a snapshot of the requested page and it should do someway.

All was due to limitation of javascript on replacing location.href string on browser address bar, replace limited to the hash sign # following part of url. Thus hashbang (#!) was introduced, very famous (sometime infamous) in twitter, but that give the opportunity to index pages with AJAX loaded content. BUT it demand the server to provide a static version of AJAX page to the search engine crawler when requested with ?_escaped_fragment=… (ellipse are for the hashbang following string escaped).

Using Java all fine. There is PhantomJS, but ia not nodejs (is a desktop app). PHP has a javascript intepreter (V8, v8js extension), but it does not manipulate DOM, or it has to be implemented, just an idea, maybe it is possible to load the standard browser environment (window and document) via registerExtension method. Life is hard.

But now there is HTML5 and pushState … what? the same thing, but better. Simply remove limitation on browser address bar rewrite to javascript and let it manage history by javascript. Say:

var data = null;
var title = 'view video';
var url = '/listvideo/video1';

this snippet replace the url in address bar, then it could be followed by code to inject html with video tag loaded via AJAX. Let say the video is loaded in a layer and the close cross is clicked then click handler will do another history.pushState(), remove the layer and user will see the list of video again, while using the browser bar back button it goes back in the history. Cool, doesn’t? … a moment, for back to function it is needed an event’s handler, something like:

window.addEventListener("popstate", function(event){
  // location.pathname contains the new current path
  // contains the passed data

Well, what search engines want is that the server provides the whole page (with both base page and overlay), in response to requested url. But it can be done via client side code! (read javascript)

For browsers that do not support the new history api, snippet contents have to be loaded every time and everytime AJAX should fill it: the server provide the base page, a check is done on location.href and the right content loaded via AJAX (i.e. showPage(location.href)). It is vital for SEO prospective that pushState url matches the href of clicked element. (an intrusive example to show it: <a href=/url/video1/ onclick=action> then action() must call pushState with url=/url/video1)

No more snapshot due by server, all is managed by search engines, Bing and Google agree on this: client side code are executed before indexing.

From a SEO prospective: HTML5? use it.

Debugging Javascript worker (and jQuery & workers howto)

Even if I finally found Web workers:error and debugging article that explains it well and exensively, I just had to report that developing with Firefox is still the right choice in most case.

What happen in Chromium if you try to importScripts() jQuery? Simple: no error message. The problem is that jquery refer to window object that does not exist in worker environment, but onerror event is not implemented, you neither will know there is a problem if you are using Chromium browser.

Javascript Web Workers: From Basics to jQuery.Hive series in part 3 explains how to use a reduced version of jQuery, however now Internet Explorer support web workers, so it is time to use it.

following coursera courses

I am updating my knowledge by following some courses on, that is: (computational neuroscience) and (exploring quantum physics). I found both require that kind of math called statistic, or something like that, and summing vector of values, multidimensional calculus … very interesting and mind opening. I would endorse these courses because they make me feel really better 🙂

Parallelize PHP script (continued)

The adventure continues..

Some more commits to repository in, the goal is to parallelize a php application as much as possible in the task of network I/O concerns. This is the test class in the rep:


require_once "sender.class.php";

class TestCurl implements iSenderConsumer {
  private $url_list = array();
  public function __construct(Sender $sender) {
    // read urls from a file, one by one
    $this->sender = $sender;
    foreach ($this->url_list as $url) {
      if($url == '') continue;
      print "$url enqueued\n";
      $curlo = $this->sender->addRecipient($url, $this);
      // set parameters option for $curlo ... but even not
  public function readUrls() {
    $c = file_get_contents('urllist.url');
    //print $c;
    $this->url_list = explode("\n", $c);
  public function consumeCurlResponse(HttpResponse $object,Curl $curlo = NULL) {
     // I just want to know if all goes right
     print date('c') . " - " .$object->header_first_row. ' - ' .$object->getResponseCode() . " with a content of length: " . strlen($object->content) .
       " requested url: ". $curlo->getUrl() ."\n";
     if($object->getResponseCode() != 200) {
       print $object->content;
       print $object->raw_headers;


$sender = new Sender();
$tc = new TestCurl($sender);

It has to be integrated in a object oriented project, and this should be such a pluggable pattern to include in. It could be used with post too. User agent is such a thing…

Homebrew spam: una di quelle cose che passano inosservate

Mi arriva una email:


sono Rinco Simplicio e vivo in provincia di Smaragnao. La contatto perché mi occupo di aggiornare i siti internet e comunicare le iniziative che riguardano il lavoro della mia famiglia, quello che noi chiamiamo “Il mondo dei Cretini”. Una piccola presentazione delle nostre varie attività Ã¨ presente a questo indirizzo

Il motivo di questa mail, nel rispetto della sua privacy, Ã¨ quello di chiedere il suo consenso per ricevere notizie che riguardano queste nostre attività e iniziative. Si tratta all’incirca di una mail al mese. Per noi sarebbe molto importante poter comunicare con lei, ma se lei si sentisse disturbato o non volesse ricevere queste nostre comunicazioni la prego di scrivere una mail a questo indirizzo Il suo contatto verrà immediatamente cancellato dalla nostra lista.

In ogni modo, anche se non lo volesse fare subito, potrà sempre cancellare il suo indirizzo in ogni momento e in ogni nostra comunicazione sarà presente un link dedicato a questa operazione.

La prego, infine, di non rispondere a questa mail. Per qualsiasi comunicazione si rivolga a

Sperando di non averla troppo disturbata e di poterla avere a lungo tra i nostri affezionati lettori la saluto cordialmente.

Rinco Simplicio

PS: Può darsi che lei abbia già ricevuto una comunicazione come questa. Ho avuto un problema tecnico con la lista degli indirizzi e alcuni di essi sono andati persi. Nel tentativo di recuperarli può darsi che stia inviando questa richiesta a chi ha già dato o negato il consenso di cui sopra. Me ne scuso infinitamente e le chiedo, nel caso non volesse ricevere le nostre comunicazioni, di seguire le istruzioni sopra riportate. Le assicuro che il problema non si ripeterà. Nel caso, invece, fosse disponibile a ricevere le notizie relative alle nostre attività e agli eventi non deve fare nulla.


Sì, passa inosservata a tutti, e chi è che va ad aprirla? Mi viene da rispondere:


Buongiorno Rinco Simplicio,

in risposta ad una sua email le faccio presente che non è corretto iscrivere qualcuno ad una lista chiedendo di cancellarsi rivolgendosi ad una email.

D’altra parte non sono interessatto ai vostri prodotti, e se dovessi interessarmene un giorno, probabilmente cercherei qualche vostro concorrente pur di non servirmi da chi, scorrettamente, ha messo il mio indirizzo in una lista senza il mio consenso.

Quindi, se si occupa di aggiornare i siti e comunicare provi a considerare le conseguenze nelle modalità adottate.

Generalmente anche le mailing list alle quali ci si iscrive direttamente prevedono una conferma con codice unico che arriva nella casella DOPO aver messo il proprio indirizzo di posta elettronica in un form.

Inoltre è inaccettabile quello che si legge nel post scriptum:

PS: Può darsi che lei abbia già ricevuto una comunicazione come questa. Ho avuto un problema tecnico con la lista degli indirizzi e alcuni di essi sono andati persi. Nel tentativo di recuperarli può darsi che stia inviando questa richiesta a chi ha già dato o negato il consenso di cui sopra. Me ne scuso infinitamente e le chiedo, nel caso non volesse ricevere le nostre comunicazioni, di seguire le istruzioni sopra riportate. Le assicuro che il problema non si ripeterà. Nel caso, invece, fosse disponibile a ricevere le notizie relative alle nostre attività e agli eventi non deve fare nulla.


Se avete un database con le email e qualcuno nega il consenso, l’azione deve essere quella di cancellare definitivamente la email presente nel database, non è assolutamente accettabile che teniate una lista di chi ha dato il consenso e una lista di chi non l’ha concesso, perché non concederlo vuol dire, tassativamente essere rimosso dalla lista. Questo vuol dire essere rimosso anche dagli eventuali backup.

Anche se hai un pc in casa e non lo fai a scopo di lucro, stai violando la legge.

Ma poi non rispondo neanche.

Il fatto è che non puoi fare le cose a caso e scrivere giù quello che ti possa per la testa, si finisce per essere in un mondo dove i laureati in economia che dicono che per loro è stato difficile imparare a programmare e i programmatori che dicono che è difficile fare marketing.

Ma facciamo piuttosto un patto, chiamiamolo un patto per l’Italia: facciamo ognuno quello che sappiamo fare!

È fighissimo, pensateci!


Rinco Simplicio, Smaragnao, Il mondo dei Cretini, e sono nomi di fantasia. Se ti riconoscessi, anche lontanamente, in questa email non sono un giudizio sulla persona ma sul comportamento.

Fonte immagine: