Monthly Archives: February 2009

Why Is Open Source Less Secure?

Recently phpbb got hacked. Then, I just read the slashdot post How To Argue That Open Source Software Is Secure?.

Would a bank not have a safe with secret access codes just because it has installed the latest high-tech surveillance system?

What I am trying to say is, if a closed source software company argues that “hae, our software is likely to be more secure than an open source code because we don’t give out the implementation details”, then all things being equal, it’s a very compelling competitive advantage as far as security is concerned. Of course, “all things being equal” is not true. For example, the time to respond to a security bug for a commercial software might be more than for an open source code. This is because the number of eyes that can look at the code and fix the issue is a lot for open source project. But do note that the number of eyes that can look at the code and identify potential loop holes are also plenty.

So, I think it’s important for each side of the aisle to realize that their philosophies offer different comfort levels to their customers rather than each one expecting the other side not to consider their philosophy has any weakness.

Leave a comment

Filed under open source, Security

Non Deterministic XPath Expression

I have an xml that has an element which is recursive. A category node has it’s own definition and also the ancestors of that category. Those ancestors repeat this structure till the top most category. To make things complicated, a product can have multiple category paths. In order to identify the top-most category, I used


This worked fine in Java. But when I tried the same in Perl (XML::XPath), it didn’t work. It turned out, the inner most Category happened to be the first one within the descendant::Category nodeset. So, using


it worked. But I wanted an xpath expression that is language independent.

So, I ended up using


I am not sure if the perl implementation of the xpath is incorrect or if the xpath specification is unclear on the ordering of the nodes for certain type of expressions.

Leave a comment

Filed under XPath

Lazy Loading Images On Web Pages

If you have web pages that contain a lot of images, then the page would be slow to load. If many of the images are below the fold (below the visible region), then it is unnecessary to load them unless the user starts scrolling. I had this exact situation and search for a solution on the web yielded very few. There are lot more articles on pre-loading images than lazy loading.

Ideally when the css property ‘display’ is set to none or the ‘visibility’ is set to hidden, one may expect the browsers to optimize not loading the images. However, that doesn’t seem to be the case.

In mycase, there are multiple tabs and clicking each tab should show the respective section with the images. So, for me scrolling was not the criteria to trigger the image loading, but clicking the tab. So, here is what I had to do.

At the end of the page, just before the </body> have javascript that loops through each of the image that needs to be lazy loaded and change the src attribute of the image element to an image that indicates “loading” or something similar. But before doing this, copy the original src attribute to something else. Then, when the tab is clicked, loop through the set of images applicable to that tab and set the src attribute back to the original src attribute.

What really happens is, when the page first loads, towards the end it executes the javascript by which time, the entire dom with all the images is available. Some of the images might start already loading, but not all. Setting the src attribute to a common loading image is much faster and would prevent loading of any images that haven’t been fetched yet.


Filed under lazy loading images