Software

PHP DOM XML default namespaces

Anyone that’s used PHP’s DOM XML knows that it’s a deprecated, buggy PoS. An undocumented memory leak in DOM XML resources and an equally undocumented workaround to manually free them are plenty of evidence for this. Spare a thought for those of us who are on supported RHEL4 and stuck with PHP 4 and hence the DOM XML API.

My gripe today is with create_element_ns. Terence Kearns has a pretty good summary of the issue in his comments. Essentially, you cannot add a namespace to a node with the default prefix in a way that is recognised by the rest of DOM XML. The problem is that supplying an empty $prefix parameter to create_element_ns is treated the same as omitting the $prefix parameter altogether, in which case DOM XML generates a random prefix.

The libxml2 convention is that passing a NULL prefix to xmlNewNs binds the default namespace, while passing an empty string is illegal. Unfortunately, this convention might break a lot of PHP code that relies on DOM XML generating random namespace prefixes, because people are more likely to omit $prefix than to supply an empty string when they want the random-prefix behaviour. However, I figure it’s better to break lazy code than to invert the libxml convention.

My patch changes the DOM XML behaviour so that an empty string prefix such as $doc->create_element_ns('foo', 'http://example.net', '') activates the old DOM XML random-prefix:

   <a1337:foo xmlns:a1337="http://example.net" />

while omitting $prefix altogether as in $doc->create_element_ns('foo', 'http://example.net') binds the default namespace:

   <foo xmlns="http://example.net" />

blogger not processing openID delegation

It was pleasant to discover that blogger.com (now part of the Google conglomerate) started supporting OpenID comment authentication last year.

However, at some point in the last couple of months it stopped working for me; I get the error code bX-m9h15s when trying to authenticate. As far as I know, my OpenID server is working just fine (OpenID Checkup agrees).

If I use my server URL directly (instead of an HTML resource that uses delegation) it works, albeit without incorporating any of the Simple Registration data. There are plenty of other reports, but nobody competent (and/or employed by google) has responded.

There doesn’t seem to be a true bug reporting facility for blogger; the competent users help the incompetent users on the discussion forum, but I can’t see any developer or even QC presence there.

Apache 304 and mod_deflate revisited

Last year I commented on how mod_deflate breaks the cache validation model. Essentially the problem has been addressing two issues:

Apache bug #39727, RFC 2616 requires unique strong entity tags for every entity. Presumably this means after Content-Encoding (but not Transfer-Encoding). The fix was for deflate to add “-gzip” to the ETag.
Apache bug #45023 concerns Apache not being able to recognise the transformed ETag (with the -gzip) as the same entity, and hence not sending 304s when it should have.

So in January 2008, a change was committed to fix #39727, which introduced #45023. Now in April this year, it was reversed to fix #45023. I agree with the priorities here; no caching is much worse for web performance.

As Roy Fielding pointed out the correct way to deal with this issue is to stop abusing Content-Encoding for performance-compression and start using Transfer-Encoding; pity browsers and HTTP servers haven’t got there yet.