I was reading an article talking about P2P traffic, and the article had pretty little elipses showing various parts of the globe where their stats were generated. Knowing that eDonkey is very popular in Korea, I was curious if Korea (south) was covered by the elipses. So I picked up my atlas, checked the table of contents, and flipped to the correct page. A few moments of scanning later I determined that no, it was not.


I really think, in this case, an atlas did me far better than google would have. I have had rotten luck in the past trying to get a decent map out of the internet. Really, it shouldn't be that hard to get a single basic outline of the US with all the states colour coded, but I usually have trouble coaxing that out of a search engine, or a basic map of Australia, also usually pretty difficult. I think maps & dictionaries are awesome physical objects that everyone should own.

Hey All


My Share The Beat! project is nearing the home stretch, so I am currently looking for musicians of all shapes and sizes. Garage bands just having fun, local bands that play bars every week, guys & gals who just like jamming with friends, and musicians who just enjoy playing on their own.


If you know anyone who fits the bill, or even better, fit the bill yourself, please drop me a line.
paul@sharetheSPAMbeat.com (remove the word SPAM from the domain).

Back in 'the day' when GeoCities was still a cool place to host your website, and frames were the 'in' thing, everyone picked up on the target= tag for their links. Ohh, look how cool that is, when someone clicks on a link they get a brand new window.


Well, that was then, this is now. If I want a new window (or more likely, a new tab), I can handle it. I mastered right clicking probably five years ago now, and picked up clicking the middle mouse button within four minutes of installing firefox.


Opening links in a new window is also confusing for those new to the internet. Web browsing has a saftey mechanism built right in, if you click on something you didn't mean to, just click Back. Opening stuff in a new window defeats that for no real gain.

I will be honest, reading things like this story in the London Free Press really tick me off. Canada is supposed to be a country, not some loose affiliation of provinces each pulling in their own direction.

Quote:

Dumont has proposed a constitutional plan calling for recognition of Quebec as an autonomous state within Canada.


Dumont wants Quebec to adopt its own constitution, collect all federal taxes and act unilaterally to wrestle more powers away from the feds.

So, if there are any readers from Quebec out there, what do you think? I can only assume that this whole thing has gotten far more play in your local news than mine, so you are doubtlessly better informed. Whats going on?

I am now a Zend Certified Engineer! I wrote the exam (after much prodding from Daniel Kushner of Zend mind you) at PHP|Works, and even passed!


The exam was launched very recently, and Zend (amongst others) hopes that this certification will help promote PHP further in the enterprise.


The exam was a bit harder than I expected, even though I own the study guide (haven't read it yet). If/When I start hiring for Share The Beat, the Zend Certification will definetly be an asset to prosepective hires.

If you program in PHP, you doubtlesly use forms. If you use forms, you should really take a look at HTML Quickform, David Sklar gave an excellent talk on the subject a couple months ago at NyPHP.


I am working on the registration page for Share The Beat!, and finally came to the realisation that I wanted to put as much validation into the HTML Quickform part of things as possible. Originally I had been doing some basic checking (email was valid, required feilds were present, passwords matched) in the form, then doing all the other stuff (collision check, SQL & HTML injection checks (whitelist approach), etc,) in code after the form was processed. Then it finally dawned on me that this was the wrong way to go about it, if you do it in the form itself it is way easier to send the user back to the form with the little error messages.


So, I got to moving my little username collision check function over, and caught myself before leaving a gaping security vulnerability.


Originally I had something like this:

$form->addElement('text', 'txtUserName', 'Username');

$form->addRule('txtUserName','Enter your username.', 'required','' ,'client');

$form->addRule('txtUserName','Your username must be at least three charecters long', 'minlength',3,'client');

$form->registerRule('noDuplicates', 'function', 'checkCollision');

$form->addRule('txtUserName', 'Username already in use', 'noDuplicates');

With checkCollision looking like this

function checkCollision ($name, $value)

{

$query = "SELECT id FROM users WHERE username = '$value' limit 1";

if (rowCount($query) > 0)

{

// We received one result, so the suggested user name is bad, or false

return false;

}else

{

// We received 0 results, so the suggested username is good, or True

return true;

}

}

See the problem?


The username feild was very vulnerable to a SQL injection attack, since it was run against the database before any of my other checking was done. I simply added

$form->addRule('txtUserName','Usernames may only contain letters and numbers', 'alphanumeric','' ,'client');

to the username rules for now, but I may switch over to using a regex expression like this in the future to allow for usernames with spaces, and possibly some other common charecters.
/[a-zA-Z0-9_@#\s]*/

Okay boys and girls, why don't you all sit down while I give you a quick lesson.


Here is an example Google ad from this site, that I just took:


The meat of the add is simple, Learn more about Soap. I won't really comment on the content of the ad, but will intend comment on where you go when you click the ad. The bottom of the ad reads www.grandcentral.com, and that is exactly where you are sent. Google advertisers have the option of showing one url and sending you to another. Nothing huge (domains have to match), but it allows you to show your domain, while sending users to a specific page. Go take a look at grandcentral.com. Use your browser to do a search for 'soap' on their front page. Zero Results. That's bad.


When you advertise something to a user, you are really asking them to trust you. Trust that you are who you say you are. Trust that you can give them what you are advertising to them. Trust that you won't try to infect their computer with evil things, or spew a billion pop-ups, etc. When you advertise anything specifically (product, service, information, etc), send the user to the page about it. So if you (per say) advertise information on SOAP, send the user to a page about SOAP, if you advertise a red bicycle, send the user to a page about red bicycles. It's that simple. If you don't the user is left confused, 'I clicked on a link about SOAP, why don't I see anything about SOAP', and 'Where would I go to see what they have about SOAP?', and worst of all 'I don't see what I'm looking for, I will just click back and click on one of those other links'. You betrayed the users trust by not sending them to a page with the information you promised, you can't get it back.


I'm not just pulling this out of personal experiance either, Jakob Nielson says the same thing in his book Desigining Web Usability.

I was just sitting here getting some coding done when I decided to look up a PHP function. As I looked at my web browser (Mozilla Firefox), poised to enter 'www.php.net' into the address bar, my eyes danced across the little Google search box in the top right. As they did, I thought to myself 'wouldn't it be just great if I could make that box search php.net rather than Google? So I clicked on the little down arrow, hit "add engines" and got brought to a Mozilla page allowing me to enter a search term for the site I wanted. Not fully expecting any luck I entered "php" and got 2 results, php-functions and php-documentation! Will wonders never cease!


I've added them both, and am now happily using them as the opportunity arises.


Seriously, for those of you still using IE, switch. Tabbed Browsing is 'the bomb'. I (and I would presume, You) never have just one website open, I usually have atleast 4-6 open, often as many as 10. It is just so much easier to manage 10 tabs, rather than 10 windows. I can remember using the MDI Parent/Child stuff and Tabs in Visual Basic like 6 years ago proably, why it hasn't occured to MS to add it all to IE yet is beyond me. The search box in the top is just icing on the cake as far as I am concerned. Be aware however, it is the good icing, not that crappy flavourless icing mind you, that good icing, nice and sweet, not too thick.

My current project is Share The Beat!, a project that I am launching to help independent musicians promote their music, and to facilitate musicians working togethor across borders. I am hoping to launch on October 1, 2004. A date fast approaching. Sleep and length of time remaining to that date are inversly proportional.


The devil is in the details, or so they say. As such, coding is far from a speedy process. My friend Chris Shiflett is a PHP Security Expert which means that I have a resonable idea of what I need to do to keep the front end secure. However, as in most instances, proper security takes longer than none at all, so it takes longer. I feel it is worth it in the long run however as security breaches can ruin credibility faster than sending spam, and while I can ill afford to take forever writing this code, I can also not afford to have to write it twice.

I also picked up Google Hacks while I was in NYC and read through it rather quickly over various subway rides while there, and skimmed through it again while here. The book, like eBay hacks, covers 100 'hacks' for the google search services, discussing more advanced search techniques, special services (groups, images, etc), the api and such.


The book seems to be targeted at a rather broad audiance, from people like your mom who pick the book up to learn more about their favourite search engine, and possibly make better use of it, to you, the coder, looking at playing with the API. This approach has the nesesary 'jack of all trades master of none' failings where not all of the material will be relevent or usefull to all readers. However, even as a highly 'computer literate' person, I found the strong majority of the book to be interesting. Google's effectiveness even with basic searches have saved most of us from having to look into the more advanced search techniques, but knowing them can still help.


Since I am currently investigating their API for personal and possibly professional reasons, those pages are obviously of the most relevence to me, however the broad scope of the book leaves only two pages to PHP coverage (though much of the overall information is relevent to all languages, and as such, was covered earlier). The lack of real meat on the subject will prevent me from keeping this as an API reference down the line.


I really think the book accomplished what it set out to do, I know a lot more about Google than I did when I started. It probably wont serve as a reference though, as now that I know that Google can in fact do X, I will probably just look for the information online.


Details:

Cost: $24.95 (list price)

Type: Paperback

Length: 329 pages, 100 hacks

Buy from Amazon: Google Hacks ($16.97US)

Everyone who uses PHP should be pretty familiar with PEAR, it's all around pretty awesome. If you have written a function to do basically the same thing in more than three of your webapps theres probably a PEAR class that does it 4x better than you bothered to do it in any of those apps (case in point, HTML_Quickform for form entry).


Pear also comes with this great installer. A quick command on the server can really help make the magic work (take pear install Image_Text for example, it downloads and installs the Image_Text class much like apt-get or RPM/up2date for system level packages).


There is one small quirk with the package retreival that I think could use some tweaking. My 'preferred_state' is set to stable, resonable right? Which I take to mean as 'Get the most recent stable release, should a stable release not exist, get the most recent release', but it really means 'Get the most recent stable release'. There isn't a fail-over if you request a package with no stable release, it just tells you that no package exists with that name where state=stable.


My preference would be a prompt, so if a user requested a package be installed that wasn't available in the preferred state of stable, the installer would say '##package name## isn't available in release state stable, would you like the most recent release #&ver;# where state = #&state;# (y/N)?. Then everything would be perfect. My current system is to look up the help, set preferred state over to beta, download the package, then set it back, which seems a little backwards.

Okay, It's not friday, but this one was too good to pass up
Story at Toronto Star.


Thats awesome. The rules for speeding tickets say that the cop has to show up when you try to fight your ticket, though YOU don't have to be there, you can send your attorney... The cop went to go get his tax audit, missed the trial, so the dude got off on his ticket.


Way to abuse the system dude.

Well, I hit up the collision place today, theres $2,400 in damage to my car, it occured while my brother still had the car, so I won't be on the hook for it, hopefully neither will my insurance.


Also, theres a link to some aleged X-Box 2 shots at Max Console, Maybee it's just me, but the second one looks more like a USB hub, or possibly a router than a console.


Also, my website has moved again. Getting credit card charges unanounced is a big pet peeve of mine. Last year about this time a charge for $163 appeared on my credit card for some company I had never heard of. I called up Visa, they gave me a 1-800 number, called it, and figgured out who the charge was from. My webhost. I called my webhost and asked that they confirm with me before charging my card next time. Fast forward six months, lose my credit card, get a new one with a new number, fast forward another six months, and I start getting daily emails saying that they tried to charge my credit card (old number) but failed. Again they tried to charge me without letting me know first, again I am rather annoyed. Luckily this time my CC# had change so the charge failed. I emailed them Friday, we will see what happens.

I (like most everyone I know with a blog) have become somewhat annoyed with comment spam. The same sort of spam that appears in our inbox's appears in comments for various people's blogs (including mine). I get an email every time someone comments, so when I see thirty new messages all about comments I fire up MySQL and delete the bunch. For now it works, but it is annoying.


The long term solutions would be:

-require some sort of registration/email verification (which is a huge barrier to anyone wishing to comment casually)

-make comments require admin authorization before being shown (the delay confuses people, and I still have to deal with spam, and now, real comments)

-implement some sort of CAPTCHA system so that I don't need to do anything special for real comments to get through.


It took a lot longer than I expected to get a test version up and running. For testing I was using the hn class. Unfortunatly, the PHP documentation I was looking at wasn't giving me much information on what options I needed PHP compiled with in order for functions like imagettftext to work. So in the interest of assisting my fellow PHPers who may travel down this route, this is the final (working) php configure command I used:

./configure

--with-mysql=/usr/local/mysql

--with-apxs=/etc/httpd/bin/apxs

--with-gd

--enable-gd-native-ttf

--with-png

--with-zlib-dir=/usr/local/lib/zlib-1.2.1

--with-ttf

--with-jpeg-dir=/usr/local/lib/jpeg-6b/

--with-freetype-dir=/usr/local/lib/freetype-2.1.9/

--with-xpm-dir=/usr/X11R6/


Some of that may not have been needed (MySQL isn't needed for CAPTCHA, so that one is out), jpeg & png support probably arn't needed unless you wish to output in those formats. ZLib may or may not be required depending on what image types you want. Freetype & XPM are most definetly required for the captcha stuff I am doing.

Just before I left NYC I picked up Coder to Developer by Gunderloy. It had been favorably mentioned over at Joel on Software, (Joel Spolsky wrote the forward), and as such, the book seemed perfect for my current plight. Perhaps somewhere in there I raised my expectations too high.


The book is targeted at 'coders' making the transition to 'developers', moving from writing code, to leading a team of fellow programmers. The forward and the back cover specifically mention that both hard (programming, bug tracking, source control, etc) and soft (team management, communication, etc) skills will be covered. In the book of 297 pages, only 16 seemed to be covering soft skills in particular, a chapter entitled 'Working with small teams'.


Throughout the book a sample application was developed (which seemed odd from the outset, people reading this book should know how to program already, that's the point), which didn't really seem to add much to the examples.


Since I am currently developing web applications (mainly PHP, some CGI with Perl), much of the book was completely useless, as it was developed with the .NET development studio in mind. In particular the book covered beefing up the .NET IDE, .NET specific bug & unit testing, build processes, assertions & exceptions. All of which are pretty meaningless when developing in PHP. Some tidbits could come in useful (the arguments around daily builds and such, perhaps not directly useful, but could influence how frequently I allow others to test my app).


Overall my biggest disappointment was the brief covering of soft skills. I was hoping for roughly half the book to be spent on tips for interacting with co-workers and subordinates. Information on dealing with morale issues, compensation, project leadership, etc. None of which I really found.


In conclusion, if you are planning on starting up a .NET project, and need an introduction to source control, unit testing, your IDE and such, go for it. In terms of soft skills, take the money you would have spent on the book, and order your team a pizza. If you have some dire need for the book, and know me personally, it is yours for the taking.


Details:

Cost: $29.99

Type: Paperback

Length: 297 pages

Buy From Amazon: Coder to Developer ($20.39US)