Feb 10

This is fairly important, so take 5 min and read it.

I’m a Credit Card Snob

(or so I thought)

I’ve always sorta “secretly” prided myself on my credit card perks obsession.  Due to personal experience, I know most of the good and bad out there.  However, recently, I discovered that I was really missing out.  Enter the Starwood American Express Card…

Before I start, I want to make it clear that you should only have a credit card if you can pay it off fully each month.  Set it up to automatically pay the balance in full each month.  Never spend more than you have.  Always remember to spend responsibly.  Got it?

Why The Starwood AMEX Card Rules The School

If you want a plain old rebate card, there are better ones out there.  However, I like building up travel rewards.  In the end, I think it pays off better and rewards you in a much more enthralling way than just getting a .67% rebate back or something.   Let’s face it, you will need to travel at some point – and the Starwood card is likely your dream come true.

The main perks that matter the most:

  • Points:  Dollars spent = points directly (which you can redeem for flights (almost any airline) and Starwood hotels)
  • Hotels: It doesn’t take many points to get free nights at hotels.  For example, you get 10K for signing up and another 15K soon after if you spend $25K.  At 2K-3K points a night, that’s a lot of free hotel nights. Edit: I can’t keep up with signing bonuses any more (they seem to be constantly changing), so you’ll have to read what the “special” is at the time you sign up.
  • Flights:  There is a hugely important 25% bonus on airline point redemption.  It basically means you will earn a lot of extra miles just for redeeming miles – awesome.

Other cool stuff:

  • Starwood has around 1,000 resorts/hotels in ~100 countries
  • Flights redeemable on more than 350 airlines with no blackout dates (which means schedule any day of the year)
  • If you have other Frequent Flyer programs, you can transfer points into most of them without losing points
  • AMEX has awesome purchase protection for stuff you buy and break/lose
  • Concierge service for getting special access to concerts and other events (hot ticket events)
  • Never again get rental car insurance, it’s built-in if you use this card to reserve the car
  • AMEX offers amazing travel assistance when you are away from home
  • ATM Cash access all over the world
  • Really really easy charge disputing, extended warranty coverage and fraud protection
  • Annual fee waived first year

What Others Have To Say

A well-known financial guru I follow religiously (Ramit Sethi) had this to say about the Starwood Card:

My final test was this: The world’s best consumers of credit cards are management consultants at firms like McKinsey, Bain, and BCG. That’s because basically the only thing these consultants care about is points. Many of my friends have over a million points and are anal — even more than I am — about their choice of cards.

They love their credit cards more than their girlfriends! True.

I know a bunch of friends who work at these places, and every one uses this card. DONE!

You should always do your own research. Here are 2 places to see what others have said, as well as understand the perks/rewards in great detail.

FatWallet forums – Discussion about Starwood AMEX (do not sign up here)

Read This!!!!

I wrote this post and plastered it all over the interwebs for three main reasons:

  1. I thought it was cool
  2. I wanted to help my friends & family
  3. I wanted some referral points if you sign up

By using the link below, you will get up to 25,000 free points and the annual fee waived.

If you want to sign up, PLEASE PLEASE use this link and fill out the 20 second form – you will receive the referral in your email within 24-48 hours.

It is very important that you have a sense of urgency, this referral program is set to expire any moment.  I will remove the link above when it expires.

*** If you are worried than not many places accept AMEX, I’m happy to report that that old rumor seems to be mostly untrue nowadays.   I’ve been using this card (and other AMEX cards) for a long time now and have only run into a few places that don’t take it.  Keep another Visa or Mastercard in your wallet and you’ll be covered for the 3% of the times you’ll need it.

Aug 07

CakePHP RC2It has been a while since I’ve written much about CakePHP (let alone anything on my blog), but I thought I’d update the world with my latest thoughts in case anyone was interested.

I’ve come a long way since I first started using CakePHP.  In fact, I’ve now used the product on some fairly high end sites and had really good luck with it.  There have been minor quibbles here and there (still revolving around documentation mostly), but I’m now a solidified “Baker” through and through.

I will save you some time looking elsewhere and reading the reviews about all the different PHP frameworks; use CakePHP, it’s the best.  In my humble opinion, the only better framework available is Ruby on Rails (which I’d also highly recommend); but if you are stuck using PHP – CakePHP is your best bet.

This framework will encourage (and teach) you to follow through with good web development habits.  These skills are both in programming style (using standardized naming conventions, proper variable scope, documentation, et cetera), but also in technical areas as well (proper database modeling, mvc  code separation, secure user input validation and cleaning, and efficient function development).

Now that I understand the majority of the tenants of Cake, I can say with confidence that it’s a quality product.  1.2 RC2 solved almost all of the minor/major problem I had with the framework and it seems stable as all get out.  Cake will help you use fast, efficient, and complex SQL queries without a sweat.  It will allow you to create fancy “web 2.0′ esque” sites using AJAX and fancy doo-dads with ease.  It will easily validate your input data without the need for you to much of anything.  It provides easy ways to offer web services, shell scripts, and test your code quickly and easily using SimpleTest.  …And that’s just scratching the surface.  The other advantage is it’s super easy to pull in outside code into your projects using components and helpers.  The framework is rigid where it needs to be and flexible in the areas that are key.

In simple terms – “Cake Saved My Life“.

So How Do I Learn It?

You need to learn the basics of PHP first; I think this writeup is an excellent starting point (though I wouldn’t recommend wasting any time with the Zend framework).  I’ve seen a few people on the web talking smack about CakePHP, when the problem was that they really didn’t understand PHP.

Once you have mastered the basics of PHP, go to book.cakephp.org and read the whole thing on version 1.2 of Cake (currently RC2); don’t waste your time learning 1.1.  You can read it in just a few hours and you don’t have to understand it all at that point.. just try to grasp the basics.  If you’ve never worked with the MVC design pattern, then read those sections over a few times until you get it.  Then, install it using the specific directions in the book (read it carefully).  Now is the time to start using Apache2, MySQL, and PHP 5 if you aren’t yet.  I don’t care if you are Windows, UNIX, or Mac… use the products that are the most popular and you’ll make your life easier.

After you get it installed, make up a wild test application in your head and sit down and code it.  Don’t worry about making it pretty; just learn how to code it right.  Learn how HABTM’s work, learn how automagic form validation works, learn the ajax helper details — learn it all!

So to review:

Dustin’s tips to mastering CakePHP:

  1. Learn PHP (Don’t waste your time messing with Zend though)
  2. Read The Book (learn version 1.2)
  3. Install It (Use Apache2, a recent release of MySQL, and PHP 5… no matter what OS you are on; break your IIS addiction or PHP 4 addiction NOW)
  4. Create a test site in your head and finish it within a reasonable time frame.  Force yourself to finish it.
  5. Love it

Almost every problem you’ll come across should be answered in the CakePHP book now; so no excuses for not being able to get it going.  If you have configuration problems, make sure you search through the Google Group; it’s a vastly helpful resource.

Also, don’t forget to look through the Bakery, you can find a ton of code in there to help you solve common problems.

Aug 07

Alarm.com LogoAfter reviewing the multitude of comments on my original review of alarm.com and realizing I had totally forgotten to write the next review, I thought I’d throw together something real quick for anyone still interested in what I have to say.

The truth is my family has been very happy with the alarm.com system we have installed.  It has been reliable and operational for at least 8 months now with hardly any problems at all. We have a huge system with all the bells and whistles, lots and lots of sensors (motion, door, audio glass break, surface break, screen, water, smoke, CO, et cetera) in both wired and wireless formats.  From what I can see, everything seems to work flawlessly.

There have been a few accidental alarm triggers caused by us and the company is quick to call.  Also, the text message/email functionality is very quick (so I know what’s going on).  Typically, my cell phone will alert my via text message that an alarm is “pending” and I will receive that message before the alarm has actually gone off.  Kinda cool to know in real time what’s going on.

The web site history is nice as well to check up on the house while on vacation.  (also nice to be able to disarm the system remotely for a friend to come in and water the plants without having to give them an access code)

The cellular paging aspect is rock solid.  Not once have we ever had a problem in that regard.

The one area that was mildly disappointing was the x10 functionality with the lights; but that’s mostly because of limitations in my house rather than the alarm system itself.  Basically, because the house is split on several different “circuits”, only the outlets and switches that are on the same “branch” as the alarm panel work properly.  I understand there are x10 solutions to this problem; but I haven’t looked into it too much at this point (I’ve just been too busy).

Overall though, I still like alarm.com and would use them again if I had it do all over again.

If you have any specific questions, I can try to answer them within a week or so… so just leave a comment!

Oct 09

Content Management SystemI’ve had a slew of requests lately from clients needing small web sites they can manage themselves (mostly small businesses).

Truthfully though, I simply prefer the client to manage their content themselves; so essentially we are looking at content management systems (CMS). I’ve had some mild success with CakePHP using my own “home-brewed” CMS for a few sites (thanks for the help Arthur). It works pretty well, but I keep wondering if I’m just reinventing the wheel by building a CMS myself.

So, after weighing the options, here’s my general winner/loser comparison:

Admin Interface Flexibility

  • Home-Brewed CMS
    • I can create an extremely simple administrative side, one that is logical for the client. This allows me to create a dynamic and powerful site, but still allow the client to manage it. I think this aspect is extremely important and often-overlooked in most CMS’s.
  • Open-Source CMS
    • Most of the good ones have too many features for the average client I see. They tend to allow extreme flexibility on the public side of the site (obviously important), but there is little or no flexibility on what admin functions are available. Basically, I need something that is simple to administrate, but has “advanced” options hidden away somewhere. It’s great to have a lot of complex configuration settings for design and administration, but not if that means the client will be calling me every day for help adding a new employee.
  • Winner: Home-Brewed CMS


Relative Costs

  • Home-Brewed CMS
    • It will certainly take some time to develop this product fully on my own. Calling this time “free” isn’t particularly accurate when my time could be spent making money in other ways. However, doing it on my own does guarantee I won’t ever run into any licensing or “upgrade pricing” issues in the future.
  • Open-Source CMS
    • Free (mostly GPL) and generally easy to resell. There might be some issues with licensing in the future, but for the most part, pretty doubtful.
  • Winner: Open-Source CMS

Learning Curve

  • Home-Brewed CMS
    • Obviously becoming a relative expert of my own software is a fairly easy goal. However, the other consideration is the effort required for my graphic designer to adapt to my CMS. In general, it probably wouldn’t be much of a concern in a home-brewed situation (because I can be flexible).
  • Open-Source CMS
    • Certainly a learning curve involved in becoming an expert. Knowing how to install & configure the CMS properly is one aspect, but I’m much more concerned about digging into the code. If I have an issue and I REALLY need it solved, it might be nearly impossible for me to figure out how to solve it quickly. On top of that, it’s likely the templating system the CMS uses would have a bit of a learning curve for my graphic designer.
  • Winner: Home-Brewed CMS

Testing, Security, And Debugging

  • Home-Brewed CMS
    • It’s extremely important to plan for and spend a considerable amount of time testing and debugging. In fact, on most projects, I spend a majority of my time testing. With that being said, the amount of time it would take me to fully test, debug, and check for holes in my own CMS… well, it would consume my life for a very long time. Even after that, there’s very little certainty that I would’ve done a good enough job. It’s just tough to compete with the experienced developers out there who have real-world ideas on things I haven’t thought of yet.
  • Open-Source CMS
    • A single programmer simply cannot compete with open-source testing and debugging of a project. Multiple configurations, multiple types of hardware, multiple security situations… the combinations are mind-boggling. Plus, these projects are frequented by people who are insanely talented experts in areas such as database design, Javascript, XML, and even PHP. I have a good basis on all this stuff, but these people use their hords of pent-up knowledge to help the project achieve much more than I could have on my own… especially in the testing & debugging arena.
  • Winner: Open-Source CMS

Future Growth (Extensibility)

  • Home-Brewed CMS
    • I just have to face it: my own CMS will require constant maintenance and changes as it grows and evolves over the years. I will be rebuilding it constantly and reworking it to solve bugs, issues, and new features.
  • Open-Source CMS
    • The growth and expansion factor is built-in. New versions will be coming out consistantly and will require little or no work on my part (except for dealing with upgrade bugs).
  • Winner: Open-Source CMS

Extendability

  • Home-Brewed CMS
    • Not quite as easy as it could be with an open-source system. With the except of JS scripts and PHP frameworks, cool new features are going to require blood, sweat, and tears on my part.
  • Open-Source CMS
    • The clear winner. It doesn’t take long exploring any of the major CMS extension pages to realize the immense number of plugins available to achieve almost any goal. In fact, I was almost overwhelmed with the number of choices.
  • Winner: Open-Source CMS

Monetary Viability

  • Home-Brewed CMS
    • This is an awkward issue to discuss, but essentially, I am more valuable and can charge more to develop/use my own CMS. It comes down to billable hours and it just takes more to go with the home-brewed route.
  • Open-Source CMS
    • Yes I know I can still charge the same amount for an open-source CMS, but somehow I just don’t think it will work out that way. Just call it a hunch I suppose, but using a pre-existing system just isn’t as valuable (though I realize that for the most part most clients wouldn’t know or care about the difference). Maybe it’s just my consciense?
  • Winner: Home-Brewed CMS

So, by adding up the wins and losses, it appears that the open-source content management system has won the battle, but by just a hair.

Stay tuned for further articles as I delve into reviewing the major open-source PHP-based content management systems available right currently. I might be proven completely wrong once I really start delving into them again, but I hope that’s just my pessimistic nature.

Sep 27

PHP LogoDid you know that PHP has some pretty powerful type casting functionality built-in? It’s no surprise if you comprehend the roots of PHP (since it’s written in C), but I can’t help but think that casting is an often-missed tool when a PHP developer is trying to ensure data integrity.

Just for a moment, let me define type casting in case you weren’t “in the know”:

According to Wikipedia, “in computer science, type conversion or typecasting refers to changing an entity of one data type into another.

So, in laymen terms, casting is an easy way to turn one type of data into another type. For example: converting a “string” variable filled with essentially text into an integer variable containing the same numbers but now representing a value. This makes it easy to do math with the value of what once was just a random string of characters.

The following cast types are allow in PHP:

  • String – (string)
  • Boolean – (bool), (boolean)
  • Integer – (int), (integer)
  • Binary – (binary) [PHP 6]
  • Floating Point – (float), (double), (real)
  • Array – (array)
  • Object – (object)

So, in the real world, when does casting actually come in handy?
Normally, PHP handles all this stuff automatically behind the scenes. But, as is normal, dealing with MySQL database interaction is something to always take seriously — and type casting can help you out!

We’re going to assume your aren’t using the PDO Prepare statement (though you should be). As a PHP developer, a major part of your job is containing the inherent security risks of user input. It’s especially important when these inputs interact directly with the database.

So, your simplified (e.g. – don’t complain) database interaction code might look something like this:


$id = mysql_real_escape_string($_POST['input']);
$SQL = 'SELECT * FROM table WHERE id = ' . $id;

Call me an overly nervous Ned, but I’d prefer to use the following code:


$id = mysql_real_escape_string($_POST['input']);
$SQL = 'SELECT * FROM table WHERE id = ' . (int)$id;

Did you notice the subtle change? See the ‘int’ cast of the $id in the SQL statement?

This should certainly help to ensure that I haven’t missed any security holes for this query. Some might say it’s overkill, but I just wanted a simple explanation for using casting, so get off your almighty soapbox already.

Anyways, as you can see, type casting in PHP has real-world uses. Delve into type casting a little more and you’ll find a huge number of cases where it can make your code that much more bullet-proof.

So seriously, try out PHP Type Casting.

Sep 08

Javascript Loves XMLRight at this very moment, I had a thought cross my mind. If I wanted to use Javascript to modify XML on the fly, how in the heck would I make that happen?

I think the answer is E4X, which is short for “ECMAscript for XML”. I tried to explain it in my own words several times, but I decided Wikipedia does it better:

“ECMAScript for XML (E4X) is a programming language extension that adds native XML support to ECMAScript (which includes ActionScript, DMDScript, JavaScript, JScript). It does this by providing access to the XML document in a form that mimics XML syntax. The goal is to provide an alternative to DOM interfaces that uses a simpler syntax for accessing XML documents. It also offers a new way of making XML visible. Before the release of E4X, XML was always accessed at an object level. E4X instead treats XML as a primitive (like characters, integers, and booleans). This implies faster access, better support, and acceptance as a building block (data structure) of a program.”

So, a powerful use, suggested here, would be building a form dynamically like this:

var html = <html/>;
html.head.title = “Hello, World.”;
html.body.form.@name = “hello”;
html.body.form.@action = “test.php”;
html.body.form.@method = “post”;
html.body.form.@onclick = “return foo();”;
html.body.form.input[0] = “”;
html.body.form.input[0].@name = “Submit”;

Pretty slick, I must admit. Anyways, I’m willing to bet we’ll be hearing more about this new technology soon as it gains traction in an area that needs some work.

For more information, see this and this.

Aug 29

Alarm.com LogoBeing a computer geeky type, I have always been enthralled with technology. I suppose it makes sense then, that I recently started pondering security systems for my house. After spending “countless” hours reading forums, talking to friends, meeting security system installers, et cetera, I have made a decision on the best one: Alarm.com.

Ok, now you might be thinking: “Big surprise, Dustin, the web developer, chose a security company that has .com in the name”. I promise you though, it’s more than just the name!

Here’s my reasoning:

1) I don’t have a regular land line (POTS) and I don’t intend to get one just to support a security system (especially since it seems to be pretty easy to cut).

Alarm.com uses a wireless cellular (GSM) system — no wires to cut and reliable service 24 hours a day.

2) I don’t want my security system to depend exclusively on a home internet connection (and again… that’s easy to cut).

There are alternate companies who rely exclusively on home broadband internet based communications. Home internet connections are fine for email and web surfing, but I would never trust my home security to a cable or DSL modem.

3) I want a system that is built solidly and will protect my family and home from the blights of society.

Alarm.com currently uses a GE Concord panel, a highly regarded system in the security arena. It’s reliable, tough, and well-tested.

4) I need flexibility, expandability, and advanced features, while still being easy to use (since my wife is not a computer programmer).

The panel used by Alarm.com currently has 96 available wireless zones, 16 wired zones (plus 2 smoke detector zones), easy to use interfaces, and everything else you could possible need.

5) I prefer a price that doesn’t require a 2nd mortgage to keep running (the price should be mostly offset by a homeowners insurance discount).

Alarm.com is a relative bargain compared to other companies (especially making use of wireless signaling and internet reconfiguration).

6) I yearn for a system that appeals to my nerdy gadget-oriented side.

This is the part that really had me convinced! Imagine being able to log in to your alarm system from anywhere in the world and see what is going on currently and what has happened in the past.

What if you could program new security codes, arm and disarm the system, set up lighting schedules (based on events like doors opening) using standard X10 controllers?

What if you’d like to see if “someone” has gotten into the alcohol cabinet when they weren’t supposed to?

Alarm.com makes it all possible and much more, through their powerful and simple online interface. The portal makes programming your alarm system a snap and it’s very simple to set up notification contact lists (both phone and email) for everything from a door opening to true alarm events.

So, add all those requirements & features up and what do you get? Alarm.com tops my list. In fact, even if you take out many of my personal “requirements”, Alarm.com is still the best bang-for-the-buck of any security company I researched or talked to (and I talked to a lot of them).

I can also personally attest to the over-the-top customer service at Alarm.com. They respond to your emails, treat you like a real person, and don’t have a foreign accent (ie: they are easy to understand).

At this point, I’ve chosen the equipment and picked an installation date. I’ll update you as the house nears completion and the service goes live.

Leave a comment if you have any questions.

EDIT: Please read my new review everyone – it’s been a while since I wrote this. 

Aug 21

JQuery LogoAfter stumbling across this article, I was in awe to see what has recently transpired in the world of Javascript libraries/frameworks.  I had recently fell in love with Yahoo UI, but I was truly surprised to see that jQuery has gained remarkable traction in the market.

According to This Google Trend, it has leaped far ahead of even script.aculo.us in raw search volume.  This is a particulary good sign for jQuery.  As search volume increases, so will the number of pages related to jQuery obviously and vice versa.

In my experience, rapidly growing popularity is usually a pretty good sign of success for an open-source project.  If problems exist with the project, usually the overwhelming interest helps to spur on solutions and increase the capability of the product because of the massive interest.  I’ve seen this same trend previously with with CakePHP, an excellent framework alternative for PHP based loosely off of Ruby on Rails.

Regardless, it appears that I will start learning jQuery.  Even if it turns out to lose the “battle”, it can’t help to learn more about advanced javascript without being forced to climb a steep learning curve.

Any truthfully, if this popularity trend continues, I think it’s safe to say jQuery is here to stay.

jQuery.com if interested.

Aug 07

Pink Papaya LogoI was asked by the owner of The Pink Papaya to donate some blog space to help sponsor a local charity event I’ve been involved with. If you are in the Northwest Arkansas area, please take a moment to consider attending the event.

Detailed Information Follows:

Pretty in Pink is Back!

We are putting on a large fashion show and concert on Tuesday, Sep. 25th at the Walton Arts Center parking lot. This years event will be spectacular and a very large scale producton where we put on an amazing multi-faceted show with expected attendance of over 3000!

Important ways to help: Spread the word, be a sponsor, volunteer. Buy tickets or more importantly buy a cabana… more than half have already been obligated, so DON’T wait

Cabanas
All individually designed and decorated by local designers with very unique themes. They accomodate 10 and will have snacks and drinks and a private server for every 3 cabanas. They also include 10 VIP tickets and VIP parking transfers in the limo bus.

The Headliner is Kelli Pickler with Edwin McCain, opening acts are MAR and Amanda Scarlett.

Renowned Designer Shadang will be premiereing his new clothing collection. You can find him on YouTube for all of the press in Hollywood, or our featured work together in last month’s Citiscapes on page 20!

- VIP tickets are $100
- General admin tickets are $50 (all tickets day of show are $100)
- VIP cabanas are $2500 and seat 10 and include 10 VIP tickets
- VIP entrance is at 7:00 PM, general admin entrance is at 7:30 PM

Sponsorships still available
Expected media/promo to exceed $150K!
Expected attendance is 3000, with a goal of $250K being raised — All net proceeds go to benefit the local affiliate for Susan G. Komen.

Again thank you for all that you can do to make this a success!

- Miranda Epp-founder/president of Pretty in Pink

Underwoods Logo Bank of Arkansas Logo

Bentonville Auto Group Banner

Rock the Runway Flyer

Aug 01

Capistrano LogoIf you aren’t familiar with Ruby on Rails, there’s a good chance you’ve probably missed the proverbial boat on a powerful tool called Capistrano.

Do you ever feel like you’re repeating previous work every time you deploy a new application (or when modifying an old one)?  It’s a process I truly despise for two important reasons:

1) I really don’t like to feel like I’m being inefficient.
2) I hate wasting my own valuable time.

Ok, so 1 & 2 are sorta the same reasons… but you get my point.  A fellow programmer friend (a staunch RoR addict) recommended I try deploying my apps with Capistrano, even if they were PHP.  I had never really thought of that idea, but in reality, it made a whole lot of sense.

Anyways, originally I was going to write up a nice how-to on PHP deployments using Capistrano, but I decided the topic was already sufficiently covered.  It’s a good read and I’ll bet you’ll walk away excited about the amount of time you can save.

No more manual exports or checkouts from SVN again!

So, go check out this write-up at Simplistic Complexity for all the details.

Jul 15

The Future of PHPIf you are a fan of language “X” and think it’s better than PHP, here’s your chance to convince me. After some discussion with colleagues, I’m very interested to find a general consensus as to which web development language (server-side) is the true “future of web development”. My research reveals that PHP is the most popular web development language currently. Even though it’s clear that PHP is widely accepted, how long will that be true? Is PHP dying?

Now please don’t get me wrong, PHP is a great language that I use daily. It’s powerful, widely supported, popular, and pretty darn stable. Recently, I’ve even had even more success with PHP by supplementing it with CakePHP, a powerful PHP framework that makes development a bit more painless.

Still, even with frameworks and new versions of PHP coming soon, how long can the trend last?

Are you wondering why I care so much?

The reasons are fairly mundane: job security, stability, trends, and money.

I value my career and work as a web developer. We (web developers) provide content to the voracious users of the web and I love being a part of the “internet revolution”. I also enjoy keeping up on the latest trends… I tend to prefer being near the bleeding-edge at all times. Why? Because it’s more fun. Also, I’d say that having a grasp of where the future is headed in web development can be very valuable indeed.

Back to my point: I’ve played with a few alternate languages outside of PHP, but I’m not convinced of their long-term popularity… they just don’t offer anything revolutionary. Maybe I’m expecting a revolution that isn’t gonna happen. Or, maybe I missed the revolution boat already.

So, you tell me; what’s the next revolution? Has it even been invented yet?

Jun 23

Perl?Recently at work, a brief discussion with a co-worker about Perl vs. PHP encouraged me to do some “reading” about the topic.

Honestly, I had never really considered that people were still using Perl on a regular basis for web applications in the year 2007.  However, my research quickly proved contrary.  Truthfully, I haven’t touched Perl since I was a freshman in College nearly six years ago, so I suppose I’m a tad out of the loop.

This is what I can say though.  Perl is powerful, I’ve always known that.  See… I admit it, I respect Perl.

However, my life as a web developer is easier with PHP (and associated frameworks) than it would be with Perl, at least in my humble opinion.  In fact, if you consider my recent switch to CakePHP (a powerful & flexible PHP framework), I’d venture to say that I could never get the amount of rapid work, prototyping, and other efforts completed if I was forced to use Perl; no matter how many Perl modules I had access to.

I know it’s not fair of me to say that (since I’m no Perl expert), but still… if you are a die-hard Perl addict, you should take a moment to try PHP for your web applications; and take extra care to try CakePHP.  I’m betting you’ll be blown away by the time you save and the efficient code you generate.

May 07

Addiction - CopyrightedAs a web developer I spend a “small” amount of time in front of a computer. It’s to be expected, right? The other day a friend proposed that I spend too much time in front of a computer! Utterly shocked, that simple statement has been perplexing me ever since.

So, this week, I kept track. The following was my PC usage for Mon, Apr. 30th through Sun., May 6th:

Dustin’s Week – Time Spent At The Computer

Monday – Friday
- Approximately 42 hours for all five days at my full-time web development job.
- At least 23 hours at home (after work) programming, doing the finances, surfing, and gaming.

Saturday
- At least 11 hours, although two of that was at my friends house playing XBOX (that counts as a PC, right?).

Sunday
- At least 7 hours after church working on side projects and battling my buddies on BF2.

That’s a grand total of 83 hours this week. Not too shabby. ::pats self on back::

Tonight, I Googled the classic symptoms of a computer addiction and immediately found this article. Dr. Maressa Hecht Orzack listed these highly interesting psychological symptoms of computer addiction.

The 7 Symptoms of Computer Addiction

1) “Having a sense of well-being or euphoria while at the computer”
- Come on now, programming just makes me happy!

2) “Inability to stop the activity”
- It’s a part of my job and it’s fun!

3) “Craving more and more time at the computer”
- If only I didn’t have to sleep, then there would be enough time.

4) “Neglect of family and friends”
- My wife is in law school, she’d rather me be busy than bothering her while studying anyways. My friends… they talk to me on the computer (TeamSpeak)!

5) “Feeling empty, depressed, irritable when not at the computer”
- I’m irritable because it’s inefficient to go camping without internet access and electricity! Seriously, why no WiFi at the campground?

6) “Lying to employers and family about activities”
- This one I would never ever do, I promise.

7) “Problems with school or job”
- How is it a problem? You think my boss wants me to work less? Geesh.

I realize that a ‘supposed‘ computer addiction is also strongly related to a ‘supposedinternet addiction. But that’s a whole other article unto itself and doesn’t apply to me either.

So, if you are a computer addict, please look somewhere else for support. I’m sure there are plenty of other people out there that can help you more than I can.

But me, I’m just fine.

Apr 27

KeysOne of the inherent flaws with any popular web language like PHP is the serious potential of security vulnerabilities from improperly set up installations and servers. Although ensuring a secure server installation (whether Apache or IIS) is extremely important, that process is outside the scope of this article.

Instead, I’d like to recommend one simple tool that will should enable you to pro actively plug most “holes” in your PHP setup.

The ironic part about this article is that just a short while ago I thought I had everything “plugged” myself. I had done my reading up on PHP security and felt confident that I had a secure setup. Unfortunately, in an upgrade to a more recent PHP version, I accidentally overwrote my “secure” php.ini from the previous install. This caused one particular web site to be infiltrated by a nefarious ‘hacker’. Fortunately, there was no serious damage and I quickly found the problem.

However, if I had dropped PhpSecInfo onto the server and checked it out before going live, I would’ve immediately known there was a problem.

So here’s how it works: PhpSecInfo is just a single script and a small library that does the work. You simply drop the PHP files onto your server and execute index.php in your browser. You’ll be treated with a nice looking, clean, and easy-to-understand table of security information about your current PHP setup.

There are a mighty large number of security tests performed and all you have to do is analyze the results. Using the highly familiar red, yellow, green color schemes (from stop lights)… you know which tests have failed miserably, which ones you should probably check on, and which ones you can safely ignore. I realize that it’s not the end-all security check-up for a PHP installation, but I think it’s truly helpful to anyone operating a public facing PHP web server.

So, if you’re interested, check out PhpSecInfo from the PHP Security Consortium.

Whether or not you make any changes to your setup, it’s always good to be aware of your vulnerabilities. Oh yeah, it’s also totally free!

Apr 13

cakephp.gifIf you are interested in using CakePHP on an IIS server, you may have experienced a few problems here and there. Mostly, the problems arise when you are trying to integrate Cake with an existing IIS server and PHP infrastructure that is large or complicated.

Regardless, I have accumulated a few tid-bits of knowledge that may save someone an immense amount of head-scratching, so hold on to your hats.

Note: I still think Apache is the preferred server for a lot of reasons, but if you are absolutely locked into IIS, then please read below. If you think you might be moving over to Apache/Linux sometime soon, seriously consider biting the bullet now. It’s sorta like saving for retirement… the more you do early on, the less of a headache it will be later.

Dustin’s Beginner Guide To CakePHP on IIS

I am assuming you have installed PHP properly and have tested your IIS + PHP configuration for correct functionality prior to attempting the Cake install. Installing PHP on IIS is outside of the scope of this tutorial, sorry.

Configuring IIS

I used Windows XP Pro IIS 5.1 for the instructions in this guide. As I roll Cake apps onto different IIS servers and versions of Windows, I’ll be sure to share what I learn in the different environments.

- Make sure that IIS isn’t checking to see if a script exists before executing.

1) Go to your server admin panel, right-click on the web server (ex: Default Web Site) and click on properties.2) Go to the Home Directory tab at the top and click on the Configuration button near the bottom of that page.

3) Find the .php extension listed in the “Application Configuration” page that appears; click on the .php extension and then click the edit button near the bottom of the page.

4) You should be on the “Add/Edit Application Extension Mapping” page: simply uncheck the “Check that file exists” box at the bottom of the page.

5) Click OK, Click OK again, Click OK once more (you should’ve closed all the windows).

6) Now restart IIS (ie: command prompt -> IISReset).

This little process fixes a few problems and was a sort of ‘magic bullet’ for many of my troubles. If you look into how Cake works and what this check box in IIS does, you’ll have a “no duh” moment like I did.

- Double check your security permissions for the Cake folders/files you dropped into your web root. Just remember that something unzipped to the desktop and copied into your Inetpub directory will often have security permissions that will prevent the server from accessing some files properly.

- Remember that the app/temp folder must be writeable by the web server (for caching). That particular problem had me scratching my head once or twice.

Configuring Cake

1) Drop Cake somewhere inside your web root.2) Go to the APP/Config folder within your cake directories. Simply un-remark (‘BASE_URL’, env (‘SCRIPT_NAME’)) at the top of the core.php config file.

You should now have a working CakePHP application inside an IIS environment. I have assumed that “pretty” URLs aren’t of great concern to you. If you absolutely must have pretty URL’s, consider a good mod-rewrite filter for IIS like Helicon Mod-Rewrite. It’s easy to use and configure, lightweight, and free for most users. If you need it, it can be done.

If you have any hints, tips, problems, or suggestions… please contribute by leaving a comment below. I am certainly not the end-all resource here as my experience is limited to a few versions of IIS (I mostly run Apache anyways).

Share your knowledge, and help make CakePHP a viable option for everyone!