Today I release a new php caging class for improved security – Peregrine.

I’ve always been impressed by the idea of a “variable cage” in programming. It’s an additional method of protecting your incoming variables and making sure that you only accept what you’re expecting.

If you’re not familiar with a cage, think of it as a class that copies any (usually incoming) data into an object while destroying the original “unclean” data. At this point you must access this data through the “cage”, which provides a whole bunch of ways to filter out what you don’t want.

So an incoming variable (through a GET/POST request for example) may only need to be a integer. You may use a method that returns or checks for integers, and either removes non-integer characters or returns false.

This provides an excellent wall against any malicious attackers, and really helps you define data validation more accurately within your projects.

There are some others out there, and some are very good. However, none worked as well or were as cleanly coded as I would have liked, so I’ve been working on Peregrine.

It’s hosted at github so you’re welcome to fork it and contribute back any fixes or feature requests you would like.

To learn how to use it, please read the documentation provided with the code and look through the class itself.

http://github.com/botskonet/Peregrine

I was recently installing Bugzilla on a new server and ran into problems with the CGI perl module from CPAN being too recent. Apparently, version 3.47 has some issues, so I had to downgrade to 3.45.

Bugzilla recommends that you use their installer when the checksetup.pl script spits out missing modules. However, if you encounter problems or need older version, this won’t work.

However, their own script makes a copy of the CGI.pm file inside of the bugzilla libs/ directory.

In order to solve the issue, you need download and install the proper version, but then copy of the file to the bugzilla libs folder.


$ wget http://search.cpan.org/CPAN/authors/id/L/LD/LDS/CGI.pm-3.45.tar.gz
$ tar -xzvf CGI.pm-3.45.tar.gz
$ cd CGI*
$ perl Makefile.PL
$ make
$ make install
$ cp /usr/lib/perl5/5.8.8/CGI.pm /var/www/vhosts/trellisdev.com/subdomains/bugs/httpdocs/lib/CGI.pm


Then, continue with your checksetup.pl process as usual.

While recently upgrading and moving Bugzilla to 3.4.2 I ran into an issue on a CentOS 5 server that was giving the following error any time I tried to access a buglist:

undef error – Cannot determine local time zone

After some searching I finally discovered that the issue was with Bugzilla looking for the timezone information in /etc/localtime, while CentOS had not updated that file since it’s original installation.

The solution is to change /etc/localtime to a symlink that leads to the correct timezone file for you:

ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime

During development of a recent point-of-sale / e-commerce package, I started researching ways of exporting data from a web-based application into QuickBooks. A decent tool called Web Connector allows QB to connect with a web source and share information, and there’s even what appears to be a very thorough PHP class for interfacing.

However, Web Connector is Windows-only. My client runs a Mac.

Disclaimer: Prepare to be disappointed.

(more…)

Recently, version 7 of Zend Studio was released. Very unhappy with version 6, but previously satisfied with Zend 5.5, I decided to give it another chance to see if they had any luck improving the user experience.

Zend charges you $399 per year to use this software. They’ve got a standard toolkit for every php developer from phpunit support, documentation support, subversion support, code galleries, etc. These would be very useful if Zend had not gotten the user experience part all wrong. For $399 per year, they better have some great advantage over FREE competitors like NetBeans IDE.

(more…)

After an hour of searching, I found that the problem for me was that java 1.5 on mac was forcing netbeans to run in 64bit mode which was causing it to crash before it even opened.

By following the instructions (reposted with more info) at http://blogs.sun.com/yakshaving/entry/netbeans_will_not_start_on) I was able to get things resolved. As far as I can tell, I have not affected anything else I have.

I’ve been looking at the Habari Project, a new blogging tool developed specifically for the current state of the web and is supposed to become a WordPress killer. (I’m using wordpress 2.5 for this blog).

The first issue I encountered was the requirement that the mbstring php extension be installed. This extension is not enabled by default, although most web server companies enable it for you in their installation. It was not the greatest experience having to recompile php to enable this, but since it won’t affect most users, I don’t see a large issue with it. However, I’m curious as to how the project will change when PHP6 is released, with improved Unicode support.

The second issue was that the system required me to use an SQLite database during the install which runs on files written by the web server to the file system. I usually don’t like use flat file system for personal reasons. The documentation lists MySQL as an option, but it wasn’t available as a choice during the install.

I’ve also noticed that the software is extremely slow on a CentOS machine. I’ve been using a pentium three with 256mb of ram for application development for months, and no private or public application takes as long as this application to run. Portions of the install process even take up to twenty seconds to load.

By default, the output format of the blog is HTML Transitional. I’ve read in their documentation that it was decision that was debated, but I cannot agree with their reasoning on why they chose HTML versus XHTML, and even beyond that why they would choose Transitional over Strict. My development partners and I are very strong supporters of using xhtml strict in every project and we’ve found that it’s provided the best results in accessibility, user interface development, and integration with server languages.

The user interface is very clean and a welcome relief over the wordpress administration tool. However, I can see the UI becoming cluttered as the application grows and, like WordPress, the navigation may loose it’s current usefulness.

The speed of the application itself ran as expected, and I did not experience any slowness.

Overall I feel that it’s decent blogging application and would be a joy to use for custom development for clients. Unlike WordPress it was developed only for PHP5 and by my quick glances at the templates and the API, I feel like it’s got a better quality and more robust codebase.

Over the last seven years I’ve tried out almost every single tool available for my code editing work. I’ve tried open source tools, free tools, commercial applications, and they none of them meet my expectations.

I wanted to quickly mention the top three I’ve been able to use the longest and still document why they’re not what I want them to be.

Coda

I’ve tried out the excellent editor from Panic – it has two killer features: ftp upload buttons next to filenames that are stored locally and sharing via bonjour over the network. Coda is pretty basic and lightweight, but for hardcore php developer it lacks tools I find helpful.

I’ve heard that Coda is working on subversion integration which will be nice, but what I really need is improved php support. If they wanted to give me better code analysis, php variable/function exploring functions, syntax error highlighting, etc, I would enjoy it much more.

Coda is unlikely to every meet all of those expectations because it’s more of an everything editor and will probably never have specific language features like that.

Zend Studio 5

I’ve used this tool the most but there are a few items it lacks that I really would like to have. First off, while it can edit files over ftp directly, I would like it to have an ftp upload like Coda does. Zend 5 has no subversion support. I’m really driven crazy by some basic file quirks on Mac that I’ve been unable to resolve.

Zend 6 has a lot more features that would be very useful but unfortunately, it’s a worse program for me than Zend 5.

Zend 6

Immediately I’m shown how awful and clunky the new project/file management system is. There are too many ways to create and store projects. Many of the default ways now store my code somewhere I don’t want it, and confused the heck out of me when trying to edit files.

It also decided to keep all of these hidden files in my folders which had I left them would have been checked into my subversion repo. I immediately dismisses Komodo from Aptana because of this same issue – my project files were being stored in with my code.

I’m having similar problems with zend 6 on mac – files will not open properly when I just double click on them or right click and select “open with”.

Also, the preferences are a thousand times more confusing – I can change syntax colors in two or three different places for the same code type.

Why can’t anyone fix these issues? Who would release a tool that can’t properly open files? Why does Zend have to make a product that’s actually worse than it’s predecessor? I’ve tried a thousand others but I’ll keep looking. Any suggestions?

It’s been a few years since I’ve released the first version of Bugzilla Changelog, and over those years many folks have been asking if I ever intend on making it open source. While essentially open anyway as it was a Perl script, I’m now accepting patches and new work from anyone else interested.

Those of you who have submitted patches over the years should be pretty excited. I’ll be tracking project updates, requests, fixes, etc, through sourceforge.

View Bugzilla Changelog at SourceForge.net.

I see huge potential for Flex and Air applications with some of my core clients, as well as a way to attract new clients. As time goes on I’ll be discussing new applications we’ve got going in Flex, but I wanted to start with a very basic application.

This basic application displays a chart with download statistics for applications I’ve released over the years on Botsko.net. I’ll be adding on to this basic example so that I have a better showcase of flex work. For example, I plan on adding some advanced data parameters including changing the year, seeing data points on the chart, and some improved visuals.

This application totals about 300k including the php code that produces the xml for the data. That number can be reduced further with optimizations, and by removing some extra support-related files.

While Flex can be used to build some amazing applications, it’s also going to be extremely handy when used within an existing web page. I’m excited to see where we end up when using Flex.

Take a look:

http://experiments.botsko.net/tests/flex/chart2/