RCS vs. Git for quick versioning
By Greg Sabino Mullane
December 2, 2009
As a consultant, I’m often called to make changes on production systems—sometimes in a hurry. One of my rules is to document all changes I make, no matter how small or unimportant they may seem. In addition to local notes, I always check in any files I change, or might change in the future, into version control. In the past, I would always use RCS. However, Jon Jensen challenged me to rethink my automatic use of RCS and give Git a try for this.
This makes sense on some levels. We use Git for most everything here at End Point, and it is our preferred version control system. I still use other systems: there are some clients and projects that require the use of Subversion, Mercurial, and even CVS. The advantage of Git for quick one off checkins is that, similar to RCS, there is no central repository, and setup is extremely easy.
As an example, one of the files I often check into version control is postgresql.conf, the main configuration file for the Postgres database. Before I even edit the file, I’ll check it in, so the sequence of events looks like this:
mkdir RCS
ci -l postgresql.conf
edit postgresql.conf
The creation of the RCS directory is optional but recommended. RCS (which …
git
Using The Security Component and validatePost in CakePHP Gotcha
By Steph Skardal
December 2, 2009
Recently, Ron, Ethan, and I worked on a JackThreads project. We are in the process of moving JackThreads’ legacy PHP application to the CakePHP framework in addition to introducing new functionality for this project.
Several of the pages require secure requests:
- the home page (where users log in or create accounts)
- the login page
- the “invite” page (where users create an account)
- the checkout page
We referred to this article that discusses using the security component in CakePHP. Although this article covered the basics, we extended the concepts of the article by creating a CakePHP component with the custom security functionality to force a secure request and includes query string parameters. Below are the contents of the component that was created:
class StephsSecurityComponent extends Object {
var $components = array('Security');
function forceSecure($args) {
$this->Security->blackHoleCallback = 'forceSSL';
$this->Security->requireSecure($args);
}
function forceSSL($controller) {
$redirect_location = 'https://'.HTTPS_HOST.$controller->here;
$params = $controller->params[ …php
Setting up a login form in a controller other then the Users controller in CakePHP, don’t forget the User model
By Ron Phipps
November 25, 2009
I ran into an issue today while setting up a login form on the front page of a site that would post to the login action of the User controller. The issue was that when the the form was posted the App controller beforeFilter was called, the User controller beforeFilter was called, but the login action of the User controller was never reached and a blank template with the normal debugging output was shown. No errors were being output and there wasn’t much to go on. Ultimately what ended up being the problem was that in the Home controller where the form was being served from we did not have the following to include the User model:
var $uses = array('User');
Surprisingly within our view we were able to setup forms to work with the User model. When the auth component was checking for the user data in the post it did not find any data, and stopped processing the request. This was not a graceful way for the auth component or CakePHP to handle the request, an error message would have helped track down the issue.
community php
XZ compression
By Jon Jensen
November 23, 2009
XZ is a new free compression file format that is starting to be more widely used. The LZMA2 compression method it uses first became popular in the 7-Zip archive program, with an analogous Unix command-line version called 7z.
We used XZ for the first time in the Interchange project in the Interchange 5.7.3 packages. Compared to gzip and bzip2, the file sizes were as follows:
interchange-5.7.3.tar.gz 2.4M
interchange-5.7.3.tar.bz2 2.1M
interchange-5.7.3.tar.xz 1.7M
Getting that tighter compression comes at the cost of its runtime being about 4 times slower than bzip2, but a bonus is that it decompresses about 3 times faster than bzip2. The combination of significantly smaller file sizes and faster decompression made it a clear win for distributing software packages, leading to it being the format used for packages in Fedora 12.
It’s also easy to use on Ubuntu 9.10, via the standard xz-utils package. When you install that with apt-get, aptitude, etc., you’ll get a scary warning about it replacing lzma, a core package, but this is safe to do because xz-utils provides compatible replacement binaries /usr/bin/lzma and friends (lzcat, lzless, etc.). There is also built-in support in …
hosting interchange open-source compression
Dropped sessions when Ask.com Toolbar is installed
By Ron Phipps
November 18, 2009
We’ve been dealing with an issue on a client’s site where customers were reporting that they could not login and when they added items to their cart the cart would come up empty. This information pointed towards a problem with the customer’s session being dropped, but we were unable to determine the common line across these customer’s environments and came up empty handed. This was a case of being unable to reproduce a problem which made it nearly impossible to fix.
This morning on the Interchange users list there was a post from Racke discussing a similiar issue. His customer had the Ask.com toolbar installed and Interchange’s robot matching code was mistakenly matching the Ask.com toolbar as a search spider. The user agent of the browser with Ask.com installed appeared as so:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; msn OptimizedIE8;ENUS; AskTB5.6)
A quick look at the current robots.cfg that Steven Graham linked showed that ‘AskTB’ had been added to the NotRobotUA directive which instructs Interchange to not consider AskTB a search spider, thus allowing proper use of sessions on the site.
Updating the robots.cfg on our client’s site allowed users with …
community ecommerce interchange tips
WordPress Plugin for Omniture SiteCatalyst
By Steph Skardal
November 18, 2009
A couple of months ago, I integrated Omniture SiteCatalyst into an Interchange site for one of End Point’s clients, CityPass. Shortly after, the client added a blog to their site, which is a standalone WordPress instance that runs separately from the Interchange ecommerce application. I was asked to add SiteCatalyst tracking to the blog.
I’ve had some experience with WordPress plugin development, and I thought this was a great opportunity to develop a plugin to abstract the SiteCatalyst code from the WordPress theme. I was surprised that there were limited Omniture WordPress plugins available, so I’d like to share my experiences through a brief tutorial for building a WordPress plugin to integrate Omniture SiteCatalyst.
First, I created the base wordpress file to append the code near the footer of the wordpress theme. This file must live in the ~/wp-content/plugins/ directory. I named the file omniture.php.
<?php /*
Plugin Name: SiteCatalyst for WordPress
Plugin URI: https://www.endpointdev.com/
Version: 1.0
Author: Steph Powell
*/
function omniture_tag() {
}
add_action('wp_footer', 'omniture_tag');
?>
In the code above, the …
analytics seo
Test Fixtures for CakePHP Has-and-Belongs-to-Many Relationships
By Ethan Rowe
November 17, 2009
CakePHP, a popular MVC framework in/for PHP, offers a pretty easy-to-use object-relational mapper, as well as fairly straightforward fixture class for test data. Consequently, it’s fairly easy to get into test-driven development with CakePHP, though this can take some acclimation if you’re coming from Rails or Django or some such; the need to go through a web interface to navigate to and execute your test cases feels, to me, a little unnatural. Nevertheless, you can get writing tests pretty quickly, and the openness of the testing framework means that it won’t get in your way. Indeed, compared to the overwhelming plethora of testing options one gets in the Ruby space—and the accompanying sense that the choice of testing framework is akin to one’s choice of religion, political party, or top 10 desert island album list—CakePHP’s straightforward testing feels a little liberating.
Which is why it was a little surprising to me that getting a test fixture going for the join table on a has-and-belongs-to-many (HABTM) association is—at least in my experience—not the clearest thing in the world.
One can presumably configure the fixture to merely use the table option in the fixture’s …
open-source php testing
Port knocking with knockd
By Greg Sabino Mullane
November 16, 2009
One of the best ways to secure your box against SSH attacks is the use of port knocking. Basically, port knocking seals off your SSH port, usually with firewall rules, such that nobody can even tell if you are running SSH until the proper “knock” is given, at which time the SSH port appears again to a specific IP address. In most cases, a “knock” simply means accessing specific ports in a specific order within a given time frame.
Let’s step back a moment and see why this solution is needed. Before SSH there was telnet, which was a great idea way back at the start of the Internet when hosts trusted each other. However, it was (and is) extremely insecure, as it entails sending usernames and passwords “in the clear” over the internet. SSH, or Secure Shell, is like telnet on steroids. With a mean bodyguard. There are two common ways to log in to a system using SSH. The first way is with a password. You enter the username, then the password. Nice and simple, and similar to telnet, except that the information is not sent in the clear. The second common way to connect with SSH is by using public key authentication. This is what I use 99% of the time. It’s very secure, and very convenient. …
hosting networking security