Optimising for Iteration

Mark Zuckerberg in front of a Move Fast poster

Late last year I left Facebook, but I still like to follow what's happening inside the company's multicoloured walls. So last week I watched with interest with Mark Zuckerberg laid out a long-term vision for Facebook that focused on building meaningful communities and influencing the real world.


Jumping On the Bandwagon

Nokia and Microsoft's deal has been getting a lot of press in the last week. Nokia Plan B (which has now been revealed as a hoax) got a lot of attention on Hacker News and spawned a bunch of knock offs which I was taking a look through on my morning train ride. By the time I'd got to work I'd decided to contribute my own poor sense of humour to the mix and set off on the quickest web page launch I'd ever done. The result was Nokia Plan XP which was put together in the time it usually takes me to get my morning coffee.


Inheritance and Mootools Mixins

I was playing with Mootools' Class implementation today. It has a few nice features like mixins, easy inheritance and sane parent method calling. I did run into issues combining mixins (through the Implements keyword) with parent method calling. The following code fails with the message: The method "setOptions" has no parent.


Top trends of 2011

Brightlabs, my employer, regularly publishes a web-focused newsletter for small businesses called enlighten. The latest edition contains and article I wrote detailing "Five trends that will change the web in 2011".


Dead Zend: "We can't be bothered" is not a valid excuse.

I had a client send me a copy of their website for testing purposes today. Some of it used off-the-shelf commercial PHP components which were encoded with a product called Zend Guard. I'm generally not a fan of encoding files, but headed off to get the relevant extensions from the Zend website. After installing the extension I found Apache throwing a bunch ominous errors when trying to decode a file with the extension


Twitter will eat your URLs

My HTML periodic table has been getting a lot of attention on Twitter over the last few days. Because the page has a relatively short URL a lot of people have been tweeting the actual URL rather that using a URL shortening service. This has been good for me because shorteners remove the HTTP referrer and stop me from seeing where my Twitter traffic comes from.

A peek at my error logs did reveal one potential problem though. I've had well over a thousand hits to invalid URLs like These are obviously URLs which have run up against Twitter's infamous 140 character limit and have been truncated. This results in wasted traffic for me and a waste of time for my visitors so I decided to push a quick fix.


A PHP snippet for pluralizing strings

Every time I'm working on CRUD applications it seems like a lot of boilerplate code goes towards displaying appropriate messages when lists can contain zero, one or more than one element. I put together a quick function to speed up the process.

The function takes a string with string fragments marked up inline as its main argument. It then formats the output based on the count passed into the function.


Includes are not functions

Over the last week I've been working with a commercial PHP eCommerce package. Amongst some shockingly bad code one of the patterns that has stood out has been the use of includes a kind of pseudo-function. Dozens of files in the application are in the following format.


Dynamically define subdomains with Apache

When I need to develop multiple sites at once I often find defining multiple Apache Vhosts and host files entries to be time consuming. Thankfully, with a little Apache magic it’s possible to automatically create a new subdomain for each project I start.


An introduction to PHP's static scoping

The static keyword is a core feature of PHP's object oriented programming. Unfortunately, there doesn't seem to be much in the way of easy introductions available online, so I'd like to give a brief overview of how the keyword functions, and how it should be used.

PHP actually has two distinct uses for the static keyword. The first and most common usage is related class method and property scoping, the second to variable scoping within in a single function.


Singletons: What can they teach us about PHP?

Why would I be showing you how implement singletons in PHP? Don't I know that the singleton pattern suffers from obvious shortcomings? Of course I do, but I have an ulterior motive. Singletons are a simple way to show off some of the features of PHP you probably don't get to see and use too often. Now we've got that covered let's see some code. If you haven't seen a Singleton before the premise is simple: there should only ever be one instance of our class.


Fix your tables: how to stop cells from expanding out of control

HTML tables receive a bit of a bad rap thanks to years of abuse in web design, however in reality they're semantic as the next element. They do have their quirks though, one common problem is that instead of aligning themselves like the rigid blocks we're used to they tend to be a bit more fluid - expanding and contracting to fit their content.

This useful behaviour can become frustrating when a carefully laid-out table encounters abnormal input and suddenly decides to stop paying attention to the cell widths we've specified. Luckily there is a simple solution to this. All the major browsers implement an alternative fixed table layout which is specified through the appropriately named table-layout CSS property.


Digging deeper into PHP's static scoping

Redditor troelskn made an interesting observation about my recent blog post about Singletons, pointing out that static variables defined within a method behave completely differently to regular static properties. I use static method variables often but still found this behaviour surprising. I decided this was a good opportunity to find out exactly how static methods, properties and variables work in PHP.


Simple Atom / RSS Reader for PHP

I was recently looking for a simple RSS reader for PHP. There are a few out there, like Magpie RSS. These seem like adequate projects, but much too high level for the scripts I was throwing together. I need to read a couple of different feed formats: namely Wordpress' RSS feed and Flickr's Atom feeds. I decided to put together a single-class implementation which didn't do anything more than the bare minimum.


Getting started with Python and Django in 23 frustrating steps

Should I or shouldn't I? Should I ditch my well-worn PHP and the frameworks I know so well to go with this new-fangled (silent-d)Jango thingy I hear the cool kids talking about? It's a big decision, as this project is going to be the big one (you know, the one that will change the world and all that).

I've worked with PHP for over six years. It has it's warts (and how) but it's very much a known quantity at this point. On the other hand, when I have used Python it's been a much more pleasant experience. The fact that this is a personal project makes the decision easier: let's ditch old mate LAMPhp go with LAMPy. It's almost dinner time and the latter sounds like it'd go well with an ale anyway. So, starting with a brand new dev box, where do I begin?


Cleaning up uncommitted subversion working folders

Today I stumbled across an unused working folder in a dark and dusty corner of one of our development servers. The directory had a couple of dozen un-checked in changes. Some were from barely a month ago while others dated back years. Not wanting to discard any important modifirations I cobbled together a bash command to show me when each file was last modified (the file's mtime).


Windows Gadgets and Invalid Packages

I've recently upgraded to Windows 7 and decided to experiment with the in built gadgets. Windows gadgets are built on web technologies; each gadget is really just a couple of HTML pages glued together with JavaScript. This is good in principle but there are enough differences between the gadget environment and Internet Explorer to make testing difficult.


Abusing the Cache: Tracking Users without Cookies

I've been doing a little bit of research into ways to misuse browser history and cache and came across a very simple technique for tracking users without the need for cookies. Firstly, a demo. If you watch the HTTP requests you'll see that there are no cookies being used.


Twitter is CRUD

Any technical person is interested in solving big challenges. How to scale well (and cheaply) is one of the really big ones; and something that no one really seems to get right. I've read some interesting posts discussing Twitter's problems lately (I'm a little slow to jump on this bandwagon, but like that's going to stop me). I haven't been a Twitter-er up until now, but it's hard to miss talk of them in the blogosphere.


Securing Your PHP Code - XSS

Today I'm going to start a three part series looking at security issues affecting web developers. The specifics apply to PHP developers, but the general concepts carry across all technologies.

Any significant website is going to consist of three core layers: the client side code (HTML and JavaScript), server code (PHP) and a storage layer (MySQL). As a developer you should be aware of the security implications of each layer of technology and how you can best secure your code.


Securing Your PHP Code - Server Security

When protecting your server environment you'll want to ensure that two things happen. Firstly, you'll want to keep your scripts from prying eyes; you want to make sure that you don't accept input that will break your code. Secondly, and most importantly, you want to stop anyone from executing their own code on your servers.


Securing Your PHP Code - Databases

SQL injection is a well trodden topic so I won't go into too much detail.

For those who don't know, the problem occurs when you fail to properly escape variables being placed into your strings. For example the SQL statement "SELECT * FROM users WHERE name = '$name'" will fail if $name is set to ' or '1' = '1. The string will be expanded to produce SELECT * FROM users WHERE name = '' or '1' = '1'. This is obviously not what you wanted, and could lead to very bad results when coupled with DELETE or UPDATE queries.


A First Look at Python

So I've been looking at and using Python recently. I thought I'd share some of my thoughts for those who haven't had a chance to play with the language yet. I'll try to avoid a preachy OMG-I've-just-discovered-the-best-thing-ever post, or to simply write another Python tutorial. I'll look at the good and bad points of the language.I first looked at Python a month or two ago. The guy and girls over at push it as the language to end all languages, so I decided to grab a copy of the (free!) Dive Into Python book. I started putting together a smallish personal project, but with no external pressure it petered out. When a discussion came up at work (a PHP shop) on how to quickly write a reliable server daemon I pushed the idea of Python. It took a little convincing, but the results speak for themselves.


Rainbow Tables

To most of you the term "rainbow table" is probably familiar. You are probably aware that they are used to aid the reversing of one-way hashes, usually when trying to crack a password. I personally think that they are a nifty little hack, and so I'd like to explain a little about how they are implemented.