I’m not a big believer in karma, but this week I experienced some karma-like effects. Two years ago for work, I developed code to protect wiki websites. Then I published it on my blog.

This weekend a software upgrade caused this protection code to stop working on our websites. I couldn’t find an answer. Then yesterday, some chap named Nathan left a comment describing the solution. I hadn’t asked for help. He was simply documenting his own experience. But it was just what I needed.

This is fundamental to open source software — the creation of a software commons. It’s also what happens on Wikipedia, the creation of a knowledge commons.

In Love Is the Killer App, Tim Sanders suggests freely sharing your knowledge and your network, not hoarding them.

Jon Udell talks of “narrating” one’s work from day to day. This allows everyone to share in your vast brain knowledge, and it becomes your living résumé. I’d like to do more of that.

This will be the most technical of my posts in the Amtrak series, but it’s not just for computer geeks so stay with me. Here we go.

Ruby on Rails is a “web application framework”, a way for programmers to make web applications more easily and more quickly (and more enjoyably, as its creators would be quick to point out.) It was created by 37signals, the makers of Basecamp and other fine web apps, and has been one of the fastest growing programming environments of the last couple years. “Ruby” is the programming language and “Rails” is the set of additions that make it “fast” and “easy,” like a high-speed train. (Not a sight-seeing Amtrak.)

You probably see where this is going. As an exercise in literalness, I though it would be interesting to do a little Ruby on Rails programming while on the train, or in other words, Ruby on Rails on Rails. (Mitch Hedberg said “I’d like to see a forklift lift a crate of forks. It’d be so…literal. ‘Hey, you’re using that machine for its exact purpose!’”) See the pictures.

I have not delved into Rails as much as my local colleagues, but with the little I’ve used it, I’ve been impressed. By taking away the tedious parts of programming, it really does make programming more enjoyable. I know several good developers who prefer it.

Ruby on Rails enforces an architecture called “Model-View-Controller” (MVC), which is used heavily in Mac applications and well written web applications. Though not built on Rails, WordPress also uses an MVC architecture. If you have a WordPress blog, you know you can easily change the theme of your blog. This is thanks to the modular MVC architecture with which it was written.

Here’s where this applies to everyone: 37signals hasn’t only extracted Rails from their best programming practices, they’ve also extracted a book from their best business practices. I highly recommend Getting Real by 37signals, availably entirely for free on their website. They’ve given away their “cookbook” — what they’ve learned about marketing, project management, time management, hiring, agility, task prioritization, and more. I finished the book believing that small teams can do great things.

]]> http://richardkmiller.com/273/amtrak-series-ruby-on-rails-on-rails/feed 1 http://richardkmiller.com/262/new-version-of-seth-godin-wordpress-plugin http://richardkmiller.com/262/new-version-of-seth-godin-wordpress-plugin#comments Tue, 15 May 2007 22:23:43 +0000 Richard K Miller http://www.richardkmiller.com/blog/archives/2007/05/new-version-of-seth-godin-wordpress-plugin Continue reading →]]>

Five months ago I created a WordPress plugin to implement a marketing principle taught by Seth Godin. He said good marketers “treat returning visitors differently than newbies”. The plugin has been one of the most popular features on my blog.

Today I upgraded the plugin to version 1.3, adding a feature that allows the welcome message to be displayed permanently if desired.

For more information, read about the What Would Seth Godin Do plugin for WordPress.

If you’re a marketer or a WordPress user, you might like the WordPress plugin I recently created. Based on a principle taught by Seth Godin, it lets you treat new visitors to your site different from returning visitors:

“What Would Seth Godin Do” WordPress plugin

I enjoy developing in PHP 5, for its improved object oriented design and XML support. PHP 6 is slated to have additional useful improvements like built-in Unicode, built-in caching, and increased security out of the box (no register_globals, magic_quotes, or safe_mode).

Here are other improvements I’d like to see in a future version of PHP:

• while-else statement — A while-else statement would be perfect for MySQL results: loop through the results, or if there were no results display an error.
• a better toString() — The toString() function lets you cast an object as a string, but in PHP it only works when directly combined with echo or print. Dumb.
• function overloading — Let the signature of the function call decide which definition to use.

Read more about PHP 6.

I recently finished reading Essential PHP Security by Chris Shiflett (O’Reilly). It was a good, quick read, and for me it was mostly a review of principles I had previously read on Chris’s blog. The main principles are filter input and escape output. Using separate arrays for each kind of data is a best practice:


// filter input and assign it to the "$clean" array
if (ctype_alnum($_POST['name']))
$clean['name'] = $_POST['name'];

// escape MySQL output with mysql_real_escape_string()
$mysql['name'] = mysql_real_escape_string($clean['name']);
mysql_query("INSERT INTO table (name) VALUES ('$mysql[name]')");


After reading the book I was only left with one question: is HTTP Authentication over SSL fairly secure? (I assumed it would be.) I emailed Chris with my question and he responded quickly in the affirmative. Thanks, Chris.

Last month at the UPHPU meeting, Wade Shearer presented on CSS best practices. He’s one of the few programmers in the group that’s a designer first, and a programmer second, so he has unique insight into web design. Here are my notes:

• Keep HTML free of presentational attributes
• Write clean, semantic HTML
• Use HTML tables semantically–for tabular data, not layout (generally)
• Create print-friendly version of all your pages using media=print
• For input buttons, use a 1px invisible GIF and then restyle the image with CSS:


<!-- HTML -->
<input type="image" src="1px.gif" class="next_button" />

// CSS
input.next_button
{
background-image: url(next_button.gif);
}


• Do the same thing for image links, but for accessibility include link text overwritten by a style:


<!-- HTML -->
<a href="next_page.html" class="next_button" />Next Page</a>

// CSS
a.next_button
{
display: block;
background-image: url(next_button.gif);
text-indent: -99999px;
}

• Use comments in CSS to separate typography, headers, layout, forms
• Sometimes body styles don’t cascade into tables like they should so you need to repeat body styles on all tables
• begin with a few default styles:


table, tr, td
{
margin:0;
padding:0;
border:0;
border-collapse:collapse;
vertical-align:top;
}

form
{
padding:0;
margin:0;
}

img
{
border:none;
padding:0;
margin:0;
}


• Restyling the horizontal rule (<hr>) with an image can be a beautiful addition to a web page
• Keep a library of helpful CSS classes:


.float_left
{
float:left;
}

.float_right
{
float:right;
}

.clear
{
clear:both;
}

.col2_left
{
float:left;
width:45%;
}

.col2_right
{
float:right;
width:45%;
}


• Use PHP to do browser sniffing and to include CSS files relevant to the section.
• For more best practices, take a peak at the stylesheets for Wade’s place of employment, Doba.com

John Taber, traffic engineer and PHP developer, has a great post comparing the various MVC frameworks available for PHP, as well as Ruby on Rails.

We really don’t care what the language is or what the plumbing looks like, just so long as we can get the program to do what we want, is super maintainable, and is fast to market. The last thing we want to do is CRUD stuff. Actually, a framework concept should be ideal for us. Which is why I looked so hard at all the choices…. These are strictly our opinions and of course, YMMV.

John compares them with a real practical sense. On a side note, for some reason I find it funny to read a traffic engineer write “Your Mileage May Vary” (YMMV).

Last night John, Jonathan, Alvaro and I got together to talk PHP over dinner and dessert. I had fun and learned a lot. Here are my notes:

• Sitening is a web development consultancy with a bunch of cool online tools and what appears to be a good blog. (I haven’t read it yet.) John printed a post from their blog about databases and PHP. I’m going to subscribe to it.
• We talked about Qcodo, a code generator that John likes because it’s simple.
• Alvaro really likes Propel for creating database objects to perform CRUD operations. It’s “intuitive” to use.
• We discussed apt-get vs. yum, with the winner being apt-get.
• We discussed Ruby on Rails and the similar frameworks for PHP such as Cake, Symfony, and PHP on Trax. John and Alvaro think these frameworks are too limiting, though if the scope of your project falls within the conventions of the framework they can be nice. They both prefer a lighter-weight framework.
• Alvaro is building a custom, light-weight framework that will be simply combine Propel and Smarty. He’ll release it at protonframework.com when it’s ready.
• Alvaro recommends the Selenium Firefox extension for code testing and automation. It can record each of your steps as you use your web app, then you can set up assertions (unit tests?), then you can run the recorded tests each time you make changes to your web app. This seems like a great way to test web apps consistently and thoroughly. I’m looking forward to trying Selenium.
• We discussed the virtues of SVG and lamented that Internet Explorer doesn’t have better support for it. John uses SVG extensively for creating reports and modeling streets and traffic flow in his work.
• Alvaro really likes XPath, a language for querying an XML document. On the browser side, XPath is useful for finding a certain node in the DOM. Firefox has a built-in Javascript function for running XPath queries on the DOM.
• With AJAX John can change SVG reports in real time by changing the specific DOM node that needs to be updated. XPath could be useful here.
• On the server side, XPath is useful for screen scraping. You can retrieve an HTML page, run it through Tidy to convert it to XML, then use XPath (through the PHP DOM library) to query it. Alvaro says its easier and more portable than writing regular expressions, which is how I currently do my screen scraping.
• There are Firefox extensions for working with XPath. They allow you to click anywhere on a web page and see the XPath query that would retrieve that element.
• Martin Fowler’s book was recommended.
• By using the Apache directive “ForceType”, you can forgo the “.php” extension on your files and create pretty URL’s. (ALL of your files are parsed for PHP.)

The food was good and the company was excellent. I look forward to doing this again.

John Taber and I are pudding (sic) on a “PHP Hacker Night” tonight. We’ll be meeting for dinner at 7:30 at Las Tarascas [map] in Provo. Dessert will be at Pudding on the Rice, which is next door. Both restaurants have free wifi, so bring your laptops. We’ll discuss PHP programming and any technology topics that come to mind.

For more information see the UPHPU website: PHP Hacker Night

Disclaimer: I realize I’m posting this less than 2 hours before game time, but if you read this in time you’re probably in the target audience, so come!

MediaWiki is the powerful software on which Wikipedia and many other sites are built. It does not, however, come with the option to password protect pages from being viewed. (It can password protect pages from being edited.)

If you need to setup a private, members-only wiki for internal use, here is how you can do it with MediaWiki software and the Apache server extension mod_auth_mysql:

1. Install MediaWiki as usual. Create a user account for yourself.

2. Add the following line to your LocalSettings.php file, located in the root of your MediaWiki installation. This will cause MediaWiki to use a simple MD5 hash for user passwords in the database, instead of the more complicated “salted hash hash” that it normally uses.

$wgPasswordSalt = false;

3. Activate mod_auth_mysql in Apache. This is usually done with a LoadModule line in your Apache configuration file (httpd.conf), provided the module is available. (If not, you may need to compile or download the module.)

LoadModule mysql_auth_module libexec/apache2/mod_auth_mysql.so

4. Create a new MySQL user that has SELECT access to the “user_name” and “user_password” fields in the “user” table of your MediaWiki installation. Apache will use this MySQL user for connecting to the MediaWiki database.

5. Configure mod_auth_mysql to use the MediaWiki user table for authentication by placing the follow directives in your Apache configuration file:



AuthName "This wiki is password protected (make sure the first letter of the username is Uppercase)"
AuthType Basic
require valid-user
AuthMySQLEnable On
AuthMySQLHost localhost
AuthMySQLUser unprivilegeduser
AuthMySQLPassword thesecretpassword
AuthMySQLDB mediawikidatabase
AuthMySQLUserTable user
AuthMySQLNameField user_name
AuthMySQLPasswordField user_password
AuthMySQLPwEncryption md5
AuthMySQLAuthoritative On



6. Restart Apache.

Your installation of MediaWiki should now be password-protected, but your username and password will let you in. This protects the entire wiki; no one will even know that MediaWiki is present until they login. To give other people access, you can either create user accounts for them, or you can create a guest account that they can use until they sign themselves up.

P.S. Thanks to Gary Thornock for helping me with the details of installing mod_auth_mysql on FreeBSD.

UPDATE (2008-09-11):
The latest version of MediaWiki (version 1.13) uses a new password format which is incompatible with mod_auth_mysql. It prepends “:A:” to each MD5 hash. Here is a workaround:

1. Create a MySQL view that mirrors the username and password, minus the prefix:
CREATE VIEW user_view AS SELECT user_id, user_name, substring_index(user_password, ':', -1) AS user_password FROM user;
2. Configure mod_auth_mysql to use user_view instead of user as the lookup table.