Showing posts from December, 2011

Future Plans

2011-12-26 So, you're all probably wondering what are the big plans for www? Ever since I purchased, I wanted to build a place where people could come and see my work, I wanted to (with permission) keep working copies of my client's sites as an empty mirror or a sandbox for testing/viewing purposes. I would keep the applications in a virtual environment and reset the database on a timed interval. I wanted to publicly host code that I had written as an example of what I can do as a developer and also to keep for myself an archive of things I've published to see how I develop as a software engineer. How does my code formatting change over time? How does my architecture develop with each new release? What new concepts do I employ as time goes on?

6-Month Review

So, about six months ago, I set myself a set of goals to accomplish about this time in my life. I think now would be a good time to review those goals and see where I've come since then. I set out to accomplish my Zend/PHP5.3 certification, more security-oriented programming, and more front-end development. Since then, I have accomplished the goal of my PHP/5.3 certification, and I have started developing more applications that involve more javascript. I have not quite yet gotten involved in more security-oriented programming, but that is yet to come. I have to say I'm proud that I've accomplished what I have thus far and I would like to continue this trend. Goals for the next 6months Security-Oriented Programming I want to continue the goal of finding more security-oriented p

Gitolite Install

In recent weeks, I've been curious about Github and how they host their private/public repositories. It was obvious they used SSH to establish the connection, which I thought was awesome from a security standpoint. However, for personal educational gain, I was curious how they did it. I ran across a Google search result that said you could host your own private GIT server . So, I followed the user's advice and found it was rather easy to use a generic SSH connection to establish your own private GIT repository. I thought it was really awesome, but after a while, I wanted to show my work off to a select few, but at the same time, the idea of just about anybody having SSH access to a user on my system just wasn't ideal. So, I looked for the authentication method used to manage users accessing the GIT server in question and found this

ZF Github Hey all, I just wanted to throw a heads up out to the ZF world. I've created a place where we can all come together as a community and maintain a repository of application-specific models, views and controllers. This can be an open compilation of everybody's contributed effort at minimizing work on each other by providing us with a place where generic modules can be popped out of this project and into any other project. If anybody has any generic component, such as a basic login, registration, contact-us form, or other module that's pretty generic enough that it could go in just about any ZF-based project, and you're willing to release it under the BSD license, then feel free to fork a copy of this repository, add the changes, and request a merge. I'll be working the best I can to maintain this so we can all have a ZF repository of modules, controllers and views.

"The Cave"

I'm having to take this class at UOPX by the class title: Philosophy. I just wanted to take a moment to reflect on some of the text we are given to read and make note of my interest in this particular subject. Following is an excerpt from the text, which quite accurately depicts what I see happening around us all every day: The Cave In the Republic, Plato uses a vivid allegory to explain his two-realms philosophy. He invites us to imagine a cave in which some prisoners are bound so that they can look only at the wall in front of them. Behind them is a fire whose light casts shadows of various objects on the wall in front of the prisoners. Because the prisoners cannot see the objects themselves, they regard the shadows they see as the true reality. One of the prisoners eventually escapes from the cave and, in the light of the su


Knowledge Knowledge, is the essence of education. Knowledge is truth. Knowledge is the collection of facts and data, statistics and analysis. Knowledge is good for retention, reference, and remark. Intelligence Intelligence is the essence of interpretation. A person can be knowledgeable, but that data is meaningless if it cannot be interpreted. Intelligence breeds the inception of concepts, spider webs of connections, and interpretations of anticipation. Intelligence is the adaptation to the surrounding environment; the interpretation of change in data over time. Smartness Smartness is the essence of wit. Smart is the ability to adapt to change quickly and efficiently, the ability to perform impromptu scenarios such that they emerge the victor of the obtained goal; Social Engineering

Career Goals

Since I've began working for this company known as Integraclick / Clickbooth based out in Sarasota, FL, I've been asked to generate a list of goals which I wish to accomplish within the next six months. A list of my goals are as follows: Zend Certification How I plan to achieve this goal:     I would like to become Zend certified in PHP/5.3, and later Zend certified in the Zend Framework. I'm going to learn the study guides and schedule to take the test sometime early February. Taking the Zend Certification on the Zend Framework will take a bit more time to study and prepare as it will be in combination with my already-scheduled online courses with UOPX . Information Security How I plan to achieve this goal:     I will start spending more of my free time studying the details of Information Security. For example, getting to know tools such as metasploit , Bac

Resource Performance

You ever run your application and realize it's taking a long time to process? It would probably be a good idea to take a look at your application and see how many times you open and close a resource or a stream. If you have a lot of functions that open a stream, query it, and then close the stream, then it's likely that might be the bottleneck of the application. In order to reduce the amount of time it takes to process the application, it's usually best to open the steams to the resources needed when the application starts, and then close them when the application ends. Here's an example class that deals with files: class FileHandler { /** * Implements the singleton pattern. * @var FileHandler */ protected static $_instance; /** * Holds the current file pointer. * @var [resource] File pointer */ protected $_fp; /** * Starts up the resource handler. * @param filename string The path to a file to open.

phpMyAdmin -> Adminer

Okay, so one day, I sit down at my system and I refresh the page on https://phpmyadmin/ to get the most up to date information from the database. I come to find that the page was blank! I get a white page with nothing in it. I check the source code, but the text is still there. I looked firebug, and there were no errors. Later, I checked apache's error logs, and they were blank (except for the expected warnings about an invalid security certificate), I checked PHP logs and there was nothing to be reported (on E_ALL &~E_NOTICE <- which I despise, btw). I am not very keen on debugging phpMyAdmin because I realize that it had been written with the intention of PHP4 in mind. There was no separation between the logic and presentation in a MVC-style fashion. Adminer is an awesome file. It pretty much does phpMyAdmin does except search.... and it's lightning fast! Not like phpMyAdmin that could take loads of time to generate all that HTML. I was a little skeptical that a sing

PHPUnit Taking Forever to Run

I was tasked to create some PHPUnit tests for a project at work, but I was having an issue running the tests because they were taking forever to load, even if it was just a single small little test that just asserted a true statement. So, I went googling for some kind of result and found this mail archive discussed in the ZendFramework mail archive. Basically, you just want to check your phpunit.xml file and ensure you only whitelist the files and directories you want to be tested. Don't include excludes unless they are included in your whitelist. To put example to words, let's assume you have a phpunit.xml similar to this: <phpunit bootstrap="./tests/bootstrap.php"          backupGlobals="false"          backupStaticAttributes="false"          syntaxCheck="false"          colors="false">     <testsuites>         <testsuite name="MyTest-Application">             <directory suffix=".php"

Google Analytics

Well all know about the mega massive search giant known as Google . Also, they have this obsession with tracking its users. I am familiar with this tracking system on a minor scale, and I do my best to avoid it, just because I can. For those of you who don't like big brother looking over your shoulder, but still want to enjoy the services provided by him, you probably want to keep reading because this script I have for you enables you to search on google without having to deal with too many of their tracking systems getting in your way. Personally, I browse in FireFox, and I use the extensions NoScript and Request Policy to help protect me against a lot of unwanted things people like to embed in their websites. Be they scripts or even advertisements. In most cases, I can even block google-analytics ran by other people's websites as well. Google likes to embed things in their links that you click. This is how they keep tr


Abstract Cross (X) Site Scripting (XSS) and Cross (X) Site Request Forgery (XSRF) are quite prevalent today and can cause quite a bit of damage. They take advantage of a session by exploiting the cookie. Mike Bailey and Jeremiah Grossman are both excellent Information Security researchers for Mad Security and White Hat Security, respectively. OWASP is the Open Web Application Security Project. WASC is the Web Application Security Consortium. Not everything in this document is covered in detail. For the sake of the scope of the document, just the basics over web development is covered. The rest of this document describes XSS and XSRF in detail and the controversy between them. XSS and XSRF Security Let's imagine that you are browsing the Internet, and you receive a notification via eMail that your account was locked because of an excessive amount of incorrect login attempts. You rush to click the convenient link within the e

Circular Reference

Intro I just recently ran into something that had me stumbled for quite a while before it smacked me in the face like a ton of bricks. It'd be better to explain with examples, so excuse me if you're reading this and you're surprised to see some gobblygok and you're just looking for techno-gobblygok to look at, okay? For those of you familiar with software languages such as C/C++, Java, and Basic, you may be familiar with this concept of passing variables by reference and by value. For those of you that don't know, this will be good exposure, and an awesome lesson to learn at an early stage to prevent hours of FaceDesking . :P What's a Reference? In many languages, you pass by reference by using the ampersand (&) operator. Like so: function myAdd(&$var, $amount = 0){ $var += $amount; } $toAdd = 5; $amount = 3; var_dump(myAdd($toAdd, $amount)); Normally when you pass a variable in a function, you are passing the value of that va

Subversion Tutorial

I figured I'd put this tutorial together for those who are struggling to grasp the concept or commands in SVN. I have also had to reproduce this tutorial for more than one company, so I wanted to generalize it for anyone new to SVN. Installing a command-line SVN client Windows Windows users can goto SlikSVN and install the client from there. Linux Linux/Mac users should first type which svn to see if they have subversion installed. If not, Debian-based users can type: sudo apt-get install -y subversion RHEL based users can use: sudo yum install -y subversion OSX Mac OSX users can use MacPorts or Homebrew to install their cli-subversion client. brew install subversion or sudo port install subversion Configure Your Subversion Client Windows After you have run the installation package for both subversion and gnuDiff, make