People work with WS-* web services in PHP? Why?

I'd love to give ws02 a fair shake because they have an open source business model. They have a web services framework for PHP which seems interesting from an academic standpoint. But I think WS-* web services are WAY too complicated when compared to REST.

Just look at this new product description from ws02:
The WSO2 IS enables LAMP and Java websites to provide strong authentication based on the new interoperable Microsoft CardSpace technology, which is built on the open standards Security Assertion Mark-up Language (SAML) and WS-Trust.

Your life is now 1 minute shorter after trying to read and fully understand that paragraph. Nevermind how much time would be spent trying to actually get this stuff to work.

I spent a lot of time in 2001-2002 working with Amazon's merchant program and the SOAP feeds required for putting client product on the Amazon site. I generally think that Amazon has a pretty good clue about how to do things technically and they seemed to make it as easy as possible while using SOAP. But it was still way too complicated for what we were trying to achieve (ie, send a list of available product to Amazon to sell ). And at the time, it was a nightmare in PHP. Now of course, we have the official PHP SOAP extension and some items in PEAR to work with too (does nusoap still exist?)

But I've run screaming from WS-anything since then, only getting caught in its claws a few times. It hasn't gotten any easier. It's gotten more difficult. And more pointless. I'm not alone in this thinking.

So I guess the ws02 folks are trying to solve the issue of authentication for web services. Hasn't web services authentication been solved already in a much easier way too?


Gmail 2.0 crashing Firefox with extreme prejudice

It's mostly when clicking different folders like "spam." I wasn't sure what was going as this just started happening the past 3 days when I noticed that sure enough, I've been moved over to Gmail 2.0. I tried disabling and then finally uninstalling all my add-ons (plugins) to Firefox to no avail. Selecting "older version" in the top right nav of the gmail page made the problem go away. If you're listening google, please fix this.

UPDATE:  you may need to select "older version" every day or at least a couple of days a week since gmail doesn't seem to remember that setting.  And even the latest Firefox with no extensions has this problem.


Open source twitter clone anyone?

Does anyone know of an open source twitter clone?  Preferably in PHP or Python.  Not a client mind you, but the server guts of receiving IMs and doing something with them, enabling followers, public viewing, etc.  I want to implement this on an intranet inside a corp network and obviously not display our tweets for public consumption, but only internal consumption.  If this doesn't exist, what do you all think is the easiest way to create this?  An instance of jabber or something else?


Is Microsoft buying Facebook a good thing for PHP?

Microsoft is buying a piece of Facebook. What do we all think this means for PHP since Facebook is one of the "web 2.0" leaders built on PHP? The way I see it, here are the options:
  1. Facebook continues on its merry path, taking only funding from Microsoft
  2. Facebook continues on its merry path, taking funding from Microsoft in addition to some development "resources." Resources here could be people, equipment, and technology. The free people, equipment, and technology probably won't fit very well in a LAMP environment. Pressure to move infrastructure to MS-friendly environment mounts.
  3. Microsoft rewrites the whole thing in C#
  4. Microsoft learns how simple and scalable PHP is and freaks out, unleashing a FUD campaign the likes of which we've never even dreamed of.
  5. Microsoft learns from the open source environment, partially embraces it, and creates PHP.net, a half functioning version of PHP for .net framework.
  6. Microsoft learns from the open source environment, fully embraces it, and abandons Windows by creating their own GUI for the next version of Linux.

In reality, I can really only see #1 or #2 happening. Your thoughts?


Zend Studio for Eclipse Beta

As my part time job (for no pay) is spent being a shill for Zend, I thought I'd mention that the new Zend Studio for Eclipse Beta is out and ready to be test driven. I've got a few deadlines both professional and personal to take care of over the next few days but I'm hoping to kick the tires next week. Let me know of your experiences so far.

UPDATE - since the beta period is over, the new url is now http://www.zend.com/en/products/studio/downloads 


Monster.com reply to latest hacking incident

Following is a notice monster.com sent out late last night with the subject "An Important Message to Our Valued Monster Customers" regarding their recent data loss to hackers.  Interestingly, they never actually apologize for the incident.  Bold is mine.
Dear Valued Monster Customer,

Protecting the job seekers who use our website is a top priority, and we value the trust you place in Monster. Regrettably, opportunistic criminals are increasingly using the Internet for illegitimate purposes. As is the case with many companies that maintain large databases of information, Monster is from time to time subject to attempts to illegally extract information from its database.

As you may be aware, the Monster resume database was recently the target of malicious activity that involved the illegal downloading of information such as names, addresses, phone numbers, and email addresses for some of our job seekers with resumes posted on Monster sites. Monster responded to this specific incident by conducting a comprehensive review of internal processes and procedures, notified those job seekers that their contact records had been downloaded illegally, and shut down a rogue server that was hosting these records.

The Company has determined that this incident is not the first time Monster's database has been the target of criminal activity. Due to the significant amount of uncertainty in determining which individual job seekers may have been impacted, Monster felt that it was in your best interest to take the precautionary steps of reaching out to you and all Monster job seekers regarding this issue. Monster believes illegally downloaded contact information may be used to lure job seekers into opening a "phishing" email that attempts to acquire financial information or lure job seekers into fraudulent financial transactions. This has been the case in similar attacks on other websites.

We want to inform you about preventive measures you can take to protect yourself from online fraud. While no company can completely prevent unauthorized access to data, we believe that by reaching out to job seekers like you, the Company can help users better defend themselves against those who have attacked Monster as well as other databases.

We are committed to maintaining an ongoing dialogue with all of our job seekers about Internet security and the steps Monster is taking to protect its job seekers. The Company has placed a security alert on Monster sites offering information to educate you about online fraud. This information can be found at http://help.monster.com/besafe/. We have also included information on Internet safety and examples of fraudulent "phishing" emails at the bottom of this letter.

Monster has launched a series of initiatives to enhance and to protect the information you have entrusted to us. Some of these steps are being immediately implemented, while others will be put into place as appropriate.

We believe these actions are the responsible steps to protect the trust you place in Monster. We are also working with Monster's hundreds of thousands of employer customers to ensure a safe and effective online job search. We will continue to share information with you about the enhancements we are making as we serve as your online career resource partner. We invite you to keep reading to learn more about how to use the Internet safely.


Sal Iannuzzi

Chairman and CEO

Monster Worldwide

The message then goes on to highlight "HOW TO BE A SAFE INTERNET USER" with the topics:
  • What's "phishing" all about – and how do I spot it?
  • How is it different than "spoofing"?
  • Examples of fraudulent email: (clickable examples of fraudulent email)

Of course its kind of funny to have an email that says, "don't click on phishing links."  And then says, "here's a bunch of sample links to click on."

Thumbs up for monster finally admitting the issue. Thumbs down for the response time and lack of apology.  Don't they have to (by I believe california law) have to admit to a breach of data much quicker then this?


Good ideas lost in emails and instant messages

I don't like to email anymore. Especially at work. I have some issues with instant messaging too.

Ideas get lost. So do instructions and documentation. Sure, you can make a nice document and put it out there on your internal corporate network, but no one will ever look at it. Do you have a way to search thru the contents of it? No? I didn't think so. Me neither.

I'm thinking of blogging everything. Blogging everything I want/need to remember. Maybe I'll make a blog inside work for documenting work procedures and ideas. And set other people up the same way. And I'll keep blogging stuff here obviously that's good for public consumption.

But then there's the IMs to contend with.

After losing a job surprisingly a few years ago, I've worked pretty hard to develop and nurture a network of people in my field that I can turn to and who can turn to me. This is mostly done via quick IMs. So on any given day there's a good amount of knowledge transfer back and forth in instant messaging. I view this as a kind of professional development. As long as it doesn't interfere with my daily responsibilities, it's fine. I've learned a lot from people this way and hopefully they've learned from me too.

So how do I search thru all those great tidbits, links, theories, etc. that I've given and received via IM? I'm thinking of chucking those into a database or text indexer and making those searchable via web too. I'm just not sure of the best way to go about that yet.  More to come.


Google embeddable map widgets

Posted on the google maps blog today is a post about the newly released embeddable maps. Pretty cool. Although the map is in an iframe and not javascript and div like using the Maps API. So for manipulating the map on the page, you’ll still need to fall back on javascript and API generated maps. Here’s a quick example of the new version:

View Larger Map

SECURITY ERROR: package in channel "pear.phpunit.de" retrieved another channel's name for download!

Odd Pear error today. Trying to install PHPUnit3 on a newish server. Following the instructions at the PHPUnit Pocketguide. Here's the steps I did and the error I received. I'm not sure at this point if this is a bug in the Pear installer or if there's a problem with the way the PHPUnit channel is configured so I don't know where to file this.

[code]php# pear channel-discover pear.phpunit.de

Adding Channel "pear.phpunit.de" succeeded
Discovery of channel "pear.phpunit.de" succeeded

php# pear install phpunit/PHPUnit

SECURITY ERROR: package in channel "pear.phpunit.de" retrieved another channel's name for download! ("pear.php.net")
Cannot initialize 'channel://pear.phpunit.de/PHPUnit', invalid or missing package file
Package "channel://pear.phpunit.de/PHPUnit" is not valid
install failed

php# pear version
PEAR Version: 1.6.1
PHP Version: 5.2.1
Zend Engine Version: 2.2.0[/code]

Installing the code manually (the second set of install instructions listed) works just fine however. On to my unit testing!


Debug JavaScript in PHP or JSP Pages with Visual Studio 2008

Fresh from my IM, Kirk Allen Evans blog details how to debug javascript for any kind of page in Visual Studio 2008. This has already existed for awhile with the Firebug extension for debugging Javascript in Firefox. But it's nice to have choices. And it's cool if you're developing within Visual Studio to have all your tools in one place.

You don't have to shell out the big dollars for Visual Studio to get this debugging either, you can get it with the freebie version of Visual Studio Express.


PRADO framework for PHP similar to ASP.NET

For Drew, the .NET fanboy who is just dying to release his app without having to shell out the big bucks for .NET hosting.  The PRADO framework for PHP is almost like ASP.NET.   From the homepage:
PRADO is a component-based and event-driven framework.

Look at that example on the homepage.  That's .NET with a PHP5 wrapper on it, not literally of course, but you get the point.  And yes, it has user authentication built in as recently described in this PHP framework comparison chart.  Enjoy.  And I'll take the first 1,000 shares at a discount when you go public.


Zend Framework, Google APIs, Google Reader issue

I've been playing around with the Zend Framework and the Google API. I'm pretty bummed out that there doesn't seem to be any API for Google Reader. I was hoping to use Zend_GData_Query to suck in my starred and/or shared feeds. You can do this using getFeed() but I wanted to include the tags I've put on the entries. But I don't see my tags anywhere in the data, only the original "category terms" if specified by the feed author.

I even tried to do a login authorization with Google using Zend_Gdata_ClientLogin, but the public and private Google Reader URIs threw a hissy fit on me.


Unable to find the socket transport "ssl" - did you forget to enable it when you configured PHP?

Ran into this error recently... here's how to fix it, assuming you have OpenSSL already installed on your system.  For OpenSSL your PHP config values look like this:

--with-openssl[=DIR]    Include OpenSSL support (requires OpenSSL >= 0.9.6)

So, if you've compiled from scratch, you can just recompile adding this flag to your configure command.

Alpha Wordpress Plugin for Delicious with Zend Framework's Zend_Service_Delicious

I have Wordpress set up on PHP5. While Wordpress is largely a PHP4 entity, I wanted to see if it could play nicely with the Zend Framework, which is a PHP5-only entity. With some careful fiddling, it works pretty well.

With my Zend Framework code set up in my PHP include path, the first thing I needed to do to create a Wordpress Plugin was to enable my plugin to call the Zend Framework classes. First I tried this towards the end of my wp-config.php file:

require_once 'Zend/Loader.php'; 
function __autoload($class) 

This caused Wordpress to freak out like a chihuahua on speed. Not good. I figured we'd have to do something special because we don't want ALL the classes to autoload, just the Zend ones. So I scrapped my previous __autoload and tried this instead:

require_once 'Zend/Loader.php'; 
function __autoload($class) 
  $pos = strpos($class, 'Zend'); 
  if ($pos !== false) 

Ahh, success. Sweeter then a brownie sundae with extra chocolate sauce.

From there, the rest is easy. Here's some basic code for the rz_delicious plugin, a basic PHP file you can drop into your Wordpress Plugins dir. It uses Zend_Cache and Zend_Service_Delicious to put your del.icio.us bookmarks onto your Wordpress blog. It first checks to see if there's a cached version already, if not, it uses the del.icio.us API to fetch your latest bookmarks. It does some list formatting there too because I didn't feel like handling that in my theme.

< ?php 
Plugin Name: RZ Delicious 
Plugin URI: http://www.boringuys.com/ 
Description: YADelicious Plugin 
Author: Rich Zygler 
Version: 1.0 
Author URI: http://www.boringguys.com/ 

called from theme via: 

function get_rz_delicious() 
  $output = ''; 
  $username = 'username'; 
  $password = 'password'; 
  $tag      = 'tagname'; 
  $numPosts      = 15; 
  $cacheTime     = 3600;      // seconds 
  $cacheDir      = '/tmp/'; 

$frontendOptions = array( 
  'lifetime' => $cacheTime,                  // in seconds 
  'automatic_serialization' => false  // this is default anyway 

$backendOptions = array('cache_dir' => $cacheDir); 

$cache = Zend_Cache::factory('Output', 'File', $frontendOptions, $backendOptions); 

// we pass a unique identifier to the start() method 
    $delicious = new Zend_Service_Delicious($username, $password); 
    $posts = $delicious->getRecentPosts($tag,$numPosts);  //$tag 

    if (count($posts) > 0) 
      $output .= '
    '; } foreach ($posts as $post) { $output .= '
  • ';
    $output .= $post->getTitle() . '

    $strTags = ' ( tags: ';
    foreach ($post->getTags() as $tag)
    if ($tag != 'boringguys.com')
    $strTags .= '';
    $strTags .= $tag . '
    | ';
    $strTags = trim($strTags, '| ');
    $output .= $strTags . ' ) ';
    if (count($posts) > 0)
    $output .= '
'; } } catch (Zend_Service_Delicious_Exception $e) { // largely ignore the delicious service error $output .= '
    '; $output .= '
  • del.icio.us service unavailable
  • '; $output .= ''; } echo $output; $cache->end(); // the output is saved and sent to the browser } }


To PHP5 or not to PHP5

I consider myself an Open Source Developer but I very rarely develop for the open source community. I create apps for businesses, where I work, and some side projects. I share code with those I work with obviously, but generally not with the PHP community as a whole. I share some items on this site that I think are helpful to people.

I'm not sure yet where I stand on the goPHP5 movement. I tend to use PHP5 on my newer development but still have to use PHP4 for legacy stuff. And by "legacy," I'm talking internet time here, so about 4 years is "legacy."

I'd like most of the common PHP apps to move to PHP5. I've got some PHP5 Wordpress plugins in my code repo right now. And heaven knows that Drupal could really use PHP5 (or even the namespace support in PHP6). But I think forcing their hand is a little harsh.

Photo Matt isn't moving Wordpress towards a PHP5 model any time soon. And this is a bummer. But I understand the point of not leaving users of your product in the dust. I don't really have that problem with my code.

As for my opinion, I feel like learning PHP5 was one of the best things I've done in my career. It helped the other object-oriented languages like Java and C# to seep into my head a little bit more. Knowing more then one language is always a good thing.

I love the object model in PHP5, as well as PDO, and the JSON extension is nice. But I find that I use the improved DOM handling of XML in PHP5 the most. It still really shocks me that more people aren't interested in using this. And it still shocks me that more people aren't interested in using XSLT and PHP.


Create your own Simpson character

I dub thee Rich Zimpson.  It's scary how similar this is to what I really look like.

rich zimpson avatar

Make your own at http://www.simpsonsmovie.com/


Book Review of Pro Drupal Development by John K. VanDyk and Matt Westgate, published by Apress

Quite often web developers are faced with having to overcome problems quickly and efficiently without having much background in the problem area. Good tools and good documentation are your best friends in a situation like this. Recently, I was tasked with whipping up a website driven by Drupal in only a few days. I had used Drupal once before but this new site required going under the hood of Drupal and I hadn't done that previously. The project required creating some custom Drupal modules for content-types and blocks as the basic pages of the site needed some extra stuff in them besides the normal title, content, and categories. Clicking around the vast Drupal site was a bit of a help on the issue but my savior was the copy of "Pro Drupal Development" by John K. VanDyk and Matt Westgate, published by Apress, that landed on my desk.

The book isn't for Drupal beginners but it doesn't really claim to be either. It's helpful to have a Drupal site or two under your belt as the authors give a quick overview of the Drupal workflow and then they dive right into the guts of building custom modules complete with code examples. Building modules from scratch looked pretty daunting but this book takes you through step-by-step in various scenarios of why and how you'd need to create custom modules, complete with storing additional data in the database, creating admin screens, and utilizing the forms API. Once you go through about half of this book, you'll be able to bend Drupal to your will through the creation of custom code modules.

A few more high points of the book include the great descriptions of nodes and taxonomy which tend to trip up quite a few people using Drupal. Also, the authors show you right away how to uninstall your test modules easily which is a great help. It's this kind of extremely useful tip that pops up every few pages that make this book a MUST HAVE for every serious Drupal developer.


Drupal for single hierarchy corporate website

We needed a content management system (CMS) for a website at work for 3 reasons:

  • So the developers could be out of the content maintenance loop.
  • So the developers could be out of the content maintenance loop.
  • So the developers could be out of the content maintenance loop.

I remember when I first started web development years ago (gosh, has it been 10 years already?), that the “web guy” was called upon to make every little edit to the website. It could be a typo, a broken link, or an add-on to an existing application. Obviously, some of these things are not like the others. Fixing typos and broken links shouldn’t really be done by the programmers. They’re making too much money to deal with such minor issues. The people in charge of creating that content should be in charge of that stuff (ie, the marketing people).

There are a lot of companies where this is still the norm, the web development folks have to take care of a lot of minor issues like this. My current company was like that. But I’m trying to change the culture there. I’m trying to make the content creators responsible for the content and the programmers responsible for the programming. Enter stage left… use of a CMS for our new website.

After looking at a bunch of open source CMS apps (in PHP if you please) and also a handful of commercial CMS apps, I’ve come to the conclusion that CMS apps suck. ;-) No, really they do. Well, it’s not that they suck, it’s that you are never going to find one CMS that does every single thing that you want it to do. You’re just not. So give up now. I did.

So instead, putting my open source hat on, I tried to find the CMS that looked to be the most extensible or hackable. Drupal won this round hands down. There aren’t a lot of of examples out there about using Drupal for a fairly static corporate website, so I had to create some new modules to do things that I wanted but all in all the coding on the project went very quickly and we launched a successful site. I’ll be posting a few things that we learned along the way about using Drupal in this way in subsequent entries.

But for now, just know that we did keep the developers out of the content maintenance loop. And if you have any specific questions about the process, just holler.


Google Gears for offline browsing

I'm a couple of days behind in the news here (darn vacation days!)... but Google Gears is out and promises to shake up website development as it uses browser extensions to offload data down to the client instead of making continued requests to the server.  Of course the catch is that you have to download something first.  But there's already Ajax tools for it.

What do you all think about this?  Hype or hope?


Yes you, Mr. ASP.NET developer can use a hosted open source Subversion source control for your projects also

For some reason, most .NET devs that I run into insist on using closed source applications for everything they do. I have no idea why. I guess it's a culture thing. That's why I love it when a mostly ASP.NET fellow starts using something open source, like Subversion source code control. All the tools are in place to do what you need, the TortoiseSVN windows explorer plug-in, the Ankh Visual Studio plug-in. It's all there.
Plus, I've really fallen in love with the concept of a hosted subversion solution. For me, I host my own at my provider. But for my side projects, its great to be able to access them from multiple computers. If I can get to the internet, I can get to my project code.

Facebook.com opens up facebook platform similar to ning.com

Read about the new developer environment for Facebook.com on cnn.com. I can't tell yet if this is Facebook.com adopting some of the Ning.com philosophy of "create your own social network" or if it's just a giant widget factory on steroids.
No longer will Facebook consider itself merely another social network. Instead it is becoming a technology platform on which anyone can build applications for social computing... Outsiders can now develop Internet services on Facebook's infrastructure, he explains, that will have full access to all its members.

developer.facebook.com has more info on the facebook platform. And of course, you have to love that it's built on PHP.


PHP is not doomed. But perhaps open source development of it is.

Read this today from Jeremy Privett "Is PHP Doomed?"  Internal devs fighting over the future of the language could be construed negatively, but I don't think it matters at all.  Until someone starts talking about forking PHP, I think we're on safe ground. As an outsider, I wonder how much pull Zend has anyway, and whether or not PHP is being pulled in the direction they want it to go.  Its not too far-fetched for them to get an agreement to just close the source.  Aren't most of the PHP devs working for either Zend or Yahoo at this point? Besides, what kind of arguments do the internal devs in Redmond have over .NET?  Oh that's right.  We aren't really privy to that information. I think there's been an uptick recently in PHP adoption in the enterprise.  How do I know that? Because I've gotten several job offers doing this very thing in the past 2 years.  I'm now working at a 60 year old company, that works quite a bit with the government.  We rely on PHP for quite a few internal apps.  This is not some fly-by-night Web 2.0 outfit. So, is PHP doomed?  I don't think so.  And even if it is, Ruby's not so bad ;-)


How to for SSH, Subversion (SVN), Putty, Tortoise, and Zend Studio 5.x using svn+ssh

Attempting to connect my new Windows machine with Zend Studio 5.1 using svn+ssh to an svn repository on Linux, I am obliged to once again stand on the shoulders of giants that have come before me. Here's some "how tos" that got me through it.
  • Logemann Blog - Subversion / TortoiseSVN SSH HowTo - Soup to nuts on how to set up both the server end as well as the client end of this ordeal. Includes ssh, ssh-keygen for generating keys, installing keys on client via Putty and Pageant, and using the ssh tunnel built to grab the repo via TortoiseSVN.
  • Zend.com Forums: Zend Studio => HOW-TO: Using SVN+SSH in ZS 5.5 - More ssh, ssh-keygen, installing keys on client via Putty and Pageant, and using the ssh tunnel with Zend Studio. (This seems to be missing one step for Zend to work though which is included next)
  • SVN - SSH connection produces errors - This post from the Zend knowledgebase adds the mysterious SVN_SSH environment variable that magically makes this work for Zend. NOTE - while they show this using the path to TortoisePlink.exe, you may also use Putty's Plink.


Delphi for PHP and Mysql development

On my short list of things to check out soon are Delphi for PHP and Scibit's MyComponents for Mysql.  It looks like Delphi gives you a "visual (RAD) framework for PHP" and MyComponents gives you the glue to Mysql.  It's an interesting concept but I can't quite get my head around doing visual development in PHP (cuz that's what html and css designers are for).

Notes on upgrade from Zend Studio 5.1 to 5.5

Tony Bibbs writes about his painful upgrade from Zend Studio 5.1 to 5.5. While I'm a huge Zend fanboy, I noticed it looked a bit painful too and have stayed at 5.1 at both home and office.  Tony's main complaint is with remote debugging and the Zend Server vs Zend Platform issue.  I could never get the debugging to work in the first place.  I'm gonna sit and wait some more on this one.

How to create and use multiple profiles using the Profile Manager of Flock

Similar to an earlier post about using multiple profiles with the Profile Manager of Firefox, it is possible to do this with Flock as well.

To start the Profile Manager in Windows, follow these steps:
  1. Close Flock completely (select File > Exit from the main menu)
  2. Select Start > Run… from the Windows Start menu
  3. Change directories to your Flock install (typically C:\Program Files\Flock\flock> )
  4. Enter flock.exe -p and press OK.
  5. Remember to check/uncheck the “ask this at startup” box.


Local time shortcut from google ("time in india")

Another neat trick I found in google this morning. If you need to know the time elsewhere in the world, say the country of India for instance... you can simply google: "time in india" and it will return: India — Current local time: 6:24 PM on Tuesday, February 20 According to http://www.google.com