About Web Development by Activo

As you can see I am using the iNove theme offered free by mg12. I have spent about an hour this weekend to tweak and set it up to my liking and overall it is a great theme. The look and feel of this theme is awesome, clean, and easy to read. While playing with it over the weekend I did find some room for improvement. I am going to limit  my pros/cons to max 5 for each and please remember this list is provided with constructive intentions only. So here is a short pros/cons list for the iNove theme:

iNove theme Pros

• Clean look & feel.
• Allows for custom meta tags, google search, notices, rss feed, and email feed.
• Neat usage of icons.
• Well balanced main content area versus sidebar.
• Fantastic set of default hard-coded widget set for the sidebar.

iNove theme Cons

• Not using the wordpress widgets engine, hence it is difficult to edit and tweak. In some cases will require editing theme files.
• Scalability and performance is impacted due to the large number of css and javascript files. Using local jQuery file instead of the google hosted one.
• Not using CSS sprites while having a classic example of one such possible usage (icons).
• Javascript files are not minified.
• Some external plugins are required for all the functinoality to work.

Overall, it is a thumbs up for anyone who is considering this great theme. However, like everything else, there is always room for improvement.

Ron Peled Web Development Wordpress

Yes, I am sure you have noticed. I just finished updating the blog a bit. The current theme is iNove by mg12 – I love the use of the icons. I also updated the underline wordpress to the latest 2.7.1 – yes it is about time.

Expect more positive updates soon and always let me know if you have any feedback. Enjoy.

Ron Peled Web Development

Sometimes we are so busy with our projects that we miss interesting changes, some may influence us positively. Here is a change that I wanted to share with you: new subversion version 1.6 and Visual SVN Server.

In the last three years we have used both VSS that integrates seamlessly with Microsoft’s Visual Studio, of-course and subversion which can be handled simply from the Windows Explorer window under windows or by using the simple but useful subversion client. Through our development years, it was subversion that took over all our source code repositories. It was simple to use, great to manage, and most importantly – reliable.

Just recently I needed to use the ‘merge’ feature and I discovered that it was only available in version 1.5 and on. So, I went on trying to upgrade the subversion binaries to the latest stable on an Ubuntu server. If you have been reading my blog, you already know that I do not like Ubuntu, well this is the only Ubuntu server left in our arsenal. To make a long story short, after trying to upgrade but giving up since it requires a major Ubuntu release upgrade, I decided that I should look somewhere else. This is where I turned to Visual SVN Server.

After purchasing a copy of Visual SVN – which is a great little plugin to Visual Studio that allows you to integrate with your subversion repository seamlessly and efficiently, we noticed that the same company created Visual SVN Server. Hence, I tried it. I can start by saying that it was well worth it. Yes, Linux is great but for the simple stuff that we do with SVN a windows box will do just fine. Not to mention that with Ubuntu it is a nightmare and waiting for CentOS to adopt the latest version of subversion may take some time, Visual SVN Server is very convenient. If you check their download page, the latest download-able version is already using subversion 1.6. Great!

So, if you are looking to build a subversion repository or in need of upgrading due to need of features/bug fixes – I strongly recommend upgrading to Visual SVN Server.

By the way – moving your existing repositories is a no brainer, especially with Visual SVN’s repository import feature.

Ron Peled Web Development CentOS, subversion, Ubuntu

In a typical high performing web servers environment I have a few web servers running apache/php and a separate DB server to support them. If the need ever comes to increase the capacity of the DB server it can easily be done via the MySQL clustering configuration. In any case, one of the most redundant tasks before setting up all servers is to tighten the security. In particular, setting the firewall is a repetitive task. Hence I am setting this page as a guide to myself and anyone who cares, Enjoy!

1. SSH to the server, login as root
2. type vi myiptables-mysql
3. Insert the following commands:
   NOTE: you will need to insert the web server’s ip addresses where I placed <ip address#>. These are the ip addresses that MySQL queries will originate from.

   #!/bin/bash
   #
   # iptables example configuration script
   #
   # Flush all current rules from iptables
   #
   iptables -F
   #
   # Allow SSH connections on tcp port 22
   # This is essential when working on remote servers via SSH to prevent locking yourself out of the system
   #
   iptables -A INPUT -p tcp --dport 22 -j ACCEPT
   
   iptables -I INPUT 1 -i lo -p tcp --dport mysql -j ACCEPT
   iptables -I INPUT 2 -i lo -p udp --dport mysql -j ACCEPT
   iptables -I INPUT 3 -i eth0 -p tcp --dport mysql -s <ip address1> -j ACCEPT
   iptables -I INPUT 3 -i eth0 -p tcp --dport mysql -s <ip address2> -j ACCEPT
   
   #
   # Set default policies for INPUT, FORWARD and OUTPUT chains
   #
   iptables -P INPUT DROP
   iptables -P FORWARD DROP
   iptables -P OUTPUT ACCEPT
   #
   # Set access for localhost
   #
   iptables -A INPUT -i lo -j ACCEPT
   #
   # Accept packets belonging to established and related connections
   #
   iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
   #
   # Save settings
   #
   /sbin/service iptables save
   #
   # List rules
   #
   iptables -L -v

4. save and exit
5. Allow the file to execute by typing this command: chmod +x myiptables-mysql
6. Run the file by tying this command: ./myiptables-mysql
7. Test it and Enjoy!

Security notice: yes, for an even tighter security it is possible to change the ports.

Ron Peled LAMP: Linux Apache MySQL PHP, Web Development CentOS, security

In the past two weeks I have been doing some serious PHP development. Unlike .NET development where Microsoft’s Visual Studio is second to none, in PHP there was never a clear winner. So, I have decided to take the latest Zend Studio, version 6.1 on eclipse, for a spin.

As always, I give Zend, the company who created PHP a lot of respect. But with my usage of the Zend Studio IDE I have found more annoyances than features that helped me gain productivity. Here are some of the bad items I could not resist but rant about:

1. The entire solution now seems ‘gummy’. Where are the days when we can go through multiple PHP projects, and multiple PHP files in a few clicks and the IDE still feels ‘light’? Well, it doesn’t. In fact the more I use it the more this new IDE feels ‘yuck’.

2. My experience with the file/project manager on the left hand side was poor at best. If you have some scripts that update a file with fopen(), fwrite() – I had to force refresh on the parent folder of the updated file otherwise the IDE shows an error message when I try to open the updated file. What?

3. Auto complete is a little wierd. Ok, maybe a lot wierd. I really miss the auto complete that Zend Studio 5.5 used to have. While it is evident that the algorithms are trying their best to be smart, the whole user experience with the location of the auto complete windows, tabs vs enter keys to confirm the selection, and some inconsitencies in UI brings my frustration to uncharted levels. Dear Zend Develop team, can you please download and try Visual Studio and copy the ease of use? not hard to do.

4. Do I really need to create a new project, give it a name, choose a folder if all I want is a new PHP file? really? Do you ask your online users to fill out a 20 field form for a simple contact inquery? I DONT THINK SO.

5. Two files that I need my IDE to handle well: XML and SQL. All I ask for is to show me the text, dress it up with color, and handle nice any auto completion in a smart way. In this new versin of Zend Studio I was simply not able to open some XML files or the rigid editing of it made it impossible to work within the IDE, Notepad served nice in those cases. But this means failure to the IDE’s interface.

Conclusion
I do not know what made Zend decide on choosing a wrong turn with the latest version of Zend Studio (6.1). But it seems like the Zend team have decided to sacrifice a lot of functionality in order to cut on development efforts that the eclipse IDE supposedly provides. The only problem here is that eclipse’s features are weak and not good enough to be considered a good starting point for any PHP IDE who wishes to be claimed the best.

Time to try something new, the buzz seems to favor the latest PHP IDE by NuSphere: PHPEd.

Ron Peled PHP/MySQL, Web Development Eclipse, ide, PHP, PHPEd, Zend Studio

A few days ago I read Karry Watson’s article titled Open Source E-Commerce: Twelve Promising Programs. Karry provides a good overview of the current state of open source eCommerce options for online vendors. From our experience with many different vendors and from recent trends I wanted to discuss three open source ecommerce systems from Karry’s list that power most of the shopping carts out there, now and in the near future. Ugly first:

The Ugly: osCommerce

There is no hiding for this huge collection of 3 line scripts that somehow compose a shopping cart. I think any web developer that took a few classes of computer science knows that it is a big hack not a piece of software. Any additional functionality needs to be glued somehow and made work. Oh, by the way – good luck trying to use two extensions at the same time. Anyway, you see where I am going with this. Easy to setup, easy to use, not programmed well, hell to maintain, nightmaire to develop. Ugly.

The Bad: Zen-Cart

I personally fell in love with this shopping cart back in 2004 very close to the split from osCommerce. What a great energy this project had. The sky was the limit. Someone recently pointed out that open source fatigue happens to many projects: starts great, reaches pubirty, and starts lingering. Great codgin techniques, not complete by any means but every release converts more code into clean, object oriented, design pattern oriented beauty. Unfortunately, recently development has stalled. Ok, it didn’t, the developers are saying that they are very close to the next release which got extended (and additional features got added). Bottom line, no releases in 2008 at all. Meantime, where is our improved admin interface? Web 2.0 features? quantities by attributes? Bad.

The Good: Magento Commerce

Still new and growing fast. The new kid on the block. What I like about Magento is the solid foundation which is based on the Zend Framework. In a way, forcing good development practices: MVC, templating, scalability, layering, etc. Magento is here to stay, moreover, it will quetly revolutionize the open source ecommerce space and force all the players to push the envelop. This includes all the small size commercial shopping carts ($1-$2,000 per license). Good. Great!

What are you using? What are you going to use?

Ron Peled Magento, Web Development, ZenCart, eCommerce eCommerce, Magento, open source, osCommerce, Zen Cart

We are lucky to live in our times. No, it is not fun going through (steep) downturn economy. But it is exciting to see the changes that such a recession will bring. One of the exciting changes that I predict for 2009 is a general boost to open source projects: increased usage and adoption by corporations while communities and ecosystems grow. Perhaps even to a point of competition with commercial products (in some cases). This is another question by itself: Can an open source project compete with a commercial product?

This year, 2009, we will see how open source projects will make huge strides and erase the gap with commercial projects, if not gain an advantage over them. Here is why:

1. Unbeatable Price: free! I know, it is not entirely true, you still need services around open source products and arguably more than in commercial products. But as the market learns to adopt more and more open source products the TCO can be lower with open source than commercial products, especially if you have the right team on your side.

2. Gain from the ‘wisdom of the crowd’, instead of wisdom of one as is often the case with commercial products. We see examples of this all over, in particular in the web development industry: Umbraco is gaining huge marketing share compared with Ektron. Magento Commerce is gaining huge market share over any other open source ecommerce platform and some of the low and mid-level commercial products in the ecommerce industry. Similar thing is happening with ASP.NET: the framework is now adopting the MVC design pattern mostly due to the fact that other platforms like Zend Framework and Ruby are free and product amazing websites. Top it off by the adoption of jQuery in almost any commercial web product today including ASP.NET framework which dumped AJAX.NET in favour of jQuery.

3. This is the sad-but-true part: developers are being laid off and hence join open source projects. It is known that the IT industry lags about 6 months after the indicators have come in, in other words, hi-tech layoffs will continue to come. In any case, more developers will be out of a job and will have plenty of time to collaborate and volunteer in open source projects – a great way to polish a resume…

To summarize, in 2009 we will see a great boost in open source adoption. Now, I am not saying that commercial products will not see any upside this year, but the competition will certainly be tougher then ever before. I am excited to see how it plays out. We certainly are going to focus our energies and our client’s energies on the leaders of each industry. You?

Ron Peled Content Management Systems, Ektron, Magento, Web Development, eCommerce AJAX, ASP.NET, CMS, eCommerce, Ektron, jQuery, MVC, open source, Umbraco, Zend Framework

Sometimes, when you realize that you could have improved the system with so little effort, we blush. This is what happened to me when I realized that most of the neworking delays could have been avoided with this tiny but wity utility. I knew that having a local caching DNS or the like is the answer but I did not want to use a full fletched DNS server. I found pdnsd – a small proxy DNS server with permanent caching. Perfect!

In a nutshel, pdnsd is a small utility that caches DNS translations locally on the HD, hence next time the server queries the address the response time is likely to be minimal. Usually, the server has to query your ISP’s DNS or whatever DNS server you specified in the /etc/resolve.conf file. In a high performing web servers you are constantly competing with other packets on the network or your network resources. This is a great advantage. By installing pdnsd you achieve the following:

• Decrease the average DNS response time sharply!
• Increase your server performance, especially if this server needs to communicate externally a lot like an eCommerce server which constantly needs to communicate with shipping and credit card servers.
• Save on bandwidth.

Here is how you go about setting up pdnsd on a CentOS server:

1. Download the latest stable rpm:
go to pdnsd download page and look for your relevant rpm. For CentOS 5.2 64bit I got the latest version as of yesterday:

wget http://www.phys.uu.nl/~rombouts/pdnsd/releases/pdnsd-1.2.7-par_sl5.x86_64.rpm

2. Install the rpm:

rpm -i pdnsd-1.2.7-par_sl5.x86_64.rpm

3. Configure pdnsd to use your current DNS servers:

vi /etc/pdnsd.conf

Paste the following, of-course you should use your DNS servers instead:

server {
label="opendns";
ip = 208.67.222.222,208.67.220.220;
}

4. Start pdnsd and test that it is actually working

service pdnsd start

 dig @127.0.0.1 yahoo.com

If you get the IP, it is working. Notice the response time, if you try again you will see a sharp decrease in response time. My servers’ second response time is almost always between 1-0 ms.

5. Set pdnsd to start automatically on boot

vi /etc/default/pdnsd

Enter the following and save:

START_DAEMON=yes

Also make sure the daemon is set to auto start on boot. I use ‘ntsysv’, you can use chkconfig or whatever you are used to.

6. Set your server to use the pdnsd instead of your DNS servers

vi /etc/resolv.conf

Make sure that the first nameserver line is ‘127.0.0.1′. Should look like this:

nameserver 127.0.0.1

7. Restart your network service:

service network restart

How do you know that it is working? try to use any script that needs to go outside to the network, like ‘yum update’. In most cases, you will notice that the second time is much faster. Enjoy!

Ron Peled LAMP: Linux Apache MySQL PHP, Performance Optimization, Web Application Hosting, Web Development CentOS, DNS caching, DNS proxy, pdnsd, Performance Optimization

Last updated: December 7th, 2008.

Recently, jQuery – the agile JavaScript Library – has reached a tipping point. Here is a list of CMS and eCommerce systems that our clients are most interested in and their status with regard to jQuery.

Systems where jQuery is officially supported:

1. Microsoft has adopted jQuery and will offer intellisense support in its dominant IDE: Visual Studio 2008.

2. Umbraco - an open source CMS now offers jQuery by default and using jQueryin Umbraco is a matter of adding a simple call in order to include the jQuery files in the page.

3. Drupal - is an open source CMS and Framework CMS, as of version 5 it offers jQuery streight from its core. There are plans to build a centralized jQuery plugin in Drupal version 7.

4. Typo3 - is an open source CMS Framework. Typo3 has a jQuery extension that allows advanced integration with jQuery.

5. DotNetNuke - an open source ASP.NET CMS. Since October 2008 DotNetNuke offers built in jQuery support beginning with version 5.

Systems where jQuery is not supported:

1. Joomla - seems to favor Mootools over jQuery. Here is an article on how to support jQuery within Joomla and avoid conflicts with other libraries.

2. Zend Framework – the leading PHP Framework following the MVC design pattern. A press release was issued in May 2008 announcing Zend Framework and Dojo partnership.

3. Magento Commerce – an open source eCommerce platform that is gaining huge market share in the eCommerce industry. Currently Magento Commerce supports prototype JS library instead of jQuery, but offers ways to integrate jQuery easily.

4. Zen-Cart - an open source eCommerce (competing with Magento). At the moment Zen-Cart is not supporting any JavaScript library in its core.

Other systems and their relationship to jQuery:

1. WordPress - an open source blogging software. Uses jQuery for its core functionality and is avilable for any third party plugin.

2. Ektron CMS400 – Ektron has an enterprise level CMS with advanced content editing features. Oddly enough, Ektron seems to have embedded their own version of jQuery in their code.

While jQuery seems to be favored the favored JavaScript library by many developers, it has yet to be declared as the default one for many projects and systems. I’ll be keeping this list updated in the following months. Let me know if there is a system that interests you and I did not list it here.

Ron Peled Content Management Systems, Ektron, Joomla, Magento, Web Development, ZenCart, eCommerce ASP.NET, CMS, Dojo, DotNetNuke, Drupal, eCommerce, Ektron, Joomla, jQuery, Magento, MVC, Typo3, Umbraco, Visual Studio 2008, Wordpress, Zen Cart, Zend Framework

Looks like turbulent water in the Joomla Security Forums, again. Let’s ignore this and focus on securing a Joomla installation:

1. Set the right file and folder permissions according to the Joomla guide:

Once your site is configured and stable, write-protect critical directories and files by changing directory permissions to 755, and file permissions to 644. There is a feature in Site –> Global Configuration –> Server to set all folder and file permissions at once. Test third party extensions afterwards, and carefully review the code of any extension that has trouble with such settings. Note: Depending on your server’s permissions, you may need to temporarily reset to more open permissions when installing more extensions with the Joomla! installer.

2. Think twice before installing an extension – do you really need it? Most security vulnerabilities come from third party extensions. Especially ones that are pre-release or ones that have not been updated lately.
3. Upgrade to the latest stable version of Joomla. The core team is hard at work for the community partly addressing security bugs and issues found. If you run a site based on an old version of Joomla – you are at risk because the security issues are well documented and available for anyone by exploring the tracker.
4. Change your admin username. Very basic security tip that is recommended for almost every server out there.
5. Avoid shared servers. Virtual hosting is great if you are not in a position to afford a VPS or a full dedicated server, but it is not secure.
6. Protect your DB. Use a user other than the root, and do not allow connections from outside the machine. Even better, block the MySQL port completely.
7. Use an SSL. Simple, when you login and submit your username and password without an SSL, the information is not encrypted between you and the server. Potentially dangerous for packet sniffing exploits or in todays world, if you decide to work from a WiFi/Hot Spot.
8. Separate your development from the production server. Avoid unclean code or left overs that may leave a back door.

9. Remove unnecessary files from the site: remove the XML RPC server part of Joomla if you are not planning on using it. This service allows desktop applications to post directly to the site. Essentially providing access via this protocol. And if you just moved the site from another server delete the zipped files, since they contain your passwords in an unencrypted form!

10. Monitor the logs for hack attempts. Who is trying to login to the administrator section when I was eating my turkey? you get the idea…

Ron Peled Content Management Systems, Joomla, Web Development CMS, Content Management System, Joomla, security