TEK·X Arrival and Day Zero

May 18, 2010 – 9:20 pm

Yesterday I arrived in Chicago for my first TEK·X PHP conference. After getting in, I had an interesting conversation with Bill Karwin over dinner. Bill is the author of  SQL Antipatterns and is presenting on SQL Injection Myths and Fallacies as well as Models for Hierarchical Data with SQL and PHP here at TEK·X. I was able to pick his brain on a wide range of topics including his thoughts on NoSQL and Object-Relational Mappers (ORMs). I tend to be skeptical of both (although there are certainly uses for both) and I got the sense from our conversation that my skepticism is well founded.

Today was tutorial day, or day zero. This morning I attended Arne Blankerts’ Bad Guy For a Day – A Websecurity hands-on tutorial. I liked that he took a step back and looked at the different types of security such as the transport layer, infrastructure layer, data warehouse, user interface design, user level security, and application level security. He talked about the usual suspects such as cross-site scripting (XSS), session fixation, cross-site request forgery (XSRF), and SQL injection. Filtering input and escaping output was also addressed, of course. He demonstrated attacks on several security holes in an (intentionally) badly written application. Take a look at the slides for more details.

This afternoon I attended Ed Finkler’s JavaScript for PHP Developers talk. Like most PHP developers, I find myself often working with other web technologies such as JavaScript. The object model in JavaScript is very different than in PHP and I found Ed’s explanations of these differences very helpful. The JavaScript core language is often confused with the Document Object Model (DOM) API and a clear explanation of the line between the two was also useful. His slides don’t appear to be posted yet, but I’ll link to them once they are.

One last note: if you happen to be here at TEK·X then be sure to rate the sessions on joind.in. The speakers really appreciate the feedback!

By Bradley Holt | Posted in Uncategorized | Tagged , , , , , | Comments (1)

Searching A Field With Digits In Zend Framework’s Lucene Component

April 17, 2010 – 5:42 pm

Recently I ran into a bug in one of our applications using Zend_Search_Lucene where the same document was showing up multiple times in search results. Actually, many different documents were showing up more than once. I tracked it down to the routine that updated indexed documents. With Zend_Search_Lucene you can’t actually update indexed documents, but you can delete an indexed document and then insert a new, updated, document. In order to delete a document you first must search for it by a previously indexed field and then, once found, delete it using its internal document identifier. The problem seemed to be that documents were not being found and deleted when updated, thus duplicates of the same document were accumulating on each update.

The field I was indexing, and subsequently using to find and delete documents, was a 40 character SHA-1 hash. While trying to track down the bug in my application, I discovered that only documents having a SHA-1 hash beginning with a digit were getting duplicated (in other words, were not being found when I tried to delete them) and that documents having a SHA-1 beginning with a letter were not getting duplicated (in other words, were being found and deleted).

A Stack Overflow post on searching numbers with Zend_Search_Lucene had the information I needed to fix the bug. First, I changed the hash field from a text field to a keyword field which prevented it from being tokenized (this, of course, required me to delete the existing index and re-index every document). Second, when searching on the hash field I replaced the default Text analyzer with the TextNum analyzer. These two changes seemed to do the trick, as I haven’t seen any duplicate search results after having run several index updates.

By Bradley Holt | Posted in Uncategorized | Tagged , , | Comments Off on Searching A Field With Digits In Zend Framework’s Lucene Component

Layouts in Zend Framework

March 28, 2010 – 2:49 pm

In my previous post in this series we looked at Zend Framework’s routing and Model-View-Controller (MVC) components. In this post we’ll take slight detour and explore Zend_Layout, a component that lets you have a consistent template for the layout of pages throughout your website.

In the past you may have implemented consisted layouts in PHP using “includes” but, as you’ll see, layouts are much easier to manage than “includes”. The primary improvement over “includes” is that you can change the entire layout of your website without editing every single PHP script. This is because the layout decides where the content gets placed instead of each PHP script including the needed partials (e.g. header and footer). This is accomplished through an implementation of the Two Step View pattern.

If you’re using Zend_Tool then you can enable layouts using the command zf enable layout. This will create a layout view script, application/layouts/scripts/layout.phtml, and add the following line to the production section of your application/configs/application.ini file:

resources.layout.layoutPath = APPLICATION_PATH "/layouts/scripts/"

Zend_Layout has a front controller plugin that has two main jobs. First, it takes care of rendering the layout for us. Second, it retrieves what are called “named segments” from Zend Framework’s response object and assigns them as variables in your layout. A segment named “default” is assigned to the variable named content. Typically (unless you do something to override this) the “default” segment will contain the output of your individual controller actions. This means that you can render the content of your controller actions wherever you’d like in your layout view script by outputting the value of $this->layout()->content.

In the demo blogging application, Postr, I’ve also created a header layout view script, application/layouts/scripts/header.phtml, and a footer layout view script, application/layouts/scripts/footer.phtml. The header and footer layout view scripts are rendered by outputting the results of $this->render('header.phtml') and $this->render('footer.phtml'), respectively.

In my next post in this series I plan on taking a look at the Entry controller (application/controllers/EntryController.php) in the demo blogging application, Postr. We’ll explore its actions and corresponding view scripts. Zend_Form, Zend_Paginator, and modeling domain objects will be touched on briefly, but explored in more depth in later posts.

By Bradley Holt | Posted in Uncategorized | Tagged , | Comments Off on Layouts in Zend Framework

Job Opening: Functional Analyst & Quality Assurance Specialist

March 8, 2010 – 3:37 pm

Found Line is hiring! We’re looking for a Functional Analyst & Quality Assurance Specialist to help us create useful web applications. Here is a description of the job:

As a Functional Analyst & Quality Assurance Specialist at Found Line, you will have three primary responsibilities. First, you will communicate with outside clients and subject matter experts to develop the functional specification for each iteration of various web applications. Second, you will translate functional specifications into tickets that a software developer will complete. Third, you will perform acceptance testing on each iteration of these web applications to assure that the functional specification you originally outlined has been met. Future responsibilities may include implementing and coordinating usability testing plans. Some client support and training may be necessary as well but this will not be a primary focus of your job.

You will be participating in a process based on both agile and more traditional software development methods. While you will write and test against functional specifications, these specifications will be for narrowly defined scopes of work (i.e. iterations). This is a fast-paced environment with each iteration usually being only a few days in length. We are small but very busy, and need someone who is a self-starter, an excellent communicator, and can work independently. Experience with DocBook, XMLmind XML Editor (XXE), Subversion (SVN), and Trac a plus, but not required. This is an on-site position, full-time or part-time. No contractors or recruiters, please.

Send your resume and cover letter to jobs@foundline.com (no phone calls).

By Bradley Holt | Posted in Uncategorized | Tagged , , , | Comments Off on Job Opening: Functional Analyst & Quality Assurance Specialist

Job Opening: Senior/Lead PHP Developer

March 6, 2010 – 6:12 pm

An acquaintance of mine, Teresa Langston, made me aware that Vermont Information Processing (VIP) is looking for a Senior/Lead PHP Developer. More information is available on their careers page but a more in-depth description was recently posted to PHPDeveloper.org. An excerpt of the job description:

We are seeking an experienced PHP Application Developer with serious chops and mentorship/team-building skills to develop and lead a team in the creation of new, enterprise level applications for our large client base.

We are looking for a high energy, self-starter who loves to create usable applications. You must be able to participate and lead others in all areas of the software development lifecycle, including gathering requirements, writing specifications, programming, testing, documentation, etc…

By Bradley Holt | Posted in Uncategorized | Tagged , , , | Comments Off on Job Opening: Senior/Lead PHP Developer

Reboot Burlington Telecom!

March 5, 2010 – 4:04 pm

If you’re from Burlington, Vermont you are probably already familiar with the financial trouble that our municipal fiber optic network, Burlington Telecom, is in. A couple of weeks ago a group of nine telecom and business professionals offered to help the City revive Burlington Telecom. I believe very strongly in keeping Burlington Telecom a local, community enterprise so our company volunteered our services to help this “group of nine” communicate their message. The result, Reboot BT, was launched last week.

Since then, several people have shown their support using the #rebootbt hashtag on Twitter. Hopefully many have also been calling their City Councilors to tell them that they support pursuing this plan. Bill Simmon posted the letter he wrote to Councilor Keogh. Today Councilor Shannon sent the following draft resolution to her fellow City Councilors (I’ve been told that this is public information which is why I’m posting it here):

Sponsors:  Councilor Shannon

Resolution to Consider offer of Reboot BT

WHEREAS on February 17, 2010 a group of 9 telecom and business professionals offered both their expertise and substantial financial resources to support Burlington Telecom;

WHEREAS the Mayor has chosen not to engage this group in discussion;

WHEREAS Burlington Telecom was created by resolution of the city council and it remains subject to the orders and ordinances, and ultimate oversight, of the city council;

WHEREAS the City must give thoughtful consideration to all options available to address the financial distress of Burlington Telecom and the City of Burlington;

WHEREAS this offer has become known as “Reboot BT”; and

WHEREAS many Burlington citizens have urged the Mayor and City Council to reconvene the Blue Ribbon Committee to give consideration to the proposal of “Reboot BT”; and

WHEREAS the City Council views this proposal more as a short term proposal that may open the door to more partnership options and a stronger negotiating position in the longer term; and

WHEREAS the administration and Council have taken steps to hire financial advisors to negotiate both with our current lender, CitiLeasing, and with potential partners;

THEREFORE BE IT RESOLVED, the City Council requests that the Blue Ribbon Committee reconvene for the purpose of evaluating the offer from Reboot BT and advising the Council as to whether or not the City should entertain this offer and under what conditions and terms this offer could benefit the City of Burlington.

BE IT FURTHER RESOLVED, the City Council requests that the Blue Ribbon Committee review and evaluate any other offers that the administration deems pertinent to the discussion and decision making process.

It’s my understanding that this resolution will be discussed at Monday’s City Council meeting. If you’re a Burlington citizen and support the Reboot BT plan, then please contact your City Councilor if you haven’t already.

By Bradley Holt | Posted in Uncategorized | Tagged , , | Comments (2)

Support Burlington Telecom

February 10, 2010 – 1:16 pm

If you are a Burlington, Vermont citizen and support Burlington Telecom then please come to the special City Council meeting on Thursday (2/11) where they will discuss the report from the Burlington Telecom Blue Ribbon Committee. The meeting will start at 6pm in the Contois Auditorium at Burlington City Hall. You can follow an ongoing discussion of this issue on Twitter using the hashtag #isupportbt_vt.

Here in the city of Burlington, Vermont (where I live and work) I am proud of the fact that we have a municipally-owned, state-of-the-art fiber-optic telecommunications network. Municipal control over the network, Burlington Telecom, helps keep its goals aligned with the interests of Burlington’s citizens.

Burlington Telecom is currently experiencing some financial troubles. The City Council has formed a Blue Ribbon Committee to assess the viability of Burlington Telecom. The committee’s official report is due out today. Tomorrow (Thursday, 2/11) the City Council will discuss this report.

The scope of the Blue Ribbon Committee’s assignment and the City Council’s thinking seems too limited. They seem focused on the short term financial sustainability of Burlington Telecom rather than the long term benefits (which are many) of owning our own telecommunications infrastructure. A recent Ars Technica article on why municipal fiber needs more FDR localism and fewer state bans quoted Franklin D. Roosevelt as saying:

I therefore lay down the following principle: That where a community—a city or county or a district—is not satisfied with the service rendered or the rates charged by the private utility, it has the undeniable basic right, as one of its functions of Government, one of its functions of home rule, to set up, after a fair referendum to its voters has been had, its own governmentally owned and operated service.

Other telecommunications options in this city include Comcast and FairPoint. Comcast is not interested in creating an open network that can be used equally by all. Comcast, a telecom provider, is in the process of buying a controlling stake in a content producer, NBC Universal. This is bad news for advocates (like myself) of network neutrality. FairPoint just filed bankruptcy plans. They do not have the resources to create the infrastructure that our city needs in the 21st century. This is why Burlington Telecom was created.

Locally owned businesses give more to the community, spend more money in the community, and are far more likely to stay in the community. Verizon left us when they sold their Vermont network to FairPoint. Comcast is a massive corporation with little interest in our small city. Locally run and municipally-owned telecommunications will serve us much better than the alternatives.

The options being discussed revolve around selling off Burlington Telecom, either in part or in whole. If we decide to sell off Burlington Telecom to private equity we will look back in 10, 20, or 30 years and regret that we off-loaded such a great resource to private interests. If we keep it, the current financial issues will look insignificant in comparison to the revenue that Burlington Telecom will generate and the opportunities of having a municipally-owned open network will create.

I hope that Burlington citizens and City Council can put their heads together and come up with a solution that allows Burlington Telecom to continue to be owned by the citizens of Burlington. Several ideas have surfaced from the  #isupportbt_vt conversation on Twitter including:

  • invite other providers to compete using Burlington Telecom’s infrastructure;
  • convert Burlington Telecom into a cooperative; and
  • have a referendum asking Burlington voters if they want to fund Burlington Telecom.

Have other suggestions? Please come to Thursday night’s meeting so that you can share your ideas with the City Council.

#isupportbt_vt
By Bradley Holt | Posted in Uncategorized | Tagged , , | Comments (2)

MVC in Zend Framework

February 8, 2010 – 12:51 pm

In my previous post in this series we looked at how Zend Framework applications can be bootstrapped. We saw the configuration file (application/configs/application.ini) and the Bootstrap class (in application/Bootstrap.php) from a demo blogging application, Postr. What happens once your application is bootstrapped and run? That’s where Zend Framework’s routing and Model-View-Controller (MVC) components come in (technically there are a few steps in-between, but we’ll come back to that in a future post).

Model
Your domain objects. There is no Zend_Model since your domain logic is specific to your application. However, there are some best practices that have emerged in the Zend Framework community including Data Mappers (which I’ll talk about later).
See example Models in application/models/
View
The presentation layer. The default implementation uses PHP templates called view scripts. View script files have a default suffix of .phtml. There should be no domain logic in your view scripts. By default, there is one view script per controller action (we’ll see what that means shortly).
See example Views in application/views/
Controller
Connects the Model and the View. Each Controller contains one or more actions. The Controller’s job is to interpret input and pass it to the Model and also to provide Model data to the View.
See example Controllers in application/controllers/

By default, Zend Framework will route requests based on URI segments as follows:

:controller/:action[/:key/:value]

A few example URIs:

  • foo/bar (foo controller, bar action)
  • foo/bar/baz/shaz (foo controller, bar action, baz=shaz)

It is possible to customize this routing in pretty much any way conceivable but I’d suggest sticking with the default routing until you have a good handle on how it works.

In my next post in this series I plan on taking a slight detour so that we can explore a very useful component, Zend_Layout.

By Bradley Holt | Posted in Uncategorized | Tagged , , | Comments (2)

Blog Moved

February 6, 2010 – 9:47 pm

I’ve moved my blog over to this new URL (http://bradley-holt.com/) from Blogger. If you subscribe to my feed then please update the feed URL to http://feeds.feedburner.com/bradley-holt (it should redirect automatically but it’s not a bad idea to resubscribe using this new URL). Unfortunately I’m not able to redirect the posts themselves. My apologies if you’ve gotten some of my entries duplicated in your feed reader due to this move.

By Bradley Holt | Posted in Uncategorized | Comments Off on Blog Moved

Bootstrapping Zend Framework Applications

January 31, 2010 – 12:08 am

In my previous post I talked about how the Front Controller pattern is implemented in Zend Framework. We saw how every application request can go through the public/index.php script. Everything that your application does is then eventually called from either the bootstrap() or run() method in Zend_Application.

One of the constructor arguments passed to Zend_Application specified the configuration file to use. In the case of the demo blogging application, Postr, you’ll see that the configuration file used is application/configs/application.ini. If you look at this configuration file you’ll see that there are four sections: production, staging, testing, and development. The staging, testing, and development sections all inherit from production meaning that they will inherit all of its settings, unless overridden (as is the case, for example, with the phpSettings.display_errors setting in testing and development).

The other constructor argument passed to Zend_Application specified the application’s environment. For those paying close attention, the environment was actually the first argument and the configuration file was the second argument passed to the constructor of Zend_Application. By default, the demo application is set to run in development mode. This means that the development section from application/configs/application.ini will be used. Remember, development inherits from production so any settings not explicitly overridden from production would be inherited and used.

There’s quite a bit that can be setup in the configuration file. However, some things may be easier to (or only possible to) setup programmatically. This is where application/Bootstrap.php comes in. In your Bootstrap class you can write initializers for various parts of your application. These methods should be protected and their names should begin with _init. Let’s look at the initializers I’ve written in the demo application:

  • _initViewHeadTitle() first makes sure that the “view” resource has been bootstrapped and then gets this resource, which we happen to know is an object of type Zend_View_Abstract. We then set the separator used by the HeadTitle view helper to ” :: “. This means that each head title appended or prependend will be separated by this string. Next, a title of “Postr” is prepended so that this title will be used on every page.
  • _initPagination() simply sets the partial view script to be used by Zend_Paginator (I plan on further explaining Zend_Paginator in another blog post).
  • _initNavigation() sets up our navigation structure using Zend_Navigation (I plan on further explaining Zend_Navigation in another blog post as well).

In my next post in this series I plan on taking a look at the Model-View-Controller pattern in Zend Framework.

By Bradley Holt | Posted in Uncategorized | Tagged , | Comments (5)