Somebody is spoofing php.net. Its never cool to see one website rip off another. Here is an example of blatant use of the look of PHP.net, the core information site for PHP programmers on the web, being taken over by a site that came up on a goggle search for a reminder on a deprecated function. I am not the greenest guy out there. I have even sat in on Chris Shiflett’s talk on Web security issues from social engineering at CodeWorks DC in 2009. But even I was fooled that this site was php.net for several minutes.

This is not PHP.net, this is http://takien.com/

takien.com is NOT php.net

This is not Takien.com, this is PHP.net

This is not taiken.com, this is php.net

Re: “Flashy Website, Cheap Backend”

http://www.globaltvbc.com/video/index.html?releasePID=F2c99hC0V1kc4WrGZu0sZguKx_83_IuT

Editors,
As a web developer experienced with WordPress, I know you have made errors in your understanding of the software. If the mayor has really broken some law with regards to the bidding process, then that is another matter. It is however hard for people to find good, skilled web developers and themers, on a per project basis, when a quality website is needed.

A quick consultation of the home page of http://wordpress.org would show you that this free open source software is used by the New York Times, Wired.com, and many many other individuals and corporations much larger than Global TV. Suffice to say if it is a good choice for NYT then it is probably a good software choice for Mayor Robertson. Actually it is not even so much about the software, but the developers who take steps to ‘harden’ the software from security intrusions during the development and deployment process.

It is a shame that a member of the press such as Global TV does not understand the parallels between freedom of speech and of the press, and the openness of the Free Open Source Software community, and how both are so effective in exposing lies and moving towards the truth.

Free Open Source Software such as WordPress is free as in speech, not free as in beer. Indeed, WordPress is just one software package among thousands of others that the Internet and the World Wide Web rest upon. But I realise by the comments in your report that you are unaware of the massive worldwide movement to create and distribute Free Open Source Software. While the cost of the software may be a factor for the contractors, as it is in every other business, it is the openness that is really important. The openness of the software and the community allow for the exposure of security problems, and then expedites their repair to the entire community of WordPress users. It also allows for such things as the enforcement of high technical standards, and the independent development and release of thousands of additional software add-ons to boost and customise software functionality.

Shawn Moore of thinkprofits.com claims in the news piece that he can quickly hack and steal information submitted through the contact form on Gregor Robertson’s website. Instead of just claiming this, he should prove it. I say this because security breaches in general take more time to manifest themselves than Moore implied when he said ‘quickly’. And if Moore does know of a current security exploit WordPress, he should do the right thing and contribute the exploit to the WordPress development community, or to the head company behind WordPress, Automaticc, so that the patch may be written and released.

It is a shame that a member of the press such as Global TV does not understand the parallels between freedom of speech and of the press, and the openness of the Free Open Source Software community, and how both are so effective in exposing lies and moving towards the truth. You should be really educating your viewers on the benefits of Free Open Source Software instead of insinuating that WordPress is merely a ‘cheap’ alternative.

As I said in the beginning, I dont know if the mayor broke any laws or not. But please understand that good developers may be harder to come across than you think. Neither are they cheap. Please also educate yourselves on the benefits of Free Open Source software because it is in use widely and in many roles across the Internet.

I went out to enjoy the day at St. Augustine, a restaurant on Commercial Drive for a change of pace. Its a big place that isnt usually too busy, at the time I got there it wasnt anyways; they provide free wifi access and a wall plug-in if needed. That’s free wifi, AC, good food, lots of space to stretch out, AND a liquor license! So I thought that I found a quiet place to work for a spell in the afternoon. Or so I thought. A minute after ordering a coffee with a shot of Drambuie on the side, I suddenly hear the cries of HO HO HO! MERRRRRY CHRISTMAAAAAS!!! And suddenly the restaurant starts to fill up with Santas – I mean a SWARM of santas, filling up the restaurant with merry cheer and noise noise noise. If anything could drown out the internet, this was it. Sounded like the lot of them were already drunk and they hit the place to get even drunker.

santas storm my quiet web cafe

santas storm my quiet web cafe

There goes the neigborhood. Who the hell let these guys in anyways?? Pwned by Xmas!

While I was at Codeworks DC in September 2009, there was a particular slide during the talk by Stefan Priebsh, in his talk on OOP and Design Patterns that stood out more than all the others. It’s a slide that describes the relative cost of of a bug fix at different times in the life cycle of a software project. At first, the cost of fixing a bug at the requirements stage is nominal, when everything is on the drawing board. But as the software moves along in its life cycle the cost of fixing a bug increases radically. We start at 1 times when we are at the initial development stage when a bug is no more than a change in notion. But at the design stage, the relative cost is 5 times what it was compared to the requirements stage, and then ten times what it was when it becomes code and on this goes until it the relative cost of a bug fix is 150 times what it was originally. Conversely, the graphic indicates that the cost of rewriting is far less than attempting to maintain broken software. Starting right, or starting over right, is by far preferable to the alternative.

Relative Cost Of A Software Bug Fix

Slide credit: Barry Boehm, “Equity Keynote Address” March 19, 2007.

This chart is intended for developers, to decide how best to spend ones time. Ever wonder why, as a developer, fixing bugs is such a pain and a kludge? There is something not simply tough about fixing bugs, there is something fundamentally wrong about putting any effort at all into repairing them. But the chart is also a message to the paying client, the person whose dime it is on. A client may be only thinking in the short term to make the software work, but it is the most expensive and unproductive path to the realization of goals.

The effort to fix bugs is great and the rewards are minimal. Frustrations are high, satisfactions are low. The website suffers from some sort of performance penalty, users are inconvenienced. Bugs must be dealt with with some amount of procedural overhead no matter what, and when the bug is fixed and submitted, very little was ever really accomplished. It is really far better to think of a better solution to all your problems together rather than to continue fixing things one at at time. It will cost the customer less and they will get more. So when bugs become a staple of the work load, its time to persuade the client to accept a rewrite.

…with the software in production, fixing bugs is akin to repairing a car while it is driving down the road, long after it has left the drawing board, the assembly line, and the dealer lot. Its as expensive to do as it can possibly be.

Developers still have a great deal in common with the clients they perform work for. They charge money for their work so they think in terms of the cost in terms of labor time (actually, developers also think this way when they work on their own software). The question every developer asks is, “What is the simplest, easiest, and fastest way to get something done?” The answer could be open to interpretation, but that is because the long view must be taken into consideration, and that is why software makes use of functions, templates, classes, objects, and design patterns. The work is needed now, but how will it be possible to understand the software in a few months time when noone is mentally fresh? How do I share my ideas with other people? How do I take the long view into account?

Despite the love a client may have for their own project, nobody is interested in working on the same software forever. After all, software developers are creative people who really want to expand their skills and take all that they have learned and apply it to the next project, instead of keeping something half dead on life support.

I enjoy attending talks from the best people in the world in my business, because they are very good at exposing the importance of planning and organizing the overall picture, and are very knowledgeable in all the concepts that make projects produce a top quality result in an efficient manner. They also point out the simple mistakes people make that cost them so much. When we are at the far right of the graph, with the software in production, fixing bugs is akin to repairing a car while it is driving down the road, long after it has left the drawing board, the assembly line, and the dealer lot. Its as expensive to do as it can possibly be.

Developers should try to understand the message of this graphic before going further fixing bugs. If you are put in a position fixing bugs, it is time to change the way you work, because you are the one bearing the cost in terms of your own time performing the least valuable, most expensive, and least meaningful work.

I’d like to take the example of svn externals from my previous post a bit further. I created a bash script that captures a group of commands that one would need to deploy a vanilla WordPress website with a cherry picking of plugins and themes. This script is a big-ass time saver. It’s especially useful for deployment of websites based on a package like WordPress or Drupal, that host publicly available subversion repositories. I tested it recently and made two websites spending two hours on each site, four hours total.

Web developers as they learn start by downloading packages in zip and tar.gz archives which is fine. A pro technique is to pull in the resource via SubVersion (svn). Svn provides additional features such as svn externals and svn hooks. Svn externals allows for the pulling in of external resources into a defined project in a svn repository. Svn hooks is for additional labor saving scripting that allows for the automation of repeated tasks such as a script that can pass along data from commit messages into other resources in the project such as the bug tracker. Learning these tricks allows for labor savings at every step in the production cycle. We can take these practices to the next level with capturing the commands in a bash script and then organise all the features of a website in a deployment script, something that is done all the time at software majors.

This script is a big-ass time saver.

I took the time to sort this out recently because I had some web development requests from people who have simple websites that could be converted to WordPress easily enough, but I wasn’t interested in going fishing for plugins and themes twice, and again when the next people come along needing the same thing. The job of a software developer should be to automate processes. I say often that the credo of developers is not to work for a living, but to eliminate work. But this idea is not always employed by developers in all the places it could, and its sometimes even a harder to get a client on board to make full use of methods and procedures that automate tasks and eliminate work.

…the credo of (software) developers is not to work for a living, but to eliminate work.

Lets at least cover the benefits in point form:

• The script takes a couple of minutes and you save hours.
• You dont repeat the labor, but you can repeat the use of the script, deploying anywhere else.
• All your stuff is there at the beginning. Useful for planning, development, and policy across teams.
• You are organised, and you can develop variations. Svn export may be good enough for your needs.

In pseudo code, here is what your script will do:

• Set up your repository.
• Make your directory structure for your project.
• Check out your repository.
• Run procedures for svn externals for core WordPress.
• Run procedures for svn externals for plugins, iterating through data in an external file resource.
• Run procedures for svn externals for themes, iterating through data in an external file resource.
• Grab additional resources in an array, iterate through them using wget command, extract them.
• Cleanup.
• Commit message.
• … anything else you can think to do.

The bash file, save as getallwpsvn.sh:

#!/bin/bash
# run this script with chmod 755 permissions.

workPath=$(pwd)

rm -rf filerepository repository www *.zip # this line cleans dir for testing, comment out when done

svnadmin create repository

mkdir -p filerepository/{branches,tags,trunk/{html,db,cron,scripts,themes,plugins,project,selenium}}
# got anything to import into those directories under trunk?
# import into the directories under trunk now
# before the next step
svn import filerepository file://$workPath/repository -m "initial import using getallwpsvn.sh script"
rm -rf filerepository
svn checkout file://$workPath/repository/trunk www
cd www
svn rm html
svn commit -m "rm html temporarily for clean propset"
svn propset svn:externals 'html http://core.svn.wordpress.org/trunk/' .
svn up
cd html/wp-content/
# get plugins from repository http://svn.wp-plugins.org/
# plugins listed in svn.plugins.externals
svn propset svn:externals -F ../../../svn.plugins.externals plugins/
#svn commit "plugins propset" # no commit if no local repository
svn up
# themes repository: http://svn.wp-themes.org/
# themes repository is a bit of a ghost town, none grabbed here
# browse the site and get the zip
# themes listed in svn.themes.externals file, if there are any
svn propset svn:externals -F svn.themes.externals plugins/
svn up

cd themes
# load up on themes
#more human readable format for array

THEMESITES[0]=http://dev.digitalnature.ro/fusion/fusion-wordpress.zip
THEMESITES[1]=http://ericulous.com/?load=googlechrome.zip
THEMESITES[2]=http://ericulous.com/?load=internetcenter.zip
THEMESITES[3]=http://ericulous.com/?load=redbusiness.zip
THEMESITES[4]=http://wordpress.org/extend/themes/download/elegant-box.4.1.1.zip
THEMESITES[5]=http://wordpress.org/extend/themes/download/thirtyseventyeight.4.0.zip
THEMESITES[6]=http://wordpress.org/extend/themes/download/thirtyseventyeight.4.0.zip
THEMESITES[7]=http://wordpress.org/extend/themes/download/constructor.0.6.4.zip
THEMESITES[8]=http://wordpress.org/extend/themes/download/jq.2.4.zip
THEMESITES[9]=http://wordpress.org/extend/themes/download/ahimsa.3.0.zip
THEMESITES[10]=http://wordpress.org/extend/themes/download/retromania.1.3.zip
THEMESITES[11]=http://wordpress.org/extend/themes/download/skinbu.1.0.3.zip
THEMESITES[12]=http://wordpress.org/extend/themes/download/mystique.1.16.zip
THEMESITES[13]=http://wordpress.org/extend/themes/download/lightword.1.9.3.zip
THEMESITES[14]=http://wordpress.org/extend/themes/download/monochrome.2.3.zip
THEMESITES[15]=http://wordpress.org/extend/themes/download/thematic.0.9.5.1.zip
THEMESITES[16]=http://wordpress.org/extend/themes/download/hybrid.0.6.1.zip
THEMESITES[17]=http://wordpress.org/extend/themes/download/new-york.1.0.1.zip
THEMESITES[18]=http://wordpress.org/extend/themes/download/f8-lite.1.3.zip
THEMESITES[19]=http://wordpress.org/extend/themes/download/simplex.1.3.1.zip
THEMESITES[20]=http://wordpress.org/extend/themes/download/cleanr.0.1.2.zip

for s in ${THEMESITES[@]}
do wget "$s"
done

FILES="*.zip"
for f in "$FILES"
do unzip "$f"
done

rm *.zip
rm *.zip.*
cd ../../../
svn commit -m "load in of plugins and themes complete"

cd $workPath
cp $workPath/www/html/wp-config-sample.php  $workPath/www/html/wp-config.php
chmod 777 $workPath/www/html/wp-config.php
chmod 777 $workPath/www/html/wp-content #temporarily, for cache
mkdir $workPath/www/html/wp-content/uploads && chmod 777 $_
touch $workPath/www/html/.htaccess && chmod 777 $_

# do any post processing, other importing now, and commit it if you did.

Set the file permission to chmod 755, and run it from the shell command line as in ./getallwpsvn.sh.

The file you save as svn.plugins.externals:

all-in-one-seo-pack http://svn.wp-plugins.org/all-in-one-seo-pack/trunk
advertising-manager http://svn.wp-plugins.org/advertising-manager/trunk
cforms http://svn.wp-plugins.org/cforms/trunk
google-sitemap-generator http://svn.wp-plugins.org/google-sitemap-generator/trunk
sociable http://svn.wp-plugins.org/sociable/trunk
stats  http://svn.wp-plugins.org/stats/trunk
ultimate-google-analytics http://svn.wp-plugins.org/ultimate-google-analytics/trunk
vipers-video-quicktags http://svn.wp-plugins.org/vipers-video-quicktags/trunk
wordbook http://svn.wp-plugins.org/wordbook/trunk
wp-flickr http://svn.wp-plugins.org/wp-flickr/trunk
wp-super-cache http://svn.wp-plugins.org/wp-super-cache/trunk

The svn.plugins.externals file is a name – resource listing, one per line, when you have more than one resource to define with svn externals.

Please note that you may not need all of this; comment whatever out you want. You dont need to create a local repository, that is only if you are doing team development, or perhaps custom development on themes and plugins. I found though that it was necessary with svn propset directives to create a top-level directory structure wherein is stored all the different directories. The point of this exercise is a pull-in of public resources in a step that you can repeat automatically over and over. It also need not be a very sophisticated script to get the benefits from it.