Friday, May 25. 2007
Posted by Jonathan Street
in Misc, PHP Programming, Programming, Website Management at
22:06
Comments (0)
Trackbacks (0)
Comments (0)
Trackbacks (0)
The "I'm Alive" Entry
Things have been quiet around here in terms of entries so to keep things rolling here are a few interesting links I've discovered over the past few days . . .
Florian posted a comment over on the msn contact grab entry highlighting a warning error if you use the script in a PHP environment configured with safe_mode enabled. It's a good reminder to switch off error reporting (and switch to logging instead) in a production environment.
Blogsecurity posted a short article were they looked at the wordpress version being used on 50 blogs. They found that all but one of them were using vulnerable outdated versions. Personally I would have liked to see a larger sample size and some discussion about how the samples were picked but I highlight it here because of the followup posted by Vidyut Luther at phpcult.com. I've previously suggested that developers should be more aggressive in attempting to get users signed up to a mailing list highlighting critical updates but Vidyut takes it further and suggests that an application should go into "read only mode.. no new posts, no comments, until the user acknowledges the threat, and does something about it." I like it.
Compete recently opened their API meaning we now have an alternative to paying for Alexa data which is more than a little questionable (Yet another post showing inconsistencies in the data).
Dave Thomas (via Travis Swicegood) highlighted the charity fund-raising efforts of RailsConf which apparently rasied $33k and suggests that we "see if we can make all industry conferences into fund raising events." Now I give monthly to several charities whose work I support (so don't think the worst of me) but I'm not a particular fan of this idea. Granted I would much rather receive a pile of crap than another burlap bag but I don't like the idea of being 'encouraged' to support the work of a charity I know nothing about.
Dave asks us to, "Imagine what could happen if a conference with 5,000 attendees raised just $20 per attendee. Then imagine $50, or $100. It starts to get serious." I'll ask you to imagine what these charities would be able to do with a regular stream of income they could rely on over the long term. Having said that I'll be wandering through the streets of Edinburgh wearing a bra in June in support of breast cancer support charities. If you think the cause is important then sponsorship would be welcome via justgiving. It's conceivable that this makes me something of a hypocrite.
There were going to be more links but as I've already written a small essay I'll stop for now. Incidentally, the reason for the lack of posts is that I've been working to move the js/css file compression/compaction tool I set up on the old domain over to this site as well as creating a totally new tool. Should be ready to go live soon.
Florian posted a comment over on the msn contact grab entry highlighting a warning error if you use the script in a PHP environment configured with safe_mode enabled. It's a good reminder to switch off error reporting (and switch to logging instead) in a production environment.
Blogsecurity posted a short article were they looked at the wordpress version being used on 50 blogs. They found that all but one of them were using vulnerable outdated versions. Personally I would have liked to see a larger sample size and some discussion about how the samples were picked but I highlight it here because of the followup posted by Vidyut Luther at phpcult.com. I've previously suggested that developers should be more aggressive in attempting to get users signed up to a mailing list highlighting critical updates but Vidyut takes it further and suggests that an application should go into "read only mode.. no new posts, no comments, until the user acknowledges the threat, and does something about it." I like it.
Compete recently opened their API meaning we now have an alternative to paying for Alexa data which is more than a little questionable (Yet another post showing inconsistencies in the data).
Dave Thomas (via Travis Swicegood) highlighted the charity fund-raising efforts of RailsConf which apparently rasied $33k and suggests that we "see if we can make all industry conferences into fund raising events." Now I give monthly to several charities whose work I support (so don't think the worst of me) but I'm not a particular fan of this idea. Granted I would much rather receive a pile of crap than another burlap bag but I don't like the idea of being 'encouraged' to support the work of a charity I know nothing about.
Dave asks us to, "Imagine what could happen if a conference with 5,000 attendees raised just $20 per attendee. Then imagine $50, or $100. It starts to get serious." I'll ask you to imagine what these charities would be able to do with a regular stream of income they could rely on over the long term. Having said that I'll be wandering through the streets of Edinburgh wearing a bra in June in support of breast cancer support charities. If you think the cause is important then sponsorship would be welcome via justgiving. It's conceivable that this makes me something of a hypocrite.
There were going to be more links but as I've already written a small essay I'll stop for now. Incidentally, the reason for the lack of posts is that I've been working to move the js/css file compression/compaction tool I set up on the old domain over to this site as well as creating a totally new tool. Should be ready to go live soon.
Monday, May 14. 2007
Issues surrounding 'meta' contacts grabber script resolved
Just before seven this morning Vishal Kothari got back to me about the issues I rasied on Saturday regarding the contact grabbing package he put together. After a short series of emails later all the issues I had raised had been resolved with the exception of licensing.
With a little time to spare this afternoon I explored the flumpcakes.co.uk site a little more deeply and discovered an email I hadn't spotted last year. An hour and a half later I had a reply from the original author expressing his willingness to release his original code under the GPL. This enabled me to release my code under the same license clearing up any problems with the 'meta' script.
All told, a reasonable part of a productive day.
With the story complete it's time for the moral:
With a little time to spare this afternoon I explored the flumpcakes.co.uk site a little more deeply and discovered an email I hadn't spotted last year. An hour and a half later I had a reply from the original author expressing his willingness to release his original code under the GPL. This enabled me to release my code under the same license clearing up any problems with the 'meta' script.
All told, a reasonable part of a productive day.
With the story complete it's time for the moral:
- A lot can be achieved when you're open and willing to talk. With me questioning his licensing it would not have been surprising if Vishal had jumped on to the defensive. Instead he remained co-operative and we were able to resolve the issues quickly.
- It's important to include a copyright notice in each file. I hadn't done this and it gave Vishal reason to doubt whether I was really the author. It was easy enough to sort out but it's needless confusion.
- If you're not releasing your code under a specific license consider stating why not. As James, the guy behind flumpcakes.co.uk said, "Most people see[sic] to assume that when
source code is released if it doesn't come with a license then it's GPL." Attempt to anticipate the questions your users are likely to have and prevent the need for assumptions by answering those questions.
Saturday, May 12. 2007
MSN contact grab script included in 'meta' contact grabber
Via phpdeveloper.org I track the latest phpclasses releases and given my work on contact grabbing scripts I was interested to see that a new contact grabber script has been posted.
I haven't tried it yet but apparently it can connect to hotmail, yahoo, gmail, orkut, rediff and myspace. It is an impressive collection of scripts. It uses libgmailer to get the gmail contacts just like I chose to do.
It also uses a file called msn_contact_grab.class.php to get the hotmail contacts which rings some bells. Sure enough on closer inspection it's the file I created to fetch a MSN messenger contact list. Except it's outdated.
Generally speaking I wouldn't have a problem with the script being included in another project. In fact I would encourage it. In this instance though there are a few problems.
Inaccuracies: This package is being promoted as fetching hotmail contacts for which it presumably relies on my script. My script does not fetch hotmail contacts. It fetches MSN messenger contacts. Although frequently similar they are not the same.
Updates: When you're releasing third party scripts as part of your project updates are going to be slow to filter through. It's a shame that just days after the package was released it already needs updating.
Licensing: The whole package has been released under the GNU General Public License (GPL). Given that the msn contact grabbing class has never been released under such terms is this licensing appropriate? I would argue that it isn't.
I spent quite a bit of time considering licensing when I first released the script. Rather than go with the GPL I decided to stick with simply 'free' to reflect the licensing of the original script from which my script was derived. I didn't feel it was appropriate to decide on a licence even though the script was now significantly different to the original version.
Contact: If the author of the new phpclasses package had made contact all the above problems could have been avoided. In fact I would probably have promoted the package here on the blog. It's good to talk.
These are all small things but I highlight them because each one could easily have been dealt with. I've now sent off an email and suspect that everything can be easily resolved. It's just a shame it has to be done after the fact.
Has anyone had similar experiences? How have you made improvements to prevent similar problems emerging? I think the first thing I need to do is make it easier for people to contact me. Secondly, I need to take another look at the licensing.
I haven't tried it yet but apparently it can connect to hotmail, yahoo, gmail, orkut, rediff and myspace. It is an impressive collection of scripts. It uses libgmailer to get the gmail contacts just like I chose to do.
It also uses a file called msn_contact_grab.class.php to get the hotmail contacts which rings some bells. Sure enough on closer inspection it's the file I created to fetch a MSN messenger contact list. Except it's outdated.
Generally speaking I wouldn't have a problem with the script being included in another project. In fact I would encourage it. In this instance though there are a few problems.
Inaccuracies: This package is being promoted as fetching hotmail contacts for which it presumably relies on my script. My script does not fetch hotmail contacts. It fetches MSN messenger contacts. Although frequently similar they are not the same.
Updates: When you're releasing third party scripts as part of your project updates are going to be slow to filter through. It's a shame that just days after the package was released it already needs updating.
Licensing: The whole package has been released under the GNU General Public License (GPL). Given that the msn contact grabbing class has never been released under such terms is this licensing appropriate? I would argue that it isn't.
I spent quite a bit of time considering licensing when I first released the script. Rather than go with the GPL I decided to stick with simply 'free' to reflect the licensing of the original script from which my script was derived. I didn't feel it was appropriate to decide on a licence even though the script was now significantly different to the original version.
Contact: If the author of the new phpclasses package had made contact all the above problems could have been avoided. In fact I would probably have promoted the package here on the blog. It's good to talk.
These are all small things but I highlight them because each one could easily have been dealt with. I've now sent off an email and suspect that everything can be easily resolved. It's just a shame it has to be done after the fact.
Has anyone had similar experiences? How have you made improvements to prevent similar problems emerging? I think the first thing I need to do is make it easier for people to contact me. Secondly, I need to take another look at the licensing.
Update to the MSN contact grabbing script
There have been a handful of people contact me recently stating that the MSNM contact fetching script doesn't work, or works poorly, with email addresses other than @hotmail.com. Addresses ending in @hotmail.co.uk, @hotmail.fr or none hotmail addresses were hanging and not returning results.
Obviously not good so after a disappointingly long wait I was able to devote some time to fixing the problem. Last weekend I was able to put something together which I think was going to work and sent it out to a few people to beta test.
Over the past few days I've been getting back responses (thanks to all those involved!) and for the most part the responses have been positive. It still isn't 100% but it's much better. The remaining problems are a result of taking someone else's code and twisting it to suit a new purpose. I would have been far better figuring out how it did what it did and then refactoring it to meet the new aims.
The new and improved script can be downloaded from the original thread or from the MSN contact grab page in the new scripts section.
The web service has been updated to reflect the changes.
Obviously not good so after a disappointingly long wait I was able to devote some time to fixing the problem. Last weekend I was able to put something together which I think was going to work and sent it out to a few people to beta test.
Over the past few days I've been getting back responses (thanks to all those involved!) and for the most part the responses have been positive. It still isn't 100% but it's much better. The remaining problems are a result of taking someone else's code and twisting it to suit a new purpose. I would have been far better figuring out how it did what it did and then refactoring it to meet the new aims.
The new and improved script can be downloaded from the original thread or from the MSN contact grab page in the new scripts section.
The web service has been updated to reflect the changes.
Sunday, May 6. 2007
Posted by Jonathan Street
in Website Management, Website Promotion at
15:19
Comments (0)
Trackbacks (0)
Comments (0)
Trackbacks (0)
Get your WWW sorted
As I write this http://staples.co.uk is reporting that it is down. There are probably quite a few people interested in shopping at one of their stores going elsewhere. If the site was actually down that would be fair enough. It isn't though. http://www.staples.co.uk works perfectly.
You quite often see 'server not found' warnings when visiting a site without www., for example my university, but to get through to the site and have it tell you the site is down is even worse. It demonstrates that whoever manages the server knows what they are doing but carelessly hasn't set things up correctly.
It doesn't matter which way round you have things but all traffic to www. should be redirected to the www free version or vice versa.
There are three main reasons why this is important:
- All your visitors actually reach your site
- No duplicate content issues in the search engines (this is assuming that both versions of the site actually work)
- Strengthens search engine positions by concentrating all incoming links on one site.
All it takes is a couple of lines in a .htaccess file if you're on an Apache server
%{HTTP_HOST} ^www.domain.com$ [NC]
RewriteRule ^(.*)$ http://domain.com/$1 [R=301,L]
It's not difficult so please sort this out.
You quite often see 'server not found' warnings when visiting a site without www., for example my university, but to get through to the site and have it tell you the site is down is even worse. It demonstrates that whoever manages the server knows what they are doing but carelessly hasn't set things up correctly.
It doesn't matter which way round you have things but all traffic to www. should be redirected to the www free version or vice versa.
There are three main reasons why this is important:
- All your visitors actually reach your site
- No duplicate content issues in the search engines (this is assuming that both versions of the site actually work)
- Strengthens search engine positions by concentrating all incoming links on one site.
All it takes is a couple of lines in a .htaccess file if you're on an Apache server
%{HTTP_HOST} ^www.domain.com$ [NC]
RewriteRule ^(.*)$ http://domain.com/$1 [R=301,L]
It's not difficult so please sort this out.
