Category Archives: Applications

Take your SOPA and stick it up your PIPA

Today is blackout Wednesday. Many sites are blocking content, or blocking entire sites altogether. Places like Wikipedia and WordPress and Reddit are all blacked out today. Others like Google are blacking out logos but still providing the services. (BTW, those sites are really not completely blacked out, from what I have seen, it is just the main page). Which leads to the arguments of what exactly is SOPA and PIPA, and why do they exist, and how will that affect the individual.

First off, lets get into what Thomas.loc.gov to get each bill sorted.

SOPA, H.R.3261.IH: H.R.3261 — Stop Online Piracy Act (Introduced in House – IH)
According to the bill and the definition, it is to stop foreign online piracy attempts that are directed towards the United States.

PIPA, S. 968 RS: ‘Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011’ or the ‘PROTECT IP Act of 2011’
To prevent online threats to economic creativity and theft of intellectual property, and for other purposes.

One of the bills, (H.R.3261) is the House bill, and the other (S. 968) is the Senate bill. The Senate version (PIPA) has been around longer, and is not quite as severe as the House bill (SOPA). However, when one looks at both bills, it is like asking if you would prefer permanent violent diarrhea over daily kicks in the groin with a steel-toed boot.

Both bills seem to serve a good purpose, protecting intellectual property and content protection are very important. The way these bills are attempting to do this, however, is not the correct way. It is making criminals out of everyone, and basically turning the Constitution of the United States of America on its head by now proclaiming that one is guilty until proven innocent. I encourage everyone to read both bills, even if you do not understand the legal-speak in these bills, it is important to familiarize yourself with the bill. I posted links to both bills above. And as I go through my thoughts, I will also link other sites that I read about the bills.

First, I want to express why I am adamantly against the bill in principle as a United States citizen. I love the Constitution and feel this country has strayed too far from the Constitution. I am not going to get all political about the destruction of this country by the greed of both parties, but I am going to focus this solely on the bills themselves. In one section of SOPA, section 103.5.ii it states:

In the case of an Internet site specified in the notification under paragraph (4) that is a foreign Internet site, a statement that the owner or operator, or registrant, consents to the jurisdiction of the courts of the United States, and will accept service of process from the person who provided notification under paragraph (4), or an agent of such person, for purposes of adjudicating whether the site is an Internet site dedicated to theft of U.S. property under this section.

This quoted section troubles me, because the United States is effectively telling other countries that it no longer will recognize their sovereignty and will go after individuals in their country without regard. if a site in another country is doing bad things, the US is wanting to throw out all international laws/agreements and will trample other countries’ right to rule as they see fit. How arrogant is this? In order for any website owner to challenge any accusations, they have to agree to be subject to US Jurisdiction. Now just what do you think the US would do if another country, say Iran pulled this type power play on US Citizens?

Second, why is Congress trying to criminalize the internet? These challenges only happen after action has been taken on the website owners. In an article by Brian Proffit on the site IT World, titled SOPA sponsors deride criticisms as ‘myths’, he examines the SOPA bill and points out some very crucial pieces of the bill. These are what I would consider grossly un-Constitutional. Once a site has been targeted as a “rogue” site, then it has five days to be removed. In his words:

A copyright holder need only accuse a website of infringement, and the search engine, advertisement, and payment system would be cut off in five days. The DNS filtering would still need the involvement of the Department of Justice to get a court order, but again, there would be no need to prove anything to obtain such an order from a judge.

So all that is needed is an accusation, and sites can be taken away from searches, ads, etc with no requirement to provide legal proof. And according to this bill, the only way a website owner may find this out is when the ad revenue no longer comes in, which could take up to three weeks. Again, this is against the very basics of the Constitution and the Bill of Rights. Site owners have no legal ability to block these accusations, as all it takes is an accusation with no legal cause, or no litigation with due process. This is one of those ideas that the Founding Fathers fought, bled and died for.

OK, two big major reasons that I do not support this bill, and we have not even touched the technical aspect of this bill. And I know we are kind of ignoring PIPA, but SOPA is such a drain that it deserves this level of scrutiny. The next great article I encourage everyone to read, is by Mashable’s Chief Architect, Chris Heald. The article, titled Why SOPA Is Dangerous examines the different technical aspects of this bill, and why it is bad. Heald does a great job conveying the point, and I strongly suggest you read through the entire article. Some main points that I agree with in the article:

  • Section 102.a.2 allows the US Attorney General (AG) to go after any foreign site that facilitates infringement. Comment boxes facilitate infringement. Furthermore, if the US government is not liking any foreign site, like Wikilinks, they now have the power to effectively shut it off to any US address.
  • Section 103 allows for the definition to be so broad that any site that allows user submission of content can be defined as one facilitating and enabling copyright violation. Imagine some of the most popular sites, like Facebook, YouTube, Twitter and even StumbleUpon all become potential targets. It does not matter if you take it down, if you as a web site owner are not actively screening content for copyright violations, you can be liable.
  • Any site that is possibly infringing and already taken down now has to deal with likely loss of ad revenue, search placements, payment portals, etc. Not to mention any legal fees that are associated with recovering any lost time or availability. Now the government is going to tell non-government entities how to run their businesses when it comes to content protection. Never mind that the government still has no clue about technology to begin with, and most people in Congress today still do not know there is no “any” key.
  • The most troubling section is the one entitled “The Bulldozer”. I highly suggest everyone read this section and really take it in. If anyone thinks this will not happen, they need to remember that the RIAA went after a family with no computer, people who had no internet, or dead people or when they went after a 12 year old girl for using Kazaa

Another good article on the reasons these bills are not worth the trouble is from Paul Rosenzweig of the Heritage Foundation. In this article he states:

Adding to their other problems, SOPA and PIPA simply would not work. Even if the Attorney General obtained a blocking order that stopped Verizon from letting one go directly to a pirate website, it is relatively easy to work around the block. We can reasonably predict that a host of redirector domains would soon spring up, many of them linked to ISPs outside the United States and outside the Attorney General’s jurisdiction. And after that, there would be downloadable program applications to get to those redirectors. Indeed, one such program, known as “DeSOPA,” has already been developed and deployed as a proof of concept effort and can be downloaded as a Mozilla Firefox extension.

Would this really make you feel safe online?

The last source I used was a blog from Washington Post. The author, Brad Plumer, writes of five reasons these bills are being protested. Even if they do not do DNS blocking, it still limits free speech, it causes a huge overhead on free services now, no legal oversight on taking sites down, and most importantly, copyright owners already have the power to take down sites. From the blog post:

Copyright holders such as the the record and movie industries currently have the legal authority to force sites to remove infringing material under the Digital Millennium Copyright Act’s notice-and-takedown procedures. Now, the content industry says that it doesn’t have nearly enough weapons — every time it cracks down on a pirate site, five more appear in its place. But, if anything, there’s a case that the content industry currently has too much power. The Justice Department has often proven over-aggressive in taking down domain names — read, for instance, the gory details of the Justice Department’s botched attack on Dajaz1.org, a music blog that was taken down for a year after being falsely accused of infringement.

They already have the power, and they have abused it. And it is important to read the gory details as another example of how this power has already been over-stepped. And Congress wants to give them more power? I think it is important to quote parts of that article from Tech Dirt and author Mike Masnick:

ICE’s “investigation” was done by a technically inept recent college grad, who didn’t even seem to understand the basics of the technology. But it didn’t stop him from going to a judge and asking for a site to be completely censored with no due process . . .

evidence showing that the songs that ICE used in its affidavit as “evidence” of criminal copyright infringement were songs sent by representatives of the copyright holder with the request that the site publicize the works — in one case, even coming from a VP at a major music label. Even worse, about the only evidence that ICE had that these songs were infringing was the word of the “VP of Anti-Piracy Legal Affairs for the RIAA,” Carlos Linares, who was simply not in a position to know if the songs were infringing or authorized. In fact, one of the songs involved an artist not even represented by an RIAA label, and Linares clearly had absolutely no right to speak on behalf of that artist . . .

After continuing to stall and refusing to respond to Dajaz1’s filing requesting the domain be returned, the government told Dajaz1’s lawyer, Andrew P. Bridges, that it would begin forfeiture procedures . . .
the deadline for the government to file for forfeiture came and went and nothing apparently happened. Absolutely nothing. Bridges contacted the government to ask what was going on, and was told that the government had received an extension from the court . . .
He also asked for a copy of the the court’s order allowing the extension. The government told him no and that the extension was filed under seal and could not be released, even in redacted form.

He asked for the motion papers asking for the extension. The government told him no and that the papers were filed under seal and could not be released, even in redacted form.

He again asked whether he would be notified about further filings for extensions. The government told him no.

He then asked the US attorney to inform the court that, if the government made another request for an extension, the domain owner opposed the extension and would like the opportunity to be heard. The government would not agree.

After all of the examples of the government and certain entities’ egregious examples of over-stepping and abusing authority, Congress thinks that they should have more power, and with less legal oversight? Content protection is important, and we need to find a way that can protect content but not stifle creativity, entrepreneurship and innovation the internet has provided. These bills are very wrong, and do nothing to help curb content piracy.

Please take some time, read through the articles I posted. Comment if you feel I am wrong. Comment if you agree. Comment because it is a right you have, to speak freely. SOPA and PIPA are not solutions, they are problems. They create more problems. Some sites are “black” today in protest to SOPA and PIPA. Do not let Congress get away with this power grab. Read up on the bills, read up on the positions for and against. Form your own opinion and create your own voice. Do not let anyone ever take away your voice. SOPA and PIPA are looking to do exactly that.

Ideas on Code Strategies

This past week I have spent time thinking on some of the best applications I have built, and some of the “neediest” applications I have built. Some of them are in both columns. And I am sure this is the case with most developers. Some times, we get to be part of a major project, and get the best possible ideas, and then BAM, a product is released. After patting ourselves on the back and thinking of how great it is, we find special “features” that require updates or bug fixes. Had we just followed some simple steps during the build phases, I am sure we could have prevented that.

In today’s software development world, many phrases are thrown out there and used. We have SDLC, Agile, Waterfall, Extreme, Scrum, Feature Driven, Test Driven, etc. All of which are great when actually used. But how many places that use those terms are actually doing those practices? There seems to be a bigger practice out there, one that is used more frequently than anyone dares admit. This is a practice I refer to as the Atomic Development Cycle (ADC). I am sure we all have done this, either in its entirety or used many pieces of this.

Characteristics of the ADC can cover a wide range that seem reasonable and responsible, but fall far from it. The project is defined in generalities, and possibly some specifics. The design has been kicked around, maybe even pre-approved. The main data has been identified but not analyzed. The use cases have been discussed, not documented. Timelines are unbelievably tight but manageable. Code is dived into, and testing plans not thought of. The final product looks brilliant seems like flash of light. And it usually is just that, a flash of light, and not sustained. Soon, bugs start appearing. Enhancements require more fixing than actual functional coding. The database design turns out to be too strict and not flexible to the changes, so now Db design changed force more testing and bug fixes. Soon, band-aids are applied to the app, and the app is wrapped up in kluge code and an embarrassment. But since the business saw the initial brilliance, it still wants to use it, and now you are forced to go back, triage and rebuild.

Some projects force my hand into doing this, Other times, it could just be laziness or lack of caring about a personal project that would force my hand in this. With this new year, I need to be better about this. I know better. I know that not all apps are going to work well out of the box forever. But I do know that apps that follow a structured process that ensure the proper framework is in place will succeed more than the ones slopped together. Understanding the proper requirements of the application, even if they do change, is important. Getting the Database in order is tantamount to success. Designing the code is another gigantic step in the right direction. I need to be better and not let this get out of hand.

Yes, the ADC may work in some instances. And yes, they may provide for some awe-inspiring, mind blowing apps. But just like the atomic bombs, they may look brilliant for a short time, but the devastation they leave behind is never worth it.

New Year, New Views

As the past year ends for most people, and as the new year picks up, many people are hopeful. Some more so than others. Some of the people that are focusing on a great New Year is the workers at Facebook, with their soon-to-be IPO, which they are hoping the company is valued at $100 B. And why not? Saw this on one of the news sites, but according to a ZDNet article, Facebook is now a primary cause for a third of all divorces in the UK. Communication methods are changing, and social networks are taking over the main avenue of interacting. Emails and texts still play a role, but more people are interacting with social media. But it does not need to be all about the negative aspects of the new communication streams.

For the end of the last year and going into this year, we are visiting family in another state. We have friends here and we always like to get together. When we set up the dinner re-union, it is done via Facebook. Not email, not texts, not even phone calls. Facebook is the main mode of communication and coordination. Everyone is part of the message, or post (all tagged so everyone can provide input), we all can comment and then we can go back to the message for reminders or directions.

Social Media has been around for a while now, but it is still in its infancy. Much like the internet boom and bust of the early turn of the century, we still have a lot to learn on this new front. We are still struggling to come to know what to do with all of these new avenues, and use them properly. We are most likely experiencing the same effects that happened when the telephone came to popularity and the TV took over.

Starting a new trend

It has been a while since I have written anything. I have been so busy that I have barely been able to catch my breath. But that just means that all of my thoughts have been festering for a while and now I get to share those with the web. We all have blogs, some kind of social media account, and cell phones, and other devices that keep us all connected. In some form or another, we are now Generation Connect. Forget the baby-boomers, the generation-x’ers or anything else. We are now Generation Connect. And this spans from very young to very old, from one continent to another, and in some cases, even to space. Yes, the human network is becoming the “Borg” in a matter of speaking.

This past weekend, the East Coast of the United States was preparing for Hurricane Irene. Any hurricane is a bad one, and it battered the Bahamas good. This is not to make light of the disaster, which affected many. If you followed some of it on Twitter on Facebook, some tweets and posts referred to the loss of power. Funnier people posted that now people would have to interact face to face for the first time in a couple of years. They joked it was so much of a shock that FEMA was getting involved to help people learn human interaction once more, setting up emergency conversation stations to help with this. And while this is funny, one thing that it made me think was how connected we are.

The older portion of Generation Connect may remember life without cell phones. People actually had to use pay phones if they were away from home and the office. Some of the more “important” people would carry things called a “pager”, this was a way that someone could call a number, type in the number (or numeric message) and it would get sent to that pager device. Soon, they were able to get actual text messages to these pagers. Sure the 1980’s had cell phones, but if you were ever unlucky enough to see it, you would think the military discarded their ancient communication phones. They were huge clunky and rarely worked. But people went out and interacted with each other. Even kids playing video games (usually at that time it was the Atari systems, as Nintendo was still working on their first version) had to go outside, travel over to their friends house and talk to them in person to see if they wanted to play games. Music sharing consisted of recording songs on the radio, or making a copy of the album on a blank cassette tape.

But why is any of that important? Why is it so important to understand where we have been as a human civilization? I feel in order to prepare for the future, we need to understand our past. Not necessarily learn from mistakes, but learn from successes. Mistakes are just that, mistakes. Can they teach you lessons? Sure. But the lessons you learn from successes are worth that much more. So where have you been in the social sphere, whether digitally or in person? What has made you successful in that sphere? The biggest thing I can see is the need and want to belong. Everyone is just looking for acceptance and wanting to be part of something. For some it is on a smaller scale. For others it is the grand scheme of things. Either way, in order to succeed and start a “new trend”, you must build communities. Communities where interaction happens, conversation driven. The day of the digital equivalent to the lecture is almost over. How will you grow your place in Generation Connect?

WWDC: New Ideas or Something Else

So today is the WWDC kick off, and we learned that Apple is going to release the new OS and mobile OS later this year. Why should this be important to anyone? Because it is starting to get the thought that not everything should be static and stuck at one location. While OSX Lion does sound cool, what interests me more is the iCloud. The world is evolving more and more each day. Remember when computers were something you only used in some jobs and always at the office? Now we are at cell phones and mobile devices being able to do almost everything you could do at a traditional workstation. And this really does change things.

I am not an Apple fanboy, although I do use almost everything Apple. I do not have an unhealthy allegiance to Steve Jobs, and I do not wait outside at midnight to get the latest Apple device. I like Apple because it provides many things I have wanted and did not get with a Windows machine. But I also hammer the hell out of my devices too. I use them all the time, to code, to develop, to play and to browse the web. So I do demand a lot from my devices. And Apple has always been good to me. However, I do not ignore the Microsoft patterns either. As I type this, I have a VM for Windows 7 running (and a VM with CentOS running too).

One thing I think that has been missing, is being able to move from device to device and keep everything without having to re-sync all the time. This is not just music and apps, but documents, and flowcharts, and other items. Now I will want to see how iCloud addresses this problem. It seems to be pretty good. But only time will tell if Apple hit the nail on the head with this one, or if it hit its thumb like it did with MobileMe.

SOAP Server and Client, now with WSDL part 2

Now here is the part where I give the example files. After we have planned the application functions, we need to figure out what we are going to return to the client. This is going to be a standard array with at least two levels: The Response array and the Data array. It will look similar to this:

Array
(
    [responseMsg] => Array
        (
            [status] => ok
            [message] => Service call was successful
        )
    [allColors] => Array
        (
            [0] => blue
            [1] => green
            [2] => black
            [3] => white
            [4] => yellow
            [5] => red
            [6] => beige
        )
)

Now that we have the basic idea, we need to create the WSDL file. Remember, it is very important to think of WSDL files as of reading from bottom to top. The final WSDl file is located here. Here is the basic idea of the WSDL file I created (going from the bottom to the top):

  1. Service: This houses the binding, the location, the port, and the name.
  2. Binding: This houses the functions that will be exposed, the operation and the input and output encoding. Most of the time these will be similar with only the names being different.
  3. Port Type: Here is where I define the operations and the input/output definitions
  4. Message: These are individual nodes for the Request and Response messages for all functions. These will usually have two message nodes per function, and they will define the structure for each action
  5. Types: This defines each structure that has been mentioned in the Message and any subsequent structures that have to be defined. This is usually the area where most struggles occur.
    • This structure will be encompassed by schema target namespace
    • Import the XML namespaces to help build the structures in the reasponse
    • For each complex type, it should either mention a specific data type (xsd:), or a new defined structure (tns:)
    • Each structure that is an array should be defined as a SOAP-ENC:Array with a wsdl:arrayType parameter

So that is the WSDL. The one I have created defines the 2 functions, the input, the output, and the structure of each. Now we can move on to the Server code.
Continue reading SOAP Server and Client, now with WSDL part 2

Count the Number of Cakes – Finding complex results with CakePHP

CakePHP offers a good selection of tools to help you retrieve the data. Recently, I came into a situation where I needed to find and paginate results based on a single, distinct column in the table. Distinct data can be tricky, especially if the tools do not allow you to select the distinct based on a column. Distinct will check all columns returned, and coupling in time stamps, 99% of the time all rows will be distinct. So how do you grab the data? Well, first lets examine the sample data that is needed to be extracted first.

The sample data is in a MS SQL Server database. The table contains a record ID, title id, author id, genre, type, last check out date, and edit date. It is possible to have duplicate title, author IDs in the table. We need to extract all DISTINCT title IDs, along with the other information listed where the type is not a paperback, and provide a paginated list. I am sure this would be better architected if needed in the real world. Paginate will only get us so far, as this would only show all records.

class BooksController extends AppController {
    var $paginate = array(
        'order'        => array('Book.id' => 'desc'),
        'fields'    => array('Book.id', 'Book.title_id', 'Book.author_id', 'Book.genre_id', 'Book.type', 'Book.check_date', 'Book.edit_date'),
        'limit'        => 15,
    );
    . . . 
    function index(){
        $this->set('hardback_books', $this->paginate());
    }
}

We need to use more to build a conditional query so the paginate will query against this. We can use CakePHP’s data source to help in this. Now, we could also just write this query out ourselves, but this is helpful to know so when you have to build sub-queries for other items. All data is in MS SQL Server, and we can use normal SQL expressions, but we need to grab DISTINCT data, which goes by rows, not columns, which means we will need to do 2 sub-queries in addition to the main one. So we first need to grab a list of the TOP 1 items. This will be our inner query.

        SELECT TOP 1 * 
        FROM [books] AS [bk_inner] 
        WHERE 
            [bk_inner].[title_id] = [Book].[title_id] 
            AND 
            [bk_inner].[type] <> 'paperback' 

Next, we need to encapsulate that query with an outer one that will select all items which match up to the main query ID.

    SELECT * FROM 
    (
        SELECT TOP 1 * 
        FROM [books] AS [bk_inner] 
        WHERE 
            [bk_inner].[title_id] = [Book].[title_id] 
            AND 
            [bk_inner].[type] <> 'paperback' 
    ) AS [bk_outer] 
    WHERE bk_outer.[title_id] = Book.[title_id] 

So we have the queries, and it needs the main query needs to constrain the results that exists in the sub-queries.

SELECT TOP 15 
    [Book].[id],
    [Book].[title_id], 
    [Book].[author_id], 
    [Book].[genre_id], 
    [Book].[type],
    CONVERT(VARCHAR(20), [Book].[check_date], 20)
    CONVERT(VARCHAR(20), [Book].[edit_date], 20)
FROM [books] AS [Book] 
WHERE EXISTS 
(
    SELECT * FROM 
    (
        SELECT TOP 1 * 
        FROM [books] AS [bk_inner] 
        WHERE 
            [bk_inner].[title_id] = [Book].[title_id] 
            AND 
            [bk_inner].[type] <> 'paperback' 
    ) AS [bk_outer] 
    WHERE bk_outer.[title_id] = Book.[title_id] 
) 
ORDER BY [Book].[id] desc

We have the final full query. Now how do we get that? First, we need to invoke the getDataSource() method.

class Book extends AppModel {
    . . . 
    function getHardbackBooks(){
        $dbo = $this->getDataSource();

Next we need to use the buildStatement() to build each statement. Since CakePHP will build a sub query with this, we have to do this twice: once for the inner query, and once for the outer query. The “table” for subquery2 will actually be subquery1, so we need to add that as a “table” in the array.

$subquery1 = $dbo->buildStatement(
	array(
		'fields' => array('TOP 1 *'),
        'table' => $dbo->fullTableName($this),
        'alias' => 'bk_inner',
        'limit' => null,
        'offset' => null,
        'joins' => array(),
        'conditions' => 'bk_inner.title_id = Book.title_id AND bk_inner.type <> \'paperback\'',
        'order' => null,
        'group' => null
	
	),
	$this
);

$subQuery2 = $dbo->buildStatement(
    array(
        'fields' => array('*'),
        'table' => '(' . $subquery1 . ')',
        'alias' => 'bk_outer',
        'limit' => null,
        'offset' => null,
        'joins' => array(),
        'conditions' => 'bk_outer.[title_id] = Book.[title_id]',
        'order' => null,
        'group' => null
    ),
    $this
);

Now, we need to make sure we add an EXISTS:

$subQuery = ' EXISTS (' . $subQuery2 . ') ';
return $subQuery;

Return the data from the model to the controller. In the controller function we need to add a new condition to the paginate. In the conditions, we do not need to use a paired item value to set it, we can use the straight SQL returned from the model.

class BooksController extends AppController {
    var $paginate = array(
        'order'        => array('Book.id' => 'desc'),
        'fields'    => array('Book.id', 'Book.title_id', 'Book.author_id', 'Book.genre_id', 'Book.type', 'Book.check_date', 'Book.edit_date'),
        'limit'        => 15,
    );
    . . . 
    function index(){
        $data = $this->Book->getHardbackBooks(); 
        // Set to the paginate object conditions
        $this->paginate['conditions'] = array($data);
        $this->set('hardback_books', $this->paginate());
    }
}

And it returns the items based on the paginate parameters, ready to use in the view. It provides a DISTINCT list. And yes, I know I used more than 400 words in this one. It was closer to 500 without the code. Oh well, maybe tomorrow will be shorter.

You Did What?

Today’s topic is kind of short, but a very important one. If you are not living under a rock, then you know about Sony’s problem with their Playstation online services getting hacked and being down for some time. A new concern now is that this has exposed the credit card numbers of the membership. Something that can definitely cost some good will and trust. However, Sony is a major corporation, and can recover from this. Can your business, if something like this were to happen?

I still see multiple instances of applications (And not just PHP applications) where carelessness has overtaken common sense. The web is no longer just a set of reading materials. It is now more than that with interactive applications and a flow of data that travels in all directions. So why is it that a huge problem is a lack of security for this interaction? The biggest thing I still see is with forms. Multiple sites ask to sign up for something, like a list, and email notification, account to get in to the site, etc. And one of the most powerful things today is information. And this does not mean just credit cards and government identification numbers. These can include names, emails, addresses, cities, passwords, secret phrases for confirmation, etc. Harvesting this can lead to identity fraud, selling to spam lists, etc. Secure your forms! It does not take much time, and can pay off, especially for the small businesses who will not have the money or name recognition of the larger corporations.

Easier said than done, I suspect some are saying. Well, yes and no. This should not be an after thought it should be first. In the PHP language, functions exist to help in this. Some ideas for securing forms: mysql_real_escape_string, pg_escape_string. In fact, if you are using PHP, then make sure to understand the different options available for your database.

That is not all though. You should also use a parametrized approach for inserts and updates. A quick example of this:

$sql = "UPDATE sometable SET somefield = ? WHERE value=?";
$parameters = array($_POST['data1'], $_POST['data2']); 
$dbo->query($sql, $parameters);

Now that was not too hard was it? However, security is not something to pass over. You should understand what data you are collecting, and validate the data, and then securely save the data. Validating it can be as easy as making sure it is an integer value, email, certain number of characters. Items like that can go a long way to verify what you are getting is what you need, and will not harm your application. For example, if a form had a field for first name, last name, country, email address, you can safely validate those fields. First name, last name should only be characters. Those fields should not have special characters, numbers, etc. Email address should be validated against a regular formed email address. You can even go one step further to verify it is a valid email address and exists somewhere out in the cloud.

Big lesson though, secure the data. Secure your application. Do not let a shortcut become your Sony Playstation meltdown.

Ideas for the Social Leper

What
image courtesy of Ducklips Photo

Social networking, check-ins, friending, linking-in, and other items have made for an interesting world. Some people may see this as a purely consumer/individual niche, with only the younger crowd getting into this new fangled technology. The internet has been around for a while and people sometimes have a hard time seeing how these new social areas can have any meaning to the world. Good or Bad, these items are here to stay, and eventually evolve. Today we know of things like Foursquare, Facebook, LinkedIn, Twitter, StumbleUpon, and others to help us keep in touch with everyone, even people who are not really our friends.

But how can businesses take advantage of this? Some have tried, some have succeeded, some have failed. And still some, are reluctant to try this. One of the cases I saw with this I could not believe they were using social media this way to do a marketing campaign. As I always say, I am no marketing genius, but I do feel I know technology. This company had a product that they would market. They had a specific site set up for this product, and would try to highlight the different parts of this product. When it came to social media, the message was always the same. No matter which portion of this product was being showcased, the same message was being done on the social media outlets. And I am not talking about the same idea being conveyed, or the same thought. I am saying the exact same verbiage, for each time it hit the social sphere would be the same. I equated that to social spamming.

All Alone
image courtesy of Ducklips Photo

Imagine being around a person who said the same thing every time you saw this person. No matter what the conversation was, no matter what events were happening, this person would say the exact same thing every time you were around this person. Would you be excited to see this person? Would you start to ignore this person? And that is what one really needs to ask in these situations. I am sure we all have our “friends” (using Facebook) that we read their posts and just think, “I should hide their posts because they are annoying”. Or they just get thrown into the friend dumpster.

But this group looked at social media as another billboard, another TV spot, another magazine ad. And is that what social media is really is? Of course not. It is a chance that businesses can actually interact with their consumers. Years ago, the big push was to create sort of a “symbiotic” relationship with the supply chain, including distributors, suppliers, retailers, etc. This even extended to a certain extent for competition. Now businesses have a way to create that same relationship with the people who actually pay for the goods and services. And some companies would prefer to just treat this avenue as another billboard. Why would they think that would engage the targeted audience? Does anyone, besides children, get excited to see tons of pretty colors and the same message constantly? It is time to start interacting with the consumers to build those relationships. It is possible, and no matter what the product is, it can be done.

The Pet Rock
(image from wikipedia)

Anyone remember the pet rock? It was a freakin rock! Something you can pick up in the backyard. Yet people would buy these things. It was the way it was marketed. I am sure they did not just market it by promoting a purchase of an ordinary rock from the ground. It was marketed as a real pet, filled with funny play on words and relating it to a real pet. It came with a full instruction manual, and a box that looked like a pet carrier. But at the heart of the product, it was a rock. Most products have a lot more functionality than a rock, and fail. It is the message. Using social media should be the same. Interact with the consumers, build that relationship, and have them interact with the company. Sure, some people will be rude, and even try to degrade the company. Build the positive voice, and keep the engagement alive!

Have Your Cake and Eat It Too

CakePHP is one of those frameworks where it is easy to set up and get an application running in a minimal amount of time. It provides different securities, helps, and functions in the framework so that your application can run smoothly and be safe. As with all applications, the level of security and functionality depends on the developer, not the code, not the language, not the database. An application is only as secure, functional and reliable as the person/team who is coding it. One of the reasons I do like Cake is that the built in security and helpers offer a developer a great way to secure data, validate it, and display it. And that can also be one of the more trickier parts of getting the application to work correctly, finding the data to do something with it.

CakePHP
CakePHP

CakePHP provides some functionality for finding the data, this is done using the “find” method. You can read more about this at the Cookbook. Using this, one can grab data from many different tables if needed, or just one table. For this exercise, I am going to use dummy data to show how to find data, using simplistic finds, and using joins, and sub-queries. So first lets examine the data tables. Not all of these are going to be connected. This is a very simplistic, quickly drawn up solution to a lending library

Sample Tables
Sample Tables

Continue reading Have Your Cake and Eat It Too