Submitted by Damien on
After having developed in PHP for many years I've realized that the two most important things a developer can do are:
error_reporting(E_ALL)Those two simple changes will greatly help reduce problems in your code. Now to just get all OSS developers to do the same...
Submitted by Damien on
Note: I'm not going to finish this article as ultimately I ran into problems with Cygwin so migrated to running all Windows-native tasks. Still, in its raw state someone might find some use out of it.
Web development is an interesting field. Many of the technologies you try or wish to use work best with a specific requirement, for example despite attempts to the contrary ASP simply works best on Windows with IIS. Another example of this notion that has become rather common of late is that Ruby on Rails and its related tools really work best on UNIX-like operating systems and doesn't work as well on Windows.
For those "stuck" with Windows for their production web serving there is, however, a work-around called Cygwin, a UNIX compatiblity layer for Windows that has been around since the mid 90's so is very mature and well supported. Cygwin provides the best of both the UNIX world with a robust platform for running many UNIX-only tools, while still providing the Windows foundation which is often needed for e.g. proprietary database drivers. Read on as a give a full list of what you need to install, and how to configure, all of the tools necessary for a pretty comprehensive web development production environment.
Installing Cygwin
The first step is to obtain the Cygwin installer executable from cygwin.com. Run the cygwin.exe program when you download it and you'll see something like the following:
Following through the prompts you'll want to first "Install from Internet" to download all of the required files and install them immediately. On the next screen you'll pick where to install Cygwin, whether to install it for all users or just yourself and whether to make data files use the UNIX or DOS/Windows format - I only ever change the directory path and leave the others at the defaults; the next screen asks where you want to keep the downloaded files, I recommend a sub-directory of where you're installing the main Cygwin system, just to keep them close at hand. The next two screens will ask for your network settings (most people can leave the defaults) and then to pick the Cygwin server to obtain all of the files from - I suggest going through the list and trying some to see how fast they are before picking a favorite.
The next screen is where all the fun is - you get to pick what software to install. I recommend clicking the "View" button to make the list change to a plain list of all of the available software, and maximizing the window, as it can be confusing to work out what category certain apps are in.
Here are the packages we are going to need, besides the basics:
SSH:
ssh-host-config -y
Give a password
ntsec tty
FreeImage:
make -f Makefile.cygwin
make -f Makefile.cygwin install
PHP
Apache
Ruby on Rails
ruby installed via cygwin
download rubygems
ruby setup.rb
extras:
gem install --remote --include-dependencies rails
gem install --remote --include-dependencies mongrel
gem install --remote --include-dependencies mongrel_cluster
gem install --remote --include-dependencies capistrano
gem install --remote --include-dependencies image_science
gem install --remote --include-dependencies hpricot
GCC
Subversion
FreeImage
ColdFusion
MySQL
SQL Server
http://brantinteractive.com/index.php/?p=47
dmckenna@websrv /home/dmckenna/ruby-dbi
$ mkdir /lib/ruby/site_ruby/1.8/DBDdmckenna@websrv /home/dmckenna/ruby-dbi
$ mkdir /lib/ruby/site_ruby/1.8/DBD/ADOdmckenna@websrv /home/dmckenna/ruby-dbi
$ cp lib/dbd/ADO.rb /lib/ruby/site_ruby/1.8/DBD/ADO
http://substantiality.net/articles/2006/10/19/mssqlclient-gem-now-available
Submitted by Damien on
The project management tool activeCollab, previously mentioned here, has just announced their pricing structure for the forthcoming v1.0 release. The key point you'll notice is that they're no longer going to have a free or open-source version available, instead they're pushing their paid releases while they "keep [the old version] 0.7.1 around." There will be two versions available, a "small biz" release for $199 that doesn't have the calendar, trouble tickets, time tracking or static pages, and a $399 version that has these. At this news I'm even more satisfied in my choice to move all my work to using Redmine.
Submitted by Damien on
phpBB, the open-source PHP forum application that seems to be responsible for more server security breaches than anything else, has hit a major milestone with the first release candidate of the forthcoming v3.0 release. In the v3 new features / improvements list it is good to see that security is highlighted as a core aspect of the improved version, so here's hoping it can get back its history as a running joke with web developers.
Submitted by Damien on
A thread came up on Slashdot today about the security problems of PHP and software written using it. Given that this is as much of a major problem today as it was five years ago when version 4 was released (that was supposed to start fixing the security problems), and given how bad most PHP code still is today, I added in my own $0.02:
From my experience the main cause of insecure PHP software is developers not turning the error validation to the highest during development, so when an unsuspecting user downloads the software little do they know that their system can and often is wide open to stupid bugs and security problems. When you leave error_reporting to the default setting you miss lots of important details, like array keys being passed as constants, variables being referenced before they're created (especially with arrays), incorrect return types, etc, etc, yet people wonder why their code is so buggy? I was installing vtiger, which is a pretty comprehensive CRM that has lots of potential to hit it big, the other night for a client and was slamming my had against the wall at the sheer number of stupid syntax bugs that were in the system.
How many programs out there tell you to turn on the old register_globals that everyone knew was a huge security problem?
How many programs tell you to turn down the error_reporting level to hide their development incompetence?
I was actually considering starting a movement to have the PHP community clean up their act, we'll see if its still needed after the dust settles from this.
Personally I think that with PHP 5 they should have stopped supporting deprecated coding practices, like accepting invalid variables and invalid array keys, so that this stupidity could finally stop.
That's why I don't do much with PHP anymore, a large portion of the open source projects that clients want you to "make work" are riddled with utterly stupid mistakes that you spend days if not weeks cleaning it up before you can actually start doing any work.
(affiliate link)