Recent Blog Posts
Blogs ยป Archive for December, 2004
Obligatory sales forecasts for 2005, 100% guaranteed to come true
Here they are, your 100% guaranteed sales and marketing predications for 2005:
1. Those of you who make marketing a top priority will do better than those who don’t - regardless of design or development talent.
2. Those of you who target a defined niche market will do better than those who don’t.
3. Those of you who know how to communicate your VALUE to clients, and price accordingly, will do better than those who base their pricing on time and tasks alone.
4. Those of you who develop strong business relationships with clients will succeed and get rave reviews and referrals.
5. Those of you who delight clients with outstanding service, project management, and a focus on business results will also get rave reviews and referrals — and more long-term work.
6. Those of you who use web design to focus on business results will do better than those who focus on design for awards and design’s sake.
7. Those of you who find leverage through other people, resellable products and templates, and business systems will generate more income than those who trade their time for dollars.
8. Those of you who develop systems to follow up with prospects over time will be the first people that …
Server Side Spam Control
I wrote earlier in the year of my migration from Sendmail to QMail - and have never looked back. I am happily blocking a multitude of IP addresses and blocks, and in conjunction with SpamAssassin have vastly reduced the amount of spam I and my clients have to wrestle with.
My situtation is slightly different from that of web host, as outside of my research work I remotely manage web and other servers for clients (i.e. numerous servers for unrelated companies generally on their own premises or data centers). Outside of a handful among them running Lotus Domino or Microsoft Exchange servers using native SMTP, the majority have migrated to QMail as their MTA.
The configuration for my own servers and those of some of my clients is a package that includes POP and SMTP - using QMail, vpopmail, QmailAdmin, spamassassin and some more.
I particularly like the ease of blocking IPs in Qmail, however, I wanted to end the year with some links to well written how-to’s for the most popular MTAs.
Postfix - http://www.postfix.org/spam.html
Qmail - http://www.chrishardie.com/tech/qmail/qmail-antispam.html
Sendmail - http://www.sendmail.org/m4/anti_spam.html
Anti-Phishing Toolbar
Interesting tidbit that was Slashdotted earlier - Netcraft has released an anti-phishing toolbar that leverages the enormous database of web sites the organization manages.
It allows for reporting of fraudulent sites (which are reviewed by Netcraft prior to inclusion into a databases tracking phishers).
A Firefox version is under development, so it is only available for IE right now. I may just have to fire up Virtual PC and check it out.
They are offering to private label the toolbar for interested companies who want to distribute it under their own brand (I am sure for a cost).
PHP Predictions for 2005
Well the year’s almost done. I was planning a look back over 2004 but… time and motivation have failed to coincide.
2004 in short: probably the two most significant events were the release of PHP5 last July and the arrival of Planet PHP, back in January, more as a symbol of blogging becoming mainstream in the PHP community. Otherwise it just kept on storming up that hill.
Update: completely forgot (it’s been a year). There’s Derick’s entertaining (and no doubt controversial) summary to come (thanks for the reminder). As a taster, here’s 2003 and 2002.
Far more fun is taking some wild stabs at 2005…
- With the release of 5.0.6 in… July 2005, PHP5 will start making its presence really felt, rolling its way out to web hosts while better known PHP applications will start taking advantage of PHP5 specific functionality.
- Of the thirteen new reserved words added by PHP5, anecdotal evidence will suggest that no more than half are being used in the real world.
- In January 2005 PHP will win an award as “Programming Language of the Year, 2004″
- The Holy Wars between the dynamic four (Perl, Python, PHP and Ruby) will finally dry up and developers from all four communities …
From FTP to sFTP with MindTerm
I have been exploring a neat little Java-based tool called MindTerm that can act as an ftp proxy as well as an SSH client.
While I am glued solidly to using the Terminal utility in OS X (and FTPeel for FTP tasks), I do like the MindTerm ssh client and proxy capabilities. More importantly though, it can be used an a standalone applet or as a library within another web or desktop application.
The key factor to me is its ability to act as an ftp proxy, allowing standard ftp usage from the desktop which is routed over an ssh connection. In essence one launches the applet, connects to a host, minimizes MindTerm and then launches their ftp client. Within the ftp client the host is changed to 127.0.0.1:21 and an ftp session is routed over the previously established ssh connection.
The product is open source and available for free limited commercial use for 100 users or less. Larger site implementations may incur costs. The company, AppGate Network Security, also offers some OEM licensing for those seeking large scale distributions of products with the MindTerm library embedded.
A 40-10 rule for wealth and making a difference
With the recent earthquake/tsunamis it is hard to write about anything meaningful about selling Web services, and for sure our prayers go out to anyone touched by this disaster.
The closest tangent that comes to mind — appropriate or not — is how we spend the money we make from our business. In business school, a bunch of students made a pledge to stick to the 50-40-10 rule, which goes something like this:
Whatever you earn:
- Do your best to live on half, even if it means living simply and not “keeping up with the Jones.” Keep your expenses low.
- Save 40% for the future: emergencies, education, retirement, etc.
- Give 10% away to those less fortunate or causes that help them out.
It takes discipline and a sense of gratitude to follow this rule, especially as we get older and our expectations tend to rise. But it is worth consideration, as it could make a meaningful difference to yourself, your family, and those in need.
Is anyone successfully following this guideline, or something close? Please share.
Prototypes
Just dumping a few links to some prototype Open Source projects I’ve run into recently, which are notable both because they’re pushing the frontiers and because looking at the code gives cause for optimism.
PHPRestSQL
http://phprestsql.sourceforge.net/ - publish your MySQL database directly via PHP as XML, with nice friendly URLs (although can we eliminate the ‘?’).
Initial issues that spring to my mind here, without having looked too deeply
- paged result sets? Without them what happens when you have many rows…
- tag naming. Do we want tags called ‘table’ and ‘row’. Keith recently raised what may be a related question here - replace ‘table’ with the plural (e.g. ‘users’) and ‘row’ with the singular (e.g. ‘user’)?
Qwad Framework
http://www.qwad.com.au/code/doku.php?id=qwad_framework - “The QWAD Framework aims to make development of Rich Internet Applications much easier. It is possible to create cross-browser web applications that provide the Rich GUI Functionality users expect from a desktop application.” I know there’s a few Javascript windowing libraries out there but the code here makes me optimistic plus I’m biased as some of the xamples use JPSpan.
xulRecordSet
http://xulrecordset.sourceforge.net/ - “xulRecordset is a project to create XUL widget library with a recordset behaviour.”. What’s cool about this is the way it uses XBL to …
Comment Spam Compiled and Interpreted
Following on from Automated Blog Comment Spam? and the feedback (many thanks), figured I’d compile (and interpret) some of it into something more ordered.
Gnomes or Robots?
The answer to who (or what) is posting comment spam seems to be both sad gnomes with little life and automated scripts / programs. Given that being the case, the conclusion I still have is different approaches are required if we want to prevent human submitted spam vs. script submitted spam (emphasis on the prevent - see “Remove the Incentive” below).
Have yet to find any hard figures but I also imagine the more serious problem is spam automation, based on anecdotal evidence related to attacks on some of the well known blogging apps as well as solutions people have adopted which had a dramatic effect on reducing spam. Obviously any automated process is capable of generating quantities vastly greater than anything possible via manual data entry.
No Bars to Legitimate Use
…or the “Accessibility Curse”. There seems to be a general agreement that posting a comment on a blog must be easy for legitimate users. In fact the ideal scenario is legitimate users should not be impacted at all by whatever spam protection mechanisms are in place.
Some …
PHP5 and MySQL E-Commerce
December often provides a little extra time to catch up on my reading, and one of those books this year is the new Beginning PHP5 and MySQL e-Commerce (Apress) by Cristian Darie and Mihai Bucica.
Being in the process of moving some development systems to PHP 5, I have been soaking up texts on what’s new with PHP5 as it interacts with Apache, MySQL and the rest of the Linux and Mac OS X atmosphere. This work fit right in, and also serves as a fantastic primer for anyone joining the fray in designing and developing online commerce solutions.
Darie and Bucica are directly addressing the newer and intermediate PHP programmer with their effort - a fairly substantial audience. Probably the single best accomplishment in this book is prepping the developer with some foundation theory on e-commerce architecture as well as a brief but excellent primer on project management as an appendix.
The presentation of a three-tier architecture of presentation, business and data layers offers a concise platform roadmap, especially for new developers, to start on the right footing. While there may be many approaches to architecting a web application — this method works well for online store solutions …
PHP Worms: Santy / Perl.PhpInclude - ModSecurity
Looks like someone’s finally got nasty, in writing code which targets potential mistakes people often make with PHP. Although you may be on holiday, recommend giving these some thought at least and, if in doubt, do what Christian as done and take it offline until you’ve got time to deal with it.
Santy
Hopefully you’ve already picked this up but if you’re using phpBB, you should to upgrade to 2.0.11 (see the announcement).
The reason? The Santy Worm. This one even made the BBC’s website (ironically, probably the first time for PHP or a PHP app).
There’s been some confusion surrounding Santy, such as this announcement, which suggests the worm exploits a vulnerability in PHP itself. Derick cleared this up here - phpBB was also exposed to a problem with PHP’s unserialize() function (fixed in the latest PHP release) but this was not what the worm uses. Ilia discusses the unserialize() vulns here.
The most considered and up-to-date information I’ve found so far is available here. There’s now more than one version of the worm out there and the latest, Santy.e, also being called the Perl.PhpInclude.Worm (it’s apparently not related to Santy).
Perl.PhpInclude
The Perl.PhpInclude.Worm seems to exploit a common potential vulnerability / mistake, which I described …
Sponsored Links
Logo Design, Web page Design and more!
- Custom logo designs created ‘just for you’.
- Pick the design you like best.
- Only pay if you’re satisfied with the result.
SitePoint Kits
Download sample chapters of any of our popular kits.
The Search Engine Marketing Kit, 2.0
The Web Design Business Kit 2.0
The Email Marketing Kit
The Usability Kit
SitePoint Books
Download sample chapters of any of our popular books.