Saturday, August 11, 2007

Leaking PHP all over the place... don't they have a pill for that?

Facebook has a code leak, or at least it did for several hours due to a server being misconfigured. Facebook, like a lot of other Web 2.0 sites use PHP. PHP not being a compiled language sits in source code form on the server waiting to be interpreted instead of executed like the output of other languages (C++ for example)... which means that if you can get the web server to not interpret the code before serving it or you can get into the web root by some other means outside the the web server (FTP, remote terminal, etc.), you can view all the source code.... the "secret sauce" is out!

Luckily, there are some simple rules of thumb and settings that can stop this from happening. A good blog post to read on the subject was written by Nic Cubrilovic over at his blog.

Some folks have done a quick critique on the released code. For me personally, it's nice to get confirmation that a big site like Facebook is also using the Smarty template engine. They don't seem to be as object oriented as my code though... I wonder if this is intentional, for speed perhaps, or just a legacy framework that never was updated?

Don't let PHP leakage happen to you.

Sunday, August 5, 2007

The correct way to embed Adobe Flash in your web page... again

I previously posted about a neat little JavaScript library called SWFObject. This wonderful little library easily gets you around the Internet Explorer activation control issue. In doing some work for Company X, I found that though SWFObject works under normal conditions, it didn't seem to work when made part of our larger JavaScript framework. I suspect it has something to do with doing DOM modifications after the page has rendered. I looked around and found another library, UFO.

UFO stands for Unobtrusive Flash Objects and is another free (under the creative commons GNU LGPL license) JavaScript library for embedding Flash in web pages. It seems to be well supported (currently it's on version 3.22) and it's just as flexible and easy to use as SWFObject. It's slightly larger that SWFObject, so my advice is to choose the one that works best for your project. My thanks to UFO's author, Bobby van der Sluis, and his employer Refunk for allowing him to work on it during work hours!

Flash Activation Workaround (UFO): $0

Total cost of project to date: $59.99

Friday, August 3, 2007

No trip to San Francisco this year.

The email came in at 7pm... I knew it would... I was not selected to present at TechCrunch20. I do love San Francisco, Kitten and I fell in love there. It really would have been grand.

I'm not quite ready to let the cat out of the bag as to what exactly I'm building, but here are a few questions and answers from my "Presenting Company Submission Form":

Company name:
Web site:
Date founded: June 21, 2007
Number of employees: 2 (me and Kitten)
Money raised to date / investors: $0

Was I too honest? Did my application really get through to Heather? Was my penmanship too sloppy? Too bad I didn't get any feedback from the judges.... I'm sure MC Hammer is a busy guy.

I was, along with all the other non-finalists, offered to demo at the "Start-Up DemoPit" if I shelled out $1247.50 for two tickets to the conference. I've only spent $59.99 on this project so far, so I'm not ready to drop that kind of dough quite yet. Maybe next year, if I haven't already sold for ONE BILLION DOLLARS (stop laughing, it could happen).

Tuesday, July 31, 2007

The correct way to embed Adobe Flash in your web page

One of my pet peeves is when I go to a "professionally designed" website and there is that annoying outline around their embedded Adobe Flash objects. This only effects Internet Explorer (of which only about 88.66% of you) due to a process called "Activating an ActiveX Control's Interface" which was added to IE 6 in response to loosing a patent lawsuit with a Eolas (Eolas seems to me to be one of those companies that does nothing but patent ideas and then sit on them until they can sue... a prime example of what's wrong with the patent system in the United States). Essentially, it means that you can no longer use the APPLET, OBJECT or EMBED tag on a web page if you expect your user to interact with that control unless the user "Activates" it my clicking on it. But there is a work around, use JavaScript to embed your control instead of HTML. A pain in the butt, but it works.

Luckily there is SWFObject, a nice little JavaScript file that makes embedding Adobe Flash (the most common ActiveX control in world) easy. You include swfobject.js, create a DIV where the flash should be shown and then create SWFObject object with a few parameters (location of the .swf file, size, frame rate, etc.).

I know a lot of websites are created by designers on using the Mac... which means they usually test their websites on either FireFox or Safari. But, please, please, please be considerate of the other 88% of us and use SWFObject for your embedded flash.

Flash Activation Workaround (SWFObject): $0

Total cost of project to date: $59.99

Monday, July 30, 2007

Yikes, competition! Where did that come from?!?!

I was watching CNBC today when a story came up about a couple of Web 2.0 companies... the first is a well established company (you have all heard of this company) that I've viewed as competition for my current project and the second is a new one that I hadn't heard of. When I conceived of my project, many years ago, there was definitely no competition. Now, in seeing that there is some competition, I was confident that my novel slant on this area would perhaps not blow the competition out of the water, but at least give me a fighting chance to create and capture my own niche. Company number two is doing exactly what I was going to offer... Damn it!

I supposed ignorance is bliss, but that is no excuse for keeping my head so down into the code that I am not aware of others in the field. I thought I had identified all the possible competitors until this one came out of nowhere.... they are VC funded, been around for several years and have a product that they are actively selling. They were even mentioned on Techcrunch in April (I must have skipped that day, sorry Michael!)...

I heard that if you have an idea, 5 others in the world also have that same idea, it's simply up to you to decide to run with it or not. Maybe I should had run with this idea six years ago when I first wrote it down instead of continuing to struggle with Company X?

Fear not, my loyal readers. I've learned a few things from Company X; competition can catch up fast and a CNBC mention does not make a company golden. And after doing the most minimal research on this company's web site, I can already see that they have expenses in body count and infrastructure that I'm hoping to avoid and still provide world class service. I've also got some ideas on how users interact with my product and a different focus of what the product accomplishes that they haven't touched on... yet. Unlike six years ago, I'm a veteran of small company strategy, finance, marketing and have the wounds to prove it.... just ask my wife, Kitten.

I think I'll post a question for my friends over at Found+READ and see if anyone has some advice on keeping my paper bag covered head held high. I just hope the folks over at TechCrunch20 don't have a memory that goes all the way back to April (that's centuries ago in Internet time, right?).

Friday, July 27, 2007

YUI for that Web 2.0 interface

The big buzz these days is about AJAX. You constantly see press AJAX enabled site that does this and does that... but AJAX is really only a way of getting data back and forth between your browser and the web server without having to refresh the page every time... what really gets people excited is how that data is displayed with interactive controls. Just as I felt it necessary to spend "Big Bucks" on the design of my site it seems that having these interactive controls is the user perception threshold that is required to truly be a well regarded Web 2.0 site.

For "Company X" I looked at using ASP.NET AJAX (formerly codenamed Atlas), being a C# Microsoft .NET shop it was a pretty logical choice. It's free (as long as you've already dropped the bucks to have IIS servers, .NET development environment tools, etc.) and is, even in it's current 1.0 version, an extremely full featured library with lots and lots of controls. The main idea of ASP.NET AJAX is to hide the dirty details of hooking up AJAX, JavaScript, DOM (Document Object Model) on multiple browser types from the programmer and make it seem just like plain old ASP.NET programming. I expect to see ASP.NET AJAX embedded into the next version of Visual Studio. But we are on a budget here, so what a poor PHP programmer to do?

I went to my handy Google Search box and typed in "AJAX interface library" and the first item on the list was the Yahoo! UI Library (YUI). The kind folks at the Yahoo! Development Network have release this library of cross browser compatible JavaScript controls (many of which work with AJAX methodology) under a BSD license... which means gives them some credit, but otherwise it's all yours to do with as you please.

Along with a bunch of base utility functions there are some great controls such as AutoComplete (a favorite among AJAX aficionados), Calendar and, my personal favorite, TabView. They also have a neat little app / control called Logger that allows you to put debug statements in your JavaScript and then watch them fire off in a floating control panel. Should be extremely useful for tracking down those inevitable JavaScript bugs.

Just for giggles I figured that if Yahoo was giving this out, their natural enemy must also have an offering. After look around a bit (I typed "google javascript UI" into Google) I found the Google Web Toolkit. It has many of the same features as YUI except that the AJAX part is already built out, but only for the Java language. So if you're doing your project under a Java server this toolkit might be more appropriate that YUI.

JavaScript UI Controls (Yahoo! UI Library): $0

Total cost of project to date: $59.99

Wednesday, July 25, 2007

Taking advantage of the Feebies!

I'm getting to the point with my project where I need to start testing the ability of my code to send of emails. I tried using the SMTP/POP3 services associated with my Gmail account, but I found it to be incompatible with both the native mail function and PEAR mail objects in PHP. What I needed was a mail server for my domain.

I originally thought about using EC2 (the Elastic Computing Cloud) from Amazon for hosting and I may still do so in that my architecture is designed to load balance out to child servers once a user logs into a main web server, but what I need right now is a cheep Linux web and mail server.... and I found it!

As you recall, I bought a template from for my project's look and feel. The email I received which explained how I could access the template I had purchased also listed some "bonus offers", including 1 year free hosting from After looking around the Globat site to get details on their capabilities I signed up using the coupon from Template Monster.

For security, in additional to a credit card, Globat uses a system where an automated system calls you up to confirm your phone number. You press a web form button and a voicemail robot calls you up 30 seconds later on the phone number you provided during registration and reads off a three digit code, you type that number in the web form and you are informed that your site will be provisioned very soon and that you'll be receiving an email with your new server information shortly. So I waited... and waited... and waited... finally I went to bed, assuming it would be provisioned overnight.

The next morning I woke up to find nothing. I opened a trouble ticket with Globat billing and soon received an email back saying that I would have to fax a copy of my credit card and drivers license to them. I thought my website was being provisioned, but I guess not. I faxed the front of my credit card and drivers license to the phone number provided. Meanwhile, I received a second email stating that in order to provision my website I would need to fax both the front AND BACK of my credit card and my drivers license to a completely different fax number. Now I was confused.... I was just about to fire off another email when, KABOOM, a email came in with my provisioning info (URLs, password, etc.).

So, besides the provisioning hoops they make you jump through, I have been pretty happy with their service. I don't have terminal access to the web server, but I can FTP and use their control panel to control my server (MySQL, email accounts, etc.) My only hiccup so far was finding out that they use port 587 instead of the standard port 25 for SMTP... I had to use their online chat system to speak to a help desk person to figure this out as this information is not mentioned anywhere in their FAQs or online help.

Web Hosting (1 year from $95.40 + $19.99 setup - coupon = $0

Total cost of project to date: $59.99

Wednesday, July 18, 2007

Who and how many are visiting from where?

Back in the good old days I bought a few Urchin licenses. It was fairly easy to setup and gave reports that you had to massage a bit to get the answers you needed. Urchin was purchased by Google in April of 2005 and was soon turned into Google Analytics. Google turned it into a free product (up to 5 million pageviews unless you have an active Google Adwords account, then it's unlimited pageviews).

The interface is now simple to use and you have to append just a few lines of JavaScript code to your webpages to get it started. I created two profiles, one for this blog and one for my project.

I highly recommend this to anyone who needs to know where their visitors are coming from and how many visitors your actually have... in other words, everybody should have this installed on their website.

Website Analytics (Google Analytics):$0

Total cost of project to date: $59.99

Friday, July 13, 2007

Big bucks on design!

You can have the most useful product in the world, but if your website looks like crap, people will devalue your service. That's why I decided to spend some big bucks on website design.

I've worked with a lot of design people over the years. It takes a special relationship to communicate what you want to a designer. No one comes to you with a blank slate and no one can read your mind. I've often found it useful to work with designers using the following steps:

1. Tell them about your product/service using lots of emotional terms

2. Show them a site that has the look and/or feel you're looking for

3. Once they deliver something, make sure your get all the source files

4. Redo the whole thing yourself

Now step 4 may seem a bit cynical, but in this high speed, immediate gratification world we live in, it is a total pain to call a design guy up and wait two days for a delivery just to make the smallest changes to your site. You should know how to graphically edit your site just like you can programmicly edit your source code. Why not just do it myself from the beginning if I'm going to redo everything? I've often found it easier to edit than create. I'm a whiz a photoshopping photos, but I couldn't draw a stick figure to save my life.

Which brings me to my latest find, Template Monster! I was reading TechCrunch and their little square sponsor banner caught my attention. I clicked through and signed up for a nice 15% discount due to it being their 5th year anniversary. Template Monsters has hundreds of pre-designed websites from dozens of professional designers. Many of the templates are ready to go for certain businesses (I saw a lot of nightclub and nail studio website templates for instance) with just changing the text... but I wanted one that I could manipulate for my idea.

I found it! Nice color scheme, sort of that Web 2.0 "jelly" look and lots and lots of white space for me to put my interface into. I threw it into my electronic shopping cart, but when I went to check out their system said my coupon was not longer good! I had just received it!

I went back into my email and, sure enough, the fine print said that the coupon was good from May 22nd to June 4th. Why in the world were they giving out coupons, especially through an expensive placement like TechCrunch, that are expired?

I'm not giving up my 15% discount, no sir-ee! I tried to use their chat system to speak with a support person... this went nowhere quick. The support chat operator threw me over to the billing chat operator who informed me that my coupon had expired (duh!) and then threw me back to the support operator who just ignored me. I decided that an email to billing and support at Template Monster with cc's to a couple of emails I had at TechCrunch (after all they were the ones advertising this discount which didn't exist anymore) was in order. A few hours later I received a now valid coupon from Ben Lee at Monster Templates. Thank you Ben!

Now I'll get to see how fun it is to try and get this material into Smarty templates.

Visual Design (Monster Templates): $52 ($61 - 15% Discount coupon)

Total cost of project to date: $59.99

Friday, July 6, 2007

Why are the simple things so hard?

I spent the last six days putting together my application for the TechCrunch20 conference.... massaging ever word to properly convey (in 500 words or less) my "Pitch"

Damn that's hard! As I have stated before, I'm not a writer, but I have found that once I get into the groove it's way too easy to keep going and going and going.... you get the idea. Trimming words to meet a 500 word maximum is really difficult to do, especially when it took such effort to get them out of me in the first place.

Is my idea terribly complex? No, not really. Is my idea revolutionary? I haven't seen anyone attempt it before and the few people I've shared it with seem impressed. Can I explain it in 500 words? Sure... but explaining something and truly conveying every special nuance are two different things: especially an idea you've had brewing around in your brain for the last five years.

The business model explanation section was easy. Competitive landscape too. "The one liner" kept throwing me for a loop because I kept coming up with one good "one liner" after another as I wrote the 500 word pitch. I'm definately going to need a good PR firm once this thing gets out of beta.

It's 11pm eastern on Friday night, the final due date for the application is at midnight (I assume pacific time, but I could not be sure). After having my loving wife (let's call here Kitten... I do!) gave it a once over, I draft a nice cover letter email, attach the application in word document form and send it off from my gmail account.

Ah, what a relief. A week of work accomplished and sent off to the benevolent folks at TechCrunch to consider... then, 30 seconds later, I get the following automated email response back from the TechCrunch email server:

This is an automatically generated Delivery Status

Delivery to the following recipient failed

Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 16): 554 The message was
rejected because it contains prohibited virus or spam content

What the hell!!!! Maybe their mail filter doesn't like .doc files generated by Google Docs? So I export the application document as a PDF, recreate my cover email and send it off. A minute later, BOOM, I get the same message back from their server. Could it be that they don't like attachments at all? I quickly copy the material from my document, paste it into yet another copy of my email cover letter and send that off. You guessed it, a minute latter I received the same error message.

Now I'm a be panicked / perturbed... so I write an email to that explains what I'm experiencing and asks for HELP!!!! I start scanning the TechCrunch blog to see if anyone else was experiencing the same issue when I get a letter from Heather Harde, the CEO of TechCrunch. She says that they haven't detected any errors with their email account, but since I was having issues I could send my entry directly to her email and she would be happy to confirm receipt. I'm saved!

I email the PDF version off to her... wait a white (biting my nails off) and then receive a email from her saying that she has received not just one, but three copies of my submission. Now, I can go to sleep.

Thank you Heather for diligently manning your post late on a Friday night.... This Unknown Founder is truly grateful.

Word Processing (Google Docs): $0
Email Service (gMail): $0

Total cost of project to date: $7.99

Sunday, July 1, 2007

TechCrunch wants me!

Okay, well not exclusively me... but they do want submissions from the best company's they can find to launch new products at their conference. And what can be newer than a company that just started a few days ago!

Thank goodness, TechCrunch specificly stated "no business-stage requirements". Innovation, I've got. A business model, I've got. Competitors? Sure, but that just shows that there is a market! Application due date is July 6th for the conference in September... Doah! Looks like The Unknown Founder (TUF) will be once again burning the midnight oil.

Tuesday, June 26, 2007

Smarty wasn't so hard...

Smarty is a template engine for PHP.

Smarty was relatively easy to install compared to PHP / MySQL without using WAMP. Luckily someone had already installed the package on Windows and there is a link to his instructions right at the top of the "Quick Install" page. My only issues were that the package came only in a tar file instead of a zip file (I found an open source product to open the tar files called 7-Zip) and the instructions for windows installation had a slight typo (the cache and compile directories were different in the demo than in the installation instructions).

I quickly read through the documentation. It seems pretty straight forward. I look forward to using Smarty for the presentation interface of my new site.

Template Engine (Smarty): $0

Total cost of project to date: $7.99

Monday, June 25, 2007

WAMP rocks!

I have now officially spent way too many hours trying to get PHP to talk to MySQL. I've read several "how to" (example) sites and I still get a bunch of errors that state that my extensions (which aren't on by default upon installation) can't be found. I've installed and uninstalled several times.... if I can't get the most simplistic things to run on an operating system I've very familiarity with, this exercise does not give me a warm fuzzy feeling about launching this thing on a Linux box. So I decided to go with WAMP.

For you unfamiliar with this, WAMP stands for Windows Apache, MySQL and PHP. It installs very nicely into a directory called wamp off the root of my C drive and with the exception of having to modify the httpd.conf file (I want Apache to run off port 8080 since I'm still running IIS on this box) it was ready to go. The only thing missing was the MySQL GUI tools which I prefer over SQLiteManager that comes bundled with WAMP.

Next I'm going to tackle Smarty and Zend Framework.

Saturday, June 23, 2007

The tools

I've been using Microsoft's programing and platform tools for many years. My previous start up (I'll refer to as "Company X") is completely based Microsoft technology (with the exception of some Flash on the front end). A small farm of Windows 2003 servers, running IIS .NET applications written in C# with a gigantic Microsoft SQL server behind the whole thing. This, along with bandwidth, costs us a small fortune in licenses. I've been thinking about getting my Microsoft Certified Professional Developer certification for years... I just wish I could get a bit of a kickback from them on the certification costs considering how many zillions of dollars I've made them over the years (Bill, are you listening!!!)

I'm not a stick in the mud, but I have to admit I have been a bit wary of "Open Source" tools over the years. I remember the good old days of trying to get a few programmers to work together without management. You got an interface only a geek could love written in code no one could read and God help you if you found a bug.

But since Microsoft ain't givin' it away, open source is the way to go. Let's just see how far I can stretch my Microsoft based technical skills before they snap.

I've chosen to write my application in PHP on an Apache web server with a MySQL back end. PHP seems very similar to "classic" Microsoft ASP pages and I've started to read about the Zend Framework that should remove spaghetti code from the start. I'm familiar enough with Apache to be able to configure it and get it up and running and MySQL has gone from a neat little toy to quite a powerful database. MySQL adding stored procedures as a feature on the 5.x pushed me over the edge on doubting this platform (sure the other fancy features like clusters, large scale database, monitoring tools, etc. are important... but if your database can't even create stored procedures then you are not a REAL development platform in my humble opinion).

I'm not quite ready to jump ship from my trusty Windows operating system quite yet. I have installed Apache, MySQL and PHP on my woefully underpowered home computer. Linux will have to wait until my brain stops throbbing.

Web Server (Apache): $0

Programing Language (PHP): $0

Database (MySQL - Community Version with GUI tools): $0

Total cost of project to date: $7.99

Friday, June 22, 2007

What's in a URL?

Okay, step one... choose a domain name. First of all let me say, I loath those swine who are sitting on millions of domain names that go to websites that show nothing but advertisements for other websites! (Of course, if you are one of those swine who happens to have a job opening for an entrepreneurial technologist drop me an email. You're probably making money hand over fist and can pay a nice salary for talent such as mine!)

After burning up and the WHOIS function at GoDaddy for a few hours, I finally came up with a name that sort of, in a Web 2.0 way, gives the feeling of what my service will offer.... of course I hate it, but all of the good names were taken. The .US domain names are good right? Worked for, right?

Domain name: $7.99

Total cost of project to date: $7.99

Okay, here are rules.

A few weeks ago I was reading a blog post by Guy Kawasaki entitled "By the Numbers: How I built a Web 2.0, User-Generated Content, Citizen Journalism, Long-Tail, Social Media Site for $12,107.09" and it really got me thinking.

If you read the article, a great deal of Guys expense was on "outside" profession services. $4,500 for software development, $4,824.14 in legal fees, $399 for a Logo and $1,115.05 in legal fees. I've had the honor of meeting Mr. Kawasaki a few times (though I'm sure my face is as recognizable to Guy as the paper bag my nome de plum wears) and his book "The Art of Start" is a must read for all you entrepreneurs out there. He dropped $12K on this little project of his, let's see if we can bring down the price tag even further.

So here are my rules.

1. Only work on this project during "off" hours - I'm currently gainfully employed by a company I co-founded in 1999. Over the years I have heard the horror stories of hardworking entrepreneurs who have had all kinds of legal trouble from former employers who claim that the intellectual property of the company that the entrepreneur created was on the former employers dime. A great article on this subject is "The Dangers of Moonlighting" at Found+Read. My current colleagues are the nicest of guys, but let's just say that every time we go out to lunch calculators are involved in divvying up the check. So rule number one means no working on this project for 9am to 5pm Monday through Friday... weekends, holidays and the wee hours of the morning are mine.

2. Only work with my own resources - Like only working on "off" hours, I will only work on equipment, services and licenses that I pay for out of my own pocket. That means working on my home computer (the under powered one that my wife uses for email and family photos and my daughter uses to watch Homestar Runner) instead of the fancy laptop that my work provides. I will not use my cell or office phone for calls related to this project. I will use the DSL line off my home phone line instead of the high speed cable modem that work reimburses me for.

3. I will Blog my progress - Every day that I work on this project, I will report my progress on this blog. This is a tough one! I don't consider myself a writer.... I've written a few patents (not exactly riveting material), technical specs and the occasional love letter to my dear wife, but nothing that has forced me to write every day. Please be kind to my ramblings!

4. I will report every time I incur (or didn't incur) an expense - For example, my domain (which will for now remain secret), was purchased from GoDaddy and cost me $7.99. This blog was free from the wonderful folks at Blogger (or should I be thanking Google? It gets so confusing on the 2.0 version of the web). As a guy who doesn't have thousands of dollars to spend, I'll be attempting to squeeze every bit of value out of open source tools, low cost hosting and good old reliable begging and bartering.

So thems the rules, let the games begin! Nothing worth doing is ever easy... though some day I'd like to give it a try!