When I type on here it is sometime with haste and quite often with a lack of precision, much to my girlfriend’s annoyance ( I am sure I got that apostrophe wrong). My failures are inconsequential compared to an actual sales letter we received recently for our property business.

I have blanked out the errors to protect the stupid (and me getting in the poo )

Just to give you an idea I don’t live in Scot Coldfield (Remember I bought from them so they know where I live) and my name is Not Mr Raza, nor that of my other half.

The moral of the story is, if you are going to spend lots of hard earned on a direct marketing campaign then at least check it. This one I got looked like it was penned by someone with a very bad grasp of English, littered with errors which makes me think the company must have the same lack of attention to detail.

cheers

Code Commenting

All code should have more commenting within it than actually needed.  Some coders will moan but screw them. You need to be able to get other people to be able to understand the workings of whatever you have built and probably at a time when you don’t actually have time, i.e. it has already hit the fan.

Cross Training of Programming

If you have more than one programmer then insist that they are made to understand each others applications.  Do not accept the line that “it’s [insert name]’s code and it’s a mess”, make them follow it and ensure a good level of understanding, consider it a peer review. You never know when one of your coders might get hit by a bus!

Passwords and Server Access

Parts of this may not be needed, but make sure you have an exit strategy for the time when you may fall out with your developer.  Ensure that you know what the passwords are and that they are nicely stored in password class that if needs be you could find them and change them. You also need to keep the keys (or know where they are) to the server. Make sure you know how to get in touch with the hosting company. If you are worried about looking like a bastard boss then wrap this up in “Documentation / Processes”. You may think this is overkill but I have seen instances where partners have fallen out and the techy one has been locked out the true owner and had emails re-routed and lots of other nasties.

Insist, no demand that no one ever logs in as root. It can be dangerous in the wrong hands. Get them to log in via a user name than has sudo access. Sudo can limit all sorts of things so that you can even give user rights to access just certain parts of the system, eg apachectl

Above all, have a plan for when one day you might fall out with one of your developers. I reckon that you could hide a script in the root directory that could be a one sweep password changer which your trusted man could activate when Armageddon comes. Best to stay good friends with this person

Development Server Environment

Never ever allow development on a live server. If you do you are asking for grief and woe of biblical proportions.  Have one trusted person do the final ftp/ssh to the live server. I have seen many problems, from overwriting a CSS file (gone forever) due to two people editing on a live server to servers being borked by inexperienced unix operation and god awful code. Check out my quick install of a sever.

Test Test Test and Test Again

Generally when a developer says that something is finished and working…it isn’t ready. Get them to test each others applications. You may need a suitably picky person on tap though who can find the flaws. Get them to write them down as they occur, take a screen print of complicated errors and write instructions on how they created the error or problem so that they can be tracked down. One of the best I have seen at this was Doug Scott, who if one tiny thing did not work he would assume the whole app was not working. Very funny to watch the faces of a proud programmer.

Keeping a Clean Ship

Servers can get messy, really messy quite quickly. Quite often it is just laziness and even I have done a few sneaky folder name changes to remove something offensive looking. Certain directories are sacred, under no circumstances should there be junk or test folder structures within the public_html or near there.

 I have seen the following:

public_html1
public_html2
public_html_new

This is a sacking offence . In the case above code libraries were even crossing over but only one was the real public_html. It was a real mess.

Don’t allow low level users create new linux usernames all over the shop. Make a clear distinction of where development can be done and stick to it.

CVS

A lot of the problems with coding and software release versions can be prevented by using  a CVS. One that was used to good effect where I once did some work was SVN and Tortiose SVN. This means you can see code develop, rollback when then is a problem, backup easily and much more.

Backups

There is no excuse for not having a backup procedure up and running including documentation. Consider something like reoback. You should actually test the backups too. I have seen a backup reinstated due to corrupted data only for that data to also be corrupted. You need to shelve off data periodically in cases of major corruption.

Backups and disaster recovery is a whole major project, but most important. Media  these days is cheap, a TB for £150!

Remember to keep one offsite at all times, no good if there is a fire/flood/burglary.

Code Libraries and Language Libraries

If you are working on a big application then you need to be able to find common stuff easily. You need OO programming here or at the very least nice functions clearly commented and placed in separate files.

I like to get language libraries created, where all the interaction between the user and the application is installed. So when you see a spelling mistake or error when a interaction has taken place you can get to is easily and change it, as it is a nicely named function (errorMsgUserWrongPassword()).

Avoid inline formatting within code as this gets messy when you want to change something.

Load testing

Nothing like getting a shiny new application working nicely when you alone are using it, so you pass it into 5 mates and it runs like a dog. There are applications to load test (Neoload) which can mimic user actions and can be ramped up. Your coders might cry at this point when they realise that only two concurrent users can log in, but better to find out before the big press launch:-).

Design with Scale in Mind

If you are spending time to build a decent application you are hoping that it will go big. So you need to think big from the start, design the DB as if your application will have all the features you could ever want, even if you don’t build them. You may want to add them one day and nothing makes people cry more than someone who has to rewrite a DB from the ground up when they could have planned for it in the first place.

Can your site handle a FARK, or front page of digg, if not, how can you make it. Consider page caching.

Can the application, if needs be, run separate DB servers or handle load balancing.  I have seen load balanced servers need manual updating of DB’s or some such weirdness and during the “balancing” stage it would write to one of the 2 different DB’s!

Ensure SEO Standards

Before any code is written ensure that the site and application will be both SEO’able and reach accessibility guidelines. It is super easy to SEO to a high level just by having certain things in place like standard headers, titles and page hierarchies. Make sure that you a template that is constructed from easily defined variables, wordpress does it well:

http://codex.wordpress.org/Template_Tags

Have a list of standard SEO errors that must never occur.

IPR Ownership

It must be watertight on who actually owns the intellectual property rights on the application, all it’s code and anything discovered during the build. You don’t want to see your killer application re-launched  by a disgruntled ex employee.

Until wordpress can sort out the way they deal with categories they will never be able to handle the sort of sites people really need. The way categories are handled is fine if you only have a few. But if you have a need for multiple and several depths of categories, for example Countries > Counties > Towns without the system dying in the process they just don’t cut it!

There are two main problems, the first is the front end. When, as I did the other week write a little script to import UK counties and towns (about 2700 nested in various numbers) it nearly croaked my dev box, as it tries to display all of the categories. Now before you jump in my face saying write a “show only child plugin”, I started that, but then came the second round of pain.

That pain came in the form the way the categories and posts are handled in the admin. That’s right, when editing a post or getting someone to add articles for you based on your hierarchy the system tries to nest them all, in those little tick boxes, see below.

Now this system, unlike the front end didn’t nearly croak my system, it gave it the biggest hiding of it’s poor life (apart from other dodgy scripts of mine :-)). The problem with stuff in the admin, is it can’t really be frigged with as it is the sort of thing that will get overwritten during an update.

So come on Wordpress, allow us to have 1000’s of categories and make the world a better place?

I use a Gmail a lot and quite often I send myself lots of information as it makes a nice central storage point for wherever I will be.

It can be quite annoying though when you have loads of unread emails, which can be pretty off-putting. Gmail only seems to allow you to select emails with a tick box and then set a read. Well that is fine if you don’t have thousands of unread emails!

To set all emails as read in Gmail, simply do the following:

1. Type the following into the Gmail search box “is:unread”
2. Select the  “All” link below the “archive” button
3. Click the link that says “Select all conversations that match this search”
4. Select the  “Mark All as Read” from the drop down box

Hope that helps

OK OK, I know if a real hacker wants access to your box with your little wordpress site on it, it is curtains, but there are many things you can do to make it a little more difficult, especially for script kiddies
who can do a lot of damage.

There is a blog that I read, and I urge more of you to read it too.

It is the Hacker Webzine

Recently two posts have really caught my eye. Normally I try to preach good practice in code sanitasation and generally protecting yourself when it come to Google but the Hacker Webzine have recently covered checking for update / hacked files and more recently using htaccess as a webapplication firewall.

I used to look after a number of servers and we were forever having grief when they got messed up due to new package installs and testing (used to drive me mad actually….flaming coders).

So quite often they required a good old fashioned cleanup. Well it used to get on my tits that when set up it would take an age and things would always be missing. So I made a batch script that was run just after the CD/DVD base install.

I have copied what I used to use to get up an running fast and pasted it below. Hope it helps or gives you some ideas as to what you can do. If I get any requests I will get the files together as well and post them.

Note: if it racks your system, that’s down to you

I created a folder called install in the root, made sure I had reoback and phpmyadmin in the right place, with the right name
######

#install and update aptitude
yum install apt
apt-get update

##Edit /etc/apt/sources.list. It should contain the following lines:
echo ‘http://ayo.freshrpms.net/fedora/linux/6/i386/freshrpms’ >> /etc/apt/sources.list
#echo ‘rpm http://ayo.freshrpms.net fedora/linux/4/i386 core updates freshrpms’ >> /etc/apt/sources.list
#echo ‘rpm http://ayo.freshrpms.net fedora/linux/4/i386 tupdates’ >> /etc/apt/sources.list
#echo ‘http://ayo.freshrpms.net fedora/linux/1/i386 core updates freshrpms’ >> /etc/apt/sources.list

#get gpg keys
rpm –import /usr/share/rhn/RPM-GPG-KEY*

#install some common apps
yum install sendmail wget bzip2 unzip zip

#install mysql
yum install mysql mysql-devel mysql-server

#restart mysql server
/etc/init.d/mysqld restart

#set root password
mysqladmin -u root password yourpassword

#install php and apps
apt-get install php php-devel php-gd php-mysql php-pear php-xml php-xmlrpc curl curl-devel

#start apache
/etc/init.d/httpd start

#install webalizer
apt-get install webalizer

#install pcntl fork not done for now, as problems can occur
#rpm -ivh ftp://ftp.pbone.net/mirror/ftp.sourceforge.net/pub/sourceforge/p/ph/phprpms/php-pcntl-4.3.11-2.5.1.i386.rpm

#copy phpmyadmin to /var/www folder
mv phpmyadmin.tar.gz /var/www
cd /var/www

#unzip phpmyadmin
gunzip phpmyadmin.tar.gz

#untar phpmyadmin
tar xvf phpmyadmin.tar

#raname the folder to something sensible
mv phpMyAdmin-2.9.1.1-all-languages-utf-8-only phpmyadmin

#load reoback
mkdir /var/lib/reoback
mkdir /var/lib/reoback/backups
mkdir /var/lib/reoback/data
mkdir /var/lib/reoback/tmp

##update system
yum update

##add admin to sudoers file
echo ‘admin ALL=(ALL)’ >> /etc/sudoers

## add mysql and http to startup
echo ’service httpd start’ >> /etc/rc.d/rc.local
echo ’service mysqld start’ >> /etc/rd.d/rc.local

## add alias to phpmyadmin
echo ‘phpmyadmin /var/www/phpmyadmin’ >> /etc/httpd/conf/httpd.conf

## install TOR for anonymous browsing
yum install libevent

rpm -ivH ftp://rpmfind.net/linux/fedora/core/4/i386/os/Fedora/RPMS/openssl097a-0.9.7a-3.i386.rpm

##get latest package from here http://tor.eff.org/download-unix.html.en
rpm -ivH http://tor.eff.org/dist/rpm/tor-0.1.1.26-tor.0.rh4_4.i386.rpm

##install privoxy
rpm -ivH http://kent.dl.sourceforge.net/sourceforge/ijbswa/privoxy-3.0.3-1.6x.i386.rpm

##copy config file and force it with -f
## to access tor use ‘http://localhost:8118′
cp -f config /etc/privoxy

##set yum to update daily since it does not work with FC6
echo ‘#!/bin/sh’ >> /etc/cron.daily/yumupdate
echo ‘/usr/bin/yum -R 10 -e 0 -d 0 -y update yum’ >> /etc/cron.daily/yumupdate
echo ‘/usr/bin/yum -R 120 -e 0 -d 0 -y update’ >> /etc/cron.daily/yumupdate
chmod 755 /etc/cron.daily/yumupdate

##update system one last time
yum -y update

##reboot as all is done! Congrats dude
reboot

###########tasks to do
## ## Go into /var/www/phpmyadmin/libraries/config.defaul.php and change cookie to http and remove host
## test that login to phpmyadmin works
## Add admin user to mysql with select and lock tables
## add admin user to mysql for use with reoback
## edit reoback to backup files and databases
## Drop test database from mysql
##########