The Writers Perspective

PHP and MySQL are common solutions in many web development situations. However, when using them for e-commerce sites some different techniques should be employed to get the best out of the platforms. I talked to Cristian Darie and Mihai Bucica about their new book which uses an interesting approach to demonstrating the required techniques; the book builds an entire T-Shirt ordering shop.

Could you give me, in a nut shell, the main focus of the book?

When writing “Beginning PHP 5 and MySQL E-Commerce”, we had two big goals of equal importance in mind. The first goal was to teach the reader how to approach the development of a data-driven web application with PHP and MySQL. We met this goal by taking a case-study approach, and we did our best to mix new theory and practice of incremental complexity in each chapter.
Read the rest of this entry »

Subversion is having what can only be described as a subversive effect on the versioning software environment. CVS has long been the standard amongst programmers, but it has it’s faults and Subversion (read Sub-version) addresses those known and perceived about CVS. I talked to Garrett Rooney about his book Practical Subversion, his contributions to the Subversion code and where Subversion fits into the scheme of your administration and development environments.

I see from the book you are a strong believer in version control – can you summarize the main benefits of version control?

I like to think of version control as a way of communicating information between developers.

When you commit a change to a source tree you can think of it as an automated way of telling every other developer how they can fix the same problem in their source tree. The benefits go further though, since in addition to keeping everyone on the team up to date with the latest fixes, you’re also recording all of the history. This means that later on, when you want to figure out how a piece of code got the way it is you can look at the series of changes (and hopefully the justification for the changes, if you’ve been good about writing log messages) that let to the current situation. Looking at that history is often the best way to understand why the code got the way it is, which means you’re less likely to make the same mistake twice when making new changes.
Read the rest of this entry »

Knoppix is not just another Linux distribution. Unlike many Linux alternatives, Knoppix doesn’t need to be installed; everything runs from a CD (called a ‘Live CD’ distribution). While Live CDs aren’t unique to Knoppix, it is the way the Knoppix CD is packaged that makes the difference. Knoppix includes intelligent hardware detection – it can automatically identify nearly everything on your machine and then make the bet of it – and the CD includes a wide selection of programs, from typical Linux applications through to repair utilities and tools.

I talked to Kyle Rankin, author of Knoppix Hacks about how the book idea was formed, how he chose the contents and some of the things you can do with Knoppix.

OK – I can’t make up my mind whether I’ve fallen in love with Knoppix or the Knoppix Hacks book. What lead to the production of this book?

A friend of mine works at O’Reilly heard that they were looking for someone to do a Knoppix book for them. Not too long before he had seen me use Knoppix at an installfest to resize someone’s Windows partition and set up Debian in a relatively short amount of time. He approached me with the news and encouraged me to send them a book proposal. I had never written a book before, but I personally used Knoppix a lot, especially as a recovery tool. I thought a Hacks book applied to Knoppix was a great idea so I started jotting down ideas and submitted a formal proposal for the book that was accepted. Add months of furious writing and Knoppix Hacks was born. I started the book liking Knoppix and finished the book absolutely loving it.
Read the rest of this entry »

PHP is a popular web development/deployment platform and you can get even more out of the platform by using the extensions and tools available on the web to extend PHP’s capabilities. I talk to David Sklar, author of Essential PHP, about his new book and PHP development.

Why do you use PHP?

It’s proven itself to be a flexible and capable solution for building lots of web applications. I’m a big fan of the "use the right tool for the job" philosophy. PHP isn’t the right tool for every job, but when you need to build a dynamic web app, it’s hard to beat.

Could you tell me what guided your thoughts on the solutions you feature in the book?

They’re solutions to problems I’ve needed to solve. Code reuse is a wonderful thing and PEAR makes it easy. It’s a frustrating waste of time to write code that does boring stuff like populate form fields with appropriately escaped user input when you’re redisplaying a form because of an error. HTML_QuickForm does it for you. The Auth module transparently accomodates many different kinds of data stores for authentication information. One project might require a database, another an LDAP server. With PEAR Auth, the only difference between the two would be one or two lines of configuration for Auth.
Read the rest of this entry »

It is the administration task we love to hate: securing a website. Apache forms the backbone of most websites so it makes sense to start there. In Hardening Apache, Tony Mobily does just that, starting with the basics of creating of a secure Apache installation and moving on to more in depth techniques for securing Apache installations from attack. Let’s see what Tony has to say when I talk to him about his new book and how to approach security, Apache and otherwise.

One of the key elements I get from your book is the back to basics approach. For example, I know a lot of companies with extensive login systems that leave their server room doors wide open. Do you it’s best to work from the inside out or the outside in when setting up security?

I believe that you always need to get the right person for the job. For example, if you need to re-tile your bathroom, you don’t call a wood worker. It’s the same with computer security; "physical" security (e.g. preventing people from breaking in) and "logical" security (preventing crackers and script kiddies from using your servers and resources) are very different things which require very different skills and training.

In this field – in fact, in any field – improvisation is just not an option.

If a company asked me to secure their physical network, I would redirect them to Steve, a friend of mine who does just that. Steve tells me amazing stories of sniffing packets by just placing a device next to the cable, for example, or other stories which I would see nicely in a James Bond movie rather than real life.

Even "logical" security branches out! I wouldn’t be able to audit the source code of a complex program, for example.
The problem is that even though improvisation shouldn’t be an option, it still happens. When a manager installs updates on a Unix system, or (worse) a service pack on a Windows machine, he is improvising and putting his systems at risk – full stop.

To go back to the question, security is a problem that has to be faced as a whole. To connect to the example I made earlier, a good physical design will prevent problems such as random people getting to close to a network cable and sniffing packets, or people accessing the servers’ consoles. On the other hand, a good logical design will mean that any piece of information will be encrypted, and if intruders did manage to access the cable, they won’t be able to do anything with the collected information.
Read the rest of this entry »

Install Linux and the chances are you’ll be given the choice between a GNOME or KDE desktop. GNOME is the better known of the two, but if you want to development applications that use the GNOME environment where do you start? Well a good place would be Matthias Warkus’ new book, The Official GNOME 2 Developers Guide. I talk to Matthias and ask him about the GNOME system and environment, along with one or two other topics.

Could you describe to us what GNOME is?

GNOME is one of the leading projects developing user-friendly free software. The GNOME community effort includes the GNOME Desktop & Developer Platform, probably the most advanced free desktop environment around, translations, documentation and many third-party applications.

What you actually see on a computer said to be "running GNOME" is a tightly integrated, no-frills desktop system, on par with any commercial offering.
Read the rest of this entry »

Knoppix is not just another Linux distribution. Unlike many Linux alternatives, Knoppix doesn’t need to be installed; everything runs from a CD (called a ‘Live CD’ distribution). While Live CDs aren’t unique to Knoppix, it is the way the Knoppix CD is packaged that makes the difference. Knoppix includes intelligent hardware detection – it can automatically identify nearly everything on your machine and then make the bet of it – and the CD includes a wide selection of programs, from typical Linux applications through to repair utilities and tools. Read the rest of this entry »