Loud Baking

Wow - my last post was on December 6th, over 5 months ago! Having to write after all this time makes me feel like it was the first post ever… Where to start? Nowhere.

I can see that things have been moving pretty quickly in the CakePHP world: CakePHP 1.2 Beta, 1st CakeFest (damn, I missed that!) and last but not least, the Cookbook.

My highlights of the past 5 months:

• Moved back to Montreal
• Migrated from WinXP to Vista (very short) to Mac OS X
• Massive workstation upgrade
• Took a loooong break from work
• Hired new staff 

Some of the big changes to expect on the blog:

• Moving soon to its own domain
• Mike will start blogging in the coming weeks (my latest recruit on the development team)
• Getting a facelift sooner than later

I’ll leave it at that for the moment… After all, it’s just to say am back

Having worked by myself on the vast majority of my coding projects, I never realized the necessity of having lots of documentation. Good documentation takes time to write and time is something I happen to always be short on. I am not only talking about code commenting here, but rather all kinds of documentation: coding conventions, database structure, choice of configuration, etc.

When this project was started, I only had one other person involved in the coding part and it was mostly for some outside classes we needed. With the growing code needs (all the new features, etc.), I believed it would be wise to add a new person to the team. Given my past experience with site/script development, for which I had never planned to hand to other coders, I was expecting the worse when it comes to explaining all what the web application is about: features, users, structure, etc. It definitely always sounds much simpler when you are the author/creator, but when you are also the end-user, things become ridiculously easy to understand and put together - which is unfortunately not the case for someone that has never heard nor used of anything similar before. Continue reading…

In my last post, I said I would start posting more frequently after being absent for a while and here I am, 7 days later, with no posts to show.

I haven’t been procrastinating, nor have I been making more changes to the application’s plan, no - I was recovering from an unexpected surgery!

Aside from affecting the project’s timeline, this hospital stay gave me time to take a couple steps back from the development/planning side of things. Time I spent refreshing my memory with books like Building Scalable Web Sites (by Cal Henderson) and Prioritizing Web Usability (by Jakob Nielsen and Hoa Loranger).

A couple of the things that got either setup, approved or coded during my absence:

1. New company (legal documents, bank account, etc.)
2. A new Google Adwords API account (GAA) - never heard back from them concerning the old account’s inquiry.
3. A new Yahoo! Search Marketing API (YSMA) sandbox account.
4. 75% of the data cleansing classes we need.

Lesson of the day:

Early in the development process, having a detailed plan (no matter if you know that delays will occur), combined with taking action on simple third party requests (placing orders, registering accounts, etc.), helps keeping things rolling when you encounter unexpected events or delays.

After now almost 3 weeks without posting, it was time I get back to it before I loose interest. Very often, after starting something for no hard cold cash, I say to myself: “Why did you ever think of starting it in the first place!”. Many times the answer (or the lack of answer) to that leads to dropping it - not in this case.

Before I get back to work, here’s a roundup on what’s been happening:

- Alex* came for a week to discuss the features, marketing strategy and JV opportunities (oh, and yes, for the staff reading this, and a little vacation to Alexandria!). Great time we had and many new ideas, some requiring to look back at the use cases, database design, initial server setup - but no code.

- I then had my cousin here for a couple of days - again, great time but no code.

- All that time, I haven’t stopped doing research on the different aspects of the web application that I will share with you in the coming days. Some of are the APIs it will use, the hardware resources it will require, libraries and classes it can benefit from, etc.

So yeah, the good news is that you haven’t really missed much. The bad news is that the launch date has obviously been affected and same applies to the schedule.

I’ll leave it at that for the moment, more updates real soon.

One of the things I hate the most when developing an application is counting on 3rd parties to deliver or reply on time. Be it freelancers, API developers or sometimes your own partners (banks, lawyers, etc.). In this case, it’s the API developers. A couple days ago, I emailed Google for some help on finding ‘My Client Center’ link under the ‘Account’ tab in my Adwords account. After waiting 4 days, when I finally received an email from their support team, I was excited, but not for long. Even though I had sent a specific request, explaining that I have already received my developer token but couldn’t log to my developer account, all I got back is a quick-reply style of email with the instructions on how to apply for a developer token! Looks like when you’re Google you can permit yourself everything from late replies to stupid staff.

Anyhow, this obviously affects the development of a vendor class I wanted to finish, but nothing that could stop me from moving on and pushing it back a couple of weeks. In the worst case scenario, if they just tell me that my developer token is not valid anymore (inactivity for a long period is the only reason I could think of) and since they don’t give out developer tokens anymore, I will find myself obliged to completely scrap that feature from the application. It sucks, I know, but that’s the price to pay when some of your features depend on 3rd parties I guess.

On the positive side of things, everything has been going according to the initial timeline with a couple of improvements to be made on the design and finalizing the teaser page for early invitations.

If you are thinking that by using this software your code will be secure, continue reading.

To make a story short, I had in my hands a piece of code that I wanted to study more since I liked it. Not to my surprise, the code was all encrypted. Here is a little piece of it:

if(!function_exists('findsysfolder')){function findsysfolder($fld){$fld1=dirname($fld);$fld=$fld1.'/scopbin';clearstatcache();if(!is_dir($fld))return findsysfolder($fld1);else return $fld;}}require_once(findsysfolder(__FILE__).'/911006.php');

Being a developer that sells scripts, I totally understand the reasons behind encrypting your code but when you do it, do it right.

After digging for less than a minute in the files, I realized that all the decryption functions where there, just written in an awful way, to make it seem all encrypted. Here’s an example:

function A4540acdeed38d4cd9084ade1739498($x897356954c2cd3d41b221e3f24f99bba,$x276e79316561733d64abdf00f8e8ae48){return $Xew6e79316561733d64abdf00f8e8ae48;}

You guessed it right. This function does nothing, there is no point of having it. The file has like 6 of those in the most stupid attempt to lure someone trying to decrypt the code.

Only one function in all that file is necessary and all it requires is to make it more readable, changing the silly function and parameters names to something better than a list of characters.

function y0666f0acdeed38d4cd9084ade1739498($x897356954c2cd3d41b221e3f24f99bba,$x276e79316561733d64abdf00f8e8ae48){$x0b43c25ccf2340e23492d4d3141479dc='';$x71510c08e23d2083eda280afa650b045=0;$x16754c94f2e48aae0d6f34280507be58=strlen($x897356954c2cd3d41b221e3f24f99bba);$x7a86c157ee9713c34fbd7a1ee40f0c5a=hexdec('&H'.substr($x276e79316561733d64abdf00f8e8ae48,0,2));for($x1b90e1035d4d268e0d8b1377f3dc85a2=2;$x1b90e1035d4d268e0d8b1377f3dc85a2<=$x7a86c157ee9713c34fbd7a1ee40f0c5a)$xab6389e47b1edcf1a5267d9cfb513ce5=255+$xab6389e47b1edcf1a5267d9cfb513ce5-$x7a86c157ee9713c34fbd7a1ee40f0c5a;else $xab6389e47b1edcf1a5267d9cfb513ce5=$xab6389e47b1edcf1a5267d9cfb513ce5-$x7a86c157ee9713c34fbd7a1ee40f0c5a;$x0b43c25ccf2340e23492d4d3141479dc=$x0b43c25ccf2340e23492d4d3141479dc.chr($xab6389e47b1edcf1a5267d9cfb513ce5);$x7a86c157ee9713c34fbd7a1ee40f0c5a=$xe594cc261a3b25a9c99ec79da9c91ba5;} return $x0b43c25ccf2340e23492d4d3141479dc;}

10 minutes later, I had the full source code for each file I was interested in.

Bottom line is, if you want to protect your work, spend a bit more than $40 (price of SourceCop when writing this post), because those are a waste and you are better of not spending them then.

To my big surprise, I saw the domain already listed on Google when it’s barely been a month I bought it and it was never used before, go figure!

Some people would do anything to get their domain directly listed on Google without having to go by the sandbox, I know. But what if, because it is now listed and still in development, the search bots fall on a 404 or other kind of errors? You’re right, you start getting penalized.

Now, since the domain is in Google and I better be cautious not to start getting penalized for it, I just created the magic robots.txt file to disallow all crawling starting from the root directory. It’s so damn obvious, but who knows:


User-agent: *
Disallow: *


I could have also made some content pages with the keywords I want the domain to rank for but I don’t have time for that now, maybe when I put up the splash page?

Ok, like most of the posts, this will be a quick one to explain the purpose of this blog since I don’t see myself writing an ‘about’ page anytime soon.

Before I start though, I’d like to clear some things up so you don’t waste your time here if it’s not for you.

• Don’t expect to read perfect english
• Don’t expect to learn every single detail

That’s it for now, maybe I’ll add more as I identify what annoys me most about writing instead of coding.

Now, why am I doing that?

It ain’t really to give back as much as to keep for myself. Let me explain. Being me, am kinda un-organized when it comes to papers, folders and all the office crap (am working on that, but not there yet). So I was looking for a way to complement my del.icio.us addiction where I bookmark all kinds of tutorials, snippets and interesting reads for future reference.
It had to be easy to add things on the fly, to search, update or discuss. But most importantly, it had to be accessible to me, my current and future staff. That’s right, less trainings and less paper documentation!

What you will find here:

• Interesting information if you are about to start a web application and more precisely, one based on a monthly membership plan
• Successes, failures and everything in between
• Code snippets for CakePHP, classes or tools that are for general use and maybe CSS
• Web scraping
• Different third-party APIs (Google Adwords, Yahoo! Search Marketing, Domain Intelligence and more).
• Examples, advices and questions about the way I am doing things

That’s all I can think of for now, I am most probably going to update this as things go, but I hope it just fills the need I had and well, maybe any of your needs while at it