Skip to Content


Brining the back-end to the front-end

Php Guy - Wed, 2015-01-28 22:20
The latest trend in web seems to be moving the back-end forward.  JavaScript frameworks like AngularJS and a new Service called Back&  are eliminating the back-end/middleware.  Taking the pieces of code that either interactive with databases or web services and moving them client side.  This of course with the help of templating frameworks such as Mustache and Handlebars to handle page layouts and changing markup.

This movement seems to not only be pushing the evolution of ECMA script but also the tools around building these applications npm, node, grunt, bower.

From my experience though, his trend though did not start within the last 2 or even 3 years, but 8 years ago with the release of Sencha's ExtJS Version 2.0.  ExtJS is a library/framework for building web applications, ExtJS has evolved quite a long way from version 2 to its current version 5 evolving into MVC framework and in its latest incarnation a MVVC framework.  The end result for these client side frameworks are that you work with web services and data (JSON, XML).

Moving the front-end/middleware forward though can be risky, you cant just move all your backend/middleware code to the front-end, there are some security concerns that can play into this.

For example if you never thought to secure your web service because it was only accessible on a private network by your web stack well you don't want to put the security itself into the front-end as it easily discovered by view the source of your javascript files.  This is were OAuth type authentication comes into place.  An authentication request is made to the OAuth server and if successful the response contains a token that is used in your web service requests and valid for a given period of time.

But with any luck this migration to the front-end will continue evolving and reduce the layers needs for creating complex websites, services and or applications.
Categories: Planet

The case for open sourcing the SQL Saturday Website

Just A Programmer - Wed, 2014-04-09 22:04

My name is Justin Dearing. I write software for a living. I also write software for free as hobby and for personal development. When I’m not writing code, I speak at user groups, events and conferences about code and code related topics. Once such event is SQL Saturday. I haven’t spoken in a while because I became a dad in June. However, my daughter is 9 months old now and the weather is warm. I feel comfortable attending a regional SQL Saturday or two.

So last night I submitted to SQL Saturday Philadelphia. The submission process (I mean the mechanical process of using the website to submit my abstract) was annoying, as usual. What really got me going though was when I realized two things:

  • My newlines were not being preserved so that my asterisks that were supposed to punctuate bullet points were not at the beginnings of lines.
  • I could not edit my submission once submitted.

I like bullet points, a lot. However, I digress. In response to my anger, I complained on twitter that the site should be open sourced, so I the end user could create a better experience for myself and my fellow SQL Saturday Speakers.

Dear @sqlpass throw the sql saturday website source code on github, and I'll send yo pull requests.

— Justin Dearing (@zippy1981) April 9, 2014

I got three retweets. At least I wasn’t completely alone in my sentiment. I complained again in the morning, started a conversation and eventually Tim sent this out this:

@TampaDBA We have no plans to open-source the SQL Saturday website redesign that is already underway. cc @zippy1981 @SQLRockstar @sql_r

— Tim Ford (@sqlagentman) April 9, 2014

So the site was being rewritten, but it would not be open sourced.

Should I have been happy at that point, or at least patiently await the changes? One could presume that session editing and submission would be improved. At the very least, things would get progressively better as there were revisions to the code. If the federal government could pull off the ObamaCare site, with some hiccups, why can’t a group of DBAs launch a much smaller website, with much simpler requirements and lower load?

I’d be willing to bet they will. I’d be willing to bet that this site will suck a lot less than the old site, and that it will continue to progress. I’m sure smart people are working on it, and a passionate BoD are guiding the process. At the very least I’ll withhold judgement until the new site is live.

Despite my confidence in the skills of the unknown (to me) parties working on the site, there are so many hours in the day and only so many things a team of finite size can do. However, a sizable minority of PASS’s membership are .NET developers. Many of them speak at SQL Saturdays. They have to submit to the site. Some of them will no doubt be annoyed at some aspect of the site. Some of them might fix that annoyance, or scratch their itch in OSS parlance, if the site was open source and there was a process to accept pull requests.

I’m not describing a hypothetical nirvana. I’ve seen the process I describe work because I’m submitted a lot of patches to a lot of OSS projects. I’ve submitted a patch to the (not actually open source, as Brent will be the first to state) sp_blitz and Brent accepted it. I’ve contributed to NancyFX. I once contributed a small patch to PHP to make it consume WCF services better. I’ve contributed to several other OSS projects as well.

Perhaps your saying SQL Server is a Microsoft product, not some hippie Linux thing. Perhaps you share the same sentiment as Noel McKinney:

@zippy1981 @sqlagentman @TampaDBA @SQLRockstar @sql_r Open sourcing the site would be inconsistent with the mothership's beliefs

— Noel McKinney (@NoelMcKinney) April 9, 2014

However, as I pointed out to Noel, the mothership’s (i.e, Microsoft’s Editors Note: Noel has stated to me he meant Microsoft) beliefs are not anti OSS. Microsoft has fully embraced Open Source. You can become an MVP purely for OSS without any speaking or forum contributions. One of the authors of NancyFX is an example of such a recipient. F#, ASP.NET and Entity Framework are all open source. Just this week Microsoft Open Sourced Roslyn. As a matter of fact I’ve even submitted a patch to the nuget gallery website, which is operated by Microsoft and owned by the OuterCurve foundation. The patch was accepted and my code, along with the code of others was pushed to So I’ve already submitted source code for a website owned and operated by an independent organization  setup by Microsoft, they’ve already accepted it, and the world seems a slightly better place as a result.

So I ask the PASS BoD to consider releasing the SQL Saturday Website source code on github, and I ask the members of PASS to ask their BoD to release the source code as well.

Categories: Planet

Creating a minimally viable CentOS OpenLogic rapache instance

Just A Programmer - Sun, 2014-02-16 00:52

Recently I’ve been dealing with R and rapache at work. R is a language for statisticians. rapache is an apache module for executing R scripts in apache. Its like mod_perl or mod_php for R. I’ve been writing simple RESTful scripts that return graphics and JSON, and calling them from static html pages. I’ve been also using my MSDN Azure subscription to engage in R self study at home. In the spirit of my last post, I’ve posted the setup notes here to get you stated with a new Azure VM for running an rapache instance. Azure used a special cloud enabled version fo CentoS 6.3 called OpenLogic. However, it seems to work similarly to the vanilla CentoOS 6.4 instances I’ve used at work. So everything should apply there. If something doesn’t work leave a comment.

  • First, CentOS is very conservative, but Fedora makes EPEL to give you a more modern set of RPMs
    • rpm -Uvh
  • Now lets install the packages we need. The kernel will be updated, so we will need to reboot.
    • yum update -y
    • yum install -y vim-x11 vim-enhanced xauth R terminator xterm rxvt R httpd git httpd-devel gcc cairo cairo-devel libXt-devel
    • yum groupinstall -y fonts
    • ldconfig
    • shutdown -r now
  • Now as a regular user lets compile rapache.
    • mkdir ~/src
    • cd ~/src
    • git checkout
    • cd rapache
    • ./configure && make && sudo make install
  • Now lets configure rapache. Create a file called /etc/httpd/conf.d/rapache.conf with the following:
# rapache configuration by Justin Dearing <> LoadModule R_module modules/ <Location /RApacheInfo> SetHandler r-info </Location> AddHandler r-script .R RHandler sys.source
  • Now restart apache.  Make sure it’t working by running  elinks http://localhost/RApacheInfo.

Azure doesn’t configure swap space by default. You’re going to absolutely need some swap space if you’re using an extra small instance. A good howto for that is here.

Categories: Planet

Thoughts on design: What is “good” design

ManChuck - Tue, 2013-12-17 12:19

Well I was hoping my next post was going to expand on my previous post on using Google App engine with Zend Framework 2 but, the past two months have been a little crazy. Instead I want to write about a thought I had on application design. This came about from me idling in the #phpmentoring IRC channel on free node. A question was asked “What is viable to use case for the ternary operator?”. To which I gave the following (real world) example from an application I am working on:

class UserGateway { public function deleteUser($user) { $userId = $user instanceof User ? $user->getId() : $user; if (empty($userId) { throw new \Exception('Cannot delete user with empty id'); } // code to delete user } }

I got a comment saying “Good example of a use case for the ternary operator”. Shortly after, a comment: “I see poor application design” was made. This puzzled me, “Poor design?” I thought “What is poor about that?”. I asked the person what could be done to improve my design. The suggestion was to break up the function into two parts: deleteUser and deleteUserById. Makes sense, the functions become clearer on what needs to be passed into them. My choice NOT to follow was simple: Security. After the “if” statement, an event is dispatched to check various rules to confirm the user can be removed (a suggestion made from Matthew Weier O’Phinney). I explained this to the person, to which the response was: “security SHOULD NOT be inside the gateway rather outside in the controller”. Asserting that this will be a “better” design.

My decision to put security into the gateway was not only design. We did have security outside in the controller for another project, but found holes when developers did not secure the controllers. It was set up so that each action would have to be registered. When a new action was added and a developer failed to register, that developer would either: forget that they had to register, or, just wild card the whole controller. We also changed our security around from and ACL to RBAC due to new business requirements. Since we had a few serious bugs happen due to the wildcard controllers, the decision was made to move security from the controller to the gateway. This provided a Single Point of Entry from the application to the database.

The whole system is under test. If the decision was made to break up those functions, a test for each function and, for each number of rules for user deletion would have to be written. This would dramatically increase development time (something along the line of 20 tests would need to be written). Time to provide a feature my developers are not asking for. My developers know that deleteUser takes a user Id or a user object, and throws an exception on an error. It only takes a quick read into the code to see that behavior as well (we all use phpStorm so following into a function is trivial).

This brings me to my point: design depends on context. A hammer is a “good” designed tool, until you have to use a screw. To that point, compare a screw driver to a screw gun, a screw gun is more efficient. So can’t we argue that a screw gun is designed better? (I’ve ruined furniture from IKEA due to ma failure to read the instructions that had the “no screw gun” icon). London’s Tower bridge is a bad design for NYC. The bridge only allows ships that are 42 meters in height and 244 width to pass through it. Container ships range in height from 44 to 64 meters and a width of 294 to 366 meters.

I am indifferent to the comments made about my design choices from the chat room. Yes I could have deleteUser make the following call $this->deleteUserById($user->getId()); but I did not. I find it better to have as few functions as possible. I prefer if (null === $id) to if (is_null($id)), which both have the same outcome. When I design an application, I take in many factors: average team skill, time to development, time to test. Those metrics to me, make design “good” or “bad”, not what some one said in $gt;insert blog post or book here<. I stand by any decision I make. I am not going to spend the time now to make deleteUserById, since the developers on my team are not asking for it. My security layer is going to stay in the gateway and not the controller due to past experience. I find following good design patterns is more important that the overall design. After all if we all came up with one design for a bridge, they all will run the risk of failing.

Everyone is a critic. They will have something good or bad to say about your choices. Don’t get upset when someone tells you something is poorly designed. Take in all the criticism, review all aspects of the design, then ask if what you built is properly designed. When the Flatiron building’s construction was completed in 1902, it received a lot of negative comments about its “awkwardness” and its “a disgrace to our city, an outrage to our sense of the artistic, and a menace to life”. Is it not an iconic building? How practical and cost effective would it be for us to “improve” its design to something more traditional? Stop worrying about if you code is poorly designed, just write it!

Categories: Planet

Getting started with ZF2 and Google App Engine

ManChuck - Sat, 2013-11-02 05:57

A few weeks ago, I attended ZendCon. I stopped by the Google App Engine booth where I picked up $1,000 for App Engine and $1,000 for Compute Engine. Since Google App Engine now supports PHP, I decided to give it a whirl. Im going to build a ZF2 application that will allow me to keep track of all my Magic the Gathering cards. I am going to use the Compute engine to parse out the HTML from Gatherer which is wizards online library for all the cards.
To get started I had to register my application with Google App Engine. In order to enter the code, I had to head over to a different location that just had me fill out a form and told me that Google would send me instructions on how to continue. So for now I will just use the free quotas.
Next setting up my computer so I would be able to develop locally. Setting up the SDK was fairly painless, I followed the instructions here and fired up the instance like so:

C:\Python27\python.exe "C:/Program Files (x86)/Google/google_appengine/" "--php_executable_path=C:\php\php-cgi.exe" C:\Web\MANCHUCK\Magic-Card-Keeper

And got a number of errors:

WARNING 2013-11-02 06:20:08,349] Could not initialize images API; you are likely missing the Python "PIL" module. INFO 2013-11-02 06:20:08,361] Starting API server at: http://localhost:57533 INFO 2013-11-02 06:20:08,367] Starting module "default" running at: http://localhost:8080 INFO 2013-11-02 06:20:08,371] Starting admin server at: http://localhost:8000 ERROR 2013-11-02 06:20:09,490] The PHP runtime is not available Traceback (most recent call last): File "C:\Program Files (x86)\Google\google_appengine\google\appengine\tools\devappserver2\", line 219, in new_instance self._check_environment(php_executable_path) File "C:\Program Files (x86)\Google\google_appengine\google\appengine\tools\devappserver2\", line 193, in _check_environment raise _PHPEnvironmentError(check_process_stdout) _PHPEnvironmentError:
Fatal error: XCache: can't create lock in Unknown on line 0

Fatal error: XCache: failed init opcode cache in Unknown on line 0
The PHP runtime cannot be run with the "Memcache" PECL extension installed

So it looks like Google is not liking Memcache and XCache. So I just had to disable those extensions and all was well and I got my simple Hello World. So now to set up Zend Framework 2.

I created a simple composer.json file and followed the setup of the ZF2 skeleton application. I updated the app.yml file to point to the public folder like the following:

application: magic-card-keeper version: 1 runtime: php api_version: 1 threadsafe: true handlers: - url: .* script: public/index.php - url: /css static_dir: public/css - url: /js static_dir: public/js - url: /font static_dir: public/font - url: /img static_dir: public/img

When I navigated to http:\\localhost:8080, the page loaded but with no CSS, JS or images. Turns out the handler cascades down so I had to move the .* match to the bottom. BINGO! I see the skeleton app. Time to publish to App Engine using appcfg

C:\Python27\python.exe "C:/Program Files (x86)/Google/google_appengine/" -e c******@******.com --passin --no_cookies -R --runtime=php update C:\Web\MANCHUCK\Magic-Card-Keeper

appcfg ran with out any issues and after a short time, I was able to reach with no issues. All in all took about 15 min to get the app running after everything was installed and configured. Hopefully this will help to get people started with ZF2 and Google App Engine. Stay coding my friends

EDIT Realized that I should have put up the live site and the github links:
Live site:

Categories: Planet

Dear Congress...

Das Blog - Wed, 2013-04-10 01:44

 Dear Congres,


Seriously, just FUCKING STOP.
I read this one today and just couldn't believe it guys:


A bipartisan group of senators will introduce legislation to stop the FAA from closing any control towers to meet its sequester cut requirements. "The Protect Our Skies Act, which is co-sponsored by a bipartisan group of 18 Senators, would prohibit the Department of Transportation (DOT) from closing any air traffic control towers, including those that are operated by the FAA," says a news release issued by Sen. Jim Inhofe (R-Okla), one of the bill's sponsors.

(Via AvWeb) So, basically in your infinite stupidity you all went ahead and created a law that imposes budget cuts so draconian that they say it's inconcievable that it woud ever be allowed to go into effect, then when you pull the trigger on this massive bazooka pointed at the nation's head and realize essential services are getting cut as a result your answer (rather than doing something sane like passing a reasonable budget) is to start legislating agencies into an impossible situation: Cut your budget, but don't cut any of the services you provide.   Frankly I'm not a huge fan of the tower closings (a bunch of towers at fields I would like to visit would be going away under the FAA's plan, and I think it would turn the airspace over Connecticut into a marvelous knot), but I'd rather the FAA make those cuts rather than wiping out more center and approach controller positions, eliminating maintenance inspectors, or countless other options with potentially more devastating safety implications than closing 150 towers.   So my dear esteemed congresscritters, I would like to know two things:
  1. Exactly what economics program did you all flunk out of?
  2. Exactly when did you all become experts on the national airpsace system?
  You all seem to be laboring under the misguided assumption that you can cut a budget without cutting services.
I hate to be the bearer of bad news, but the FAA is a service agency, and those services are (a) essential, and (b) provided by people.  If you want them to cut their budget they're going to have to cut the least essential of those services, and that - I'm sorry to say - pretty much means "Towers". The other option is to make deeper cuts to approach control and centers, which at least in my little corner of the airspace system are already working above capacity.   You also seem to think you know better than the FAA how to run the nation's airspace. First you stomp your feet like petulant children and DEMAND that the FAA integrate unmanned aerial vehicles (drones) into the airspace, now you pitch a hissy and try to micromanage the way they deal with this budget crisis you idiots created.   Frankly - you're full of it, and messing with things you don't understand, so PLEASE just fucking STOP - you're making it worse!   Just sit on your hands and resist the urge to try to legislate anything until your term is up and we can replace you with something more useful (like perhaps a stuffed wombat.   No love,   Me.


Categories: Planet

Political Correctness, Sensitivity, and Censorship in the Information Age

Das Blog - Thu, 2013-02-28 21:39


So anyone who knows me knows that I hate censorship in any form.  I'm the guy that wears the "I Read Banned Books" shirt, and considers it to be a required reading list (yeah I'm still working my way through it myself).

So you can imagine I was just a little bit miffed when I found out that @violetblue's talk at BSides SF was apparently cancelled because it offended someone's delicate sensibilities (particularly since they can't have possibly known the content of said talk as it HADN'T BEEN GIVEN YET). I was even a little miffed at @BSidesSF for basically caving to PC-Pressure (unjustly as it turns out, so I'm glad I didn't lay into them), but I just quietly commented on the WTFery of such censorship and moved on...
...until tonight when I read @violetblue's blog post on what went down.

I beg of you, please go read that blog post before you read mine. Violet Blue took the time to compose a sound, well-reasoned retort to the folks that quashed her talk. What I'm presenting here is a seething ball of anti-censorship politically-incorrect fuck-the-world unmitigated rage. Update: Please also read The Ada Initiative's side of the story as well (thanks to Rob for pointing it out, I didn't find it in my 30 seconds of Googling). The Ada Initiative has done some very good things, and they do raise many valid points. I don't think censorship was (or is) their intent, it's just an unfortunate side effect of cultural hypersensitivity surrounding certain issues...


I fully expect this blog entry will piss some people off.  Frankly I don't care. Try not to get any wharrgarbl on me if you feel the need to respond. 


Continue reading "Political Correctness, Sensitivity, and Censorship in the Information Age"
Categories: Planet
Syndicate content

Powered by Drupal, an open source content management system
by Dr. Radut