To start your own social network is an exercise in futility for the vast majority of people out there.  Nowadays you need either some sort of cache of people who you can direct to your brand new service (as Atwood and Spolsky did with StackOverflow) or you need an ass-load of money that you can use to advertise and get yourself inserted into the public consciousness or you need to be very lucky.  The degree of necessity of each is dependent on the quality of your solution.  So if you have a crappy idea and/or crappy implementation you will need a lot of luck, cache or money to get it off the ground. 

When I’m using things like Twitter, Facebook, LinkedIn, etc I can’t help but think to myself:  here I am posting content to someone else’s service which they are then using to sell advertisements from which they make money.  Now, with things like StackOverflow I actually get something out of it but there are other services, which will be left unnamed, which have a more questionable purpose. 

I’m okay with all this because the people who run these services must know that it’s incredibly easy for their audience to go away and never come back.  I mean, there are quite a few developers out there with competing products but who are missing an audience.  If social network #1 starts inundating their site with ads to the point where it’s difficult to know what the hell is going on, or if they start selling private information or just don’t make improvement for years at a time the owner they will lose their audience to social network #2. 

But what worries me a little is that the audience for these sites is getting so massive they are attracting huge backers like CBS, FOX, Google, etc. the little guy is getting squeezed out.  Mass Marketing: 1, Innovation: 0.  It reminds me a lot of how movies seem to get made.  Movie makers are discouraged from making their films if they don’t have the lowest common denominator qualities that mainstream movies are expected to have.  They don’t get made because most movie makers want to make some money. 

So what’s the independent developer to do?  I guess there’s not much he or she can do except continue to innovate, find ways to get noticed and recognize opportunities when they present themselves.  Not an easy thing to do when you have a full time job, a family to take care of and some semblance of a social life.  But, then again, if it was easy there’d be that much more competition.

Not that I do this very frequently but I always wondered how these  customized Windows installation discs are created (splitstreams I think they’re called).  It turns out that there’s a fantastic application called nLite that steps you through the process of including your own drivers and default settings in any non-Vista Windows install disc.  There’s a Vista one, too, I think, called vLite. Anyway, really handy.

I have a renewed admiration for my current host, Site5.  After a frustrating exchanged with their support team, I decided to go ahead and fill out that ticket survey I always receive after a ticket has been submitted.  I didn’t expect anything to come of it but I thought it might make me feel better.  A day later, the CEO wrote me back and asked why I was unhappy with the support.  I wrote a detailed description of what my beef was.

Not only was he respectful he gave useful information about the original ticket problem, admitted some issues with their handling of certain custom support issues and even laid down some upcoming improvements to their process. 

It was a) a reminder of why I have been with site5 for two years and b) an encouraging sign that they truly recognize the importance of customer service

After using IE8 for the first time I have to say I was impressed.  Not impressed enough to switch away from Firefox and Chrome but impressed enough to consider it.   The first thing developers should know is that IE8 comes with a laudable attempt at implementing a version of Firebug that’s built into the browser.  It’s not Firebug but it comes close.  Secondly, the whole thing feels snappier: pages load faster, the browser starts up faster and it generally feels tighter.  Finally, the user interface has subtle improvements like the squared off edges of the tabs (which is definitely a subjective improvement) and what I think is better use of space.  I still am not happy with the refresh button being where it is (to the right of the address bar) but I’m probably unique in that opinion.

But there are two things that Firefox gets right that no other browser has gotten right so far. 

1. Extensions: IE fans will say that IE has extensions but I am not happy with any extension that installs itself outside of the browser – that is, something that takes up residence in the registry or elsewhere on my system.  That, to me, is a system begging to be hacked.   While I haven’t developed an extension for Firefox myself, I believe that extensions use the browser as the platform, not the operating system.  It’s a key distinction in my mind.
2. Trust: Let’s say Microsoft gets real extensions and does everything else right, too.  Would you really trust Microsoft to not suddenly  have a change of heart and revert to some of its sordid practices of the past.  I’m talking about diverging from standards mostly.  Microsoft, like most companies, is focused on revenue potential.  While the Googles of the world seem to be driven mostly by developer-minded people and understand the importance of standards on the internet, Microsoft seems to let the MBAs run the show.  Right now, standards have become important to them but this is likely a result of IE market share dropping.  If this turned around and IE share started rising again, would the internet-friendly developers be pushed aside again?  I believe they would.

And by the way, it’s why I feel very strongly that no one should use a browser that includes a rendering engine which is closed source.  While Microsoft is by far the most guilty party when it comes to shunning standards, any company is capable of getting to that point.  Using open-source rendering engines is, to me, a way of giving some assurances to the user that the company’s intention is not to violate standards. 

I had a funny exchange with my host today about helping me with my client’s site hack problem.  They refused, of course, claiming that it’s not their policy to help with site hacking problems that are not caused by the server itself.  I understand, of course, since they would spend most of their time chasing these problems down.  But I was surprised by their complete lack of interest in even finding out more about the problem itself.   This concerns me not only as someone who needs the help, but as someone who is sharing a server with others. 

I made this point but got the following in response:

I highly doubt that one hacked account would cause concern for us, the sever its self is secure and the hacking was done on an account on the server only.

Bad grammar and spelling aside, this doesn’t make a whole lot of sense to me.  I am by no means a unix expert – far from it – but a hacker who is able to write to files on a server seems like it should be a concern to anyone whose job is to maintain the security of said server.

But folks would argue that this is the risk you take with shared hosting and the price more than makes up for the risk involved.  I suppose I would agree with those imaginary folks.

A client is having some serious problems with their site being hacked.  It started a couple of months ago when a very old installation of Mambo was hacked and the hacker was able to rewrite files on the server itself inserting malicious code.

We decided to move to Drupal since Mambo seems to be on its way out in the CMS world.  Joomla is based on Mambo and might have been a smoother transition for the client but my experience with Drupal has been very good and I thought it would be more of a resilient platform.

So I moved all original files to a directory that would not have any links to it and requested that Google re-review the site and take it off it’s malicious sites list (this, in fact, is what prompted the clients request for a new site).  Google came back and said the problem was solved.  So then I installed drupal and painstakingly moved articles from the old system to the new looking for suspicious links as I went.  I didn’t see any and I was able to clean up the imported article HTML as I went.

A day later, Google puts the site on the malicious list again. Grumbling, I looked around and discovered that the blog – which is separate from the site but on the same domain – had also been infected.   So I removed that and installed the latest version of Wordpress.  Rerequested a looksy from Google and was off the list again.

A day later the site was back on the malicious sites list.  This time, I was at a complete loss. There were no links that I knew of to the old site, the blog was clean and the links that Google mentioned as dangerous were not even there anymore.

I was about to wash my hands of it when I dug around a little more and discovered that there are hacks that replace the .htaccess file at the root.  The effect is subtle.  If someone just types in the address to the site directly, everything is fine.  But if a robot visits the site or a user searches for the site in Google or any other search engine, they will be redirected to some terrible site somewhere.

I have replaced this .htaccess file (which I’m still unclear how it remained after I moved all old files elsewhere) with the original drupal .htaccess file and have requested a review.  Hopefully, this will be the last but given my track record so far, I’m not holding my breath.

UPDATE: So the .htaccess file was returned to its evil state by the next morning.  I also discovered a file called "test.pl" in the root.  Not sure how that got there but I'm starting to suspect that the FTP password was discovered as well.  I've gotten rid of that particular file and changed the FTP password to something more secure.

I cannot emphasize enough how valuable this tool is – if you care at all about supporting multiple versions of Internet Explorer. 

The inability to install multiple versions of IE on the same computer is well known.  What IETester has done is make it dead simple to only test against multiple versions of IE without having multiple virtual machines, but has done it in an attractive package that lets you compare versions side by side.  This is truly a treasure for web developers everywhere.

When installing CakePHP changes have to be made to the .htaccess file when installing a site that is not in the directory of your webserver.  For example, if you access your site:

http://iwonderdesigns.com/cakephpapp/

instead of

http://iwonderdesigns.com/

The mod_rewrite will fail assuming that “cakephpapp” is meaningul.

The answer, I discovered (thanks to ticket 6133) that the answer is replacing the .htaccess file in the root of the cakephp install with this one:

<ifmodule mod_rewrite.c>
   Options +FollowSymLinks
   RewriteEngine on
   RewriteBase /cakephpapp
   RewriteRule    ^$ app/webroot/    [L]
   RewriteRule    (.*) app/webroot/$1 [L]
</ifmodule>

I’m not sure why CakePHP’s docs don’t include mention of this since I would think this is not an uncommon situation (at least in a development environment) but there it is.

As I was preparing to turn a mockup I made into a Drupal theme for a client,  I started, as a I always do by looking for a base theme which I can convert.  Usually, this involves removing all the cruft of the original theme so I can get to the rich nugatty center that is the drupal mechanics.  During the process I’ve discovered two things this time that I didn’t know before that I’m guessing a lot of other people did know. 

First, some kind person has created a really basic starter theme with none of that bling that comes with completed themes.  He also has some sort of “grid builder” thing that helps you get started on your final theme more quickly but I had a feeling that would be more trouble than its worth so I stuck with doing that work myself.  I could be wrong about that, but there you have it.

Second, as I was flipping through this guy’s readme he mentioned something very cool: to help get your new theme to look like your mockup, use the mockup image as a body background image (faded of course).  The effect is a light table for tracing.  Here’s the code he mentions in his readme.  Pretty straightforward:

 
<style type="text/css">
<!--
   body {
      background-image: url(trace.jpg);
      background-repeat:no-repeat;
      background-position: top center;
   }
-->
</style>
 

In my dotage, I have come to really despise applications that are really  pretty simple that occupy way too much memory on my system.  Modern Instant Messengers fall well into that category.  Digsby takes over 80MB on my system.  Trillian: 50MB.  Pidgin: ~50MB.  I mean, really.  That’s why I started looking around for instant messengers with a small footprint.  I hit on Miranda IM which I had seen before but was too immature at the time. 

Nowadays it’s got a robust plugin architecture, very simple interface and occupies 5MB in memory.  The notification system is lacking, or at the very least the configuration is confusing, but for that kind of leanness I’m willing to accept that flaw.  Setup is also less smooth than some of the higher-end IMs.  But considering it uses 16 times less memory – again, it’s a burden I’m willing to bear.

Miranda IM