Made of Everything You're Not

Last June I decided to do something unprecedented for me; I dipped my toe into the ExpressionEngine add-on market to try and sell some custom add-ons I'd written. Being the open source loving hippie that I am this felt pretty out of character for me at the time and I got a bit of grief for it from friends and my own id. But I've been talking about moving out of client services for far too long and figured a little experiment by writing some add-ons and selling them through Devot:ee (the de facto marketplace for ExpressionEnigne add-ons) would be a good introduction into full time commercial development. Looking at things 4 months later I realize that deciding do that was one of most important things I could have done for my career.

Those of you who read this blog regularly (which, I admit hasn't been that regular of late) probably noticed that I've been writing more and more about ExpressionEngine over the last year and a half. Obviously, I've been doing a lot of ExpressionEngine development. Mostly for client work but, like most things a good programmer does, I eventually built up a go to library of custom stuff for when new projects started. Just your normal stuff really; a couple extensions and modules to make my client's lives easier and give that little "extra" to make a project sparkle.

Then, my CartThrob project ended. This is a project that will forever have a place in my heart. Not the site specifically mind you, which is pretty awesome BTW, but the clients tight budget combined with needing more from the site than they had initially outlined created a dilemma that presented an opportunity. I could either hand off the site as is, which was to the client's spec but not to their expectations, or I could continue working without getting paid to make the client happy. Then, a third option came to mind.

I proposed to the client that I build an add-on to handle their needs on the condition that I retain ownership of the add-on. The plan was simple; I'd write this add-on and then sell it on Devot:ee in the hopes that eventually I'd recoup my loss in time investment. Hence, the birth of my first commercial add-on now called CT Admin. That... I then sat on for a couple months while I worked up the courage to put it up for sale.

The more I thought about releasing CT Admin the more nervous I became over the prospect of putting out an add-on that's only useful for users of another third party add-on. Starting out with a customer base that's a small slice of another company's customer base isn't exactly a good way to measure an industry. So, I decided to release a second add-on around the same time as CT Admin.

This second add-on, now named Backup Pro, was at the time a specialized backup add-on I'd written for my hosted clients which due to certain configuration conflicts couldn't use any of the existing ExpressionEngine backup add-ons on the market. Releasing Backup Pro was also a gamble though of a different sort; as mentioned there were existing add-ons within that niche and and one of those competitors has fiercely loyalty customers (Hi Tom!). But still, two add-ons are better than one. Right?

So on June 10th I had a stiff drink and posted my add-ons to Devot:ee. And a whole 24 hours later I sold my first add-on. Immediately, I realized I was in. I was hooked. The joy I felt when I got the email notification from Devot:ee about the sale was absolute and total. Someone had paid me money for proprietary code I had written that I was going to be able to sell again. Fuck. That was the sweetest $24 I ever made.

But $24 also came with a weird sense of responsibility I never really felt writing OSS code. With OSS I'd always kept things at my pace and, unless there was anything critical that affected me personally, individual issues other users experienced weren't that big of a priority. But, with the ExpressionEngine add-ons, that someone had paid real cash money for, the paradigm shifted from random and faceless users to clients. In essence my customers became my clients and that's a dynamic I've always been comfortable with in terms of knowing how to respond. Put simple; complete and total support until they're happy.

And that's really the key to everything right there. What initially started out as a small experiment I personally likened to an OSS project morphed into me sharing some responsibility with other developer's client work. Shit got real all of a sudden. People were paying money on my code with the belief that the code would help them solve their client's problems. For those users who had issues (and there were more than a few) my responsibility could not be denied.

Initially, I was naive enough to think I could just post my add-ons to Devot:ee and go about my life. I had no concept of how much care would have to go into support and customer satisfaction or the amount of hours I'd spend in the Devot:ee forums and answering questions on Twitter. To give an idea of just how many updates there have been; at the time of this writing Backup Pro is at version 1.8.1. That's a lot of bug fixes and feature requests in just under 4 months. Almost to the point of ridiculousness.

But it's addictive. Extremely so. The more feedback I got, and the more features and bugs that were fixed or added, the better the products became. The process creates a really nice positive feedback loop wherein we're all winners. The customer gets a better product, I get to create a better product which, in turn, makes my products more appealing to others. It's really something to be a part of.

So after 4 months of progressively improving my products, networking within the community, building a dedicated site for marketing and having an absurd advertising appetite and a library of 7 add-ons now, I look around and realize that I'm a part of something I had never anticipated; the ExpressionEngine community. And it feels like home.

One of my favorite parts about programming is the design part of a project. No, not the pretty sparkly pretty design; I know I suck ass at that and it's just a bad idea for me to even attempt. Instead, I like the part where the program itself gets designed; the part where the order of things gets worked out and you, the programmer, gets to be creative and connect A to B to C on all the parts that were left out of the scope.  Sure, you know you need to add, for example, a form to a webpage but unless anyone told you how it should be written it's entirely up to you how to do it; that's the good stuff.

There are all sorts of places people go to sharpen their program design skills, which, and let's not kid ourselves here,  is a way subjective but difficult specialty; personal favorites of mine are sites like Gamasutra, which has a great postmortem section, and The Daily WTF, books about projects like Dreaming in Code and Showstopper! and, to look at how other programs function and what other people like or dislike about that program, Reddit (of all places).

One of the better posts I've seen on Reddit, in regards to insight, was for Adobe Reader. On Reddit the question of why Adobe Reader is constantly updated is often asked but, what with the hive mind and all coming to the proper conclusions, is almost always linked to the "correct" answer:

Ok.. here is a comment from somebory who knows his shit:

the adobe reader you have isnt a simple PDF reader.

TL;DR: Adobe Reader is a huge system and reading PDFs is one of its many functions. If all you care is reading PFDs only then you should ditch it and get Sumatra or Foxit.

Long version:

lets follow the rabbit..

There is a reason its not called "Adobe PDF reader" but "Acrobat reader" or "Adobe reader". It is a monster of a system.
reading PDFs is one of many functions.
For a project i had to read into adobe acrobat and heck its a real monster: it has

a complete mail server, document lifecycle management system, DRM client, full fledged document tracking system, form capabilities, statistics for your docs (imagine sending a survey and tracking the collected data), video AND audio playing capabilities (yes you can embed audio and video in pdf) as well as capabilites for other formats (such as displaying CAD(!) data in its own 3Dviewer).

all in all the full acrobat SDK is like 500 MB and its manual a couple tousand pages long.

merely displaying PDFs is one function out of like 100.
To you as the consumer its the bait... but the full fledged system behind it is what Adobe sells to its corporate consumers.

they basically say: "You want a full fledged content tracking system? we got it... and the best part is all your customers have the clients already installed! in form of the acrobat reader".

Its like a monster sleeping in every computer.

see this link. Its the function comparisson of the acrobat family..

and here comes the scoop: all functions you see are supported by acrobat reader... but you cant use them. They are there so you can provide them to the guys who paid for "pro extended".

Basically the pro extended package can create all that shit and all drones using acrobat reader will support the functionality. wheter they want it or not.

And here is the screamer: being a normal guy you will most likely never need all that crap. You know what does it mean when i say " document tracking system"? its just a fancy word for the dream of every adverstiser : Corporate customers can track how succesful their
newsletter, advertising and customer Polls are.

Yup.. they can track how efficient their spam is. And all you sheeples who over the years keep complaining "omg i just want to read pdfs why is the install file soo big" never cared to actually read what is included.

My advice: if all you care for is reading PDFs (and im sure 99% of Acrobat reader users are in this group) install Foxit or Sumatra.

That's just poor design right there; forcing a large percentage of your users to suffer a poor experience for the benefit of a smaller portion of users is just flat out dumb and one of those decisions I'm fairly certain couldn't be made by a team that's dogfooding their project. It's just basic math; make life easier on the majority.

One question I get asked from time to time by, well, pretty much anyone I've ever worked for or with, is why their hard drive was marketed at one size yet the available size is far smaller. For example, they may buy a hard drive that's marketed at 320 Gigabytes but when they get it installed there are only 286 Gigabytes of space available. On the surface this can be pretty frustrating in the "Bait and Switch" kind of way; you buy one thing and get another, lesser, thing but like most things about computers, the reality is actually pretty rational if not simple.

Traditionally, when confronted with the question I had always just gone with the tried and true line that I cribbed from Tom's Hardware:

Hard Disk Drive (HDD) makers define "GB" or "Gigabyte" as 1,000,000,000 bytes. Microsoft (in Windows) defines it as 1,024 x 1,024 x 1,024 bytes, or 1,073,741,824 bytes.

Thanks to Stack Overflow I now know that the real, thorough, answer is:

There are 3 reasons why the amount of space you can actually use is different from that listed for the drive, all of which work against you:

1. Hard drive manufactures treat 1GB as one billion bytes, while the operating system calls it 1,073,741,824 bytes (1000 * 1000 * 1000 vs 1024 * 1024 * 1024).
2. You lose some space for file tables when formatting.
3. Disk space is divided into chunks larger than 1 byte (typically 4K). Using typical Windows defaults, a 1 byte file takes up 4K of space on disk.

Of these, the first two can influence the amount of space reported by the drive (though IIRC the 2nd one was more of an issue with FAT32 than NTFS). The last one only influences the amount of free space remaining, but will still prevent you from using the full capacity of your 80GB drive.

It's almost reminiscent of the Mars rover debacle about metric vs standard measurements; HDD makers use a decimal metric while the operating system uses binary. Anywho, this means that if you have a 320 Gigabyte HDD Windows will recognize it as 286 Gigabyte HDD. Pretty straightforward really and aside from having to dodge the occasional rant about how illogical that is and how come I just don't know more about the ins and outs of HDD business practices it's not really been that big of a concern for me professionally. Well, now as my client's needs for storage are increasing well, it's, in a sorta kinda way, becoming a bit of an annoyance.

A recent project I had was to design a system for obscene storage space; the client is a civil engineering firm so they deal in those HUGE CAD files for city planning and architectural plans and they want to do version control on them. So, lots and lots of space was needed and while investigating a possible solution that involved a dedicated RAID array it dawned on me that the specs were a little more complicated than they aught to be. Math was going to be required above the normal RAID calculations you have to do for setting up a RAID array.  I mean, God forbid I say they'll have one amount of space when the reality is they'll get a lesser amount; I don't need that kind of attention.

On the surface setting up a RAID 5 device with 8 2 terabyte HDDs would yield a total of 16 terabytes before the RAID and, according to the RAID calculator, around 13 terabytes of usable space after the RAID setup. The reality though is that each 2 terabyte HDD is only going to yield 1.8 terabytes each and once the RAID is configured the total size is going to be 11.7 terabytes. A little over a full terabyte is missing; a non trivial amount to be sure.

So it's a knowable problem and it just requires a little math but the more I think about it the more I'm starting to empathize with the reactions of previous clients. Put simply; wtf man? Why don't the HDD makers put on the box the amount of space most people will experience; at least as a sub text on the box? For example, putting both the decimal and the binary amounts side by side or maybe listing the amount of space available for the big 3 operating systems (Windows, Mac and *nix) would be way more helpful and truthful than just listing the binary amount and leaving customers feeling ripped off.

canThere are 3 reasons why the amount of space you can actually use is different from that listed for the drive, <em>all</em> of which work against you:</p>

<ol>
<li>Hard drive manufactures treat 1GB as one billion bytes, while the operating system calls it 1,073,741,824 bytes (1000 * 1000 * 1000 vs 1024 * 1024 * 1024).</li>
<li>You lose some space for file tables when formatting.</li>
<li>Disk space is divided into chunks larger than 1 byte (typically 4K).  Using typical Windows defaults, a 1 byte file takes up 4K of space on disk.</li>
</ol>

<p>Of these, the first two can influence the amount of space reported by the drive (though IIRC the 2nd one was more of an issue with FAT32 than NTFS).  The last one only influences the amount of <em>free space</em> remaining, but will still prevent you from using the full capacity of your 80GB drive.

This Sunday I had one of those moments I've heard about but never experienced: my Xbox Live account was compromised and someone had purchased a crap load of points and transferred them to someone else. Since I default to the outlook that corporations don't give a crap anymore (have they ever?) I was thinking I was screwed and was out of the money unless I contact my bank. Not the case though; turns out Micro$soft actually seemed to care and everything turned out better than expected.

On Sunday, I woke up to a series of 4 emails confirming the purchase of 10,000 points from Xbox Live Marketplace, a renewal of my Xbox Live Family account (dude actually changed my plan to include his account) and an email confirming the transfer of those points to another Xbox Live account. Now, my first thought was that I had really tied one on the night before and had just blacked out while doing some shopping on Xbox Live.  Then I remembered that I didn't drink (just smoked) and, after checking the email timestamps, the purchases were made while I was sleeping. Fuck me.

Now, I'm not a stranger to the odd charge on my credit cards and know exactly what to do; call the bank and contest the charges. Because I actually use my Xbox though, and I do purchase a lot of content through Zune and Xbox both, I thought it would be a good idea to contact Microsoft and let them know about what was going on. God forbid I contest the charges and Microsoft thinks I'm the one ripping them off, right? So, I call them up and, after waiting on hold for a good 10 minutes, I get on the phone with Regina.

Regina was very pleasant and, after she confirmed I was who I said I was, she was actually pretty sympathetic and understanding as well. I honestly didn't expect actual sympathy though and was pretty taken back by it; going through the motions and patronizing wouldn't have surprised me in the least but Regina was very accommodating, knowledgeable and helpful. Regina explained that while this isn't what she would call a common issue it does happen from time to time and, to me at least, she came across as having dealt with similar issues in the past personally. This really put me at ease when dealing with her which was good because I was in fight mode, expecting to be screwed at any moment.

One key part that struck me about this whole thing was the paper trail; because the system emailed me confirmations about each transaction it was obvious who was responsible and Regina made it clear that this a good thing. I had the username of the person the points were transferred to so, apparently, it's pretty trivial for them to respond though I find the idea that the account wasn't temporary ridiculous. I don't want to underestimate the stupidity of criminals but surely the jackass who ripped me off must know the username they sent the points to would be flagged and investigated. Right?

Anyway, Regina gave me some details about what Microsoft were going to do on their side (which I'll post once the investigation is completed lest I tip someone off in the event I know the asshole) and what my expectations should be as far as resolution (pretty good since it was caught within hours of the purchases). She also made sure to make a point of contacting my bank and letting them know as well which, while I was going to do regardless, I definitely appreciated.

It should be about a week until I hear something about the investigation and, hopefully, the resolution. All told the process took only 34 minutes and left me feeling a lot better about Xbox and Microsoft as companies to, if not completely respect, not worry about screwing me given half a chance.

That said, I'm not an idiot (well, about this stuff anyway); I still contacted my bank and contested the charges so my money is back safely where it should be. The bank, as a matter of policy, invalidated my credit card and is going to send me a new one but it's a small price to pay I think. Well, that and now there's no way I'm ever going to let a service keep my credit card on file ever again.

A couple weeks ago I received an email from a client of mine about a bug one of their clients was having using the Mailpress Wordpress plugin and wanting to know if I could help. They're an agency and I always want to make them happy so, even though I didn't write Mailpress, I decided to dive in a see what was up. Plus, it's always fun to contribute to open source projects and to get paid to do it is always a win-win.

Before getting into the bug I just want to say that I didn't want to post it in this way; ideally there would be channels available to submit issues but Mailpress doesn't exactly make that easy. Their site, while having links to the expected destinations like Community and Submitting a patch, doesn't appear to be finished and those sections are essentially empty at the moment.  The information to put this information out there very well might be in the site but, frankly, the thought of writing this post was less painful than digging through the site looking for info. Plus, this isn't a security issue at all so there's that. Ass == Covered.

The issue was that the email validation was returning false even when an email was valid, specifically if the email wasn't entirely lowercase. The problem with that, in case it's not clear, is that an email address doesn't have to be lower case (at least in the name portion). For example the below two emails are valid and, in fact, different:

eric@example.com
Eric@example.com

They look similar and it's not really advisable to do email addresses in that format but people do it that way and, technically, it is allowed so not sure why Mailpress doesn't.

Mailpress would throw an error on the second email which was pissing of my client's client and my client (sigh...). The fix is pretty stratightford and easy; just replace the regular expression in Mailpress with the working one I cribbed from Zaheer.

File: "/wp-content/plugins/mailpress/mp-admin/js/write.js"

219

is_email : function(m) { var pattern = /^+(\.+)*@+(\.+)*(\.{2,4})$/; return pattern.test(m); },

With:

219

is_email : function(m) { var pattern = /^+@+\.{2,4}$/; return pattern.test(m); },

Hopefully, the issue doesn't go deeper than the javascript validation but the above does allow for a working email validation script. Now we just need Mailpress to update their wonderful plugin with the fix...

Avactis is another in a long line of e-commerce web applications written in php (similar to OpenCart and PrestaCart), this one a little different in that Avactis has different versions, each with different features, depending on how much you're willing to spend. Avactis is a full featured product with all the bells and whistles any ambitious store would need (and then some more features stacked on top for good measure) combined with a very php like integration methodology. Unfortunately, the dated administration interface combined with a lack of a plugin architecture and theme community really holds it back from the awesome bar.

For the uninitiated, Avactis is created and maintained by Pentasoft Corp; oddly, there's no website for the parent company so take that for what you will. As mentioned, Avactis is based on a pay model though it's way more upfront about it than PrestaCart and, while the free version is missing some features, the source is available for modifications. Not too bad in my opinion; at least the more cash strapped shops can still play if they want to.

The different versions of Avactis are Free, Owned ($199), Monthly Leased ($19.95 a month) and White Label ($299) each with their own features and options. Most notably the Free version doesn't include any (useful) payment modules (Authorize.net anyone?), coupon module, data export and import, quantity discounts or search engine friendly URLs out of the box. They do offer discounts for web developers though (at least 50% and they say up to 100%), and the complete source is available without obfuscation, so at least those functions that are needed can be added which can really ease the pain of paying for the thing in my opinion.

As expected, Avactis has the ability for custom themes though I'm disappointed to see that there doesn't appear to be any theme community in existence (compared to other cart software packages). The reasoning behind this is probably because Avactis bills itself as being "easy integration with an existing website thanks to unique Avactis tag technology". And by unique they mean including a php file and calling php function snippets. I'm all for marketing hype but wtf is that?!? Here's an example:

<?php include('init.php'); ?>
<?php NavigationBar(); ?>
<?php Breadcrumb(); ?>
<?php ProductList(); ?>

It's called php and EVERY php site does this Avactis not just you. Essentially though, this isn't a bad strategy and, in fact, is definitely a strength especially without all the hyperbole. Obviously, Avactis can stand alone and doesn't need to be integrated into a separate site but it's a good idea to allow easy integration into existing sites.

Avactis is packed with all the features any online store would want; content management system, coupon and discount mechanisms, order and customer management, packing slip builder to name a few. Each feature is also highly customizable and usually includes a plethora of options and settings; nice if you build complex product build outs or specific functionality. On the other hand though, this amount of features and customization comes at a cost in terms of ease of use, work flow and a lacking user friendly experience.

The administration interface for Avactis is a nightmare mess of pop-up windows, tabs and accordion widgets. Slick is not a word I would use to describe the experience. Functional or crappy or painful or eyebleedingworstinterfaceeverpleasekillmefortheloveofgod!; those are better words to describe it.

There's inconsistencies all over the place; for example while editing a product the help widgets will open another pop-up window (sigh...) yet in the main menu hovering over a link will display a tool tip and in the installation process the help widgets are all inline divs.

Going through the code yields such codesod qualifiers as the below:

<?php
    /**
     * Defines the possibility of uploading images by file type.
     *
     * @param $file The array consists of the $_FILES variable, for
     * the current file.
     * @return boolean
     */
    function isAllowedImageType($file)
    {
/*        $type = _ml_strtolower($file);
        switch ($type)
        {
            case 'image/gif':
            case 'image/jpeg':
            case 'image/jpg':
            case 'image/jpe':
            case 'image/jfif':
            case 'image/pjpeg':
            case 'image/pjp':
            case 'image/png':
            case 'image/x-png':
                return true;
            default:
                return false;
        }
*/
        return true;
    }
?>

If that doesn't make any sense to you suffice it to say that the above function is supposed to verify that an image's mime type matches the list; unfortunately though, the function is, what we call "commented out" and will not be executed. All files sent to the function will validate as true so, essentially, any file type can be uploaded. While it's entirely possible this is an old function that was replaced with something useful, and it should be noted that I never found any calls to that function (but I really didn't look too hard), the fact that it's still in the code-base speaks volumes, to me, about the project maintenance at the very least.

On top of that Avactis has one of the most wasteful and useless installation processes I've ever seen. Initially, Avactis ships with a very minimal file set that includes a 15 mega byte (MB) file whose sole purpose is to contain all additional files in a gzipped and base64 encoded string. The sole purpose of this is to allow Avactis to programmatically write all source files to the file system during installation. For the life of me I can't imagine what functional requirement precipitated this design decision. Considering the complexity added to the development cycle this would cause it makes no sense to me; I'm at a loss. I could be missing something though; you never know it may have a really sick benefit that I'm just not privy to.

Are any of those "issues" at all relevant? Not the function and not the installation process. Those are subjective issues that may only matter to me; it's armchair quarterbacking at it's finest (if I do say so myself). For everything else, well, that obviously depends on the specific needs of the project. For my needs it's a pass simply because my clients care about the interface and Avactis looks like it hasn't been updated since 2002 (at least).

So, while Avactis is a nice program with all of the features any store would ever need I personally feel that it's not ready for my project.

In my pursuit for financial independence I've been taking on random freelancing gigs from some really smart and interesting clients. One of the more respected clients I work with has been using Expression Engine for their main platform for years, and while I was initially skeptical, I'm beginning to believe there is potential for Expression Engine to be a useful tool too. There's just one little thing; it's possible to create a debugging nightmare pretty easily.

Expression Engine is built by the same company who put together pMachine, one of my favorite blogging software from back in the day, so I had some pretty high hopes for it. Then I started reading some off the cuff comments about Expression Engine, especially in comparison to my mortal enemy Dolphin CMS, and I started getting a little nervous. Then, when I started seeing how the flow worked, my head almost exploded.

See, all the style and creative stuff is stored in the database. Because Expression Engine has it's own meta templating language (similar to Smarty in syntax and style; to me anyway) all the templates are available and ready for anyone to make modifications to. On top of that, Expression Engine allows for the inclusion of custom php inside of the stored template files which gets executed with the dreaded and evil "eval()" tag.

Confused? Me too. To help clear things up here's a snippet of Expression Engine templating code:

{assign_variable:my_weblog="default_site"}
{assign_variable:my_template_group="site"}
{embed="global/header"}
Page Content Here.

It should be pretty obvious what the code above is doing, but because I get a lot of shit for not being verbose (I'm looking at you Reddit), here's what's happening:

1. A variable called "my_weblog" is being created with the variable "default_site".
2. A variable called "my_template_group" is being created with the variable "site".
3. The header template file is being included.

Not so bad right? I didn't think so either but there's also the inclusion of raw php. The below is perfectly valid to do in Expression Engine (assuming the "Allow PHP in Tempaltes" setting is enabled):

<?php
$my_weblog = 'default_site';
$my_template_group = 'site';
include 'global/header.php';
?>

The above is a translation of the Expression Engine code by the way (if you hadn't picked up on that). This, too, isn't bad per se, but it does break a few very important rules which I'll get into in a moment. Annoying and sort of dangerous? Absolutely. But I can see where the appeal lies in allowing this sort of functionality (and, yes, even if you have to use eval() to do so).

That being said, my head almost exploded when I saw how the logic was laid out when mixing both the Expression Engine template tags with php functionality. Keep in mind that Expression Engine has a setting that allows you to set when in the processing flow you want the php to be executed. If that sounds confusing just know that in the below example the Expression Engine stuff is executed before the php code.

Here's what I mean:

{exp:query sql="SELECT name FROM exp_freeform_entries WHERE entry_id = '1'"}
<?php
$name = '{name}';
?>

The above simply grabs the name from the table and then sets it up for use by php. Once again, perfectly valid usage it would seem, though the more astute people will immediately see the issue.

Since Expression Engine executes the template tags first this is kind of a snap. The thing is though there's no escaping going on there. The above will work great when the value of name is something like Eric or John but what if the value is "Eric O'Reily"?

Yeah; it's gonna break with a parse error. But worst of all when it does break the error message you're going to get is going to reference the call to eval() and not the actual template file. This is going to make debugging a bit of a bitch. On top of that, there's no native method to escape anything within Expression Engine itself. So adding the usual call to addslashes() isn't possible.

So, while Expression Engine is pretty snazzy and nice it isn't without it's pitfalls. Mind you, the escaping issue isn't impossible to avoid; it's more a question of design than anything. It is something that needs to be watched out for because, yeah, doesn't seem there's going to be a change anytime soon.

With the release of Google Buzz last week a lot of people have been screaming bloody murder over some privacy concerns they have and Google’s perceived lack of forethought on the matter.

First, Google Buzz appears to be a FriendFeed clone that Google just launched about a week (or 2) ago. Initially, it was enabled inside of all gmail accounts by default without any authorization to the contrary. I haven’t had the opportunity to try it though. Not because I don’t use gmail (I do; sorta) but because I use Google Apps gmail which wasn’t a part of the rollout.

From what I can glean; Google Buzz works by parsing your contact list and then making connections between everyone in it and displaying their social network activity info publicly for all to see (seriously, just like FriendFeed). Make sense? No? Here’s the Crunchgear explanation of Google Buzz:

Google Buzz is a social network and sharing product built by Google. Based within Google Profiles, Buzz offers a stream of status updates, pictures, links, and videos from your friends. You can “like” these items and you can comment on them. Updates from Flickr, Picasa, Google Reader, or Twitter can also be automatically imported into a Buzz stream. Buzz will recommend items you might like based on your friends’ activity.

So, apparently, one of the “features” of Google Buzz is that when it was initially released it displayed your contact list publicly which raised all sorts of hell from people who can’t afford for this to happen (think lawyers, journalists, etc).

This smacks of a high level of naivete on most of the users. Under what delusion are people living in to think that they have any expectation of privacy from a publicly traded company. Yes, I know they claim to care about your privacy, and I’m sure on a personal level the people working for Google do, in fact, care about your privacy. But the organization itself? Not a fucking chance.

Let’s get serious here; as stated above, Google is a publicly traded company which means their priorities start and end with cash ($$$). Frankly, it’s naive to think otherwise. Ask any corporate officer and they’ll tell you they have a responsibility to their shareholders. This is a notorious lose for consumers but it’s the reality nonetheless. Cry all you want but Google fucking their users in this way did ensure they launched a new social network with millions of users. From a fiscal standpoint, this was a HUGE win even with all the bitching and moaning. Even taking into account any users who would leave Google (along with any ill will this may have created) this was still a winning strategy for launch.

If privacy is an issue then, it seems to me, that you really should have taken greater measures to protect yourself. Relying on Google to protect something like this screams of escapism and finger pointing. Guess what? It’s your fault. Deal with that instead of crying that a publicly traded company that provides a service you use for free does something in a way that you don’t like.

Do I think that Google was right in any way for doing what they did? Not for a second. That said, people need to take responsibility for their own needs instead of blindly trusting a for profit company to do it for them. Yes, even when that company claims to “do no evil”.

It's interesting how life can throw you a little too much coincidence. For example, I was having a nice conversation (with a pretty smart dude) where it was mentioned how much more painful development on large projects used to be back in the confused days of early PHP. Then life decided to highlight this little message with a project using Dolphin 6.1 from Boonex.

The work came from a client that had a straight-forward install of Dolphin. She wanted to customize it a bit to make it a little more user friendly; nothing too difficult. Before the project came to me the client had gone the usual route of hiring someone on the cheap who ended up not being up to the task and was, subsequently, left high and dry. This left me with a project that had some of the work started, but not finished, which added to the pain a little but Dolphin sure has it's own ways of ruining a mood.

In case anyone else has the misfortune of having to work on a Dolphin CMS project I thought I'd highlight just what you're in for.

The Good

To be fair, for as bad of a nightmare Dolphin CMS is as a project (compared to coding standards in today's landscape), it does have one or two(ish) redeeming qualities.

For one thing Dolphin CMS has a pretty logical directory structure. Looking for the language file? Why it's in the "lang" directory of course. Looking for a class? Just check out the "inc/classes" directory. Admittedly, this is a small thing if you're using a modern IDE but I still appreciate it (so many programs I've ran into lately don't even include this level of logic).

Dolphin CMS also has what can only be called an advanced admin panel. This thing allows you to customize all sorts of areas including the content of pages as well as the layout of the pages. I had a lot of fun playing with that thing. This is double edged though because it serves no practical purpose if you want something unique and cool. For newbies though I think this is a nice feature to learn about the possibilities for a website.

The Bad

Right off, Dolphin CMS is PHP 4 compatible. This is just silly; it's fucking 2009 already and Dolphin CMS using PHP 4 as a baseline is probably more to blame for the rest of this list than anything else. If you're going to use old technology why not use old coding standards? In that situation I imagine complacency and laziness would come naturally.

Then there's the use of short tags in Dolphin CMS. I admit to having a problem myself with maintaining this standard (it's still natural for me in a template file) but it's irritating if you have short tags disabled in your ini file.

Another offense: inline HTML and PHP together ALL OVER THE PLACE. You can't hardly open any file, seriously, any file, without wanting to tear your eyes out of your skull from the cluster fuck in front of you. Add to that the confusion in that the system has a template system (see below) Dolphin CMS just doesn't use it for the parts you'd actually want to change. Gave me a headache when I would think about it.

As mentioned above there is a template system (of sorts) but it doesn't actually templatize anything. I guess it's more of a layout system but considering the majority of templates only had header, footer and content references it's a poorly utilized one. To make it even worse though Dolphin CMS uses a hard-coded, numerically indexed, naming convention. Want to know what template file you're file is using? Just open up that file and look for a variable called "$_page" and use the value as a reference. Seriously, why would you use a number instead of something meaningful like the name of the file (or similar)?

Back Pedaling

I just got done working with Dolphin CMS so, yes, I'm a little raw. Wah; I know. Still, the fact remains that Dolphin CMS is one of the biggest pains in the ass to work with that I've run into in quite some time. It's not too complicated to work on, it's structure should be familiar to anyone who's worked with PHP ten years ago, which is it's biggest issue. You have to dumb yourself down to work with. And for the love of god don't try and abstract anything.

The most heinous thing though is that Boonex actually charges for this filth. Real money too. Crap can be excused if it's free but there's nothing worse than paying for a box full of horse shit.

When I was a kid I remember McDonald's as having some of the best food and providing the best experience ever. Just the thought of going there was exciting. Breakfast, lunch and dinner; it didn't matter what meal it was. They went out of their way to, at least try, to make the experience fun for the kids. Yes, this was part of a plan to get the kids hooked to bring in the family (which it did in spades) but it was one of those rare strategies that was win-win for both the customer and company.

Fast forward 20 years (sigh...) and McDonalds and it's ilk are the lowest of the low when it comes to quality of service and product. It's been years since any fast food restaurant has provided me with an experience worthy of my money; the food is always horrible processed shit, and the service (even at the most basic of basic levels) is completely nonexistent. Hell, I can't remember the last time I was given ketchup with fries without having to ask for it...

Having worked in web development professionally for the last eight years I'm starting to notice a similar pattern in this industry. What was once an industry ruled by high profits for a job performed by professionals (mostly anyway) has quickly become an industry full of amateurs and scammers (mostly) trying to make as much money with as little thought to quality as quickly as possible. I've spoken before about the lack of quality I find in a lot of programmers I work with, and while I'm not saying it's the complete cause, I do think there's a link.

Oddly, I’m in the minority here. In my, limited, exposure to other programmers I can say definitively that the majority just plain suck; mostly because they refuse to grow and learn.

I’ve heard all the arguments before, “My weekends are mine”, “I work hard enough; I don’t have the energy”, and the best ever, “My employer should pay for this like Google does. Whah!!”. (I know Google doesn’t, in fact, do this but people still say it.) All just pure crap excuses for maintaining a level of competence just high enough to not get fired.

Bottom line: working 8 hours a day is just not enough to matter. If you think you’re a programmer and you don’t spend time improving your skills you’ll quickly, really quickly, become obsolete. It just doesn’t matter if .Net is going to be around forever and your employer won’t ever upgrade from 1.1; you’re a hack (and not in a good way).

Now that I'm an active freelancer I'm really, really, starting to see the differences. Time and time again I end up taking a meeting with someone who has just been worked over by others in this field. The stories some of these companies and people have are just appalling and I've heard some doozies. Worst of all, behavior like this tends to skew their perspective and they view all freelancers as suspect.  Too much of my time is spent building confidence in me as a professional it's really starting to become laughable.

It was all really quite the mystery until I recently reached out on craigslist to find a designer for a WordPress theme (I need to update this site BAD). I was pretty explicit that all I was looking for was a PSD file that I would personally turn into a WordPress theme but 4 out of 5 responses to the ad indicated that the respondent hadn't even read the post. Frankly, it was irritating wading through the crap and, obviously, automated responses.

This is troubling for a couple reasons. For one thing it basically indicates, to me anyways, that the person (company, freelancer, whatever) had very little regard for what I wanted, instead opting for a fastest gun approach. The number of emails I received immediately after posting my ad was around 20 and after reviewing each one it was obvious they were automated. I pity the individual or company who entertains these people.

The long term harm this can cause for other programmers (much less themselves) is completely short sighted. Crappy work begets a crappy experience for the client. Simple.