Nudging the Boulder
Many moons ago, I stumbled across James Shore’s excellent Change Your Organization: A Diary, gave it a very thorough reading, and then put it to one side in my bookmarks list to gather dust.
Fast forward two years, and I find myself at an organisation that does long manual builds and push-lives, little testing and, amongst its portfolio, has a large, complex, multi-developer site that’s very quickly becoming unmanageable to extend.
As time went on and the project got bigger, the development process has switched from everyone piling onto the one dev system (and stepping on each others’ toes), to each developer having their own system, to there being a “Central Dev” system to do integration testing on, to adding a Staging server that everything is pushed to before it hits the live server.
It’s great having these systems, but the process that accompanied them means that the entire project is blowing out in unexpected ways every time a deployment is needed. When changes are pushed between system, database schemas and table rows are carefully synchronised, files are individually copied, and everything is manually (and very incompletely) tested.
Previously I’ve given informal demos and info sessions for things like XSS, XSRF, Dependency Injection, Sass and Blueprint and Active Record, in an effort to raise awareness of problems we as a team tend to have, of techniques we could really make use of, or of things that are just plain neat-o.
I’ll admit it straight-up; it is really frustrating to work somewhere knowing this stuff is proven and known to work, but is just out of reach because of a tangle of internal processes, NIH-driven home-grown technology, and plain inertia.
Having seen first-hand what Rails-like schema migrations, VCS branching, and automated builds and deployments can do for making deployment just work, I really wanted to introduce at least some of these to try to alleviate the pain of clicking, shuffling and swearing every couple of days.
I’ve mentioned these sorts of things in informal chats, during coffee breaks, and as thought experiments when developing things with the other guys. It’s finally built up to a talk I gave this morning that ostensibly covered Database Migrations, but just so happened to include automated builds, deployments, branches, and how we might go about actually applying this stuff within the context of our dysfunctional setup.
Database Migrations (and other things)
There are big holes and glaring omissions. The mentioned “Deployment Branch” / “Development Branch” split wouldn’t help us very much with all the concurrent projects running off the same code-base. Feature branches have been ruled out as “too heavy”, and so we’d be left still stuffing our wildly-branching codebase into a linear trunk. But at least we’d not be pushing trunk directly live, and wouldn’t be juggling manual file and database schema and content updates when pushing. If any of things I covered actually happen, I’ll look at trying to sneak in branches later on.
You could probably consider all this my attempt at shifting the course of a rolling boulder, but I’ll see what happens. I’ll keep notes here as I go, regardless of the fact that I can’t match Mr Shore’s writing ability. 
Posted July 13th, 2010 | No Comments
Ticketbooth, no… ConTikit, no… Effulgent…
I’ve been looking to change SMASH!’s current ticketing system for a long while now.
ConTikit (an online ticket purchase system) was meant be its replacement. Having subsequently found EventBrite, and with it looking more and more promising by the day, what was going to be tandem development of an online and on-the-day ticketing system is now completely focused on the latter.
To this end, I’ve just started reworking the existing Ticketbooth application into something compatible with EventBrite, which I’ve not-very-thoughtfully labeled Effulgent. You’ll find it on GitHub if you look hard enough.
(The GitHubbing being done for the purposes of a) sharing what’s been done, and b) publicly guilting me into actually doing something with it. Umm.)
Posted January 14th, 2010 | No Comments
Quick-&-Dirty Delicious Feeds for Wordpress
After looking around at the available Delicious plugins for Wordpress, I found two functioning ones, both of which that used and had broken tag support.
Ho hum.
Here’s what I used in a pinch; this’ll be turned into a Wordpress plugin with an interface to match the existing Delicious-for-Wordpress plugin. Until that happens:
// TODO: Make plugin, add count, feed and caching configurability.
$delicious_rss = 'http://feeds.delicious.com/v2/rss/damncabbage';
$delicious_item_count = 9;
$encoding = 'utf-8';
$feed = fetch_feed($delicious_rss);
$limit = $feed->get_item_quantity($delicious_item_count);
$items = $feed->get_items(0, $limit);
if ($limit == 0) {
?><li>No delicious for you today.</li><?php
} else {
foreach ($items as $item) {
$link = htmlentities($item->get_permalink(), ENT_QUOTES, $encoding);
$title = htmlentities($item->get_title(), ENT_QUOTES, $encoding);
$tags = $item->get_categories();
?>
<li>
<p class="link"><a href="<?php echo $link; ?>"><?php echo $title; ?></a></p>
<p class="tags metadata"><?php
$tag_links = Array();
foreach ($tags as $tag) {
$term = htmlentities($tag->term, ENT_QUOTES, $encoding);
$url = htmlentities($tag->scheme.$tag->term, ENT_QUOTES, $encoding);
$tag_links[] = '<a href="'.$url.'">'.$term.'</a>';
}
echo implode(', ', $tag_links);
?></p>
</li>
<?php
}//end foreach (items)
}//end else (items)
Default caching. Markup mixed with data retrieval. Not pretty.
Expect this one to be pluginified in a couple of days. 
Posted January 14th, 2010 | No Comments
Not-so-obvious Security Holes: include() and NUL.
Consider the following code:
if (!empty($_GET['template']) && strpos('/', $_GET['template']) === FALSE) {
include dirname(__FILE__).'/'.$_GET['template'].'.html';
}
Save it in display.php, and access it using a URL that looks like:
http://example.com/display.php?template=blue
At first glance, it only includes files in the current directory with the extension “.html”. This isn’t true; access the URL with the following instead and see what happens:
http://example.com/display.php?template=display.php%00
Ouch.
Read the rest of it…
Posted January 4th, 2010 | No Comments