Upgrade to Git

Remember when Subversion was the new tool that all the cool kids were flocking to? Well, Subversion is now the old and busted, and it’s time to move to Git.

It’s time to upgrade your Subversion repo (if your still using it) to Git because of the benefits you will gain from moving to a more flexible tool.

  1. Distributed: When you checkout (or clone in the git world) a repository, you are checking out all the files in the repository, which means you can work independently of others. You can commit and make changes on master, or another branch without imposing your incomplete changes on the rest of the team.
  2. Simple Merging: Compared to Subversion, merging is fun. Because its so easy, as a developer you are more inclined to make additional branches and use them as they should be used. This adds a lot of flexibility in where and when the changes are pushed to master.
  3. Speed: A subversion commit doesn’t end until all the files have been transferred to the remote server, with git, commits are completed instantly because you are committing to the local repository, not the remote one. Therefore, you don’t have to wait for actions to complete as they are almost instantaneous.

I could go on, but those are the big ones for me. Note: I’m not against other DVCS systems like Mercurial, Bazaar, but I chose Git because of it’s popularity and ability to handle the Linux kernel.

Download GIT now.

Cache Password Protected Website

I needed to write a simple web app to automatically cache a password protected tumblr admin account, so I wrote simple symfony app to do it. It was pretty simple to do because I could leverage the sfWebBrowserPlugin which provides most of the heavy work for simulating a browser and logging into the site.

While this project is setup to cache tumblr, you can easily modify it to cache any website. It’s built in PHP on the symfony framework.

Configure it by changing the apps/frontend/config/app.yml file to add in the blog name, email, and password, with these config parameters: app_tumblr_blog_name, app_tumblr_email, app_tumblr_password

To cache a page, run it via command line:

./symfony tumblr:cache

Source is on github: Cache Tumblr Admin

WordPress Needs a Default Caching Plugin

I find it curious that WordPress, one of the biggest and best blogging platforms currently around does not come default with a caching plugin. I think the WordPress developers should either include one of the excellent WordPress caching plugins, or build their own and then enable it by default. Users and blog hosts worldwide would have better page load performance and improved scalability.

This blog is build with WordPress, and in my first year of blogging, one of my posts received a lot of hits. Unfortunately, the default WordPress install I had setup wasn’t able to cope with the demand effectively. It was taking 2-5 seconds for visitors to load a page. That’s unreasonable for a simple blog and I’m sure I lost a lot of visitors because of it. So I looked into ways to make my blog load faster without paying extra for better hosting hardware. That’s when I found an excellent caching plugin called Hyper Cache.

With Hyper Cache, I made my blog page load from 2-5 seconds under heavy load, to down to less than a second,  under load the same load. The HTML itself only takes about 230ms to download, down from 4000ms, allowing the other resources to start downloading in a paralleled fashion much earlier. How is this possible? Well a caching mechanism works like this: The first time a page is requested, it will render it as normal, but what’s different is that it will save the rendered page in a special cache file. Then, subsequent visitors simply get handed this same cache file immediately, without much PHP processing required. It’s like skipping to the front of the line.

So we can see a cache has a huge effect on performance, and made a big difference to my blog, but what other benefits are there?

  • Many people won’t know what a cache is, or how to install one
  • Better experience for blog owners because they don’t have to learn how to install one after they experience poor site performance
  • Blog is more ready to handle getting slashdotted
  • Will ultimately give WordPress a much better image

In my opinion, well worth it. So WordPress team, please?

Sanitize User Input for XSS in PHP

The best way to sanitize any input from your user is to use the HTML Purifier library. HTML Purifier will remove any XSS from your code, produce valid HTML, and generally make you sleep just a bit safer at night. It doesn’t completely sanitize user input, and you still need to be careful with it before using it anywhere (such as an SQL statement), but it will remove all XSS attacks against your website.

Here’s a simple example of how to use it:

$purifier = new HTMLPurifier();

Yii Override Command Parameters

The Yii Framework is very flexible and has a variety of way you can configure it. Here I will show you how you can customize parameters on a Command task.

The default Yii Migration command asks the user for a confirmation before running if there are any tables that have been changed, this is quite a sensible default, but I don’t want to be asked if the command should be run after a deployment. Of course it should be.

To see what options can be configured, open the Migrations file


Any of the public class variables can be configured in your config/console.php file. Using the commandMap parameter, you can configure values for Yii Commands. Then specify the migrate task, and then the config values you want to change. In this case, I want to change interactive to false, so it won’t ask for a confirmation.

Sample config/console.php:

return array(
  // database migration, don't ask for confirmation