Someone please correct me if I am wrong, but spam filtering does not necessarily only look at the quantity of the content, but the quality and specific words the contained within it. For example, spamassassin uses filtering that will check the content and apply a score based on multiple things like: relays, headers, subject line, dates, etc. So the first question I asked was, “How can this Microsoft loving IT guy eyeball the content and be able to tell it will be marked as spam?”

Clearly he cannot. But because he is the resident geek at this organization, he is in control. This led me to realize, I need to get hard data. In order to combat his nonsensical approach to spam checking (by using his eyeballs), I figured I need something a little more concrete. So I set out to install SpamAssassin on my MacBookPro. Would it work? I didn’t know but I had to try. Not only because I needed something to run spam scores against, but it sounded challenging and fun at the same time.

Easy? So it seems

I did some searching on the web, and there was not a lot about HOW to get it installed on a Mac. So I did a little more digging and came across an article written in back in 2007 that lead me down the right path. My Linux knowledge started ti kick in again and before you know it, I am in business. I now have spamd (and spamc) running on my Mac. Here is what I did.

The Install

First, you need a handful of perl modules to meet the dependencies for Mail::SpamAssassin. I used the following command from the terminal:

perl -MCPAN -e shell

This brought up the cpan> prompt. I tried running install Mail::SpamAssassin which failed because of the dependencies. But I paid attention to the output and pulled down the list and installed the dependencies one by one from the span shell.

NetAddr::IP
Mail::SPF
IP::Country
Razor2
Net::Ident
Mail::DKIM
Encode::Detect

A few things to note. First, Razors2 is not found in cpan. I have to download it from sourceforge and install it by hand. Once I downloaded it, I uncompressed it, went to the uncompressed directory in terminal, and ran the following:

perl Makefile.PL && make

sudo make install

Second, once all of the dependencies were installed, I then ran the install for SpamAssassin from the cpan shell:

install Mail::SpamAssassin

The problem is, I got some errors. I did what came natural to me and decided to go into the actual directory ~/.cpan/build/{spamassassin} and run the same perl Makefile… commands. Wouldn’t you know it worked?

Did It Really Work?

What do you know, from the same terminal I ran spamd & and guess what? SpamAssassin is running on my Mac! I now have the ability to test spam scores for email messages. So now, on the command line I can run:

spamc -R < {emailfile}

Now all I need to do is write my custom PHP script to pass email files to spamc via the exec() and I am good to go. In the meantime, I plan on combating evil Microsoft fanboy by showing him sctual spam scores to compare with his eyeball by running them manually in my terminal. Question is, will be pull a Microsoft and try to change the standard from spam score to evil eyeball of said IT fanboy? We will soon find out.

A coder is someone who can speak to a computer through text. The computer understands what the coder is saying and will perform specific tasks as outlined. Think of it as any foreign language with one caveat. The language of computers is typed not spoken. In addition, it must be spoken flawlessly, or the computer will not understand.

When I think of a coder (also called a developer or programmer), I think of a journalist. Day in and day out, coders write content. This content is translated into some form of application, but it is still written.

Coders do not produce widgets on an assembly line. But they write the software that automates the robots that produce the widgets. They write the software that runs the packaging machinery for the widgets. They write the software that labels, ships, and tracks the packages the widgets are sent in.

When I thought about coders in this way, I came to a stark realization. I finally understood what made the difference between a “coder friendly” company and one that is not. Allow me to explain.

Technical vs. Non-Technical

We first must understand the differences between a technical and a non-technical company as they relate to coders. I will use easy straight forward comparisons to show what I mean. Take Google or Yahoo for example. Both are technical companies. The primary focus of their company revolves around code. You can put other companies into this same category like Digg, Facebook, ebay, and the list goes on. While one could say the focus of these companies is not technology, the fact remains that without the technology, these companies would not exist.

A non-technical company my use technology, but their primary business it not necessarily the technology. It merely uses technology to promote their business. Take ESPN for example. They have a very large presence on the Internet and use lots of great technology, but their primary business is Sports. However, if the internet were to disappear tomorrow, ESPN would still continue broadcasting and putting out their sports magazine.

Industrial Age vs Information Age

If we think back to the industrial age, how were things produced? That’s right. An assembly line. The old manufacturing plant. Quoting from one manufacturing methodology:

Manufacturing involves transforming raw materials into finished products. These products might be consumer or industrial products, or intermediate products used in further manufacture to produce consumer or industrial products. Manufacturing started as handicrafts by skilled craftsmen and has now become mainly a capital intensive activity that uses plant and machinery.

So for centuries, all of our business schools have been teaching MBAs and managers how to manage within a manufacturing setting. Raw materials in, product out. The non-technical managers try to manage coders like they are on an assembly line. This was it! The reason behind the disconnect! Non technical managers do NOT understand how to work with and treat coders. Yet companies persist in putting them in charge of the coders.

Path to Utpoia

Coders are a unique breed of individual.  Most are completely happy to sit behind a flickering screen for 8-16 hours a day writing code. That is, until they feel like they are not appreciated. Most companies don’t care. They treat their employees much like manufacturing plants treat machinery. Work it to death with very little maintenance. When it breaks down, try to fix it. If it cannot be fixed, replace it. What these companies need to realize is, coders are NOT machinery.

A company who puts a technical manager in charge and offers great benefits (insurance and otherwise) to their coders is the place to work if you are looking for a salaried position. Anywhere else will be miserable. As soon as companies start to realize this, they will reduce turn over and begin to build a stronger company. This is why coders flock to companies like Google. They know how to treat the coders.

The error I was getting was:

Warning: mysql_connect(): [2002] No such file or directory (trying to
connect via unix:///tmp/mysql.sock) in /Users/myuser/Sites/cakephp/cake/libs/model/datasources/dbo/dbo_mysql.php
on line 540

So I had to figure out what the issue was and resolve it. The solution was very simple. The error gives a clue. It turns out that CakePHP is looking for the mysql socket in /tmp. However, MAMP is running the socket in /Applications/MAMP/tmp. We just have to symbolically link the socket that CakePHP is looking for to the actual socket MySQL is running on in MAMP. This can be accomplished with the following command after MAMP Pro is running:

sudo ln -s /Applications/MAMP/tmp/mysql/mysql.sock /tmp/mysql.sock

This will resolve the issue and MAMP will run as expected for CakePHP shell applications. I hope this helps.

Happy Coding!

• Community
• Single User

While there are certainly some hybrid combination’s of these classifications, all applications can be categorized into these two categories. For example PHPNuke. It’s a single login to a community. As a user, you can use all of the functionality in the application AND you can see other users, etc. While something like FaceBook for example is a Hybrid of community and single user. While you can allow other users to see your data and content, they cannot modify your data or settings. You own that and nobody else has access to it without your username and password.

So comes the question. How can I limit data to a specific user with CakePHP? I love the CakePHP framework. But I have never been able to get a straight answer from anyone on the proper “cakeish” way to limit data to a specific user. For example. Let’s say I want to build a check book balancing application. I want it to be available to multiple subscribers. While all subscribers have access to the same functionality, they do not all see or modify the same data. While their data should be limited, they may all have access to the same Bank. This means that any user should be able to see all the banks we currently support… for example.

I have searched the internet and posted to stackoverflow.com trying to find the answer to this question. It is apparent that I am not the only one trying to figure this out. Add in the potential complexity to provide ADMIN routing and what you potentially have is a complicated mess of code if it is not done properly.

Well, search no more my Internet Friends! I think I have figured out the mess. I have been able to use a combination of things I have learned from here and here. But ultimately, I had to build this with good old ingenuity and a lot of trial and error. Keep Reading!

The Code

To start out with, there has to be a way to determine if the user is an ADMIN or just a standard USER. This will require that we put a ‘roll’ field in the users table. Here is what my table looks like.

--
-- Table structure for table `users`
--

CREATE TABLE `users` (
`id` char(36) NOT NULL,
`username` varchar(255) NOT NULL,
`password` varchar(40) NOT NULL,
`first_name` varchar(35) NOT NULL,
`last_name` varchar(35) NOT NULL,
`role` enum('admin','user') NOT NULL DEFAULT 'user',
`active` tinyint(4) NOT NULL DEFAULT '0',
`created` datetime NOT NULL,
`modified` datetime NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `username` (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

There is nothing really new about this table. It’s fairly straight forward and a typical users table. I use an email address for the username.

Now, the thing to keep in mind is I want to limit all of the data a USER sees to her own data while allowing any global data. This means there are a few checks that must occur each time the user accesses the site. Now for the “magic” piece that will accomplish this.

<?php
class AppController extends Controller {
beforeFilter() {
 if ($this->isAdmin()) {
     $this->beforeAdminFilter();
 } else {
     $this->beforeUserFilter();
 }
}

function beforeAdminFilter() {
 if ($this->Auth->user('role') !== 'admin') {
   $this->Session->setFlash(sprintf(__('%s is not authorized!', true), 'User'));
   $this->redirect('/users');
 }
}

 function beforeUserFilter() {
   Configure::write('user_id', $this->Session->read('Auth.User.id'));
 }

 function isAdmin() {
   return (isset($this->params['admin']) && $this->params['admin']) ? true : false;
 }
}

A few things I need to point out here. I use the StudioCanaria method for ACL. This is a great solution in my opinion. But I am not showing all of the code for that solution. It would make it more obscure and difficult to understand. This is just the vanilla portions I added in for my “limiting data” purposes.

Now for the more complicated part.

<?php
class AppModel extends Model {
 var $user_id;

function beforeFind($queryData) {
  if($this->user_id = Configure::read('user_id')){  // must be a user (not admin)
   if(isset($this->_schema['user_id'])) {
    if(isset($this->user_id)) {
     $queryData['conditions'][$this->name.'.user_id'] = $this->user_id;
    }
   }
   if($this->name == 'User') {
    $queryData['conditions'][$this->name.'.id'] = $this->user_id;
   }
  }
  return $queryData;
}

function beforeSave() {
 if($this->user_id = Configure::read('user_id')){    // must be a user (not admin)
  if(isset($this->_schema['user_id'])) {
   $this->data[$this->name]['user_id'] = $this->user_id;
  }
 }
 return true;
}

}
?>

Isn’t this how it is suppose to be? The heaviest part of the code should be in the models? Well this is the part that does the heavy lifting. Basically this will restrict anything that is associated to a USER. Ok, let’s dive in and I will explain how it works.

beforeFind

This is the function that is called before any search is done on the data. Now, keep in mind the two caveats to this configuration. 1- Not all data is associated to a USER and 2) ADMIN users are not limited. With that in mind, let’s analyze this code.

if($this->user_id = Configure::read('user_id')){  // must be a user (not admin)

This line establishes that we are in fact dealing with a USER. Notice I am using a “global variable”? This is so I can easily pass the data back and forth between the APP_CONTROLLER and MODEL_CONTROLLER.

Now comes the first part of the magic. Does this schema (Model) require a user_id field?

if(isset($this->_schema['user_id'])) {

This will determine if we need to actually “limit” the data. It will prevent the user from seeing anything accept the users data. How? Because if we detect a USER_ID, we set the condition to limit the data by the current user_id of the user looking at the data.

$queryData['conditions'][$this->name.'.user_id'] = $this->user_id;

The line before it is just because I am paranoid about my code breaking. So feel free to flame me about this:

if(isset($this->user_id)) {

But I will still leave it in. If you are comfortable taking it out, feel free. So there you have it. You are now limiting your $this->{MODEL}->find queries to a specific user. You will note that for the USER model, the user id is actually ID so I account for that in the next few lines. It is also important to note I use the standard foreign-key ID configuration common to good SQL practices. Any table associated to a user has the USER_ID as the foreign-key. I wont go into the horror stories of some of the things I have seen. (Including some of the work I have seen at Yahoo! while I have been consulting there.)

One more thing. If you have a beforeFilter in your model, it will override your app_model.beforeFilter. so you need to add the following:

<?php
class YourModel extends Model {
   // your code

  function beforeFilter(){
    parent::beforeFilter();  // <==== this is the important part
    // your filter code here
  }

  // your code
}
?>

Let’s continue.

beforeSave

This function is basically the same thing. However, as you may have guessed, it is to prevent a user from saving over another users data by chance they were able to randomly guess the ID.

Conclusion

There you have it! The only “user control” process for CakePHP that exists on the entire internet, at least that I am aware of. If you happen to know of another one that is more elegant, or you have a way to better improve this one, please drop a note in the comments. I find that many times I tend to overlook even some of the more simple solutions.

Happy Coding!

In this case, I have managers and tenants both pointing to the users table. I simply add a ‘type’ column to the user table to track what type of user it is. Then in my callback methods on the models, I set the conditions for the beforeFind and the beforeSave within each model to it’s corresponding type. This keeps both the data it displays and the data it saves in check and accurate. Here is what my manager model looks like.

<?php
class Manager extends AppModel {

 var $name = 'Manager';
 var $useTable = 'users';

 // only return users where type = Manager
 function beforeFind($queryData) {
$queryData['conditions']['Manager.type'] = 'Manager';
return $queryData;
 }

 // Ensure the Type is set to Manager before saving this record
 function beforeSave() {
$this->data['Manager']['type'] = 'Manager';
return true;
 }

}

?>

The same would apply to the tenants model. This works like a charm. It helps to provide excellent separation between user types without writing a lot of extra code to manage and check for the differences in user types.

Happy coding!

While reading an article at PHP|Architect, the author (Marco Tabini) said, “we’re moving from fad to fad without stopping to consider that technology is a tool and not a substitute for our own responsibility to make choices.” Yet when you take the path of “the customer is always right,” you remove from the equation what I consider part of your responsibility as the expert; the reason you were hired in the first place.

Allow me to provide an example for clarity. You are hired to build a website by Company Y. The business owner (the person you work for) say, “Chuck, I am a big fan of Cobol. I learned it in my college days. I can’t remember much about it except that there are 4 function areas or something like that, and it is good at crunching numbers. So your task is to build me a website that will crunch my analytics data and I want it done in Cobol. Go!”

What?! So is the customer right? Or do I have an obligation to explain why this is a bad thing? Where does the business owners request end and my obligation begin? Anyone in the computer industry today could say multiple things to this request like:

• it’s impossible
• not gonna happen
• this is a very bad idea
• I quit

But I cannot fathom anyone saying, “The customer is always right!” So what is the alternative?

My Perspective

I think the perspective “the customer is always right” does have some merit. But this does not mean the customer is God. Here is a better way to state it, “You can ask for WHAT you want, and I will tell you HOW you will get it.” This can sound a bit abrasive as it is so I will clarify.

No developer can go into a situation and pretend to know what the requirements of a project is without first talking about them with the customer. (The WHAT) Once a fair assessment of the situation is made, the developer SHOULD then be able to formulate the HOW to fulfill the requirements. When the customer defines the WHAT and the HOW, it’s akin to a Judge overseeing the trial of her brother who is being accused of murder. A HUGE conflict of interest to say the least. The customer (like the judge) should recuse themselves from the decision making process.

To help the customer recuse themselves, you need to be able to explain the WHY of the situation. Granted, most of us geeks tend to be social misfits and have difficulty explaining technology in “layman” terms. So it typically comes out something like, “Are you kidding? Cobol went out with New Coke and the TRS-80. It won’t support HTML, AJAX, or SQL. There are no existing APIs, so XML, JSON, and RESTful services are out. Not to mention it cannot use HTTP protocol and it wont send email whether it’s POP, IMAP, or otherwise. So why do you want to use Cobol?”

The customer will then do one of two things: 1- stare at you with glossy eyes as if he just visited a far away place on a very wonderful day dream -or- 2- do the unthinkable and say, “Make it happen!”

The Dichotomy

There seems to be dichotomy between the developer and the customer. This gap as it were, does not seem to be narrowing much. The average customer has no real desire to walk up to the edge of the technological precipice and peer in, and the developer usually lacks the skill to communicate things to those “not in the know” in an understandable way.

What can be learned from all of this? No! The customer is NOT always right. But it is the responsibility and obligation of the developer to say why in a way that the customer will understand. What do you think?

Some of the code components I have released include:

• Domain Validation
• Email Validation
• Google Maps Address Geo Coordinates

I have also releases a simple GoogleMaps helper that will generate a self contained DIV with a GoogleMap v3 in it based on a series of points you pass.

I am still working on the documentation, but the code is freely available on my GitHub at:

http://github.com/cdburgess/

I will write more about each component in later posts. However, you will note that the Domain and Email validation components are CakePHP component implementations of the Domain and Email validation classes I have released on Google Code.

Happy Coding!

First, the company you are interviewing with is unknown. Sure, you may hear a lot about it on the Internet or word of mouth. But how do you really know you want to work there? Fact is, you don’t? And if you do, then it’s because you are interested in getting a job there and you were going to do your due diligence anyway. For example, an engineer may want to work for Google because their reputation precedes them. But who wants to work for SimpleNet Consulting? For me to say, “You don’t know anything about my company, why should I hire you” is quite arrogant.

So here is my response on how to answer the question, “Why do you want to work here?”And this is the comment I posted on the blog. Take it for what is is worth. But in my 40 years experience, I have rarely been asked this question. Maybe it’s because I am an engineer geek and they feel lucky just to get any social response that is coherent.

Interviewer: “Why do you want to work here?”

Me: “I’m not certain that I do. I know what your company does, but I am not familiar with the culture or the people. I may not be a good fit. I am qualified for the position and I am a perfect fit for what you are looking for. So let’s run a trial. Let’s hold hands before we kiss. You can give me a small project to work on. After 90 days if I have proven myself and you want to make it permanent we can. If I don’t fit into your culture or see things the way you would like, you let me go, no hard feelings.”

Having been on the other side of the table, I would admire the candor in this response. Confident but not cocky. Someone who at least sounds capable of doing the job and willing to prove it.

Besides, in my opinion, it is the job of the hiring company to articulate the qualifications of the candidate. It is not the responsibility of the candidate to understand what the company is looking for by reading about them on the Internet. Maybe I should write an article about appropriate Interview questions or how to publish job opportunities. After all, what is an interviewer trying to accomplish by asking why someone would want to work there? Are they stroking their ego or trying to discern what is really being said about them on the internet? Either way, it’s not a valid question in an interview. It speaks nothing to the qualifications of the candidate. Unless of course, you are looking for a CEO.

I would like to access this file directly from my script, but I do not want to over burden your server as I am not certain how much traffic this tool will get. I also want to release it to open source which could increase the traffic exponentially. However, I would like to automate the retrieval of the information so that we ensure we have the most up-to-date data available for validations the TLDs of domains. Do you have any suggestions?

Well I am quite pleased with the response I got back. Kim Davies sent the following response:

It is OK to query this page directly, that is its purpose.

The access pattern you wish to use will depend on how important the file is up to date. Please bear in mind the list of TLDs changes, perhaps at most, once a year at this time. For most applications retrieving a new copy every few months is more than adequate. (Usually when a new TLD is launched, it is piloted with no registrations for several months, so this should not cause a problem.)

The absolute most you should fetch the file is twice a day, as it will never change more often than that. We only make changes to the DNS root zone twice a day.

We would also recommend you use “If-Modified-Since” headers when retrieving the file so that if it has not changed you don’t retrieve the whole file.

So based on her feedback, this is what I did. I added a TLD file status check method to the domains class. This will provide the following functionality:

• checks to see if the file exists
• checks to see how old the file on the server is
• if the file does not exist or is more than 30 days old, it will download a fresh copy

This will provide complete automation for the domains class. As long as the file exists, no matter how old it is, it will allow the domain name to be validated. The validation will NOT be interrupted even if the iana.org domain returns a 404 (not found). Unless of course you don’t have any TLD file at all.

The code can be downloaded from the repository. You can read more information about it’s functionality here:  http://code.google.com/p/blogchuck/wiki/DomainsClass

I hope you find it useful. Feel free to comment or send me an email if you have any questions. I will continue to update the code. The key is to keep things as simple as possible while still being useful. Good clean code is easier to use than something just hacked together. I hope I have achieved the prior.

Happy coding!