mod_security

With the plethora of powerful open source applications available, the great premium on rapid development and deployment of sites, and the ever present threat of malicious server attacks, security is extremely important.

mod_security is an open source Apache firewall that places outstanding protection on the server, before site visitors ever get to the applications.

In addition to its power, it is easy to use. I installed it on XAMPP, configured it very lightly, and ran the two quick tests to ensure it was set up correctly. http://localhost/cmd.exe was blocked, as was an SQL injection attempt on the application.

mod_security operates with rules that allow you to customize it to run well with your server. There is a robust set of core rules. It has great logging capabilities.

To download it, you will need to register. It’s worth it, especially if you are running your own servers, with many applications, from many sources.

Web Open Source Strategy

To succeed as an open source company:

  • Allow people to download, install, and run the code. There is no other way to evaluate software
  • Offer a free version
  • Revenue could be created by offering a more powerful ‘full’ version, by selling specialized modules, allowing removal of a license/copyright notice, support - both technical and end user, training, books and materials.
  • Foster a community with forums, welcome contributions
  • Choose a product carefully. No product can be everything to everyone. Even within the chosen market, be sure you can do an excellent job with your stated mission.
  • Strive to keep hosting requirements simple. A good framework can be a tremendous help
  • Partner with complimentary software toolkits, and integrate them in such a way that they can be reused within a site
  • Provide a modular, extensible architecture so the application can be customized
  • Separate the application and design, and allow multiple views into the application. Thus, web, modile, and applications can perform the same functions without application changes.
  • Provide a robust documentation structure, online. Allow contributions from the community
  • Present successful implementations of your software (links to sites), so people can see what it can do.
  • Provide good upgrade mechanisms
  • Connect with commonly used applications, such as OpenOffice and Microsoft products
  • Offer a loose partnership program to help people find companies which support your product, but avoid complex agreements and fees.

dojo readOnly indicator

A contribution to dojo, a read only indicator for text inputs. It uses an existing image from the tundra theme to place the ubiquitous circle with a line through it in the right hand part of read only text inputs.


.dijitReadOnly
{
        background: #fff url('../dojo/dijit/themes/tundra/images/no.gif') no-repeat right !important;
}

Management by Chocolate

I needed an email forwarder created, definitely a trivial task. The type of task that is easily lost in the “I’ll get to it later” collection and forgotten, both by the requestor and the person responsible.

Instead of the usual mundane email, I took 5 pieces of chocolate with me. I started in one cube and explained why I wanted the forwarder. The cube resident agreed it was a valid request, accepted a chocolate, and sent me to the person that could create the forwarder.

I took the 4 remaining pieces of chocolate to another cube and explained what I wanted, handing the chocolate to the guy with the privileges.

2 hours later, I had my forwarder.

I replied to the email with a thank you, and an image of an ice cold beer.

Management principles - why this was more successful than some of my other requests -

  • emails are easy to read and close. A person, with chocolate, is more memorable

  • A reward or incentive (chocolate), regardless of how trivial or small, is of value in that it represents appreciation.

  • There was cooperation. Although I knew what I wanted, I did take the time to ensure it was a valid request with a good application.

  • The request was clear. Even though it was verbal, it was easy to understand what I wanted, so that’s what I got.

  • Finally, it is important to say thank you. After all, as Horton might say, “a request is a request, no matter how small.”

* Horton credits to Dr. Seuss

Community contributed code

The associated link points to a nice extension I wrote and contributed for eZ publish 3.8+. It has been downloaded 600+ times.

Unfortunately, I don’t have time to maintain the code or test it with newer versions of eZ publish.

Which means, if people are relying on that functionality, and they upgrade eZ publish (by choice or because the hosting provider upgrades PHP), it may not work.

Since it is open source, and it is a very basic extension, anyone familiar with eZ publish should be able to upgrade it and share it. If they have time.

Now, imagine you built an entire system on community contributed modules. How will you keep the system current? What if the core functionality changes and you have to upgrade the core, risking the modules?

I really enjoy working with open source code and community contributions. They allow me to be much more efficient than I could be without them. Their code allows me to make beautiful sites in a fraction of the time.

I like to select established components and to work within their boundaries to use them. For javascript, I like dojo, for templates, I like Smarty, and for a PHP framework, Zend framework. I don’t modify the code, ever, because I trust the authors. If there is a bug, I may work around it, or upgrade later.

There is no absolute, perfect answer. For some people, the value of the contributed code outweighs the risks. For others, the assembly of a system is not worth it, and they prefer a single, integrated solution. A good example of this is Drupal (community contributed modules) and eZ publish (integrated solution).

One thing that is abundantly clear is that the collaboration of people, across all boundaries, is awesome, and benefits everyone.

… I really wish I had time to write a dojo extension for eZ … :)