What is Larry Thinking? #32 => E-Commerce and Time for a Change

October 22, 2010

In this edition…

About This Newsletter

What I’m most proud about this newsletter is that I actually sent it out three weeks (to the day, well, almost) after the previous one, which is the schedule I theoretically intend. In fact, a rough draft of the newsletter was completed a week ago! I was largely able to do this because I don’t have any deadlines at the moment, and partially because I’m (finally) getting more organized with the newsletters.

A mishmash of topics here, from my e-commerce book to Q&A’s to what I’m going to be doing next (some big changes ahead)! As always, thanks for your feedback, questions, and your time!

On the Web => OpenDNS and Namebench

Networked computers, including those on the Internet, connect to each other by referring to their IP addresses: unique numerical identifiers, similar in usage to telephone numbers. But it’s not reasonable to expect users to enter, for example, in their Web browsers when they want to visit http://www.dmcinsights.com. To allow users and computers to make connections using meaningful URLs, the associations between Web sites and IP addresses is managed by something called DNS (Domain Name System), a sort of YellowPages for Web sites.

The DNS service you use (unbeknownst to you) is most likely provided by your Internet Service Provider (ISP). What most people don’t know is that you can change your DNS service. The two most common alternatives are OpenDNS and the relatively new Google DNS. How you switch to these depends upon your setup, but for me, I can indicate in my router (which connects to my modem) what DNS service to use.

The question, of course, is why make a switch? For one, alternative DNS services may be faster than your ISP’s, speeding up your Internet interactions. Second, alternative DNS services may be more current. Third, they may offer other features. For example, OpenDNS has security features that prevent phishing attacks from succeeding and have content filters that can deny access to certain types of sites (e.g., adult). And because all of the requests made by all of the computers on your network will go through that DNS service, the filters and security measures will apply across the board.

To compare the performance of DNS services in order to make this decision, check out the namebench application (http://code.google.com/p/namebench/). For my situation, the ISP’s DNS service was the fastest, but it doesn’t have the security and filter features that alternative DNS services may provide.

On the Web => E-Commerce Resources

In cleaning house after completing my “Effortless E-Commerce with PHP and MySQL” book, I’m taking a last look at some of the resources that I used or just came across when writing the book. Two URLs that you might want to check out are among the many good documents found on the United States Federal Trade Commission (FTC) Web site. The first has recommendations regarding international e-commerce. The second addresses advertising and marketing.

On the Blog => Creating a Console Application in Yii

On a recent Web site I did that used the Yii framework, I had cause to create a console application, which is to say a PHP script associated with the site that’s meant to be run from a command-line interface. The specific script creates an search index of the site’s content, an intensive process that does not need to be witnessed (i.e., doesn’t need to be run in a Web browser). I wrote up an article on how to create a console application in Yii in my blog.

On the Blog => The Carrington WordPress Framework

As I write about later in this same newsletter, I’m in the process of creating a new look for my site (actually, an entirely new site). For the site, I decided to just fully embrace WordPress and so I needed a good WordPress theme for the look. In the end I went with the Carrington Theme, which is actually a WordPress Theme Framework. I introduce the why’s and how’s of Carrington in a blog post.

Q&A => What are the top three things you can do in PHP to be secure?

Adam submitted this question (or something to this effect), with the acknowledgment that security is so critical to e-commerce applications. First, I would say that a site must use SSL, when appropriate. The Secure Sockets Layer provides a secure environment for the data being transferred between the client and the server. Not all pages on a site need SSL, but those that do–like any that take personal and billing information from the customer, really do.

Second, validate and sanctify all user-provided data, including that in cookies. Validation starts with the assumption that the data is invalid and requires that it prove otherwise. For some data, you can validate against type and value (e.g., numbers greater than 1). For other data, you can use regular expressions. Sanctify means that all potentially dangerous characters are removed using strip_tags(), thereby preventing Cross-Site Scripting (XSS) attacks.

Third, be careful about what gets stored. The more data you store, the more data there is that’s vulnerable to theft. What a site stores in the database is the most obvious consideration, but you must also think twice about what gets placed in a session. Remember that sessions store data in plain text format in a publicly available folder on the server (unless you’re using the database for session data, too). Putting sensitive information in a public, open directory is major no-no! For that matter, you also have to be careful about what might end up in an error log. In my books I often show how all the existing variables can be included in an error message, for extra debugging assistance. If the customer’s credit card information, as an example, is in a variable (like temporarily during the execution of a script) when an error occurs, that sensitive information might be written to a text file on the server or sent to an administrator in an email. Both would be a terrible security violation.

Q&A => What are some sites that have been created based upon your work?

Kerry had asked this question, which is an interesting one, but not one I can answer! The fact is that my writings and such aren’t like software where there’s a clear “this was made with” attribute. However, if you feel like my work has significantly aided your ability to create a Web site, and you’d like to share that Web site with others, reply to this email with your URL(s), and any other information you might want to provide about the project(s). I’ll highlight some of the submissions in subsequent newsletters.

What is Larry Thinking => Time for a Change

For quite some time, at least a year or more, I’ve been meaning to redo my company’s Web site (www.dmcinsights.com). Sadly, even though I largely write about and do Web development, my own site is always the last one I work on. Now that I’m between books, I actually have the time to get to my own neglected site. I’m happy to say that the new version of the site will go live at the end of the month, but there’s more. First, a little background…

Digital Media and Communications Insights, Inc., the company that I work for, and am a very minor owner of, was founded by my in-laws as a vehicle for my father-in-law’s telecommunications consultancy. In 1999, I started by own “branch” of the company, doing primarily Web development, training/teaching, and, of course, writing. In the past decade, my father-in-law retired and although I sometimes hire individuals for project work, yours truly is the company’s only true employee today. Thanks to the success of my books, and later the blog, the Web site gets a decent amount of traffic (north of one million hits per month), and I think it is safe to say that pretty much no one cares who or what DMC Insights is. Visitors want to download the code for a book, visit the support forum, email me, and maybe even hire me to work for them, but the existence of DMC Insights really doesn’t factor into the equation. In revamping my company’s Web site, I’ve often considered dropping the company facade and just putting my name front and center (my apologies if any of this sounds egotistical). Serendipitously, the domain name www.larryullman.com just became available this month, after being owned for the past ten years by a Canadian gentleman, named…Larry Ullman. I am now the proud owner of my namesake domain and have been creating a new look for it. Once the new LarryUllman.com site is ready to go, I’ll institute redirects on www.DMCInsights.com to direct all traffic there (unfortunately, half a million books are in print with my company’s URL on them). As an aside, this should be the last newsletter that comes from DMCInsights.com, so you should probably add news@larryullman.com to your email address book or whitelist, if applicable.

Getting back to the redesign, the current site has a couple of problems that I wanted to remedy in the new one. First, while I do try to use the blog regularly–two or three posts per week, the main site’s pages don’t appear to be updated with any frequency. It looks like the site isn’t very active, which is a poor indicator when you’re trying to create somewhat of a community. Since the first and most obvious goal was to bring the blog front and center, I decided to just do the entire site in WordPress (save for the forum, which will still use Phorum).

Second, from a marketing perspective, there aren’t good tie-ins to and among the books. When people are appreciating something I’ve written in the blog, it’d be best to have something along the lines of “Hey, if you like this, you may also like this book I wrote.” The forum has this same issue, along with the fact that the forum isn’t well tied to the rest of the site. I’m able to address both of these issues thanks to the Carrington Theme and an Amazon.com widget.

By using WordPress, I can easily manage the site’s content and I also get a nice search engine, which is an added bonus. Plus, by tapping into the available WordPress plug-ins, I can add features without much extra thought. For example, there’s a newsletter plug-in for WordPress that I hope to use. By doing so I can drop PHPList, which I’m not entirely pleased with, and directly integrate the newsletters into the rest of the site. Unfortunately, the newsletter plug-in only sends out HTML newsletters, so I’ll need to think more about this issue.

Currently the site has several, discrete content areas: the DMC Insights pages, the individual book sections, the PHPList and newsletter stuff, the forum, and the blog itself. Using just WordPress, I can put all of this into two software components: WordPress and Phorum. The simpler, more integrated complete site will be easier to maintain and, as you probably know, making things easy goes a long way towards making it successful.

There’s nothing to see at www.LarryUllman.com right now, but I’ll probably make it live within some days of sending out this newsletter (I’m targeting October 31st as the live date). Ideally, it will be a seamless transition, although that’s rarely the case, isn’t it? I hope that everyone likes the new site once it’s up and, as always, I gratefully welcome all thoughts and feedback on what I’ve done. (Also, for those of you that prefer the newsletter in plain text format, if you’d think it’d be criminal to only receive HTML newsletters, do let me know.)

Book Giveaway => “Effortless E-Commerce with PHP and MySQL”

There was a nice response to the “Effortless E-Commerce with PHP and MySQL” book giveaway and I have contacted the winners. If you did not get a copy, I may give more away in the future. Or, of course, you can always buy a copy or check one out from your local library! My thanks to everyone interested in the book!

Larry Ullman’s Book News => “Effortless E-Commerce with PHP and MySQL” and More!

I’m very pleased to say that I just received my copies of “Effortless E-Commerce with PHP and MySQL” yesterday, meaning it should be in bookstores very soon. Amazon.com, which is selling it for $23.09 at the time of this writing, has the official release date as November. 5th.

I’m also very happy to say that I’ve begun, in a very cursory manner, working on my planned JavaScript book. And by “begun”, I mean I imported into my new writing application (Scrivener) the outline I had already created. As you might expect from me, the outline is totally over-ambitious. I mean, completely over-ambitious. I’m pretty sure the outline includes just about any topic that’s relevant to JavaScript, along with anything else involving computers and the letters “J” or “S”. We’ll see how this goes!

One decision I’ve made is to focus on the actual written book first and worry about distribution and production later. By that I mean I want to get a very-nearly complete work done before wasting time thinking about formats and exporting and sales avenues, etc. On a project like this, it’d be quite easy to lose days looking into those other issues when I should be writing instead (just as I admonish people about buying a server for their Web site prior to actually having a Web site to put on it).

Once I have a decent grasp on the book itself, I’ll look into turning it into an actual book and distributing it. I just started communicating with W. Jason Gilmore, who started e-publishing himself a couple years ago, and he’s being extremely kind in sharing what he’s learned. I am trying to make the JavaScript book a priority and will keep everyone up to date through these newsletters.