Nivas.hr blog

We have been using very strange setups here at the office to test sites on Internet Explorer 6. Lot's of us still use Windows XP, and some of us still had default Internet Explorer 6 on our computers. When IE8 was released, we didn't upgrade immidiately so we could still test sites in default IE6 installations (lots of different fake/multi IE setups throw most bizzare errors, so testing under default IE installation was a must).

But couple of days ago we finally give in to the dark forces of Windows Auto update, and we upgraded to Internet Explorer 8.

The only correct way now for site testing under different Internet Explorer versions is by using virtual machine of some sort. Vmware is option, but you have to build your own virtual setup which can be a pain. However, Microsoft has been good enough to finally provide developers with Internet Explorer Application Compatibility VPC Images for their Virtual PC. You can download completely free, perfectly legal and working images of followign operating systems packed with IE's:

• Windows XP SP3 with IE6,
• Windows XP SP3 with IE7,
• Windows XP SP3 with IE8,
• Vista with IE7 and
• Vista with IE8.

All XP images will expire on August 31, 2009, which is the end-of-life for good old Windows XP, and hopefully end-of-life of Internet Explorer 6. Hello Windows Seven! (Btw, I've tried RC1 of Windows Seven and it ROCKS, not only because of the name).

Since I updated FF to 3.0.9 (on Win XP), view source doesn't work. Even "firefox -safe-mode" crashes browser every time. Thank you Mozilla Html Validator plugin! Hope 10.000 error reports I sent will help you.

update 27-04-2009: Yes, my friends were right. Html Validator plugin was causing this. After updating to v0.8.5.6 problem gone. And note to FireFox plugin developers - please DON'T put this in install.rdf without being completely sure that your plugin won't break anything (maybe 10% of plugins can do this):
<em:maxVersion>3.0.*</em:maxVersion>

Ha! I completely missed new function implemented in php 5.3 - old'skool "goto"! I am not particularly happy. Not happy at all.

U2 is (aside from Lepa Brena) - the most anticipated concert of the year in Croatia. Marketing campaign was pretty strong (so I guess organizers invested some money) and commercials strongly advertised online ticket sale which started just couple of minutes ago (at 00:01AM).

Unfortunately for U2 fans, online ticket sales maybe did start, but they sure did end pretty fast. But not because web shop run out of tickets, but because web shop and organizers of the concert ran out of professionalism.

Look guys, if you decided to run so strong advertising campaign across couple of countries which loudly and clearly says: "Ticket sales start online on Friday at 00:01", I suppose one who does all that, would also build a website which can sustain such number of customers?

Well, I guess not.

Exactly the same thing happened some time ago when Croatian Football Association launched online reservation of world cup tickets (if I can recall correctly). I am not big sports fan but many of my friends are and they were very pissed.

Servers are so dirty cheap, and downtime costs a lot of money (nerves, reputation...), Especially if downtime happens a minute you launch your service. My personal preference/advice regarding server configuration in time of special events or service launch is - tend to over engineer your network! EC2, EBS, S3 (Amazon Web services) and other cloud computing solutions do their job pretty good in situations like this.

Otherwise you get this beauty...

We spent couple of hours trying to figure out this one, so we decided to share it with our fellow readers and hopefully, save some time and unnecessary stress for them. UTF-8 is defacto standard encoding for multilanguage websites. PHP5 doesn't have native support for it, but you can integrate it. MYSQL supports utf8, but not utf8_croatian_collation. But you can also hack your way around that for sorting. If you are not dealing with Croatian letters and UTF-8, you probably won't encounter this problem. However, if you ARE using UTF-8 read on!

We are redesigning one large website and naturally, some content from old website has to be migrated to new site. Since we don't have access to their database, we have to manually copy content from old website's HTML source. Client's old site is in UTF-8. Imagine following entry in old HTML source:

Ðakovo
...

After some digging, we found out that there was nothing wrong with our utf8 php methods nor our mysql database. We found out that the letter Ð (hex d0 00) we pasted from HTML was just not the letter Đ (hex 10 01) we needed. Somebody (or something) very brilliant, used letter Eth instead of standard Croatian letter D with stroke.

Eth (Ð, ð; also spelled edh or eð) is a letter used in Old English, Icelandic, Faroese (in which it is called edd). In the Unicode universal character encoding standard, upper and lower case eth are represented by U+00D0 and U+00F0. These code points are inherited from the older ISO 8859-1 standard. In HTML, eth is represented by the Latin character entities Ð and ð.

Đ (lowercase đ) is a letter of the Latin alphabet, formed from D with the addition of a bar or stroke through the letter. This is the same modification that was used to create eth (ð), but eth is based on an insular variant of d while đ is based on its usual upright shape. In Unicode the letter is represented as U+0110 LATIN CAPITAL LETTER D WITH STROKE and U+0111 LATIN SMALL LETTER D WITH STROKE.

So there you have it. No matter the letters look the same, beware what you copy/paste.

So anyways, it is bleedin' hot outside, therefore, logical conclusion is that I should make Super Mario out of Post-It papers on the wall. Check it:

It really looks awesome in our chill out ... sorry, I mean, in our conference room.

So how are you spending your hot hot hot summer days?

This one goes to all our foreign readers which would otherwise probably be left out from knowing news of the week in Croatia - Croatian National Television (HRT.hr) bluntly copied British Broadcasting Corporation (BBC.co.uk) website!

The shit hit the fan few days ago and whole Croatian web community got pretty pissed off. HRT spokesman said (in defence to accusations of stealing BBC's design) that HRT wishes to be Croatian BBC, and ok - I absolutely respect that. I also respect their understanding for the need to redesign the site. The old HRT.hr website was 8-10 years old and not something to look at.

But lets get one thing straight - I totally and absolutely disrespect the method of execution of their intentions. Whoever did the production of this monstrosity lacks the proper knowledge and experience... 10 years of experience in web development field at least.

Client is always right, but clients are not web designers (no matter how bad they would want it to be), and our sole professional and moral obligation is to notify client of possible breach in copyright laws, breach in functionality or any kind of possible side-effect that some of their ideas could do to harm the project, harm them self or harm web developers reputation.

Not once, but every time, we ask client - which websites do they like, who are their competitors, who is their role model in business... And based on our previous experience, knowledge, research, strategic planning and comprehensive user tests - we produce results. Results which are specially suited for our client. Not fake copy of website they wish to have.

As our friend Maratz nicely wrote, and I couldn't agree with him more: "This is the embarrassment of the decade for the Croatian web community.".

Compare and cry (tm):

More voices:

• http://www.mi3dot.org/forum/
• http://www.maratz.com/blog/archives/2008/05/15/croatian-hrt-rips-off-bbccouk/
  http://zytzagoo.net/blog/2008/05/15/hrt-vs-bbc/
• http://mcville.net/journal/archives/30
• http://marketingservis.com/internet/hrt-hr-i-bbc-co-uk/
• http://www.index.hr/vijesti/clanak/iz-koda-hrtove-stranice-najednom-nestalo-ime-tvrtke-koja-ju-je-radila/386937.aspx
• http://www.delo.si/index.php?sv_path=41,790,296704
• http://regionalexpress.hr/site/more/puleani-kreirali-web-hrt-a/

Updated 20.05. - Big up to our comrades in arms at BBC. And thanks to Alan Connor (co-editor of BBC Internet Blog) who linked to my article, and hey I really don't know how I missed this beauty - http://www.rtl.hu/. It seems that BBC was true inspiration for many "web designers". But, RTL.hu is light AGES ahead of HRT.hr. Whoever did the job, they did it well. There is just a small we-copied-bbc-design fact... but hey.

This one is a keeper, have to write it down somewhere in case I forget it by tomorrow morning. Today I was doing routine deploy of one of our new websites to production server. Everything went smoothly, except the fact I couldn't see any of Croatian letters on the site texts (which were stored in mysql)!! We did migration to UTF8 some time ago, and this was highly unexpected. So I started to dig into the dump.

Looking at the mysqldump of a database I was a bit surprised to see Croatian letters screwed up beyond recognition. For example letter "š" was represented as "ÄąÄO„" (4 bytes), "č" was "čO" (two bytes)... etc. OMG! All our tables are "CHARSET=utf8", we force "AddDefaultCharset utf-8" in Apache and all of our markup uses "charset=utf-8" for content type encoding. BUT, we unintentionally left one very bad call in our config file which got triggered if site was running on development server - "SET NAMES 'latin2' COLLATE 'latin2_croatian_ci". The production config had SET NAMES utf8, but development didn't. Oh boy.

Ok so now I had a real mess - utf8 tables with utf8 data in them stored as re-encoded latin2 but in utf8!? I tried converting the dump from ISO8859-2 to UTF8 but that just made things worse, some of characters now used 6 bytes which isn't good. The solution was pretty straight forward. I converted the dump from UTF8 to ISO-8859-2 and I got real UTF8 again. I imported the converted dump and changed for good config files to "SET NAMES 'utf8' COLLATE 'utf8_general_ci".
iconv to the rescue:

mysqldump -u root -p db > weirdo-dump.sql
iconv -f UTF-8 -t ISO_8859-2//TRANSLIT weirdo-dump.sql > dump-latin2-aka-realUTF8.sql
mysql -u root -p db < dump-latin2-aka-realUTF8.sql

Harsh as it may sound, lately the web is full of headlines like that. Why, why!? Mass panic mode activated! What does it all mean?? The end of PHP as we know it?

The PHP development team finally announced end of life for PHP4. After 2007-12-31 there will be no more releases of PHP 4, and critical security fixes will be available until 2008-08-08. After that, you are running php4 on your own risk, and we all know how risky the business Internet is. Do you still have Windows NT 4.0 or RedHat 7.1 on your servers? Are they developed or supported? No!

It was about a damn time they let go php4. PHP5 has been available for 3 years, and hosting companies have had plenty of time to make the switch. From developer standpoint I have absolutely no sympathy for those who have left it until the last minute, and even then needed to be pushed. I understand the problem they have - they didn't realize the importance of php5. And now gazillion of php3/4 sites (which make a large majority of php users) have to be "upgraded". What will happen to them? PHP dev. team could avoid this hassle, by just plotting the php's development road map better, and being more direct with timelines. They are still doing it wrong, since they are killing php4, and not giving enough info on forthcoming PHP6.

Our migration was also being dictated by hosting company. We asked our provider for php5 in the beginning of 2006, and begged, and cursed and then asked polite again and some time in January this year, we just couldn't take any more of that bullshit and switched to php5. How hard was to migrate lots of messy code from php4 to php5? We did migration surprisingly fast and painless for many of our old projects. If you had error_reporting set to E_ALL durring development in php4, haven't used register_globals or magic quotes, you should be just fine. And we introduced new PHP5 OOP stuff to our new projects immediately. All in all, PHP5.2 is now what php4 had to be back then, and I am keeping my hopes high for PHP6.

If you don't have a life anymore (like me), you will probably find these statistics/penetration reports interesting. Flash 9 is kicking, together with php5 and Apache. That's all I wanted to hear. Read on!

• Adobe Flash Player Version Penetration
• PHP usage statistics for October 2007
• PHP stats evolution for August 2007
• Programming Community Index for September 2007
• Usage of the Cookies on the Internet

Php5 finally gained some points, probably because Zend announced php4's end of life. That should happen years ago. Too bad Php6 release date isn't scheduled yet.

Netcraft's last report says that Windows IIS takes 34.2% and Apache 48.4% of market share. Microsoft's recent gains raise the prospect that Windows may soon challenge Apache's leadership position. Apache has been the leading web server software since the March 1996 Netcraft Web Server Survey. In November 2005, Apache was found on 71 percent of web sites. It's worth noting that Apache has lost market share to another open source server, lighttpd (1.2% of all sites), and Google (4.4%) as well as Windows. But if Microsoft continues to gain share at its current pace, it could close the gap on Apache sometime in 2008.

A recent post on the Google Developer Blog announces some enhancements Google's made to MySQL, in hopes that they will be adopted in the next release, and to allow everyone to begin using them. At the moment, patches are available for mysql v4.x only. DO-h!

Lately I became obsessed with a speed and optimization of PHP web applications. Namely, we are currently working heavily on a new release of voodoo [vudu] (a content engine we built using our in-house developed framework which utilizes few common PHP design patterns). I guess that ActionScript optimization got under my skin and now it's kicking in into PHP front. We are reinventing the wheel, but hey - what else would we do? Play Quake all day long?

Soooo, I did some benchmarking, I did some reading, and this is what I've came up so far:

1. If a method can be static, declare it static. Speed improvement is by a factor of 4
2. Avoid magic like __get, __set, __autoload
3. require_once() is expensive
4. Use full paths in includes and requires, less time spent on resolving the OS paths
5. See if you can use strncasecmp, strpbrk and stripos instead of regex
6. preg_replace is faster than str_replace, but strtr is faster than preg_replace by a factor of 4
7. Error suppression with @ is very slow
8. $row[’id’] is 7 times faster than $row[id]
9. Single quotes are faster than double quotes
10. (42 == $foo) is faster then if ($foo == 42)
11. ++$i is faster than $i++
12. true is faster than TRUE, And 1 is even faster than true
13. Calling isset() happens to be faster then strlen()
14. While is faster than do while:
    while (--$i) { //do nothing }

    as opposed to

    do { //do nothing } while (--$i);

    And this performs even better:
    for ($i=0; $i++<$count; ) { ... }

15. Using persistant over non-persistant DB connections in mysql can increase number of requests per second by 41%
16. You can save yet another 40% of time spent for parsing and compiling by using an opcode cache like APC
17. References do not provide any performance benefits for strings, integers and other basic data types. In contrast, functions that accept array and object parameters have a performance advantage when references are used. This is because arrays and objects do not use reference counting, so multiple copies of an array or object are created if "pass by value" is used. So the following code:
    function ObjRef(&$o) { $a =$o->name; }
    is faster than:
    function ObjRef($o) { $a = $o->name; }
18. In PHP 5, all objects are passed by reference automatically, without the need of an explicit & in the parameter list. PHP 5 object performance should be significantly faster.
19. Fastest PHP Input filtering comes as a filter extension built in PHP 5.2 and is available for 5.1 as a separate download. There is a good tutorial on zend devzone
20. The ctype extension offers a series of function wrappers around C's is*() function that check whether a particular character is within a certain range. Unlike the C function that can only work a character at a time, PHP function can operate on entire strings and are far faster then equivalent regular expressions.
    preg_match("![0-9]+!", $foo);
    vs
    ctype_digit($foo);
21. Internally arrays are stored inside hash tables when they array element (key) is the key of the hashtables used to find the data and result is the value associated with that key. Since hashtable lookups are quite fast, you can simplify array searching by making the data you intend to search through the key of the array, then searching for the data is as simple as $value = isset($foo[$bar])) ? $foo[$bar] : NULL;. This searching mechanism is way faster then manual array iteration, even though having string keys maybe more memory intensive then using simple numeric keys. Second example is is roughly 3 times faster.

    $keys = array("apples", "oranges", "mangoes", "tomatoes", "pickles");
if (in_array('mangoes', $keys)) { ... }

    vs

    $keys = array("apples" => 1, "oranges" => 1, "mangoes" => 1, "tomatoes" => 1, "pickles" => 1);
if (isset($keys['mangoes'])) { ... }

Some tips may be completely out dated or completely wrong due to different hardware/software configurations on systems used for benchmarking.

And for over-obsessed characters - I've found interesting articles about how stuff is handled differently in php5.1 and 5.2 opcode - compiled variables and strings.

Sources: moskalyuk.com, whenpenguinattacks,
iBlog, phpLens, wikimedia, phpbench, php.net, php.net - migration,

PS3 release in the States is delayed again, and mob is getting crazy! Some wait in lines, some pay homeless to wait for them, and some get killed in drive by waiting for PS3, including reporter. I never EVER had console, so I thought, it's time to get one. I will wait to see how Wii and PS3 will compare in the end.

Today, I have read on metapundit.net some thoughts on how to improve php coding. Don't see the real point in this, except the faster coding. Readability and maintenance is degraded slightly.

Update - 18.11.2006. - After taking some time to think about this, I have to agree with MetaPundit. Putting var names into array, and looping trough them makes code more maintainable. But I still have some issues with this, regarding more complex stuff.
Read the rest of this entry »

Writing to a file is easy with PHP. But what will happen if 2 processes try to write to a file at once? Exactly, your data might easily become corrupted and useless. You don't want that to happen, of course. That's why you need to implement file locking. flock() is your friend. For writing to a file, you want to obtain an exclusive lock on the file. There must never be concurrent writes to a file, after all. Here's an example.

Read the rest of this entry »

No mater if you are beginner or experienced PHP programmer, you should definitely check out PHP Security Guide by Rob Miller. SQL Injection, Spoofed Form Input, Cross-Site Request Forgery, File Uploads, Including Files, Register Globals, Magic Quotes… He is trying to keep it up to date, so please support him if you can.

UPDATED 2.7.2006. - Here are some examples (PHP Security by Example).