Joey Adams Dot Net

It is March now. Time is flying by and it gets closer and closer to the end of summer semester.

At the end of this semester, I am gearing up for what will be a drastic change in my life.

My plan, in short, is to sell my car when it gets back from the body shop in late March/April. At the same time, I will be putting together a unique portfolio demonstrating my abilities and worth to a potential employer.

When I do finally sell my car, I will use the money to help me relocate to New York City, NY.  My projection leaves me looking for a month or greater sublet in May, as long as the car sells by then.

I will sublet while I look for a php position in the city. Once obtained, I’ll then look for residency depending on pay.

So I will have a lot on my plate these last few months in South West GA, if you have any resources in NYC and want to help me make the transition easily, all help is welcomed, and I will do what I can in return, if there is something I can do.

Well that was a disaster, MOPP failed. I guess I was counting on everything to go smoothly.

In the past month, I was involved in a ‘hit and run’ by a meth head who railed me in the back doing about 50 mph.

I also moved, into the middle of uptown Albany. I am still moving things around trying to get everything set back up.

Last but not least, my cars engine blew. It is being rebuilt right now.

It doesn’t help having a full time job and being a student full time either.

I did go to mardi gras in New Orleans, though. =)

I’ll write more articles hopefully when I have some time on my hands.

Most developers I talk to, including myself, cannot stand form or any user input processing. You have to check, re-check, check again and then check again before sending the data to the model which checks the integrity again, and if something is abnormal the whole process starts over again.

I will say this a lot but I really mean this guys, preparation and planning really helps. Before coding anything, sit down with a pencil and paper or your favorite UML editor .

Continue reading

This past week has been crazy. I was in a car accident right as school just started and on top of all of that I have started a gig with a freelance php development company. I will get you guys some better material, I have a few subjects I am working on that should be very promising later this month.

For now, lets talk about human verification.

I am an opponent of CAPTCHA based verification mechanisms. By the time you make them un-parse-able  by OCR engines they have become illegible, and makes legitimate use of your applications much more difficult. I am a proponent of easy logic questioning. Just make the layout polymorphic and un-parse-able.

The first thing you need is question templates. If we were doing mathematical logic, some examples of templates could be:

‘What is the sum of ? and ?’

‘If you add ? together with ? , what is the result’

‘? is subtracted from ? , the answer is’

Then you would have a multidimensional array with the key identifying the variable used in the logic question, in this case numbers. The dimensions will have different levels of obfuscation, such as medium and hard, with the original array index being the starting number.In this case, I will only have 1 alternate level of obfucation, with the worded number being the alt, for example:

$logicVariables[1] = ‘one’;

// This is just an example of the MD array, I wouldn’t use this sort of obfuscation as it is confusing

$logicVariables[1][medium] = ‘one’;

$logicVariables[1][hard] = ‘won’;

Now you will need a scrambler function that can scramble your template and variable a bit, to make it harder to parse. For instance running one of our sample templates could come out like this:

‘What is the sum of ? and ?’

// scrambled ex 1 , hard scramble

‘Wh@t. is the sum; of “?” and /?/’

// scrambled ex 2, soft scramble

‘What is the sum  of ‘? and  ?’

This function can make passes on the template and randomly change the character it lands on to an alternate obfuscated version like above, or if a space, could add another space or arbitrary characters to try and trip up parsing engines. It can change delimiters around the variable placeholder, change capitalization for poorly coded engines to fail, etc.

Make this all into an extensible class. Make it start by grabbing a random template out of your template database (hardcoded, sql, flat config file etc) and choose random variables (same way), then calculating the answer to save in the session (not cookie). Then run the variables and template through your scrambling function which uses a random variable that determines what setting it should be scrambled at, and how many passes to make. At the end, assemble the question and display it to the user.

You should add templates and variables(if needed) to your database often, and should often run QA tests, as well as keep a reporting function to log incorrect attempts, complete with what the question looked like, what it was before scrambling, the correct answer, and the answer given by the user (maybe even allow comments).

Guys (and ladies) this isn’t a hard approach and it would solve all this captcha bs. If they cant break your CAPTCHA with OCR, they will outsource it to Nigerians(jk) (…but yeah, they seriously will)  and you cannot stop that (maybe a time limit or something, but we fall back to usability, if I knew more about outsourcing this stuff, I could design you something).

I will add an example class later that can give you an idea on how this all comes together if you are having a problem understanding or visualizing it.

With the evolution of php and maturity of its’ object orientation, our code should become less and less mangled. One way to organize our applications and make them much more manageable is to stop thinking of our web applications as scripts and start making programs.

Continue reading

I was in an automobile accident, so i will go back and make the two missed posts soon, bear with me

I cannot tell you how many times I see developers make multiple queries to related database tables per page. This creates a TON of overhead which is horrible for performance of your applications. Usually it is selecting all members from the members table, then selecting the correct group for that member from the ‘gid’ column of the members table which relates to the ‘id’ column on the groups table etc.

Continue reading

Today is a cheat day, as I am preparing code samples for a few days (including yesterdays) and have to ready everything for class registration tomorrow.

Look over the concepts of security and design in a few tutorials I created a while ago on a site that a friend of mine runs, dream-in-code. This is a great resource for programmers of any language. Also look at the “52 weeks of code” challenge they are having here .

PHP Security Crash Course by joeyadms

Professional Level Login Design Pt. 1  by joeyadms

Professional Level Login Design Pt. 2 by joeyadms

I have several other tutorials and code examples on D.I.C that can be found by clicking here

This is another short and sweet tip. Errors have their place in every application. Most of the time developers use a simple conditional statement, and if there is an error, the application ‘dies’ with the error message.

This is improper error management. In order to analyze the performance, security, and usability of our applications, we need to know everything about each request and response as possible. This is especially true for errors.

Continue reading

By the title you should already have a good idea what I am going to be speaking about, and the variety of options out.

Whether you are a single at home developer, or a member of a complex development team, you can benefit from version control systems. I will not go through explaining the intricacies of each system (check the footnotes for links), but in case you are unfamiliar with version control, I will give an overview.
Continue reading