People work with WS-* web services in PHP? Why?

I’d love to give ws02 a fair shake because they have an open source business model. They have a web services framework for PHP which seems interesting from an academic standpoint. But I think WS-* web services are WAY too complicated when compared to REST.

Just look at this new product description from ws02:

The WSO2 IS enables LAMP and Java websites to provide strong authentication based on the new interoperable Microsoft CardSpace technology, which is built on the open standards Security Assertion Mark-up Language (SAML) and WS-Trust.

Your life is now 1 minute shorter after trying to read and fully understand that paragraph. Nevermind how much time would be spent trying to actually get this stuff to work.

I spent a lot of time in 2001-2002 working with Amazon’s merchant program and the SOAP feeds required for putting client product on the Amazon site. I generally think that Amazon has a pretty good clue about how to do things technically and they seemed to make it as easy as possible while using SOAP. But it was still way too complicated for what we were trying to achieve (ie, send a list of available product to Amazon to sell ). And at the time, it was a nightmare in PHP. Now of course, we have the official PHP SOAP extension and some items in PEAR to work with too (does nusoap still exist?)

But I’ve run screaming from WS-anything since then, only getting caught in its claws a few times. It hasn’t gotten any easier. It’s gotten more difficult. And more pointless. I’m not alone in this thinking.

So I guess the ws02 folks are trying to solve the issue of authentication for web services. Hasn’t web services authentication been solved already in a much easier way too?

Continue reading

Gmail 2.0 crashing Firefox with extreme prejudice

It’s mostly when clicking different folders like “spam.” I wasn’t sure what was going as this just started happening the past 3 days when I noticed that sure enough, I’ve been moved over to Gmail 2.0. I tried disabling and then finally uninstalling all my add-ons (plugins) to Firefox to no avail. Selecting “older version” in the top right nav of the gmail page made the problem go away. If you’re listening google, please fix this.

UPDATE:  you may need to select “older version” every day or at least a couple of days a week since gmail doesn’t seem to remember that setting.  And even the latest Firefox with no extensions has this problem.

Continue reading

Open source twitter clone anyone?

Does anyone know of an open source twitter clone?  Preferably in PHP or Python.  Not a client mind you, but the server guts of receiving IMs and doing something with them, enabling followers, public viewing, etc.  I want to implement this on an intranet inside a corp network and obviously not display our tweets for public consumption, but only internal consumption.  If this doesn’t exist, what do you all think is the easiest way to create this?  An instance of jabber or something else?

Continue reading

Is Microsoft buying Facebook a good thing for PHP?

Microsoft is buying a piece of Facebook. What do we all think this means for PHP since Facebook is one of the “web 2.0” leaders built on PHP? The way I see it, here are the options:

  1. Facebook continues on its merry path, taking only funding from Microsoft
  2. Facebook continues on its merry path, taking funding from Microsoft in addition to some development “resources.” Resources here could be people, equipment, and technology. The free people, equipment, and technology probably won’t fit very well in a LAMP environment. Pressure to move infrastructure to MS-friendly environment mounts.
  3. Microsoft rewrites the whole thing in C#
  4. Microsoft learns how simple and scalable PHP is and freaks out, unleashing a FUD campaign the likes of which we’ve never even dreamed of.
  5. Microsoft learns from the open source environment, partially embraces it, and creates, a half functioning version of PHP for .net framework.
  6. Microsoft learns from the open source environment, fully embraces it, and abandons Windows by creating their own GUI for the next version of Linux.

In reality, I can really only see #1 or #2 happening. Your thoughts?

Continue reading

Zend Studio for Eclipse Beta

As my part time job (for no pay) is spent being a shill for Zend, I thought I’d mention that the new Zend Studio for Eclipse Beta is out and ready to be test driven. I’ve got a few deadlines both professional and personal to take care of over the next few days but I’m hoping to kick the tires next week. Let me know of your experiences so far.

UPDATE – since the beta period is over, the new url is now 

Continue reading reply to latest hacking incident

Following is a notice sent out late last night with the subject “An Important Message to Our Valued Monster Customers” regarding their recent data loss to hackers. Interestingly, they never actually apologize for the incident. Bold is mine.

Dear Valued Monster Customer,

Protecting the job seekers who use our website is a top priority, and we value the trust you place in Monster. Regrettably, opportunistic criminals are increasingly using the Internet for illegitimate purposes. As is the case with many companies that maintain large databases of information, Monster is from time to time subject to attempts to illegally extract information from its database.

As you may be aware, the Monster resume database was recently the target of malicious activity that involved the illegal downloading of information such as names, addresses, phone numbers, and email addresses for some of our job seekers with resumes posted on Monster sites. Monster responded to this specific incident by conducting a comprehensive review of internal processes and procedures, notified those job seekers that their contact records had been downloaded illegally, and shut down a rogue server that was hosting these records.

The Company has determined that this incident is not the first time Monster’s database has been the target of criminal activity. Due to the significant amount of uncertainty in determining which individual job seekers may have been impacted, Monster felt that it was in your best interest to take the precautionary steps of reaching out to you and all Monster job seekers regarding this issue. Monster believes illegally downloaded contact information may be used to lure job seekers into opening a “phishing” email that attempts to acquire financial information or lure job seekers into fraudulent financial transactions. This has been the case in similar attacks on other websites.

We want to inform you about preventive measures you can take to protect yourself from online fraud. While no company can completely prevent unauthorized access to data, we believe that by reaching out to job seekers like you, the Company can help users better defend themselves against those who have attacked Monster as well as other databases.

We are committed to maintaining an ongoing dialogue with all of our job seekers about Internet security and the steps Monster is taking to protect its job seekers. The Company has placed a security alert on Monster sites offering information to educate you about online fraud. This information can be found at We have also included information on Internet safety and examples of fraudulent “phishing” emails at the bottom of this letter.

Monster has launched a series of initiatives to enhance and to protect the information you have entrusted to us. Some of these steps are being immediately implemented, while others will be put into place as appropriate.

We believe these actions are the responsible steps to protect the trust you place in Monster. We are also working with Monster’s hundreds of thousands of employer customers to ensure a safe and effective online job search. We will continue to share information with you about the enhancements we are making as we serve as your online career resource partner. We invite you to keep reading to learn more about how to use the Internet safely.


Sal Iannuzzi

Chairman and CEO

Monster Worldwide

The message then goes on to highlight “HOW TO BE A SAFE INTERNET USER” with the topics:

  • What’s “phishing” all about – and how do I spot it?
  • How is it different than “spoofing”?
  • Examples of fraudulent email: (clickable examples of fraudulent email)

Of course its kind of funny to have an email that says, “don’t click on phishing links.” And then says, “here’s a bunch of sample links to click on.”

Thumbs up for monster finally admitting the issue. Thumbs down for the response time and lack of apology. Don’t they have to (by I believe california law) have to admit to a breach of data much quicker then this?

Continue reading

Good ideas lost in emails and instant messages

I don’t like to email anymore. Especially at work. I have some issues with instant messaging too.

Ideas get lost. So do instructions and documentation. Sure, you can make a nice document and put it out there on your internal corporate network, but no one will ever look at it. Do you have a way to search thru the contents of it? No? I didn’t think so. Me neither.

I’m thinking of blogging everything. Blogging everything I want/need to remember. Maybe I’ll make a blog inside work for documenting work procedures and ideas. And set other people up the same way. And I’ll keep blogging stuff here obviously that’s good for public consumption.

But then there’s the IMs to contend with.

After losing a job surprisingly a few years ago, I’ve worked pretty hard to develop and nurture a network of people in my field that I can turn to and who can turn to me. This is mostly done via quick IMs. So on any given day there’s a good amount of knowledge transfer back and forth in instant messaging. I view this as a kind of professional development. As long as it doesn’t interfere with my daily responsibilities, it’s fine. I’ve learned a lot from people this way and hopefully they’ve learned from me too.

So how do I search thru all those great tidbits, links, theories, etc. that I’ve given and received via IM? I’m thinking of chucking those into a database or text indexer and making those searchable via web too. I’m just not sure of the best way to go about that yet.  More to come.

Continue reading

SECURITY ERROR: package in channel “” retrieved another channel’s name for download!

Odd Pear error today. Trying to install PHPUnit3 on a newish server. Following the instructions at the PHPUnit Pocketguide. Here’s the steps I did and the error I received. I’m not sure at this point if this is a bug in the Pear installer or if there’s a problem with the way the PHPUnit channel is configured so I don’t know where to file this.

Installing the code manually (the second set of install instructions listed) works just fine however. On to my unit testing!

Continue reading

Google embeddable map widgets

Posted on the google maps blog today is a post about the newly released embeddable maps. Pretty cool. Although the map is in an iframe and not javascript and div like using the Maps API. So for manipulating the map on the page, you’ll still need to fall back on javascript and API generated maps. Here’s a quick example of the new version:



Continue reading

Debug JavaScript in PHP or JSP Pages with Visual Studio 2008

Fresh from my IM, Kirk Allen Evans blog details how to debug javascript for any kind of page in Visual Studio 2008. This has already existed for awhile with the Firebug extension for debugging Javascript in Firefox. But it’s nice to have choices. And it’s cool if you’re developing within Visual Studio to have all your tools in one place.

You don’t have to shell out the big dollars for Visual Studio to get this debugging either, you can get it with the freebie version of Visual Studio Express.

Continue reading