Category: Programming

Laravel: Disable Timestamps on Models

A few days back someone sent me a message with an issue on all the old posts on Laravel News. It wasn’t a huge bug but to fix it I had to resync all the posts from the WordPress install and as I was running through them I noticed that all the updated_at dates were then out of sync. Technically they are correct since I updated each post, but I wanted to keep the original date.

Laravel provides the ability to set this on demand and I could just include it in my command and have it ignore updating each timestamp. Here is a quick example:

$post->content = $data->content;
$post->timestamps = false; // Dont change the timestamps on save.
$post->save();

Of course, if you don’t want timestamps at all you can disable it on the Model level through the public $timestamps = false; property.

How GDPR Will Change The Way You Develop

Over on Smashing Magazine, Heather Burns recently published a guide on the GDPR. As someone in​ the United State, ​ I’ve been hearing rumors we could be affected as well, but I found this interesting in her post related to personal data:

The European data protection frameworks pertain to personal data. This is defined as “any information relating to an identified or identifiable natural person.” This can be one piece of information or multiple data points combined to create a record.

The European term “personal data” differs from the American term “personally identifiable information.” The latter pertains to a much more limited set of information than the European model. It also does not see information as contextual, whereas the European framework emphasizes the risks inherent in data aggregation.

I’m really pessimistic on this law, our elected leaders can reduce the size of our national parks to allowing drilling, yet we can’t collect a username/email/password without going through tons of red tape? Seems like our priorities are out of whack to me.

A UI/UX Fail

It’s not all cakes and pies.

Last week was the Laracon Online event and the morning of the event we had to give all the ticket holders a link and a password to start their live stream on their device.

When this went live it was set up like this:

stream1

The problem arose in the UI of the streaming service and it asked for a password. A lot of people missed that the previous page had a password on it and kept trying to use their account password. Only to get frustrated and email us.

As you might imagine I got swamped with emails. I’d say at least 40 or 50 in a span of just a few minutes. I knew we had a problem but everything was starting in a few minutes and I wanted to make sure everyone had access.

The first idea we had was just reverse the order:

stream2.png

This actually helped but people were​ still missing it, although the number of people missing it was vastly lower than the other way. Looking back at it now we should have the streaming link open with a target “_blank” so they would have the old tab still open and could maybe see it easier.

I still don’t know what the answer is, but at least now I have a year to think about it and come up with a better solution. I’m sharing this because this is one of the few times of my life where feedback on bad UI/UX was so swift and constant. At the same time, I had a very narrow time window to get it resolved and to get everyone their streaming access.

It made for a stressful​ morning but looking back I learned a lot of little things. That’s what creating is all about right? Paying attention to the small things and caring about your users.

P.S. UI/UX have are some of the most confusing terms to me.

Inside North Korea’s Hacker Army

Sam Kim, writing for Bloomberg, shares a crazy look inside North Korea’s hacker army:

North Korea’s hacking prowess is almost as feared globally as its nuclear arsenal. Last May the country was responsible for an internet scourge called WannaCry, which for a few days infected and encrypted computers around the world, demanding that organizations pay ransom in Bitcoin to unlock their data. A few years before that, North Korea stole and published the private correspondence of executives at Sony Pictures Entertainment, which had produced a Seth Rogen satire of the country called The Interview.

Jong wasn’t involved in those attacks, but for half a decade before defecting, he was a foot soldier in North Korea’s hacker army. Unlike their counterparts elsewhere, who might seek to expose security vulnerabilities, steal corporate and state secrets, or simply sow chaos, North Korean hackers have a singular purpose: to earn money for the country, currently squeezed by harsh international sanctions for its rogue nuclear program. For most of the time Jong spent as part of this brigade he lived and worked in a crowded three-story home in a northeastern Chinese city. The hackers he shared it with were required to earn up to $100,000 a year, through whatever means they could, and were allowed to keep less than 10 percent of that. If they stepped out of line, the consequences could be severe.

Unless you live in a dictatorship it’s easy to forget how much we get to take for granted.

One easy change to speed up your JavaScript build times

I came across this Field Guide for Better Build Performance by the Slack engineering​ team and inside contained this gem which is mentioned in the monstrous​ Uglify Readme:

It’s not well known, but whitespace removal and symbol mangling accounts for 95% of the size reduction in minified code for most JavaScript – not elaborate code transforms. One can simply disable compress to speed up Uglify builds by 3 to 4 times.

Depending on your needs this can be a quick win for speeding up your build times.

GitHub, Tell me when it closes

Have you ever wanted to know when a GitHub issue or PR is closed, only to find out, when you start following it, you get swamped with tons of emails and notifications for every comment on it?

I ran into this for the first time a few months back and it was a nightmare. Every morning I’d wake up to notification emails with commentary around it that I honestly didn’t care anything about. All I wanted to know is when the issue would be fixed so I could update my code base.

If you’ve ever hit this, the kind folks at thoughtbot have a useful utility called, “Tell Me When It Closes“, that does one thing. Send you one email when an issue or PR closes. That’s it!

This is a utility that’s well worth bookmarking as I’m sure you are going to hit an issue in 2018 where you want this.

Just build it

I have no idea how blockchain works, but I’d like to build a Coinbase competitor for other coins

That statement probably sounds ridiculous to you if you’ve been a developer for years, but this is precisely how I got my start.

I had a problem that I knew software could fix, and I spent the next two years learning everything I could about how to create it. Then I built it.

Of course, that was 20 years ago when I was single lived at home and had few adulting duties, but if you light a spark chances are you will follow through. If people say, your idea is too hard or to dumb just remember, someone made a million dollars from selling pixels.

Fixing the SSH tunnel with Sequel Pro on MacOS Sierra

Sequel Pro is one of the most popular database tools for the Mac. With the release of MacOS Sierra, I had a few issues connecting to my saved databases that used the SSH tunnel method of connecting. The error I kept getting was:

debug1: Offering RSA public key: /Users/username/.ssh/id_rsa.pub
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: permanently_drop_suid: 501

The fix involved two steps. The first is to be sure your id_rsa file has the proper permissions.

chmod 600 id_rsa

Then, in your Sequel Pro connection change the key file from id_rsa.pub to the none pub version, id_rsa.

The push to HTTPS

Last year, Google started giving websites that have an SSL cert a ranking boost. As part of that announcement they said it was done to push the web to be more secure. But they also wanted to go even further and push for “HTTPS everywhere”.

This week it was announced this measure is going to be taken a step further with a new feature in Chrome where it will show a big red “X” on unsecured sites. Firefox also has plans for this.

The EFF and security researchers are applauding the move. One example is it prevents governments from blocking specific pages. They instead have to block the whole domain which is much more noticeable. You can read about Russia’s WikiPedia ban for more context.

Dave Winer is one proponent against this and in a recent post he said:

I wonder if they’ve even tried to quantify the outages they’ll cause. So many sites are simply residing on a hard disk somewhere, served by an ancient version of some unknown and not maintained server software, chugging along as someone keeps paying the electric bill, and replaces a broken hardware component when needed. The people who created the site might not have understood HTTPS or how to deploy it, and many are long gone. Some of course are dead. We are certainly not all sitting around doing nothing waiting for a handful of programmers on a mail list to make us perform a ridiculous act of security theater for our blog posts written in 2002. 

Most of these sites do not need HTTPS. It isn’t an issue for my ancient blog posts. Or yours.

I personally think the current proposal with a red “X” is not the right solution. Yes, users will notice it at first, but give it two weeks and that icon will be totally ignored. I like the proposal on the Firefox report where someone suggested the browser just alert when submitting a form on an unsecure site, but I think it’ll be ignored after a while as well.

Free SSL’s

Let’s Encrypt and AWS are two service now offering free SSL certs. As the market shifts toward free services I’m sure implementation will get easier and easier until all web hosts just have support by default.

Of course, this would be a lot of work and a lot of companies would need to make big architecture​ changes.

The GitHub Silo

People have been complaining​ about silos since the first one was built. I think if we took a trip back in time with Marty McFly we would see hundreds of people standing by that first one and arguing about it.

Of course, we can all agree silos are mostly bad and especially whenever it’s such an integral piece of modern tooling.

Tonight, GitHub is down and that means it’s impossible to read project documentation, install packages, or browse gists. Everything just comes to a halt.

The irony in this is that Git is distributed​ and designed to work even if you don’t have an internet connection but because we, as developers, rallied​ around this one company now literally everything is in their hands.

It’s one of those things where you don’t think about it until it’s down. Then you realize just how fragile a developers toolkit is.

How to send both HTML and Plain Text Password Reset Emails in Laravel 5.1

Laravel comes with an included Authentication system complete with password resets that saves you from the burden of having to set it manually on all your projects. In one of the apps I built, there have been reports of the password reset not making it to the end users. It just so happens that all email is being sent through a third party system which tracks sends and deliveries.

In this case, the emails were being sent and reported being delivered but the user kept claiming they didn’t receive it, the obvious culprit of it going to spam/bulk mail. In the research process, it was discovered that we only sent an HTML password reset without any text fallback. Maybe that was the reason?

This seemed like a simple improvement and could at least rule out that as a possibility. However, now all the mail is handled inside the Illuminate components and I couldn’t find any documentation on how to send both.

At this point, I started digging to try and see how Laravel is sending the email. Inside PasswordBroker I found an emailResetLink method which is how it is actually sent:

$view = $this->emailView;
return $this->mailer->send($view,

Now it’s just a matter of figuring out where “$view” came from and I didn’t have to look far. Inside the constructor it is injected:

public function __construct(TokenRepositoryInterface $tokens,
                            UserProvider $users,
                            MailerContract $mailer,
                            $emailView)

Next question is, where is the instantiated? Doing a project search for the class name lead me to the registerPasswordBroker in the PasswordResetServiceProvider. This pulls in from the config file:

$view = $app[‘config’][‘auth.password.email’];

Opening `config/auth.php` shows how it’s defined by default:

'password' => [
    'email' => 'emails.password',

Almost there. Going back to the mail documentation it shows you can send both with this call:

send(['html.view', 'text.view'], $data, $callback);

That means it’s just a matter of adjust the auth.password.email to be an array instead of the string:

'password' => [
    'email' => ['emails.password', 'emails.text-password]',
Don’t leave your users stranded–send both for an important email like this.

One of the benefits to Laravel is at almost every turn there is a simple way of solving a given problem and this is just one example. I hope by me outlining the steps I took to solve the problem it gives you insight into finding your own way around the next time you get stumped.

Get The Most Popular Posts From The WordPress API

As of right now the WordPress plugin directory holds 40,367 plugins. Finding the one you need is typically pretty easy with the hardest part choosing which one suits your needs the best.

In my particular use case, I am building a new section on a site that will be completely outside of WordPress. Even though it’s outside WordPress, I still wanted to pull in a list of the most popular posts.

Searching for most popular in the plugin directory returned 614 different plugins, but I couldn’t find any that would work in this context. A lot of them do their calculations by literally storing views for each visit. I see no reason to fill up my database with this data when an external system is already logging it. That is when I remembered WordPress has it’s own API and can be utilized directly from the Stats package.

I went on a mission to implement this and wanted to share how to do it. Continue reading “Get The Most Popular Posts From The WordPress API”

photo by pixabay

Passing Referrer data from SSL

Google is now recommending all sites to start moving to HTTPS by installing an SSL certificate. The benefits include a more secure experience and a rumored slight bump in SEO. I implemented Stripe payments on a site which required an SSL certificate and made the decision to go ahead and make the whole site run over HTTPS. One of the downsides to doing this is I noticed that referral data was no longer sent to sites I linked to.

For some, this may not matter but to me I look at referrer data as a form of marketing. When I link to a site and they see traffic from my site then they will not know I appreciate their work, and hopefully be interested enough to visit my site.

Sending Referrer Data

After a bit of research, I found a draft W3C spec on just this issue and it includes a simple fix in the meta section. By simply adding the following to your HTML you can send this data automatically:

<meta name="referrer" content="unsafe-url">

The W3C document outlines all the available options here and if you would like to have this more restricted please look at those options. For the purpose here unsafe-url, or all in older specs, will send a Referer HTTP header to any URL you link to. One thing to note is, “this will leak origins and paths from TLS-protected resources to insecure origins”. So if you are in admin area or something that shouldn’t be known to the outside world you would never want to use this.

In my case, the site is just a blog and I’m not concerned about leaking any information.

As a final caveat, this W3C spec is a draft. Some browsers Chrome and Firefox are already included support for this meta tag, but others might not be. So if that is important to you, then you will need to figure out a more advanced way of passing this data.

How to set up your Mac for local PHP Development

As a developer I spend countless hours on the computer. Over time I accumulate a ton of cruft. Everything from old forgotten files, unused apps, and worst of all hidden junk that has been installed by following some random tutorial.

This past weekend I decided it was finally time to wipe my Macbook’s hard drive and start fresh. I have used it daily for several years now and still had artifacts from when I used Mamp. Since then Vagrant has turned to my local server of choice and one of the reasons is how clean you can keep your machine by utilizing it.

After finishing the new Mac OS X install it felt like a new beginning. So clean, so minimal. I’ve missed that.

This go around I wanted to keep it as minimal as possible and only install things I know I need and use. This tutorial covers how I set up my Mac for local PHP Development. Continue reading “How to set up your Mac for local PHP Development”

Laravel and Stripe

 

Over the past few years, I’ve implemented Laravel and Stripe on multiple occasions. Everything from subscriptions to one-off purchases. When I started, Laravel Cashier wasn’t invented yet and it was a totally different beast, but now with Cashier it takes a lot of the pain away by having a simple API.

But with selling products and subscriptions there are many other aspects you need to think about and it’s easy to get intimidated thinking about all the features you need. Or worse, where to even start?

I wanted to share my knowledge on the subject and teamed up with an experienced author, W. Jason Gilmore, to create a new book on the subject, Easy E-Commerce using Laravel and Stripe. Jason has authored numerous books and has also built a 10,000+ product online store and a SAAS for the interior design and architectural industries.

We wanted to create a fun hands-on book taking you from the start of a project all the way through implementing product sales, digital downloads, and subscriptions.

The book is written around a fictional lawn care company that has hired you. But Mr. McDew, the owner of the company, is a stickler and wants to be sure you know what you are doing. So after each project phase he drills you with questions about the implementation, and if you answer correctly you get to move on to the next phase.

No web development book would be complete without sample code and we include many code samples, plus a complete companion project. This allows you to use it not only as a learning resource but you can run the app locally to test and play around with.

Some of the highlights include:

  • You will receive all of the source code to a real-world online store
  • Comprehensive, step-by-step instructions showing you how to integrate Stripe into your Laravel application using Cashier.
  • Learn how to integrate Stripe in a fun, entertaining, and unintimidating fashion by following along with the creation of a real-world project for a fictional company.
  • You’ll learn about many of the concepts central to building an online store, such as how to build a product management interface, and a one-time URL generator for downloading electronic products.

We also cover other Stripe features such as the “buy now” modal window, validating credit card forms, adding coupons and discounts, swapping subscriptions, and even implementing custom Stripe web hooks for sending emails.

Save yourself time and learn how to implement Laravel and Stripe today.

I wrote a tutorial over on Scotch.io on debugging queries in Laravel. I go through three different ways, from using the ->toSql(), DB::listen, and the debugbar.

This is also my first time writing outside of my personal sites. So it was a lot of fun to see how the big sites operate.

When interviewing for a new job it’s easy to fall in a trap of missing some very important questions about the company. The whole interview process is nerve-racking and there is so much focus on you that it’s easy to forget to find out about the internal workings of the company.

The InterviewThis project aims to help you find out the most important questions a developer should be asking before taking a new job.

Some of the topics include:

  • Development Process
  • Codebase / Architecture
  • Monitoring / On-call duty
  • Company Culture
  • PHP Environment – Framework/Composer/Style
  • Remote Life

By having a list of questions like this you can go into the interview fully prepared.

If you are looking for a new job be sure and check out Larajobs as it’s a great resource for finding companies looking for developers.

Git Style Guide is a GitHub project aimed at helping you improve your Git practices. Or if you are like me it shows that everything you’ve been doing is wrong.

A real git log
A real git log

I’m probably showing my age here, but I remember using CVS, Concurrent Versions System, and how horrible it was. Every time I attempted to branch and merge I’d break the whole system. Now with Git I feel like you can’t really mess it up.

Have you seen a public repo that you think has a great Git log and branching pattern?