So my new project posts are now going to be called GMPS posts because that is what I wanted to call the thing.
I have finished most of the boring crud stuff around registering users, inviting users and creating groups etc. It was at this stage I stopped for a while thinking about what I should be doing now. The obvious next step was to get my Syanpse server up and running and attempt to link my Laravel app through some internal calls to it that would allow me to register a user.
My first attempt at this was to use the GuzzleHttp libraries that come with Laravel. I built a very quick and dirty piece of code to see if I could get that working following the guide from the matrix.org docs on the client API. That at least got me to the stage where I was getting a response from the Synapse server, great start. I was only getting the Unauthorized 401 response and had to dig through the JSON returned to find more information. It was sending back a session ID so I tried to call it twice, once to get a session ID and once with that session ID. Still no joy, still the same response. I tried changing some of the parameters I was sending through Guzzle but nothing seemed to be working. So I stopped trying for a while and thought I would look around and see if someone had done anything similar with PHP in the past.
On my little Net Trawling I came across a Github repo that had built a Laravel package (Perfect!) that was doing what I wanted to do. Now it had not been maintained for 3 years but I thought it would at least be a starting point so I forked the repo and had a good look at the code. I had a choice of whether to install the package as-is or take the code and adapt it into my code base. I did think if I left it as a package then it could be maintained separately from my own code. But, I thought I would learn more if I took the code and wove it into my own project. So that is what I am doing.
The original code had a ServiceProvider and a class called Matrix. The code was aimed at an an older version of Laravel I think and plus I was not keen on the manner it was drawing in config details so I created my own ServiceProvider and started to lift and shift some of the code across for the registration process. And that is where I got my first bit of joy actually getting the Synapse server to register a user and get a userid and token for them to use. Brilliant, now I have to implement all the other things.
Cookies and the acceptance dance
So when the whole cookie acceptance buttons came in I pretty much ignored them and accepted everything, I think like most users of the internet. Ignorance is bliss, yes?
Anyway for reasons I do not understand over the last week I have been doing the exact opposite and taking time to reject as many cookies as possible when I get to a site. And my experience has been interesting.
Some sites are very open, transparent and make it easy to reject all cookies. Just click on options or cookie settings and press reject all and then save. The site works as usual and you would never know the difference. But from my anecdotal evidence they are actually in the minority.
Some sites make it incredibly difficult to get to the cookie options to allow you to reject anything. In fact on one site I visited the only option was to accept the cookies. I could find no other options, so I left the site.
Other sites have a very small button to take you to the options, but they are there. Once you get there the buttons for each type of cookie are defaulted to reject and you just have to press save and exit. And that is where the first problem hits you. The accept all cookies button is a big green button (Usually) but the save options button to reject them is normally just the word Save in the same font as the text with no obvious button or link. They do however work.
One of the worst sites I visited had a tiny link to get to you cookie options which was smaller than the normal text. And then when you get to the options all of the cookie types are dfeaulted to accept. You have to go through each option and change it. But they were not simple check boxes, that would be too simple, you had to drag the option from the accept to reject for each cookie option.
At the end of all of this I wondered what the experience of these cookie acceptance forms were for those internet users having to use assistive technology, can’t be easy to get through this shit.
Well I am assuming they are script kiddies, could be anyone really. I just can’t imagine a serious security professional doing what some people appearing to be doing to my poor little Raspberry PI.
I took a cursory glance at the Apache logs for my Raspberry PI which is happily responding to web requests. The vast majority of the requests were just attempts to identify known vulnerabilities in different frameworks/languages etc. The old version would have been war dialling I suppose.
Plagiarism in Blog Posts
So the other day I was writing some code and needed to know how to do an efficient subquery using eloquent in Laravel. So I dig out a book, which did not really go into enough detail for my needs so I do an internet search.
The first entry in the results was essentially a copy of the details I could find on the Laravel docs but with less detail. So I go to the second record, which is exactly the same as the text on the first. So I try the third and guess what, exactly the same as the first two. I did ask myself why people do this but then I realise it is to get the ad revenue. Bloody useless and Bloody annoying.
So I have put my old Raspberry PI to good use. It is sitting on the window sill running vanilla HTML website. Well with Bootstrap and Jquery of course. And is also implementing some stuff via Apache Server side includes. It can be found at http://home.dave-gill.co.uk
You know that crushing feeling when you are monitoring your architecture and you know you are about to lose the site and there is little you can do about it. So the site goes down, the business screams and you start the long process of identifying what exactly went wrong.
That analysis is where this post started. You can spend a long time digging through code and logs to get to the bottom of the problem and then find at the core of the matter some of the most ludicrous, thoughtless coding errors imaginable. More often than not this is caused by 3rd Party extensions that you installed in order to get some functionality out quickly.
I now realise that quick approach is really an anti-pattern throwing in an additional layer of complexity not of your own making. So not only are you going for speed over anything else you are also increasing your ignorance of the platform you are building. I don’t like complexity and I certainly do not like being ignorant of the platform that we are building.
Anyway back to the code problem. How about a module that every time you loaded a product page scanned through every record in the order_items table to count how many times that product had been ordered. Now on a test environment or a vanilla Magento install it will be fine. On a platform that has been running for years just watch the server grind slowly to its death. All because the developer thought it would be a good idea to show the user how many of a particular product had been sold. I like the idea and the functionality but surely someone would have suggested doing this on a cron or something and storing the results. Does it matter if it is a day out? This particular module was in the Magento marketplace as well.
And on to the second module, which decided to ignore the flat tables in the database and create a query against the EAV tables of such complexity that it toook us 3 days to decipher what the hell it was doing. Of course the problem was created because the developer just used the ORM to get all the data they thought they might need, which I will rant about in another post. The result was a query that at best took 4 seconds to run and at worst took 10 seconds. Again this was a module that was available in the Magento Marketplace.
In conclusion, do not go for speed of delivery, go for speed and stability of the site or you will be paying twice for that module.
I wanted to create a simple blog and I could not be bothered to code one myself. So I thought I would look around for a good blog system. And you know the only one that was easy and took no set up time, thanks largely to LCN.COM, was WordPress. So here I am with my very first WordPress site.
I will say the main reason for reluctance in the past was based mostly on security. And now for the purposes of this trivial site it seems and irrelevance really. So here I am and here I will remain for a while and see how many if any blog posts I get out using this rather than having to code things by hand. I have got too lazy for that.