2013
09.15

Last week, my boss asked me to print some graphics we make trough the amazing d3js library.

The problem is that when printing directly from the browser the results are unpredictable. Things get out of place, and all the hard work is flushed down the toilet.

What is the best method to print something, PDF, using the amazing FPDF Library, but a new problem surfaced, how am I going to write an SVG to an PDF document using SVG?

Google is your friend, and I found an extension to FPDF to add SVG’s to a PDF, and found this class svg2pdf, made by Rhodopsin.

I didn’t even tested it, I’m sure that the class work perfectly fine, but I wanted something not so messy and complicated, and with several things that could go wrong, I decided to go another way, find a library that would convert an svg string to an image, png, jpg, doesn’t really matter, preferably png, but it’s not mandatory.

I tried Imagik, but to no avail, couldn’t manage to put Imagik to work with svg <-> png conversion.

Then I found rsvg, a command line utility, installed it on a server, and the first test worked perfectly. There are still some things to test, specially the image tab and the text tag.

But now I need something to write SVG, sure I could do every SVG by hand, but that would be cumbersome, and I didn’t had the patience.

And so the SVGCreator library is born ( gotta start working on these names right? ), highly inspired by d3js library.

It’s a very simple library, go on github for the source, it has chaining methods and it’s composer ready.

A simple example taken from the examples folder:

$attributesSvg = array(
			'width' => 1000,
			'height' => 1000
		  );

$svg = new \SVGCreator\Elements\Svg($attributesSvg);

$svg->append(\SVGCreator\Element::LINE)
	->attr('x1', 100)
	->attr('y1', 100)
	->attr('x2', 325)
	->attr('y2', 250)
	->attr('stroke', 'blue');

$circle = new \SVGCreator\Elements\Circle();

$circle->attr('cx', 250)
	->attr('cy', 140)
	->attr('fill', 'green')
	->attr('r', 20)
	->attr('stroke', 'cyan')
	->attr('stroke-width', '5px');

$svg->append($circle);

echo $svg->getString();

I think the code is pretty self explaining, but let’s go over a few things.

All the elements can be created by calling the constructor of the respective class, and we can pass an array as argument with the attributes we want for that element, or we can add them later, so the circle could be added like this:

</pre>
$attributes = array(
 'cx' => 250
 'cy' => 140
 'fill' => 'green'
 'r' => 20
 'stroke' => 'cyan'
 'stroke-width' => '5px'
 );
$circle = new \SVGCreator\Elements\Circle($attributes);
$svg->append($circle);
<pre>

And the result would be exactly the same.

This class has some validation, but not much, since we can put almost any attribute inside the svg tags, and by this I mean, I only validate some attributes when we are writting the SVG, for example the circle validates 3 attributes, cx, cy, and r, this are the mandatory attributes for the circle, for the line is x1, y1, x2, y2. And the validation is only if the attribute is >= 0. Doens’t validate anything else.

The validation of the several elements is the following:

  • circle ( cx, cy, r )
  • rect (width, height, x, y )
  • line ( x1, y1, x2, y2 )
  • svg ( width, height )

When one of this attributes is wrong or doesn’t exist, an Exception of type \SVGCreator\SVGException is throwed.

What is missing, unit testing, don’t really know how to do this, since it’s the first time, working with such a thing.

More tags, the image tag and text tag, maybe today, maybe tomorrow, I don’t know.

Complex figures, wouldn’t be nice, to simply call a class that accepts the x, y, radius and the number of points, and from there we could draw a pentagon or an hexagon? That would be nice, I’ve got to read some geometry books to find how to do this.

And you can also save it to disk, by calling:

$svg->saveElementAsFile('svgfile.svg');

Hope you like it.

PS: Added PHPDocs generation while writing this post…

2012
03.21

Finally, here it is the second part…

First, I’ll explain to what I’ve gained access.

On the testing server I gained access to the PMS – Property Management System. On the production server I’ve gained access to the booking system of  ”Hotels P” group.

There were a lot of factors that allowed me to gain access to the restricted areas, the most important one was definitely information gathered from viewing the Youtube Video. This was actually the key point in all of this..

Let’s start by talking about the information I gathered from watching the video.

On the YouTube video, I saw several URL’s being displayed, the domain that these URL’s were on, was clearly a testing server of some kind, since it was a numbered sub domain of the company main domain, something like w4.maindomain.pt. And since I used to work there, I knew instantly that this was the testing server.

In the YouTube video, one of the Invoices that is showed, shows clearly the logo of one of their clients. Now I have the knowledge that this client almost certainly has this application installed ( speculation off course, but I have this information ).

After knowing this, I decided to go to that client site, I couldn’t enter because it kept on redirecting to the homepage, I thought it was redirecting based on some kind of whitelisting of the IP address, but actually no, the administration area is now on a subdomain of the main site. ( new information that I found a couple of days ago ), I just need to know the sub domain. Which shouldn’t be that hard to discover.

After that I went to the Google Plus Page of one of the owners of the company, and there was an announcement of one of their latest clients. From there it was just a question of time until I found the vulnerability on the server.

All this information was gathered in about 5 minutes, due to their easy access, of course that most of this information is displayed on their website, but I didn’t need to go to their site to find it, from the moment I saw the logo of that client, I knew they were in trouble, and this was one of their biggest mistakes, if they didn’t had that logo I couldn’t jump to their main client right away, I had to go trough their site first and learn what their main client was..

Let me make this clear, almost all the information that I gathered from the Youtube video is easily found trough their website, the questions is, it would just take longer.

Next, is server configuration, and now the really harsh critiques start to appear.

The first thing that a responsible programmer/network administrator does, is to disable directory listing in the Apache HTTP server, it’s one of the most basic things we web programmers learn, and this is a company that is responsible for managing the entire network of an large hotel group in Portugal.. the thing that keeps some of my mind at ease is that one of the programmers that works there is very competent ( we will get back to him later ) and that two of their IT guys are also very competent, but they can’t get to everything.

Having the directory listing enabled, I was able to access that page that wasn’t secured. All because of this simple configuration.

Next is the actual programming, a little background story first.

I started to work there in August 2005 not knowing much about PHP, I knew a lot about programming, but didn’t know that much about PHP programming, now remember this was 7 years, as the time was passing by I evolved, my programming evolved, I now take things into account, that I didn’t take in 2005, and think in a completely different way.

First ting I noticed when browsing trough the several JavaScript files that I found, was that there were a lot of querys in the middle of the file ( like I mentioned in Part 1 ).

On the first years, I had an idea to make an autocomplete ui control for our backoffice, something reusable that could be used in every script we created. It was approved by upper management, and since it was supposed to be generic, I or someone else had the brilliant idea to put the query’s in the javascript, so when we configured the autocomplete the query that was supposed to be executed would be right there. This is completely wrong. This is one of the worst ideas that I had on my entire life ( if it was mine ). No trying to excuse myself, but this was approved by upper management, that had a lot more experience than me. ( I remember having a discussion about the file that would return the ajax query’s and that file should accept only a query and all the fields that the query would return, this wasn’t my idea, I’m sure of this ).

This is one security breach that is completely intolerable. The programmer I mentioned above has already spoken to upper management in an attempt to culminate some of these security holes, but his input’s weren’t taken very seriously I guess, if they were, this holes should be already covered.

Next database access, I found that they are still using the same class that I used in 2005 ( this class was made around 2002 ), this is the same class they have been using since 2004 ( when they started the company I think ), this is a class that doesn’t use prepared statements, has no escape by default ( mysql_real_escape_string anyone?? ), nothing. When I was starting out in 2005, my scripts had a lot of errors because of this, because when someone would insert ‘ into a text field the insert/update/select the query would fail, because nothing was escaped. I guess this still happens.

They’ve completely stopped in time, they haven’t evolved at all. In some things they have evolved, they are using stored procedures for some things, which mitigates some of this points, but it surely isn’t enough, I’ve could’ve wreak havoc on ”Hotels P” group, very easily. Guess what, I still can…

When I built my custom CMS, when the users tried to access a page when they weren’t logged in, I would show an HTML message, like “you have to login” or something like that, the problem is that I would only do this validation after the body tag, and that means that all my javascripts files that are embedded on the page will appear. It isn’t a security hole “per se“, but gives information about the system, and information is everything. I found out a few iterations later, and my CMS is now more secure because of this.

Theirs ins’t, I still can gain access to information I shouldn’t, specially all of those SQL query’s within the several JavaScript files.

And now, the cherry on the top of the cake..

After almost two week’s after I found out all of this, they still haven’t patched the PMS, I still can access the invoices system are you stupid or something???? And all of that personal information is right there for me to access. I bet I can find someone of worth to piss off, by just navigating on those records, maybe some guy from the portuguese government or something like that… so who want’s me to discover the subdomain, and get some embarrassing invoices?

It’s curious, I found an interview done by one of the CEO’s about his PMS ( in a news channel here in Portugal ), the application is great, it opens a lot of doors to the management of this hotel group ( pun intended ), it’s a powerful marketing tool ( and yes it his, no pun ), and one phrase that caught my eye was something like this: “Everyone one, with a browser and an internet connection, is able to access the application”…  he should have phrased it better I guess..

This is one of the reasons why PHP has such a bad name on some circles, it’s because of company’s like “this“, that give such a bad name to PHP, imagine that I was really a bad guy, a really mean one, I could’ve hacked the site, drop the price of rooms and the hotel would be in trouble. The company that makes this websites would be in trouble, if I was a really bad guy, I’ve could’ve access privilege information about the future prices of this hotel, and sell them, get the information of all their registered clients, the world could be mine! And all that was going to expire from this hacking, is that the company was using PHP. Maybe this would be the case, maybe not.. we will never know..

Finalizing, the programmer I mentioned earlier found about this trough my Facebook page, the CEO, that received my email and answered me, didn’t tell anyone about the security holes I found… if I was the CEO of this company, I would make a a big noise out of this. But instead he choose to remain silent. Which is a big mistake, since the developer’s working there won’t learn…

2012
03.09

Nice title right? Here’s the complete story..

Yesterday, I was fooling around in Google Plus and found the page of the first company I worked for, let’s call it “CommQuack“.

And on their wall ( is there even a wall in Google Plus? Doesn’t matter… ), there was a video promoting one of their products, I was curious so I watched the entire video.

Since it’s an web application, they had some popup’s, and those popup’s had the URL perfectly visible, I decided to try some of those URL’s ( don’t know why, I just tried it, call it programmers curiosity )..

I entered the complete URL on my browser, pressed Enter on my keyboard.. and bang! I’m in…

I was shocked! I just entered a restricted admin area, by copying and pasting an URL from an YouTube Video, this isn’t good I taught.. I had just gained access to the entire invoice system of the booking system, I could access any invoice that was present on the website..

Since this was the testing Web server, I thought, how about the production web server?

Went to the website of “CommQuack” main customer, tried the same URL, and I was automatically redirected to the homepage, ok.. not bad, they have some kind of IP address authentication.. and when the IP doesn’t match the whitelist, the user get’s redirected..

I started thinking, in the office they need access to the administration area, to test, debug user problem’s, and I know they have an fixed IP address, because the testing server’s are located on their office, if I can spoof the IP address of the office, maybe I can access the administration area, or maybe they have a VPN in place to access the local network of the hotel group, but the VPN would be cumbersome because every time they need to access the administration area they would have to connect to it.. it’s not practical, and trust me, they have to access a lot of times a day.. and that means that every hotel in the group had to connect trough a VPN to access the administration area, not practical indeed..

Doesn’t make a lot of sense the use of the VPN.. but since they are the managers of the IT infrastructure maybe there is a small possibility that they are using the VPN.. but at this point I’m almost sure that spoofing the IP address of the testing server would be the best bet to gain access to the administrator area..

Since it was getting late, and I had to work today, I decided not to try spoofing my IP address, it’s for another day…

I kept going on Google Plus, and found the page of the CEO of  ”CommQuack“, and there it was, a post mentioning one of their latest clients the “hotel Portuguese group”, let’s call it “Hotels P“, I taught, well let’s try it on this site.

Entered the URL on my browser, pressed Enter and 404 – Page not Found… ok, they haven’t installed this product on this client, let’s try another link, and then it said I wasn’t logged in, so I couldn’t access that page. But a view page source, showed some interesting things.

When I don’t have access to an area in the backoffice, I still can see all the javascript files that are being used on that page, they call the exit() function, but they only call it after the body tag, and since the javascript is all included in the head tag, I could see every javascript file that was included, and what do javascript files have a lot this days? Ajax call’s.. more of this later on.

Continued with my investigation, and then I noticed, this page isn’t called index.php, so let’s try the folder… and bang! All the files of that folder were listed by Apache.. and I thought: “Well, look at that, I’m in again…”, navigated trough some folders, tried to access some pages, and jackpot!

Once again, I’m on one page that enables me to configure some things on the hotel rooms of every hotel of “Hotels P“, how about that? From this point onward I could make some devastating changes to the system, change the configuration of the room’s adding or removing  stuff from them.. I could cause some damage from this page, not a lot, but sufficient to cause panic ( I think )..

Continued with my investigation of the file system, and noticed a pattern, every file that was an ajax response was in a separate file, clearly identified by name and inside a single folder on every area, let’s call it “ajaxrequests” folder, checked the access to one of this files and it only returned “0″, the access is good I taught, let’s check the javascript files.. look and behold, every ajax request is right there for me to see and analyse, every parameter that is used, ready to be tested, and experimented with.

With a little time and patience, I could me making insert’s, updates and deletes on the database with no problem whatsoever.. I basically just had to figure out what has right ID’s to pass to the ajax call’s, and from the javascript files I could find them pretty easily..

On top of that, some javascript files had SQL wrote on them, something like this: “SELECT * FROM table_name“, so from that point on, I know that there is a table named “table_name” on the database and in this case, it was the room’s table, or at least it looked a lot like the main rooms table.

Even more, I noticed that they still use the same database class, since 2005 ( I think, it was when I started working there ), this database class, is the normal database php class that was made in 2002, and one thing that was missing from that specific class, was escaping the various parameters passed to the query ( and no it doesn’t use parametrized query’s ), it was very easy to forget escaping the parameters ( it happened to me a lot of times ).  Any outsider couldn’t know this, but it’s reasonable to think that, when we can access all this thing’s the query’s aren’t going to be escaped properly…

And then I ended my investigation. Started my email client, and start writing an email to “CommQuack“, notifying them of my findings, so they can protect themselves, I didn’t wreck anything, didn’t push any button on page that I accessed, nothing, I just explored the several files and reported the things I found..

What is the main problem in this, it’s the information that I gathered from the system, structure of every application installed on the client, javascript libraries used ( prototype only ), classes used ( they use Smarty templating engine for example ), the name of some tables on the database, and access to a lot of personal information.

In part 2, will come tomorrow if I have the time, I will explain how to remove all of this security holes to prevent further unrestricted access to the administration area, and how not to give all this information so easily..

2011
11.11

My home server, had been having some disk problems, it suddenly didn’t boot up, two of the disks didn’t show up on windows explorer ( yes I used Windows Server 2008 on my home server ).

First stop was to replace the malfunctioning disk, and start using Raid 1 on the OS disk and project files.

So I bought a 2TB Western Digital Disk, and 2 500GB disks to use in Raid 1 ( a Seagate and an Western Digital ), for the OS, project files and mp3 files, yes you’ve read right mp3 files, I for instance can only work when listening to music, so when my disk with all my mp3 failed on me, I had no music to listen and had to recur to youtube and etc. That’s not for me..

And I also bought two APC Back-UPS ES 700VA UPS’s to keep the server and desktop always powered on, and also a Raid 1 Card, a Delock 70154 based on Sil3114 chipset. Since my motherboard has no support for it.

Then came the choice of operating system for the server, I was thinking of keeping Windows Server 2008, I even tried to get a legal copy of Windows Server 2008 R2, but couldn’t find one for free ( trough MSDNAA for instance ), and since a friend of mine was bugging me to install Ubuntu Server for the last year almost every day, I went for it.

First Step was to backup every single piece of data from the old disks, I had around 2TB of data on the several disks, most of it was downloaded TV Series in HD, I even managed to connect the failing disk and save some data from it. The copying of data took a long time, mainly because the cable that connects from the server to the Cable Modem is not capable of Gigabit, one day was spent copying all the data to the desktop.

Second day, start installing the Ubuntu Server on the Fake Raid 1 array, this went really bad, really really bad..

Since I was new to Ubuntu, I didn’t understood why the Raid 1 array wasn’t detected on the installer, but when I configured an Raid 0 array, it was detected flawlessly. I spent to days on this, mainly because I really didn’t know anything about Ubuntu.

Until finally I came up with a solution, based on a very know portuguese quality called “desenrascanço“, it’s a lot like a MacGyver solution, it’s the uncanny ability passed down through the generations to solve any problem with merely a penny and a string. In this the penny and string weren’t used, but you get the point. I will explain how I solved the problem in another post.

One week as passed since I started to try to install the server, and was stopped by this stupid problem.

Afterwords I installed the LAMP stack and samba, samba was easy to setup, read a tutorial here and there and problem solved, the LAMP stack was easy to install but difficult to configure, at least with the right permissions, there was a point, that I didn’t have permissions to change a file created by PHP ( user www-data ) trough windows explorer. But after a nice tutorial I managed to figure it out. It will be explained in detail what I had to do to make it work flawlessly, and transmission also had the same problem.

After almost a month I have the server almost completely functional, the only thing that is missing is the support for the UPS, that should be coming sooner or later, when I have the time to take care of it.

2011
10.07

At my current job, we are looking for a junior developer, so two weeks ago we interviewed a not so junior developer.

So he is a self taught programmer , that has taken a course on web programming, and has 5 years of experience in developing websites in PHP.

We start the interview, we introduce the company, talk about our latest projects, he show’s us the last projects we made, and after my boss stop’s talking, I go for the technical interview..

I start with the obvious, how many experience you have, why did you develop your own CMS for this specific project… those kind of questions to get a generic feeling about the person in front of you..

Then I jump to the questions, that if you don’t answer correctly your done…

Me: “How do you manage your connections to the database? Do you use an ORM, a class?”

Him: “I use a class, but don’t know what an ORM is..”

Ok.. that’s not awfully bad.. but could be better..

Me: “What about design patterns? Do you know them? Use them?”

Him: “I’m actually more focused on programming than web design…”

Ouch, it’s a no go for this one.. your done…

Me: “What about the First normal form, second and third? Have you heard of them?”

Him: “No, I haven’t heard of that…”

Damn, this guy doesn’t know anything about anything..

Final question: “What about source control,  do you use it? Know what it is?”

Him: “No…”

And that’s that.. this is a guy who is programming for 5 years! He didn’t start yesterday.. he started 5 years ago, now how is it possible for a programmer with 5 years of experience, and doesn’t even know the basics??

How is this possible? I don’t know everything, I don’t know the normal forms from the top of my head, but I’ve used them plenty of times.. I don’t know all the design patterns, but I use them, and read on them… how can a programmer be like this?

It was 45 minutes of my life completely wasted on this interview..

2011
04.11

SQL Poetry

The other day, my boss sends me a couple of .xlsx files, and says, you’ve got to import this data to the database of this site..

This should be pretty easy I thought… were in Portugal we have a say, that goes something like this, “A donkey died from thinking” ( this translation is awful, but I hope you get the point ).

I get the files from the server, dump the database to the local development server, change the configuration, and try to run the site..

Guess what, the site is using the Macromedia/Adobe KT library’s, which doesn’t work in the current version of PHP and Apache.. awesome! I managed to run the backoffice, I hacked and hacked away, and at least it’s working..

Time to study the database, fire up MySQL Workbench, to a Reverse Engineer on the database, and my jaw hits the floor:

All Tables

Not even one relation is established between the 98 tables!!!

But wait, it get’s better..after the initial shock, and after half a pack of cigarettes, I start to separate the tables into logical unit’s, trying to understand the great scheme of things:

Logic Group1

The big table on the left, is the main table, the 4 smaller ones, right next to it, are 4 relationships, and the other two, are 2 secondary tables:

If you are looking with sufficient attention you are going to notice 2 big errors:

Main Table

First there is no primary key on this table, so guess what, every query made to this table is going to result on a full table scan, now how awesome is that?

Second, the column that is supposed to be the primary key is a VARCHAR(255), which is a value inserted by the user, so this means that we have a lot of cool things on that column, like: ’123123′ or ’12319_123′ or ’1231231 423′, I’m surprised there isn’t more garbage on that column, but maybe the system was just lucky..

After another half pack of cigarettes I’m ready to grab the bull by the horns, and start dealing with all the relations between the various table.. if you kept paying attention, you noticed something very wrong with the pictures I posted above:

Relations

The red ellipses are the connections between the various tables, look how cool, the main table as the column defined as a VARCHAR(255), but some of the relation tables have that column defined as a INT(11), my eyes turned, and rolled, and I was just a little step from throwing my computer out of the window…

Went downstairs, and pushed another pack of cigarettes down my throat to calm the nerves down, and trying not to present my resignation letter to my boss.

I don’t even have anything else to say… what can I say when I’m presented with this?

How is this level of imcompetence possible?

PS: I’m sure that I’m going to find more of this things in the future.. the only thing I don’t know, if I’m going to survive this kind of things..

2011
02.07

Não poderia perder esta oportunidade nem por nada..

Ora aqui está o que pedem:

Agência DMM
Oferta de Estágio Profissional Remunerado

Web Designer M/F

Requisitos elementares
Elegibilidade para estágio profissional IEFP (Factor eliminatório) – Só se aceitam candidaturas para a categoria de WEB Design
Formação académica superior;
Capacidade criativa;
Espirito de equipa;
Disponibilidade imediata;
Pontualidade;

Requisitos pretendidos
Conhecimento avançado em: Photoshop; Ilustrator; Premiere; Flash; Indesign; Dreamweaver; Sound Booth; Audacity; 3D Studio Max; Eclipse;
Linguagem: Actionscript; Perl; Python; Ajax; HTML; HTML5; PHP; Java; Javascript; Asp; Ruby; Postscript; C sharp; Css;
Base dados: MySql
Plataformas: Joomla.
Sistemas operativos: Windows; Mac Os; Linux;

Condições salariais:
Condições previstas para estágio profissional nível IV e nível V pelo IEFP.

Empresa: Ataato – Agência DMM
Local: Estágio profissional para web designer
Tipo: Full-time; Estágio – Curricular; Estágio – Profissional;

Contacto: Contacto: Contacto: Os candidatos, deverão enviar as candidaturas para a direcção de RH, através do seguinte e-mail: rh@ataato.com

E esta foi a minha resposta:

Boa noite,

Vi agora o vosso anúncio no carga de trabalhos e estaria interessado em trabalhar com vocês:

Tenho 25 anos e acabei o ano passado ( 2010 ) o curso de Design no IADE, tendo terminado com média de 17 valores.

Tenho conhecimentos avançados em todas as ferramentas da Adobe, incluíndo as que vocês mencionam, Photshop, Illustrator ( no vosso anúncio estava mal escrito ), Premiere, Indesign, Dreamweaver, Fireworks, Contribute, After Effects, Soundbooth e Encore desde as versões CS2 até à actual CS5.

Tenho também conhecimentos avançados em software 3D no 3D Studio Max, Autocad e também em Microsoft trueSpace.

Falha o Audacity que nunca trabalhei com ele.. mas nada que não consiga dominar.

Em relação às linguagens de programação, não tenhos grandes problemas. Programo desde os 7 anos em Basic do Spectrum 48K..

ActionScript 2 a ActionScript 3, não têm segredos para mim, Ajax não é bem uma linguagem, e mais uma metodologia mas pronto, também não tenho problema nenhum em fazer aplicações Web user friendly em Ajax. HTML e HTML5 também não têm segredos para mim. Estou sempre em cima da última versão do draft do HTML5 para ver o que posso implementar a seguir.

Javascript, é com o sabor que quiserem, jQuery, Mootools, Prototype, ExtJs, Cappucino, Yahoo! UI Library e NodeJs, peço desculpa mas não conheço mais nenhuma.

Passando às linguagens mais a sério:

PHP, sem problemas, aliás tenho desenvolvido ínumeros sites usando PHP e é uma linguagem fácil de digerir.

Perl e Python, não tem qualquer problema também, em Perl tenho desenvolvido alguns scrappers, e em Python alguns sites só pelo gozo..

Java não tem problemas absolutamente nenhuns, seja versão Web, seja desenvolver em Swing ( ou outra qualquer plataforma UI para Java ).

Ruby ou ROR ( como eu gosto de lhe chamar ) também não oferece grande desafio.

Postscript, peço desculpa mas nunca trabalhei com esta.

Linguagens .Net, não tenho qualquer problema, já desenvolvi aplicações e sites em C#.Net, VB.Net, F#.Net, L# ( Lisp ), C++ e C. Tenho também conhecimentos de Assembly tanto 8086 como 8031. E também já programei micro controladores PIC.

CSS nem é preciso falar porque senão não conseguiria fazer maior parte dos sites que já desenvolvi.

Bases de Dados, já trabalhei com MySQL, Oracle, SQL Server ( versão 2005 a 2010 ) e Mongo DB, SQL Lite, em todas as vertentes desde programador até ao DBA que faz toda a gestão e optimização do SBGD ( Sistema de Gestão de Base de Dados ).

Software para programar, visto que vocês só fazem referência ao Dreamweaver e ao Eclipse, deixo aqui também a lista dos que já trabalhei..

Tenho experiência em Eclipse ( aliás já desenvolvi alguns plugins para este ), também tenho experiência em Netbeans e como é lógico em Visual Studio 2003 até ao 2011.

Sistemas operativos, desde o Windows 3.11 para Workgroup’s até ao Windows 7, tanto as versões 32-bit como 64-bit. Sistemas operativos Unix, CentOs, Ubuntu e Ubuntu Server, Fedora, com KDE e Gnome. E sou eu que compilo a minha versão do Ubuntu Server ( visto que acho que tem coisas a mais ).

Finalizando, sou um excelente trabalhador em equipa, sou pontual, e não tenho medo de fazer horas extraordinárias, e como podem ver sou bastante criativo apesar de ser um apenas um jovem…

Para terminar de vez, acham mesmo que tendo todas estas qualificações eu vou trabalhar para vocês a ganhar uns míseros 733,64€??????

Fico à espera que não me contactem..

Obrigado e cumprimentos,

Tio

PS: O vosso anúncio e esta resposta serão publicados em blog.

Espero sinceramente que eles tomem noção do ridículo que é fazer um anúncio destes…

Até faço um apelo, peguem nesta resposta, façam copy paste, e enviem para eles, para ver se eles percebem o quão ridículo isto é. Ou então inventem vocês uma resposta e enviem-na…

Um bem haja a todos…

PS: Fica aqui o link para o carga de trabalhos: http://www.cargadetrabalhos.net/2011/02/07/estagio-profissional-para-web-designer-3/

2011
01.22

… at least for me..

This is a list of the software I use daily to do my work the best way possible, I’m sure that some of you agree, and others do not.. this list is due to change eventually, but at this moment for me this is the best software help me do my work..

1 – Filezilla Client:

Filezilla

The best FTP client that I ever used, and the best of all is that it is completely free.

2 – Adobe Photoshop:

Adobe Photoshop Logo

How can one work on the area of web development and not use Photoshop?! This one is pretty obvious.

3 – Dreamweaver CS4:

Adobe Dreamweaver

I’m kind of letting go this one, I’m starting to use Netbeans for development, the HTML auto complete isn’t as good as Dreamweaver, but it completely kicks ass in PHP. ( Actually Dreamweaver CS5 is a little better on the PHP auto complete… but no quite there.. )

4 – Toad for MySQL:

Toad for MySQL

This is actually a tool that I started using for Oracle ( Toad for Oracle is the best ), and when I found out that they had a free version for MySQL, I downloaded it, and I haven’t been using anything else to do most of the tasks since that day.

6 – DBTools Manager:

Another manager for MySQL, I also really like this one, it’s pretty simple and light ( Toad is a little heavy ), and for remote access to databases I only use this one..

7 – Ultra Edit:

Ultra Edit

Perfect editor for the quick edit, I use it a lot, specially when I want to edit a file remotely, it integrates perfectly with Filezilla.. and doesn’t screw up the encoding of the pages.

8 – MySQL Workbench:

MySQL Workbench

I’ve been using this one for about 6 months ( or more ), it crashes like crazy, and has some annoying bugs, for example in one of the databases I renamed one of the columns of a table, and now every time I sync the model with the database, he drops that field, and recreates it.. can’t figure out why.. he’s just stubborn and buggy.. but it spares a lot of work.. which is always a good thing.

9 – Microsoft Outlook:

Microsoft Office Outlook 2007

How are you going to communicate with your clients if you don’t have an email client? Mine actually is quite complex right now, I have 6 email account’s, and they are all going to different mailboxes in Outlook, but still it’s a mess..

10 – Collabtive:

Collabtive

Project Management software, it’s a good and free web based project management software, the only problem is the updates which aren’t quite as frequent as I would like… and they don’t have a public writable repository, and that doesn’t help.

11 – Billy:

Billy - Sheep Friends

Yes, that’s the logo of Billy…

For me this is the most important one, a lightweight mp3 player, I have in the playlist 4376 files and it only occupies 2,8MB of memory. And with all these things open, memory is precious.. and as you can see even the logo is lightweight..

12 – Tortoise Hg, and Tortoise SVN:

Tortoise Hg

How can someone work without source control? I’ve got both of them installed, because I need to checkout the code from Collabtive..

13 – No-ip.com:

No-IP.com

Since I have a dynamic IP at home, and I need to have the sites available for the clients to see, I bought a domain at No-IP, and use their tool to let everyone access the sites I’m developing, this way, if I’m on the phone with a client, and can make a small change to the code, push the code to the repository, and the client only has do to a refresh on his browser..

14 – Wamp Server:

Wamp Server

How could I develop something if I don’t have a web server? My choice went to Wamp Server, I used to work with Easy PHP, but after I tried Wamp Server, I’ve never looked back.

15 – Browsers:

Browsers

And the most important software of the entire list, Firefox, Chrome, IE, Safari and Opera, I can’t say that I test everything single thing on them… I usually just have a quick look on Safari and Opera to see if there are no big error’s on the layout..

So there they are, the software that I use daily for my Web Development work, I couldn’t live without them..

2011
01.18

At my new job, the network architecture is something like this:

Old Network Architecture

Developer 1 as XAMPP Server installed ( Windows Vista ), and Developer 2 has MAMP Server installed ( Macbook Pro?! Or something like that.. )

All developers, work on their computer, and keep all the projects files on their computer only, no backups are made… no source control is used, so if for example their disks fail, all their work is going to be lost, mine isn’t because I’m backing up everything to my 2,5″ external hard disk..

The external hard disk, only has some files for the various projects, organized in a strange way, I can’t seem to figure why it’s organized like that, some things make sense.. but others, no sense at all… I had to correct a bug in a flash site, and it took me about 5 minutes to correct the bug, and 5 hours to publish the flash, libraries were missing, fonts where missing.. well everything was missing..

The remote webserver is our development server ( so to speak )…every time we have to show a almost finished site to a customer, we have to upload everything to a remote webserver, so the client can see it..

Last month I’ve been working on a new site for one of our costumers, the time comes to demo the site and the back office, so I upload everything to our testing server.. the client see’s it, and asks for a lot of modifications ( this is a story for another post ), most of these changes mess with the database, so I have to change the database two times, one on my local machine, to test, and then I’ve to upload everything to the server again.. which can cause serious bugs, because if I forget to update a field on one table, something is going to go very wrong..

So I proposed the following architecture ( if I can call it architecture ):

New network architecture

What we have here is pretty simple, the development server, is basically, a windows machine with XAMPP Server installed, we really should go for Ubuntu Server or something like that, but nobody ( including me ) knows a lot about Unix, so configuring one was going to take a lot of time…

It’s going to be accessible from the outside of the network, that means that I will point a domain to that machine, and every client can see their site using sub domains ( client1, client2, etc ).

This server is also going to be the source control server, we are discussing options right now, but we are thinking about Mercurial ( I tested it at home, and in 30 minutes, I was committing, pushing, pulling with no problems whatsoever.. )… and we are going to use an DCVS ( Distributed Concurrent Versions System ) no doubt about that..

The database on the server is going to be shared, this means that, when I’m developing at my local machine, the database on the server is the database I’m using.. so any change I make to the database will automatically be accessible for the client, for the code, I just have to do a push to the main repository, and the client can see everything…

The external disk is there for the backups of course… this way everything is saved somewhere.. ( I just need to find out how to restore MySQL backups … )

There are some kinks that need to be sorted out, for example the repositories on the development server, I’m thinking of using two of them..

One is the main repository, and the other is the WWW repository, to synchronize them, when I change the code is pretty easy ( at least in Mercurial ), I just need to add a hook to the push action, and when the push finishes, I just call an Update on the WWW repository..

The problem is synchronizing in the other direction, I’m talking about images loaded by the client and etc, with this method if I upload an image on the server, I’m not going to have that image on my local development machine.. some people say, that files loaded dynamically shouldn’t be on source control… and I tend to agree with them.. but solving this problem in PHP is going to take a while, I’ve got to find a simple way to access a UNC share from PHP, while still using the move_uploaded_file function ( etc ) with no problems… I probably need a class to handle all of this..

For me, this seems the best architecture to use on the office, at least for a small team of programmers.. I could change a few things, the perfect solution would be to use a webserver ( only Apache and PHP ), a database server ( MySQL ), and a Source Control Server.. one machine for every job.. that would be perfect.. but we really don’t need that yet.. down the road, maybe.. but for now this is going to be just fine… and it’s going to be a big leap forward on the organizational side of things..

2011
01.11

Ok.. let’s try something completely different.. I’m going to start writing a few posts in english.. ( or at least try )..

For those who don’t know, I just switched jobs, I’m currently working on a small agency in the middle of Lisbon.. It’s going great so far.. I just made one month..

On the second week of work, I came across this piece of code from our custom CMS:

public function updateCategory( $item )
{
    $new_cat_id;
    $select_ids_q = " SELECT id FROM categories ";
    $ids2compare = Array();
    $select_ids = BdConn::runSQL( $select_ids_q );

    while($row = mysql_fetch_array($select_ids)) {
        $ids2compare[] = $row['id'];
    }
    $new_cat_id = self::genRandId($ids2compare);
    //do insert of category
}

public function genRandId($numToCompareArr) {
    $new_id = rand();
    for($i = 0; $i < count($numToCompareArr); $i++) {
        if($new_id == $numToCompareArr[$i])
        genRandId($numToCompareArr);
    }
    return $new_id;
}

This is good code.. don’t you think? I almost had an heart attack on the spot when I saw this.. at that moment I was debugging the code, trying to find out what the code did, everything is in Ajax, with redirects after the Ajax call is completed.. ( which in my opinion is not a good thing for a back office )…

It wasn’t a fun day, the next day I decided to use my own back office to do the site.. then everything started to run smoothly..