Another web-guy talking …

Its the httpOnly Cookies support in the setcookie-call.
Now that Firefox 2.0.0.5 supports it too (as mentioned here and here)
the main browsers are supporting it.
Internet Explorer seems to have been the first one supporting it, with Firefox now and Opera meant to support it in 9.5.

Therefore it makes sense to use it now. Even browsers not supporting it are just ignoring the additional flag.
In PHP that flag was introduced in PHP-5.2 - another cause for going php-5.2 and up only ;).

Thanks for maurice’s pulling me into the db-layer I added my “own” mysql-mysnip-layer which handles the queries done.
The change from 5.1 to 5.2 brought up a split db-layer with one file containing all the queries for mysql and calling a function for actually running the query and (optionally)
returning the rows.
And that second part is simply extension specific like for mysql and mysqli extensions. I think it would be simple to add another for pdo but thats a different topic.
For now I added another “extension”-specific part for mysnip which looks into the queries to check if they need rewriting for the partitions used.
The partition-specific tables have some marker in there which tells where the partition number should be and that marker is replaced with the partition-id on querying.
If the partition-id is not yet available in for the current forum-id its retrieved from the database.

That functionality allows me finally to run through all the upgrades as we’ve added a flag to the queries which need to be run for each partition.
We stumbled about it when I was wondering how real-name upgrades are handled now as these have to run through all partitions where that user could have been posting to.
The upgrades from my early version to current 5.2 take a while but overall they are running fine.
Another nice thing is that I don’t have to hack the actual layer which contains the queries and can take that part from the distributed code, only the “extension-specific” code changed and is in a separate file. No more relying on a module to run and rewrite the table-names which would only run once on a page-view.

To cut a long story short: its great and should allow you all kinds of changes to the db-layers without touching the queries. It should even be much easier to write a layer for another database-system (anyone volunteering? ;)).

I’m currently in the process of trying to build a HA/LB solution for my forums.
Currently HA (HighAvailability) is created by running heartbeat on the two webserver-”nodes” with automatic ip-takeover and a mysql-slave which gets all the data from the main-db-server (but needs manual takeover).
LB (LoadBalancing) is done with FastCGI-Loadbalancing in LiteSpeed-Webserver but I’m not satisfied with the results as it seems that the first host is getting much more load than the second one.

Therefore I played with some Virtual Machines, one running haproxy ( http://haproxy.1wt.eu/ ), two running lighttpd with fcgi-php.
So far it worked good but taking down one of the webservers still gave me some failed requests if it was running under “siege”. Thats something I wanted to avoid.
Lighttpd was simply choosen because of mod_extforward so that I could keep the original hosts ip in the REMOTE_ADDR and its support for fcgi-php.

But as I wrote in an earlier post there is one feature I’d badly miss in lighttpd and which really keeps me from switching:
.htaccess-support or generally spoken: dynamic configuration changes without changing the main-configuration and the need for a webserver reload.
I found one thread in the lighttpd-forums which sounds promising.
Reading dynamic configuration from mysql is something I’d love to see. It would kick ass :).
Yeah, sure. Lighttpd would have to work without mysql-connection too, some fallback mechanism needs to be in place but that would solve at least most of my problems.
For my own DoS functionality I need a way to block connections on the webserver-level before it even reaches PHP.

So there are some problems or lets better call it “tasks” left to solve for my HA/LB solution:
- find the right webserver to implement that
- build a solution to merge the logs and process them for statistics
- find out how to get haproxy (or another loadbalancing solution) to send failed requests to another backend in case of one going down

And the big task:
- find some automatic solution for mysql-takeover (without DRBD, which I don’t trust because of its network-based nature ;))
Any ideas anyone?

For Phorum-5.2 we (or better Maurice ;)) are trying to get some more documentation for Phorum.
Maurice does a damned good job in providing developer docs together with starting it all in docbook-format
but, as usual, most developers aren’t good documentation writers and therefore the documentation is lacking a lot of content.
We were also trying to get at least for the user-documentation some users to write but got exactly 0 replies about it.
Why is it so hard to get someone to write docs which he could use for his users to explain how to use the Phorum and would help others with the same task?
How are other projects handling this? All documentation written by the developers?
I’m pretty sure that there are some admins out there who have written docs for their users but unfortunately no one is interested in contributing them :(.

So for 3 months lighttpd is now in the top 5 list of netcraft statistics.
I actually tried lighttpd before using LiteSpeed-Webserver which is a commercial product (with a free standard-version) but for my use-case superior to use. Maybe they are on par performance-wise, I don’t know and didn’t do enough benchmarks to tell but the usability is totally different.
According to netcraft there are more than a million domains hosted on lighttpd now but why is there no Webinterface to configure it? Do the users see this as useless? I don’t really like to be depending on SSH-access for changing something in my webserver configuration when I’m on the road and missing input validation like a webinterface could do.
Also why is there no support to use .htaccess-files or at least search for .htaccess-files and convert them to something lighttpd likes? LiteSpeed supports .htaccess files with a cache so that it isn’t as much a performance hit as it was previously.
I would be really afraid of opening lots of holes while switching to lighttpd because I secured a ton of directories with simply a “Deny from all” in .htaccess-files and sometimes “Basic Authentication”.
Why does it have to be so hard?

So finally Maurice (who would see a link here if he had a blog ;-)) reminded be to talk about it … .

Finally we had our first Phorum-Developers meeting when we went to the MySQL-Conference last April.
Which was a great experience and I have to thank MySQL AB for the invitation to the DotOrg Pavilion.

But all the time there I have been hit by Blue Screens on my ThinkPad (yeah I know, bad to have Windows running but I think its still better with Windows on Laptops than Linux).
There must be something bad about US-WLAN-networks as I never had this problem before and only got it there when connecting to the Conference-WLAN.
Do they use some different channels or frequencies? I really don’t know as I just want to have a working connection.
Unfortunately it didn’t fix itself when coming back to Germany. I still had occasional crashes with the infamous blue-screen.
Only a full reinstall of the OS and all the precious applications helped.

So much about US-Wireless-networks :(.

We’ve (the folks from Phorum) been talking in the last days about using the new DateTime object in PHP for Phorum as it has a nice way to use timezones including their DST setting.
Up to now we have just a setting where the user select if DST is current active or not as there isn’t really an easy way for use to enable/disable DST automatically.
Using that object would allow us to let the user select its timezone (with the timezone-select generated from that DateTime Object) and have DST automatically adjusted or better, we would not have to care about DST once a timezone is selected as its done automatically.

But unfortunately there is no localization of the date/time formats names in that new object.
Derick tells that “It’s intentional for PHP 5.2, not for PHP 6.0.” which is not really satisfying in my opinion.
In Phorum we are using strftime which formats time and date by the locale settings which are done through our language-files too.
So we can’t really get this behaviour through the new DateTime stuff and therefore I can’t really agree with Brian that its the feature we want in Phorum and that would require PHP-5.2.
It would only work half-way, too bad. A good idea which wasn’t completely finished.

Oh yeah, some people will remember me talking about charset hell when it wasn’t really that bad (yet).
But in the near future I will surely have to solve some charset problems for MySnip.de.
It is still running MySQL-4.0.x which didn’t support charsets like MySQL-4.1 did and even more MySQL-5 is doing now.
But as MySQL-4.0 support has run out I really need to upgrade soon and then I’ll probably find myself in a lot of charset troubles ;).
First one will start with the upgrade itself. How will it look like after the upgrade? Default charset will probably be latin1 so it *should* be fine. But will it?
Beside that this upgrade is already some trouble as I will need to dump/restore the whole databases which are quite some GB’s and I hate to take the services down for some hours.

For now I’m finding enough excuses like I need to wait for Phorum-5.2 until I can upgrade but in the end I can’t do it all at once.
I still hope that Phorum-5.2 will still run on MySQL4 so that I can upgrade Phorum first and then convert to MySQL5 (for now I see no problems with that).
But Brian has announced that he doesn’t care about PHP4 and MySQL4 either as we are all developing on MySQL5 and PHP5.2 (which is correct, my development environment is like that too) - we’ll see what I can do about it ;).

Seems like I’m running a really explosive mixture with PHP4.4.x, MySQL4.0.x on my production boxes and doing development mostly on PHP-5.2.x and MySQL5.0.x.
Fortunately it seems like Phorum itself is not as vulnerable to changes in PHP itself as other apps because of its NON-OO-code and up to now we had always MySQL4 in mind as it was the requirement for Phorum-5.1 which is the current stable version.

Somewhen I’ll run into walls, thats for sure …

… another blog from one of these web-guys.
Whats a web-guy? I see it more as developers active in the web-community or something like that or do you think thats something else?

Actually it was Brian who brought me to blogging and wordpress alltogether and therefore that title … ;).

At first, let me introduce myself:
Thomas Seifert from Berlin, Germany.
One of the three main-developers of Phorum.
My own project / “company” is MySnip.de which is also the cause why I ended up as Phorum-Developer as I’m using Phorum as the base application for the forum-hosting done there.
Other projects? Hmm, fotoii.com is one of them but there isn’t much traffic yet.
As you can see, all my web-projects are currently build with on PHP and MySQL and usually on Linux.
I know, there are a lot of other combinations possible but PHP/MySQL is IMHO the best combination ever.
You don’t have to worry about licensing costs when you start a project (just had that problem with a work project I’m involved in) and PHP allows for really rapid development and not coding weeks before seeing any result. MySQL is another problem though. Yeah, its fast and lean but it has changed much over the last couple of years (more about thatin another blog post later).