That’s what I ran into this week.

For security reasons, we needed to knock PHP4 off our Apache server and force all users onto PHP5.

But a quick test showed us that this broke a number of older sites (especially sites running on old code for things like OS Commerce or Joomla).

I can’t possibly scan through billions of lines of client code to see if their site will work or break, nor can I click every link and test everything after upgrading them to PHP5.

So automation takes over, and we look at PHP_CodeSniffer with the PHPCompatibility standard installed.

Making it work was a bit of a pain in the first place, and you’ll need some know-how to get it to go.  There are inconsistencies in the documentation and even some incorrect instruction on getting it running.  However, a good place to start is http://techblog.wimgodden.be…..

Running the command on a specific folder (eg. phpcs –extensions=php –standard=PHP53Compat /home/myuser/domains/mydomain.com/public_html) works great.  But as soon as you decide to try to run it through many, many domains, it craps out.  Literally just hangs.  But usually not until it’s been running for a few hours, so what a waste of time.

So I wrote a quick script to help with this issue.  It (in its existing form – feel free to mash it up to suit your needs) first generates a list of all public_html and private_html folders recursive to your /home folder.  It then runs phpcs against everything it finds, but does it one site at a time (so no hanging).

I suggest you run phpcs against one domain first to ensure that you have phpcs and the PHPCompatibility standard installed and configured correctly.  Once you’ve successfully tested it, then use this script to automate the scanning process.

You can run the script from anywhere, but it must have a tmp and results folder within the current folder.

Eg.:
mkdir /scanphp
cd /scanphp
mkdir tmp
mkdir results

And then place the PHP file in /scanphp and run it like this:
php myfile.php (or whatever you ended up calling it)

Remember, this script is to be run through a terminal session, not in a browser.

<?php
  exec('find /home -type d -iname \'public_html\' > tmp/public_html');
  exec('find /home -type d -iname \'private_html\' > tmp/private_html');
  $public_html = file('tmp/public_html');
  $private_html = file('tmp/private_html');

  foreach ($public_html as $folder) {
    $tmp = explode('/', $folder);
    $domain = $tmp[(count($tmp)-2)];
    if ($domain == '.htpasswd' || $domain == 'public_html') $domain = $tmp[(count($tmp)-3)];
    $user = $tmp[2];
    echo 'Running scan: ' . $folder . $user . '->' . $domain . '... ';
    exec('echo "Scan Results for ' . $folder . '" >> results/' . $user . '_' . $domain . '.log');
    exec('phpcs --extensions=php --standard=PHP53Compat ' . $folder . ' >> results/' . $user . '_' . $domain . '.log');
    exec('echo "" >> results/' . $user . '_' . $domain . '.log');
    exec('echo "" >> results/' . $user . '_' . $domain . '.log');
    echo 'Done.' . PHP_EOL . PHP_EOL;
  }

  foreach ($private_html as $folder) {
    $tmp = explode('/', $folder);
    $domain = $tmp[(count($tmp)-2)];
    if ($domain == '.htpasswd' || $domain == 'private_html') $domain = $tmp[(count($tmp)-3)];
    $user = $tmp[2];
    echo 'Running scan: ' . $folder . $user . '->' . $domain . '... ';
    exec('echo "Scan Results for ' . $folder . '" >> results/' . $user . '_' . $domain . '.log');
    exec('phpcs --extensions=php --standard=PHP53Compat ' . $folder . ' >> results/' . $user . '_' . $domain . '.log');
    exec('echo "" >> results/' . $user . '_' . $domain . '.log');
    exec('echo "" >> results/' . $user . '_' . $domain . '.log');
    echo 'Done.' . PHP_EOL . PHP_EOL;
  }

?>

See what we’re doing there?  Easy breezy, and solves the problem when having to run phpcs against a massive number of domains.

Let me know if it helped!

- Robbie

The new Timestamp feature allows you to start each episode at any point in the video.

New Feature:

Do you run a blog and want to link to specific portions of a Category5 Technology TV episode?  Or just want to share a specific clip with your family or friends?

Now you can!  Just append the timestamp to the URL as follows:

• Go to www.Category5.tv
• Find the episode you’re looking for and open its show notes page
• Scrub to the point in the video where you want to start and make note of the time (for example, 8 minutes, 19 seconds)
• Add a slash to the URL in your address bar, and then the timestamp in mm:ss format (for example, /8:19)

Give it a try:  http://www.category5.tv/episodes/291.php/8:19

Let’s say someone steals your laptop computer.  It happens.  It happened to me; someone broke in through our basement door a couple years ago, so I know first-hand that it happens.

With ESET Anti-Theft, you login to a web site specific to this feature, and click on “My Device is Missing”.

From that moment on, ESET will notify you through the special web site of any computer activity that is recorded.  When the thief connects to the Internet to check out their newly acquired hardware, your laptop will take a picture of them with the webcam, and log the approximate location of the criminal by way of sophisticated geolocation technology.

It will even let you post a message to the user.  “Give me back my laptop, you filthy animal”, or maybe it’s a teen living at home, and while his parent is looking at the new system he apparently bought from a friend with the allowance he’d been saving, you pop up a message “This laptop is stolen. Please call 555-5555.”  Boy, oh boy, Jimmy is in trouble.

A customer called me today and explained, “My computer isn’t worth anything really… I don’t care if someone steals it.  How do I disable this feature?”

“I’m happy to show that to you, and it’s very easy to disable.  But let me ask you one thing.  If a break-in happened at your house, yes, they’ll probably take your laptop. It isn’t worth anything notable, as you say.  But will they also take the jewellery? Perhaps the TV and power tools?”

I explained that using ESET Smart Security 6 and it’s new ESET Anti-Theft feature isn’t just about recovering your computer in event of theft, but all those other items too.

At the beginning of this post I mentioned that I had experienced a break-in at my home.  Talk about a violating feeling.  But we had no way to track the thief down.  The police found no fingerprints, and the place was ransacked.  Yes, they took the laptop.  But they also took our video camera, and an assortment of valuable electronics which could be grabbed easily.  Had I had ESET Smart Security 6 on my laptop, even though the laptop wasn’t really valuable to me, I could have very possibly recovered everything.

Some Friday food for thought.

Have a nice–and safe–weekend.

- Robbie

I’ve been fast falling in love with Cloudflare’s CDNJS.

CDNJS boasts that it is in fact much faster than Google Hosted Libraries.

Neah… that can’t be true!  Google’s the “big dog”… Cloudflare is still relatively new.

So I took a look.  The first thing that shocked me was the absolute magnitude of how many javascript tools are available through CDNJS.  Gone is the need to (for example) load jQuery from Google Hosted Libraries but then have to download and deploy a copy of Fancybox 2 locally or on your own CDN.  CDNJS seems to have it all.  Or at least a great selection, plus the ability to add a library yourself via GitHub.

Sorry, what?  Yeah, baby.

So I thought, let’s run the world’s simplest test: how fast does wget receive the jQuery library on Linux?  It may not be a realistic benchmark in all cases, but it gives us a bit of a look at how quickly each service delivers the js.

Here are those simple (but amazing) results from my location in Ontario, Canada:

Google Hosted Libaries
robbie@robbie-debian:/tmp$ wget http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
–2013-03-22 13:50:47–  http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Resolving ajax.googleapis.com… 74.125.133.95, 2607:f8b0:4001:c02::5f
Connecting to ajax.googleapis.com|74.125.133.95|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: unspecified [text/javascript]
Saving to: jquery.min.js.1' [ <=> ] 92,629      --.-K/s   in 0.1s

2013-03-22 13:50:47 (798 KB/s) - jquery.min.js.1′ saved [92629]

CDNJS
robbie@robbie-debian:/tmp$ wget http://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js
–2013-03-22 13:49:57–  http://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js
Resolving cdnjs.cloudflare.com… 141.101.123.8, 190.93.243.8, 190.93.242.8, …
Connecting to cdnjs.cloudflare.com|141.101.123.8|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: unspecified [application/x-javascript]
Saving to: jquery.min.js' [ <=> ]  92,629      --.-K/s   in 0.04s

2013-03-22 13:49:58 (2.21 MB/s) - jquery.min.js’ saved [92629]

Note the filesize (92,629) is exactly the same; we’re dealing with the same version of jQuery here–identical files.  Also note that I’ve used a non-secure (http) connection for each.  The difference in speed is incredible.

Now, for a basic site, the fraction-of-a-second difference may not matter to you.  But for a big site like mine, this kind of difference could mean a full second off the load time–possibly more!  That’s unheard of for a simple copy-and-paste change in code.

Time to update Category5.TV.  What about your site?  Please comment below.

Update:  Garbee made a great point in our IRC room:  You’re only seeing results from my location.  Fair enough.  We want to make sure this isn’t just me that is experiencing such a massive difference.  Therefore, please run this exact test yourself, and post your results below in a comment.  I’m in Ontario, Canada.  Where are you?  Thanks!

First Day Results Extracted from Reader Comments:

• Me:
  Ontario Canada – Google @ 798 KB/s, CDNJS @ 2.21 MB/s, CDNJS is 2.77x the speed of Google.
  Brea California – Google @ 2.27 MB/s, CDNJS @ 14.5 MB/s, CDNJS is 6.39x the speed of Google.
• Garbee:
  Virginia USA – Google @ 429 KB/s, CDNJS @ 496 KB/s, CDNJS is 1.16x the speed of Google.
  New Jersey USA – Google @ 104 KB/s, CDNJS @ 2.60 MB/s, CDNJS is 25x the speed of Google.
• Chris Neves:
  Montana USA – Google @ 123 KB/s, CDNJS @ 300 KB/s, CDNJS is 2.44x the speed of Google.
• Alan Pope:
  Farnborough UK – Google @ 1.26 MB/s, CDNJS @ 1.16 MB/s, Google is 1.08x the speed of CDNJS.
  London England – Google @ 6.79 MB/s, CDNJS @ 4.72 MB/s, Google is 1.44x the speed of CDNJS.
• steve5:
  Leeds UK – Google @ 153 KB/s, CDNJS @ 178 KB/s, CDNJS is 1.16x the speed of Google.
• Bryce:
  Seattle Washington – Google @ 1.83 MB/s, CDNJS @ 659 KB/s, Google is 2.78x the speed of CDNJS.
• Calvin:
  Massachusetts USA
  Test 1: Unsecure Connection – Google @ 810 KB/s, CDNJS @ 876 KB/s, CDNJS is 1.08x the speed of Google.
  Test 2: Secure Connection – Google @ 721 KB/s, CDNJS @ 1.08 MB/s, CDNJS is 1.5x the speed of Google.

CDNJS

We have many “free” accounts connected to it, and many “paid” accounts.  Some of our customers needed the “paid” features such as printer support, so we set them up with a paid account.

So our account, over the years, became a well-organized assortment of both paid and free LogMeIn accounts.  And we had a lot of them.

And then on March 5, 2013, LogMeIn sent the following email (excerpt):

“For nearly a decade, LogMeIn Free has provided unlimited free remote access to users on as many computers as they wish. In order to ensure that we can continue providing this free service and make meaningful improvements to it, we will be limiting the number of accessible Free computers in all remote access accounts to 10.”

We stopped reading around there.  But it goes on…

“Should you choose not to upgrade, only the first 10 Free computers in your account, according to alphabetical order, will be shown as available” … “These changes will take effect in just a few weeks, so act now to take advantage of our special rate.”

Well, we acted.  We moved all our customer systems (including the paid ones) onto our own hosted support solution and left LogMeIn a distant memory.  Didn’t have to think twice.  LogMeIn effectively pulled the plug on our business-customer relationship.

As a business owner, it’s important not to forget your customers.  They’re the ones who make your business work after-all.  In LogMeIn’s case, they made a stupid move. And unfortunately a lot of it has to do with communication.  I now know they are offering a reasonably priced “Central” service to allow the continued use, but their email didn’t mention anything about that in the first paragraph, and in big bold characters it simply stated, and I quote:  “Important message: Your account will soon be limited to 10 Free computers.”  We didn’t read any further before taking action.

So, in an effort to reduce the number of “free” accounts in use on their system, LogMeIn has also lost all our paid accounts.

It reminds me of when Neighbours (a coffee drive-thru) stopped taking debit as a form of payment.  Their focus was entirely on the wrong thing: the fees to run a debit machine.  Here’s the ripple effect: I used to get my coffee there each morning, and quite often a breakfast sandwich, but when they made that change, I didn’t waste any time (because I don’t carry cash)… I just drove across the road to Tim Hortons.  Stupid move on their part.  They’ve since re-introduced debit at their drive-thru.  Perhaps someone at the company woke up and realized they just cut out a large chunk of their business to save a few pennies per transaction.  Which costs more?

But where does that leave LogMeIn?  Their focus is obviously in the wrong place in the same way.  And we’ve gone elsewhere.

Own a business?  Think about your customer first, and then figure out how to make money while taking good care of your customer.  If you can’t be good to your customer, they’ll just go across the road and leave you wondering where all the business went.

- Robbie

Now, you can receive Category5.TV’s weekly episodes by email!

It looks something like this:

Receive Category5.TV episodes by email.

This is really exciting because it means you can receive this really cool (and non-spammy) reminder each week once an episode is available.  It’s not a dumb notice, or a “click here for our web site”.  It’s literally an email that gives you 1) a screenshot from the episode, 2) a description of what we did in the episode (the main topic), 3) direct links to download the episode for free and 4) a handy “play now” link which will open a player window and instantly begin streaming the show to your device.

To activate this awesome feature on your free account, simply login at Category5.TV and choose “Members” -> “My Profile”, and you’ll see the new option “Weekly episode by email” as per the above image.  Check it off and press Save Settings.  Don’t worry, you can turn it off at any time, and we never spam you (it’s against our beliefs as non-spammers)!

Don’t have an account?  No worries; it’s free, and easy!  Just visit http://register.category5.tv/ and sign up today.

Please activate the feature, and once you’ve received your mailout (comes out when each episode becomes available; usually Wednesday mornings), let me know what you think.  I would love to hear your comments below.

Thanks for watching Category5 Technology TV!  Thanks also to _Jot_ for assisting me with the beta testing.

These types of mass-mail viruses can be very confusing, since they nearly always appear to come from someone you know.

Here’s why and how that happens…

Let’s say someone who you haven’t talked to in a few years (we’ll call him “Bruce”), who is part of the same “circle of friends”, caught a virus. So the virus goes into their address book and starts mass mailing everyone in the address book, and spoofs who it is from.

Bruce’s address book:

• John
• Betty
• Doug

Bruce gets a virus. The virus sends an email to John pretending to be Betty, and an email to Doug pretending to be John.

Doug replies to John and says “You have a virus!” But John doesn’t have a virus; Bruce does.

It’s often difficult or impossible to track down the true culprit, and that’s why it’s imperative that everyone on Microsoft Windows have an up-to-date Virus Scanner such as ESET Smart Security 6. It is also important on any platform (Windows, Mac, Linux, or even Smart Phone) that you be familiar with phishing scams, and be extra cautious what you open or click.

- Robbie Ferguson

These types of mass-mail viruses can be very confusing, since they nearly always appear to come from someone you know.

Here’s why and how that happens…

Let’s say someone who you haven’t talked to in a few years (we’ll call him “Bruce”), who is part of the same “circle of friends”, caught a virus.  So the virus goes into their address book and starts mass mailing everyone in the address book, and spoofs who it is from.

Bruce’s address book:

• John
• Betty
• Doug

Bruce gets a virus.  The virus sends an email to John pretending to be Betty, and an email to Doug pretending to be John.

Doug replies to John and says “You have a virus!” But John doesn’t have a virus; Bruce does.

It’s often difficult or impossible to track down the true culprit, and that’s why it’s imperative that everyone on Microsoft Windows have an up-to-date Virus Scanner such as ESET Smart Security 6.  It is also important on any platform (Windows, Mac, Linux, or even Smart Phone) that you be familiar with phishing scams, and be extra cautious what you open or click.

Please comment below, or download a free trial of Endpoint Protector DLP.