DrBacchus' Journal

I just flipped the switch, and pointed the MX records for RCBowen.com at GMail. I've been running my own mail server for about 15 years now, and this is the first time I've trusted anybody else to handle @rcbowen.com email. We'll see how it goes. I sincerely hope that the outcome is less spam.

By far the most painful part of the process was migrating a half-million email messages from my IMAP server over to Google, and trying to get all the same folders and filtering rules set up. But, in the process, I deleted probably another quarter of a million email messages. Ye gods I have a lot of email.

And, yet, after all that, I'm only using 5% of my capacity on GMail.

We use Plug n Pay at $work to conduct our financial transactions. It's a great service, but the example code that they provide for PHP and Perl developers leaves something to be desired.

I spoke with a tech support guy there, and, while he was helpful, and clearly very knowledgeable, I found that we differed significantly on a particular point of philosophy. He seemed to be somewhat perplexed as to why I would want a full OO interface to their API, because, as he said, any PHP programmer worth their salt can take the API documentation and write code that sends arguments via Curl, or PHP sockets, or whatever, and get useful results from it.

To this end, they offer one PHP file, containing a partial implementation of one of the API methods, as an example of how one might do this. The example manually builds a query string, rather than using http_build_query, and manually splits the return value, rather than using parse_str - not crimes in themselves, but it seems that ecommerce code should be held to higher standards than this.

While I don't disagree that a good programmer could indeed do this, I disagree that any would *want* to. Good code is reusable code. Having thousands of programmers writing exactly the same code, and having many of them, no doubt, doing it really badly and insecurely, is not in the best interests of anyone - the programmers themselves, the companies they work for, or even Plug n Pay (or any other financial vendor). They are wasting thousands of hours, and they are very probably writing code that is insecure, confusing, poorly documented, and, in many cases, just plain wrong.

Having a complete API implementation, and providing that to customers, is a service to everyone. It saves my time as a programmer, it saves time and resources on tech support, and it results in more secure code that is guaranteed to do the right thing every time.

Now, the folks at PnP offered to audit my code and possibly offer it for download on their site, given certain licensing requirements, and I may take them up on that. I haven't decided yet. But, to be honest, I find their attitude about the whole thing to be quite at odds with my view of how software development should work. Encouraging every individual programmer to find their own way is not the way to improve the overall security stance of ecommerce websites. In fact, I would say that the huge daily number of compromised ecommerce websites is a direct result of this stance.

So, anyways, to this end, I offer my starter implementation of a full PHP API for PnP. So far, it's incomplete, but exposes the most frequently used methods, and does it in such a way that it's pretty difficult to get it wrong. Of course, you need a PlugNPay account to use this, but one hopes that if you found this article by a Google search, this is the solution you're looking for.

Now, it's possible that I'm the only person that cares about this kind of thing, but if you're interested in receiving updates of this code, or possibly in participating in the ongoing development of this code, please let me know, and we'll work something out. Collaborative development of reusable code seems like the only sane way to implement a financial transaction codebase.

We took over 500 photos yesterday with the Rebel, and the battery still says it's completely charged. And I think it's been at least two weeks since we charged it, and we've taken a bunch of photos in that time. Why can't all batteries have this kind of life?

Fitz notes that his email address appears 960 places on the web. I'm at 2630. This is one of the reasons that I'll very soon (hopefully tomorrow) switch my primary domain over to the Google for Domains service (or whatever they're calling it now), so that I can get out of the spam fighting business. I've spent an inordinate amount of time over the last 12 years or so trying to figure out how to get less spam to hit my inbox, and I'm all done. Google's got folks who do that full time, and, while I can't figure out why they would provide this to me for free, I'm perfectly willing to let them.

Programming design lesson for today. Programmers should be forced to use the software that they design, in an actual real-world scenario, before it is released.

The only time I ever look at the lease list on a DHCP server is when I want to find one and add a reservation for it. So, you bring up a device, it acquires an address, and you wish to make that address permanent.

So, I go to the lease list, find the device, and look around for the "Add as a reservation" button, which doesn't exist. Grr.

So I try to copy the MAC address, so that at least I can paste it in over in the "Add a reservation" dialog, which is in a separate part of the interface - and I can't keep the one window up while I go over to the other one.

Nope, sorry, copy disabled in this interface.

So, I bring up a notepad and type in the address, then switch to the "add reservation" interface. Turns out I can't copy from notepad and paste it into this interface. Paste is disabled here. Grr.

So I type it in. It tells me that the format is invalid. Turns out that the MAC address format in the one interface - with colons - is invalid here. I have to enter it without colons.

So, I ask you, in what design meeting were such stupid decisions made, and have the people responsible been fired?

Sure, I know, you'll tell me that it's fixed in a later version. Perhaps in Vista? But, seriously, if these people had used their own product for even 10 minutes in a real environment, these kinds of issues would surely have been discovered. Or are they the kind of people who memorize their MAC address?