When the iPad debuted in April 2010 I didn’t feel I had a use for it that justified the cost. I mean, “my laptop can do anything,” I thought at the time. “Why would I want a crippled computer?” Was the world really ready for the new device Steve demoed?

But two years later, the tablet as a device is now a sustained product (I’m reluctant to call it “matured”), has first-class content available for it, and has carved its own niche in the device landscape. That $650 in my wallet is starting to feel mighty heavy…

My device usage

I currently spend most of my screen-time working from a 17″ MacBook Pro: the normal 8-ish hours for my full-time employment, then after hours doing some reading, researching, personal programming projects and open-source work.

The iPad would mostly take over as a device for casual browsing with Instapaper, HackerNews, Twitter and RSS. It would also see the occasional movie or gaming while traveling. A single device for these purposes would allow me to focus on reading, instead of being distracted by email, code, chat and all the clutter that comes with normal work when using my laptop.

Much of this type of usage would happen in the late evening and into the night.

Yet there is one killer app I use on Mac OS that isn’t natively available for iOS, but makes working in the evening exponentially more comfortable: F.lux.

F.lux a little app that runs in the background and automatically adjusts the color temperature of the screen according to the current position of the sun in the sky.

During normal daylight hours the screen is unaffected, resulting in light emitted at about 6500K, or about the same color temperature as sunlight radiating under a clear blue sky. But as the sun sets and the color of the light outside changes, F.lux gradually transitions the color temperature of the screen from 6500K to 2700K, which is closer to that of indoor incandescent tungsten lighting. This color-shift makes the laptop screen appear similar in color to your working environment, making it less jarring and easier on the eyes.

The human brain is very good at determining colors in varying lighting conditions and deciding, “that’s blue” or “that’s white”.

It’s so good that you often will not notice a difference in color because all other colors are contextually and equally shifted towards the blue or orange end of the spectrum depending on the light source.

You are likely only aware of a difference when looking at a picture and being removed from the actual experience. If you’re familiar with fixing the white balance of a photo, your brain is doing exactly that, all in real time.

This effect is most pronounced when comparing color swatches side-by-side and deciding which one appears more blue or more orange.

Source: http://en.wikipedia.org/wiki/File:Grays.svg

When working in a mixed light source environment, such as an orange incandescent lamp illuminating your living room while you work on your couch with the blue-white glow of your laptop, your brain is actually in a constant tug-of-war.

The brain is trying to create an equilibrium by balancing the colors in the room towards the blue of the laptop, and the laptop light towards the orange of the room. But switching context between looking at your laptop and glancing around the room creates a constant battle for how the brain balances the colors the eye sees. You might better know this tug-of-war as a headache.

F.lux stands to save your headache by correcting this contextual imbalance and tuning your laptop screen to emit light close to that illuminating your working area. Just select from the presets for the different types of lighting: tungsten, halogen, fluorescent, daylight, and a custom setting to set your own color temp.

To demonstrate how beneficial this is, install F.lux and fire up your laptop after the sun has set. Then select “Disable for an hour” from its icon in the menu bar. You will notice how jarring the blueish 6500K screen feels and how it hurts your eyes. It’s like hearing a high-pitched screeching noise after listening to the relaxing tunes of, say, Jonn Serrie.

Color temperature’s effect on sleep

The F.lux website has an entire page dedicated to research that negatively correlates drowsiness, while positively correlating alertness, in people exposed to light that is close in color temperature to that of a normal computer screen. This is essentially sunlight that makes you feel more alert and less tired.

These findings can be appropriated to say that using your computer or iPad (without F.lux) before attempting to sleep may lead to trouble falling asleep, and/or being less likely to experience the deeper levels of sleep required for to feel fully rested.

What about the iPad

The iPad emits a cool light of about 7000K, which is even slightly more blue than the normal 6500K daylight and even further from the 2700K incandescent light color temperature.

This leads me to believe that using an iPad in the evening hours would only keep me awake, which isn’t a desirable side effect. I’d rather be winding down from the day than trying to keep myself away. Right now I don’t have that problem because I use F.lux on my laptop.

But the F.lux authors do not offer a native iOS app. Instead, they offer an unofficial iOS app that can only be installed after jailbreaking the device. This is because there are no open APIs to hook into adjusting the colors of the display.

I would love it if Apple incorporated this type of color shifting technology into its hardware by adding a sensor for light temperature and allowing the screen to adjust. It would work as an optional setting, as the color shifting is greatly undesirable when doing work like photo editing, where the screen’s color is of utmost importance.

I think the general public would see this as magical, and could even be marketed as a health benefit–which surely could earn points for Apple in the mass media, who likes to inflate stories about how extended use of technology is bad. Maybe this could even bring the concept of color temperature and its physiological effects more into the mainstream awareness.

Thoughts?

It may seem silly that the absence of a single small application would make me think twice about buying a shiny new gadget. But that’s really because of the positive impact it has had on me.

It’s one of those things that after you start using it, you can’t imagine going back.

Have you noticed this jarring effect when using a laptop in the evening?

Or maybe you already use F.lux. Is it as revolutionary for you as it is for me?

Has anyone installed the F.lux iOS app or found an alternative that makes reading from a screen easier at night?

Most changes will probably not affect your every day use of git, but a few new features should be useful.

git merge learned the --edit option to allow editing the merge commit log message

If your development revolves around feature branches, you probably already branch and merge daily. Depending on your preference, you might preserve merge commits in your log history. If you abide by gitflow or manually specify the --no-ff option when merging, you are preserving the merge commit.

By default, these commits are auto-generated by git and don’t tell you much. They list which files had conflicts, if any, and the name of the merged branch. Unless there is a conflict, you are not given the chance to edit the commit message when making the merge. But thanks to the new --edit option, you can now add a custom message when merging.

Using --edit will cause git to perform the merge then drop you into your core.editor application to edit the merge commit message itself before finally writing it to your history.

You could use this functionality to write a quick all-inclusive summary of a feature you are merging and how it might integrate with other pieces of your software. If I’m working on an internal team project, I’ll also include any commands my co-developers need to make in lieu of these new changes.

git merge --no-ff --edit

git grep learned --untracked option

If you aren’t familiar with the Unix tool grep, it basically allows you to search for text within other blocks of text. That block of text may be a large log file or any other type of output sent to your console.

git grep is similar to normal grep, but provides grep functionality within the context of a git repository. For example, git grep takes into account the files ignored in .gitignore and will not return results found in those files.

With the new --untracked option, git grep can now search through untracked files as well. So if you have untracked files you might have created but not yet added to your project, you can search through them as well.

git grep --untracked "string to find"

git diff learned --function-context option to show the whole function as context that was affected by a change

When displaying a diff, a one-line change is normally shown with 3 lines of context. This means the 3 lines both before and after the change are displayed to help remind you where this change was made.

 (master) ~/Sites/hallcenter_awards/symfony $ git diff
diff --git a/apps/applicant/modules/application/actions/actions.class.php b/apps/applicant/modules/application/actions/actions.class.php
index 5092da4..ec22e6d 100644
--- a/apps/applicant/modules/application/actions/actions.class.php
+++ b/apps/applicant/modules/application/actions/actions.class.php
@@ -21,7 +21,6 @@ class applicationActions extends BaseActions

         $this->route = $this->getContext()->getRouting()->getCurrentRouteName();

-        $this->competition = $this->getCompetitionBySlug($request);
         $this->forward404Unless($this->competition->isPassedOpenDate(), 'Competition not open for Applications yet.');

         $this->applicant = $this->getUser()->getGuardUser();

If your change is within a larger function or block of code, like the previous example, 3 lines of context isn’t enough to tell exactly where in the function this change was made. git shows us the class declaration as context (seen above as class applicationActions extends BaseActions), but wouldn’t it be great if we could see the entirety of the function where the change was made?

The new option --function-context (or its -W short option) attempts to provide you this context, giving you all lines of the function within which your change was made:

 (master) ~/Sites/hallcenter_awards/symfony $ git diff --function-context
diff --git a/apps/applicant/modules/application/actions/actions.class.php b/apps/applicant/modules/application/actions/actions.class.php
index 5092da4..ec22e6d 100644
--- a/apps/applicant/modules/application/actions/actions.class.php
+++ b/apps/applicant/modules/application/actions/actions.class.php
@@ -11,203 +11,202 @@
 class applicationActions extends BaseActions
 {
     /**
      * Executes before every action
      *
      * Sets navigation breadcrumbs
      */
     public function preExecute()
     {
         $request = $this->getRequest();

         $this->route = $this->getContext()->getRouting()->getCurrentRouteName();

-        $this->competition = $this->getCompetitionBySlug($request);
         $this->forward404Unless($this->competition->isPassedOpenDate(), 'Competition not open for Applications yet.');

         $this->applicant = $this->getUser()->getGuardUser();
         $this->application = $this->getApplicantCompetitionApplication($this->applicant, $this->competition);

         $this->setSlotBreadcrumbCompetition($this->competition->getTitle(), 'application_overview', array('slug' => $this->competition->getSlug()));
         $this->setSlotBreadcrumbCompetitionPage('Application Form');
     }

     /**
      * Displays Application form
      *
      * If Applicant has already started applying, display their info
      *
      * @param sfWebRequest $request
      */
     public function executeNew(sfWebRequest $request)
     {
         $this->redirectIf($this->applicationExists($this->application), array(
             'sf_route' => 'application_edit',
             'slug' => $this->competition->getSlug(),
         ));
    }
    // basically continues until the end of the file

I’ve found this option rather unreliable, at least within a large PHP class. My tests found --function-context often results in displaying almost all of the original file, and git appears ignorant of PHP’s function boundaries. The number of context lines before and after a change seem random, and the diff doesn’t necessarily always show all lines of the function, either.

The original patch message that introduced this change sheds some light:

This implementation has the same shortcoming as the one in grep, namely that there is no way to explicitly find the end of a function. That means that a few lines of extra context are shown, right up to the next recognized function begins.

So it appears detecting a function’s boundaries is difficult for git. It seems in this instance, git never detects a function boundary and gives us the context of the entire file.

Perhaps support for this functionality will improve in future versions.

For now, git diff already supports the --unified= option, or its short version -U, for displaying a larger number of context lines than the default of 3. At this point, I can only recommend using --unified= to display more lines of context in your diffs.

git diff --unified=10

Jobs loved what he saw. Xerox had developed one of the first GUI’s, one that would ultimately lay the foundation for the concept of “windows” (small W) and the “desktop” we know in modern operating systems.

Jobs saw the potential of such a user interface, and an ability to capitalize on Xerox’s early work, but deliver it at a fraction of the price. He immediately tasked early Apple employee Bill Atkinson with replicating what the two had seen at Xerox.

Atkinson’s finished product not only faithfully reproduced what he and Jobs had seen at Xerox, but Atkinson also inadvertently added a revolutionary feature we now take for granted: the ability for windows on screen to overlap.

Biographer Walter Isaacson writes in Steve Jobs, “Atkins pushed himself to make this trick work because he thought he had seen this capability during his visit to Xerox PARC.”

Atkinson told Isaacson,

“Because I didn’t know it couldn’t be done, I was enabled to do it.”

Sometimes we think we know the rules and limitations of an idea. Until someone comes along and breaks those rules, simply because they didn’t know such rules existed.

It’s amazing what can be done when nobody tells you you can’t.

By the end of this article I hope you have a better sense of how you choose what to listen to, and that I introduce you to some new artists to increase your productivity when working.

The most important part for me in finding The Zone is my auditory environment. Where I work varies: the office, at home, 30,000 feet in an airplane, etc. Each environment has its own accompanying distractions: conversations in the next cubicle row, people walking by, my neighbor’s rhythmic subwoofer, the barista making a drink order, the impending “Would you like something to drink?” from the flight attendant making her way down the isle.

Music and quality audio equipment have become my great equalizer. (Another post on audio equipment in The Zone will be posted soon.)

But music alone isn’t enough. I can’t slip into The Zone just listening to just any music. The type of music that makes me most productive is affected by many factors:

• What am I working on? Find a beat and rhythm to match the task. Is it a long, enduring task like fixing an epic bug? Or am I drudging through mindless work and need something to liven it up?
• Does the task require internal dialogue, like reading or writing? Music with lyrics interferes with my thinking. I process things internally by talking to myself in my head. Someone singing in my ear creates another voice commanding my attention, detracting me from clarity.
• What’s the weather like? I seem to prefer different types of music given the weather. A sunny Summer day calls for different music than a blustery Winter day.
• What time is it? If I’m winding down for the day I probably don’t want to turn on some 140 bpm Trance. That would just keep me awake. Unless that’s exactly what I need.
• What mood am I in? Maybe my morning didn’t go so well, or maybe I just pushed a great new feature and am reeling with excitement.

Whatever the case, what I pick to listen to is both an extension of what mood I’m in and what mental state and mood I need to put myself in to be productive in what I’m working on.

Early Morning (5am – 8am) – Low-key

I use my mornings to catch up on Twitter, articles I’ve saved to Instapaper, or sometimes experiment or test out solutions to problems I’ve been mulling over. Whatever the case, I don’t like much distraction.

The darkness and lack of buzz before sunrise allows me to focus. No one is moving except the birds and squirrels outside. Jason Friend and DHH hit it perfectly in their book “Rework”:

Think about it: When do you get most of your work done? If you’re like most people, it’s at night or early in the morning. It’s no coincidence that these are the times when nobody else is around. [...] Long stretches of alone time are when you’re most productive. When you don’t have to mind-shift between various tasks, you get a boatload done.

Jazz and low-key minimalism tunes allow me to get my brain moving and cognitively functioning. It’s like morning coffee for my ears. Contemplative, but energizing.

Music:
(Listen) Goldmund
(Listen) KILIMANJARO
Gonzales – Solo Piano
Miles Davis – Kind of Blue

Morning Work (8am – 12pm)

By now I’m in the office and ready to start on the day’s work. Check email, put out any fires, start structuring my plan for the day.

Right now, I need music to keep me deep in thought and focused. The office usually has many people running around, or having conversations. My goal is to tune them out.

This music is a bit spacey and droning. The minimalism and calming nature also keeps me level-headed about any boogiemen I might discover in my Inbox.

After filing and sending email, it’s usually any new support work or maintenance programming on my current project. Tying up loose ends so I can have a productive rest of the day where I’ll write new code, perhaps continuing what I was building on earlier in the morning.

Music:
(Listen) Cliff Martinez – Solaris Soundtrack
(Listen) Jonn Serrie

Afternoon (1pm – 5pm)

The post-lunch time slot can be difficult. It’s either a continuation of a productive morning, or an uphill battle to stay focused. Depending on the day, over lunch I either played basketball, watched a video/conference talk I saved via Instapaper, read a programming-related book or caught up with co-workers.

I try to pick music to draw me back into my productive morning state, or kick-start me into The Zone if my morning yield was poor. Caffeine with lunch seems to be a reliable way to get me going in the afternoon and keep me focused. Adding the right music to that allows me to get a lot done.

Music during this time varies so much because it depends how my morning went. I usually kick iTunes into Shuffle and play tracks until something hits the spot.

I’m usually in this mode until the end of the work day.

Music:
Electronic / Trance – DI.fm Trance Channel or Armin van Buuren
Radiohead
Nine Inch Nails
August Burns Red
As Tall As Lions
The Mars Volta
Circa Survive
Pendulum

Night (10pm – 1am) – Drifting

By now, errands have been run, dinner is finished and cleaned up, I’ve spent time with friends or my girlfriend, and I’m ready to get back to it.

If I had an early morning or a long day, there’s usually another window of quality focus during the nighttime hours. There’s not much coming through on Twitter, not many people on chat, and nothing of interest on TV. I can focus again.

This is another period of quality isolation time, allowing me to ignore everything else from the comfort of my couch and crank on more code or work on a blog post. (It’s 1:30am as I type this.)

I try not to let myself go to sleep if I’m in the middle of coding a feature or fixing a bug. There’s time investment required to orient my mind to what I’m doing, like having a virtual machine running, a few terminal sessions going, a few tabs open in NetBeans and a dirty working tree in git.

But I can usually find this weird blissful mental state where I feel half-asleep but can focus intensely on what I’m doing even though I’m really tired. It’s like I can ignore anything else on my mind from the day and just sink into a comfortable place and code. I get lost in the music and time stands still.

Music:
(Listen) Benn Jordan – Pale Blue Dot
(Listen) Sven Weisemann
(Listen) Jonn Serrie
(Listen) Maserati
(Listen) The Flashbulb
(Listen) The Mercury Program

What I listen to throughout the day greatly varies, and so does the equipment I use to listen to it. Check back soon when I’ll post Part Two of this series: an in-depth look at the audio equipment I use during each of these times of day, and my recommendations on specific audio gear to help coax yourself into The Zone.

Most changes will probably not affect your every day use of git, but two new additions should prove very useful for many developers:

“git stash” learned an “–include-untracked option”

git stash is one of my favorite git features. If you don’t know about git stash yet, it allows you to take all of the changes in your working tree that haven’t been committed and temporarily store them, then cleans your working tree.

Basically it tells git, “Hey, I’m not ready to commit all of these changes, but I really need to get back to the way my repository was right after I made my last commit. So save my most recent changes with this given description, so I don’t forget what I was working on, and I’ll come back to them later.”

Prior to git 1.7.7, if you ran git stash save it would only stash changes for files that were already under version control. So if you had created a new file that was part of the feature you were working on and wanted to stash it, you were stuck with an ugly work around of having to add it to the repo using git add, then stashing your changes. When later replaying the stash, those files would still appear in the staging area/index.

But with the new option --include-untracked, or simply -u, git stash can now save your working tree exactly the way you had it when you created the stash.

git stash -u
git stash --include-untracked

“git submodule update” reports any errors at the end instead of halting on error

git submodules allow you to embed and track a foreign repository in your parent repository. They are great when you want to distribute code between multiple projects, but keep the distributed code in its own repository with its own version history.

Prior to git 1.7.7, if you ran git submodule update and there was a problem, git would immediately halt. Halting in the middle of updating might update some of your submodules and leave others unupdated.

But now, git will continue updating all submodules and instead report a list of errors after attempting to update all submodules.

Sagan lays out two over-arching requirements that must be met for the survival of the human species, which he reinforces in various ways throughout the book:

We must venture outside Earth, and ultimately outside the dependency of the Sun, if humans are to survive the end of the Earth

The Sun and Earth have limited lifespans, albeit billions of years. The Sun will eventually turn into a red giant star (the current estimate being in about 5 billion years.) Increasing in size and amount of light energy emitted during this process, it will alter the atmospheric composition of Earth by increasing its surface temperature.

These atmospheric changes will cause a chain reaction in all living organisms on Earth as the atmosphere and oceans begin to boil away. The balance of life that has evolved while the Earth is in its current stage will cease to exist, perhaps giving way to a new quality of life and organisms better suited to tolerate the new conditions, before all atmosphere, water and upper layers of earth are burned away.

Finally, after all molten matter is stripped from the surface, Earth’s iron core will be engulfed by the expanding horizon of the red giant star previously known as our Sun. All human creations, trees, grass, dirt, fossil fuels, buildings, gravestones, and all remains of every organism to ever grace the Earth… all planetary matter will have been broken down into other energy, and ultimately re-distributed into surrounding space, to one day be recombined into (anti?) matter or energy somewhere else in the Universe.

Our history as a species and everything every single human has ever worked for will be gone. The only remaining remnants of our existence will be the light and radio waves that were reflected and emitted during our existence on Earth. Anyone observing Earth from billions of light-years away would actually be observing Earth as we currently inhabit it. Wave to them.

That is unless we destroy ourselves first.

We mustn’t destroy ourselves

Whether through rash decision by an ideologic or radical peoples, or by means of ignorance or plain selfishness, the human species has the ability to destroy itself. Whether through technological means such as nuclear war, or selfishness and shortsightedness in damaging the delicate life balance under which current organisms have evolved.

The human species, in its development of technology and its ever-increasing rate of advancement, has harnessed power capable of mass destruction. While this power might seem small in scope of the energy harnessed by the perpetual motion of the Universe, it is enough to destroy our entire world. Whether used recklessly by way of a political statement, or pure accident, the technology enabling this power is now a lit fuse that could easily disrupt our existence.

By establishing a human presence on surrounding worlds and stars, we can lower our vulnerability to catastrophe like this and the fragility of the Earth that ultimately cultivated us.

Sagan argues through much of the book that the first step in exploring the stars is sending humans to Mars. But his pessimistic outlook on the state of the human race suggests he believes humans will destroy themselves and their planet before spacefaring nations can foster the finances to accomplish such a feat.

Given the current financial state of the United States in 2011, it would seem increasingly unlikely for such an undertaking to see approval by its governing bodies anytime soon.

At the University of Kansas where I do web development work, we recently had a random student developer from another large University call our help desk and suggest we implement a collapsable content list (an accordion) on our Academic Schools & Departments page (seen below.)

Even though the content is in a list format with headings over each area, I chose not to use an accordion. Why not? Let’s consider a few things.

How did the user arrive at this page?

Looking at our Google Analytics numbers, about 99% of visits to the Academics page come from the KU’s homepage and primary site pages. A link to “Academics” lives in the top-navigation, so it’s very visible. This indicates the user is already browsing around our primary site, where they find general info about the University.

This particular page is also the 3rd-most visited page on KU’s main website, only behind the Homepage and A-Z’s “E” page (where users go to click on “Email.”) So it’s seeing a lot of traffic.

How many clicks deep is this page? What other pages might the user have encountered before arriving at this page?

This page is one click deep at all times. A user can access this page with one click from almost any other page on KU’s website, so its content should be geared to hit a wide audience with a variety of expectations.

What is the context of this page?

In this case, the Search tab is active when the user first arrives. Users are accustomed to (and often prefer) searching to find the content they want, so we let them Search first. Search provides instant gratification and is a low time investment opposed to reading a long page of text or links.

We also operate under the assumption that after a user finds the information they seek, they stop looking. If search meets their needs, they will not likely encounter our list of Schools & Departments.

So what can we conclude about the context of this page and the user arriving there?

• The user is looking for info about the schools and departments KU offers.
• Since the user was first provided a Search box, they likely already searched for the info they wanted and their needs were not met.
• They may or may not know the name of the department they’re looking for and…
  • want to see a hierarchy of schools and departments
  • want to see all options and pick the one that best matches what they’re looking for

Now that we’ve asked given context to the page visitors, let’s pick up where most tutorials start: the content being presented.

What type of content is this?

Our very long list is broken down in a hierarchy by School, then Department. If we took into account only the hierarchy and length, a collapsed list would absolutely solve that problem. But let’s go beyond content tutorials and dig a bit deeper.

Does the user need to see all content at once?

In this case, yes, they likely do. The user didn’t find what they wanted using the search, and they want to see all possible options to find the one that best matches what they’re looking for.

Remember, this user might not know what they’re looking for because this page is not very deep in the navigation structure. So rather than hide a bunch of content from the user, we give it to them all at once. They can use CTRL + F to search the page content for a specific department, or quickly skim over each school and through the department lists.

Conclusion

These are all questions you should ask yourself before implementing any type of visual effect or design element. You might think you’re being clever, but you could just as easily be hurting the usability of your site’s content.

Does any of that really affect you? No, really… does it?

NO! And if you think it does, it doesn’t. Want proof?

Before reading any news article today, insert “Who cares if…” in front of the headline.

Who cares if some radical pastor wants to burn Korans?
Who cares if huge fires are engulfing a San Francisco neighborhood? (OK, unless you have family in the neighborhood.)
Who cares if there’s another meaningless evil zombie movie, now in 3D?

Who cares? Not me, and not you.

We’re fed this junk news because the news companies NEED something to cover. If they don’t cover SOMETHING they’re sending out dead air, or blank newspapers, or a news junkie’s cryptonite: re-runs.

It’s not just national and local news networks and newspapers. It’s all over our digital life too.

Look at your RSS Feed (if you even still use one.) Your Twitter feed. Your Facebook feed. How many of those stories do you actually read? How many do you actually care about? You probably don’t even have enough time to keep up with it all.

People follow this junk news so they can keep up on current events, or have something to talk about at the water cooler, or chat up acquaintances at awkward dinners and family get togethers. People get a sense of pride from knowing “what’s going on in the world!”

Some people get satisfaction relaying the newest news message to someone else. Or being the first to know something among their friends. It actually validates their news obsession and gives them a sense of being “in the know.”

We’re so bent on crowdsourcing things these days… how about crowdsource your news reading?

Let everyone else keep up on news for you. Let them tell you about it over lunch or a drink. This will not only free you up for more important things, but reaffirm your friend’s need to feel important for catching you up on the big story.

So purge your RSS feed. Stop following Tech Crunch, Gizmodo, Engadget and Apple News. 95% of their stories don’t matter anyway.

Unfollow all but a subset of your Twitter crew. Focus on the ones putting out meaningful content and not just noise.

Unfriend all those acquaintances and old high school friends on Facebook. Or stop logging in so often, or close your account all together. Take a friend out to lunch if you want to catch up on what they’ve been doing instead of passively taking in their life.

If something big is happening, let someone else tell you about it. Then ask yourself, who cares? It won’t be you.

MediaTemple asserts in a July 16, 2010 blog entry, “We do not believe that this is an infrastructure issue, but we are still investigating the root cause(s).”

I believe I have evidence to the contrary.

I noticed today my WordPress blogs had been hit by the Redirect Exploit. I followed the fix instructions and came across something fishy.

Before upgrading one of my old blogs from WordPress 2.5 to 2.6, I had made a full copy of the database. So I then had two identical databases up with different names. I switched the database name in my WordPress config and went along with the upgrade. So my WordPress 2.5 database lay dorment, without an active frontend to administer it.

I ran the fix code against my old WP 2.5 database, and found it had been injected with the exploit code, even without an active WordPress install pointing to it.

This is significant because most WordPress exploits are local to the installation itself, and likely do not affect installations on a host’s entire network.

This leads me to believe the exploit was carried out as a result of a system-level security breach by obtaining a list of all databases on all compromised accounts, and running an UPDATE query to inject code into every WordPress database.

MediaTemple’s head of support and a few sysadmin/security guys were nice enough to give me a call after I put out this tweet to discuss what I had found, and divulge a bit of what they know.

They believe someone possibly obtained a list of database credentials, then used those credentials to scan and inject code. They said they had already enacted some system changes to mitigate some security issues, and were in the process of re-architecting some aspects of the shared system.

I expect we will see more news from the MediaTemple crew about this exploit in the coming weeks.

To prevent further exploits, you should manually change the password of every database account on your (gs) account, and check that your /domains/ directory is not world-readable (chmod 755 750)

July 21, 7:50pm Update: A previous version of this article had info that could be interpreted as users having access to other users accounts on the system. That was not the intended message and the wording has been updated to reflect this change.

September 30, 2010 Update: Since this article, I have needed to remove malicious JavaScript from this blog two more times, each time with a slightly different-looking exploit code. The most recent exploit I discovered yesterday when a user reported Google was reporting my blog as hosting malware. Sadly, this was not limited to just my blog.

MANY domains on my MediaTemple grid-server account were found to be listed as hosting malware by Google. Even domains without WordPress installed. This points to a larger issue where either the server itself is insecure or a web application on the server (WordPress?) is being used as an attack vector to modify files on the filesystem.

I’ll admit, I’m in that latter group of striving to write “perfect code.” I constantly read articles, pour over well-written open-source code (mostly Symfony code) and review conference presentation slides posted by notable developers on SlideShare.

Like every one of us, I’ve come a long way from where I was when I started writing PHP. (With a long way to go, still, I’m sure.) I remember the days of constantly hitting syntax errors before discovering IDEs and performing search and replace over an entire project to update code duplicated across multiple files. Yeah, it was a nightmare. One I would prefer to not repeat.

So while I’m not going to read a single article about a design pattern and roll it into my next production product, I am going to continue learning from the best developers in the industry and explore the concepts they advocate.

The Redheaded Stepchild: WordPress (and its many siblings)

Marco also claims that even though WordPress is regarded as “unmaintainable” by many in the community, it has plenty of maintainers and many plugin contributors. But making the “quantity over quality” argument here holds no weight.

WordPress has a lot of maintainers because it still relies on concepts and methods that many junior developers think are OK. Meaning, “WordPress developers” haven’t become fed up with their code quality enough to push deeper. WordPress’ codebase is how beginners write code, so it is familiar to a large number of developers eager to put their mark on something. Many PHP programmers never progress past this stage. And their ignorance is probably bliss.

Given WordPress’ popularity, many junior developers view the code under the hood and think, “WordPress is successful. This must be how you write successful PHP code.” NO! It’s not! Writing code like that is what makes you hate your job!

Marco argues that if your code works and you are releasing software, you are doing it right. But how much did you hate your life when…

1. you had to fix more than one security issue per release cycle
2. you spent hours trying to fix a single bug, only to have squash it, and it broke twenty other things
3. realizing you missed other occurrences of that same bug after fixing it in the previous release
4. the API/software you write third-party code for breaks your plugin with every release (just like WordPress does.)

Having to fix broken code not done well the first time will cost your client more money, and cost you your patience and ambition. Spend time thinking about your next function before you haphazardly write it. Think about its context, where might it be reused in the future, and what parts could be swapped out to make it more reusable and easier to test.

Where do you want to spend your time… Up front researching, reading and writing quality code up front with DRY principles and hopefully at least some unit tests? Or at crunch time cursing your monitor and slamming your head on your desk agonizing over code you wrote 3 months ago?

Do Something! Learn From the Best

When you’re writing code or debugging old code and thinking, “There’s got to be a better way…!” There is.

Start with the PHP Advent series: 2009, 2008, 2007.

Learn what Dependency Injection is and how you can use it.

Unlearn everything you’ve read on design patterns in the last 5 years.

Follow some of the most respected PHP developers on Twitter.

And start writing better code.

[Disclaimer: Yes, this blog uses WordPress.]