sacy 0.2 – now with less, sass and scss
To fresh up your memory (it has been a while): sacy is a Smarty (both 2 and 3) plugin that turns
{asset_compile}
<link type="text/css" rel="stylesheet" href="/styles/file1.css" />
<link type="text/css" rel="stylesheet" href="/styles/file2.css" />
<link type="text/css" rel="stylesheet" href="/styles/file3.css" />
<link type="text/css" rel="stylesheet" href="/styles/file4.css" />
<script type="text/javascript" src="/jslib/file1.js"></script>
<script type="text/javascript" src="/jslib/file2.js"></script>
<script type="text/javascript" src="/jslib/file3.js"></script>
{/asset_compile} |
into
<link type="text/css" rel="stylesheet" href="/assets/files-1234abc.css" /> <script type="text/javascript" src="/assets/files-abc123.js"></script> |
It does this without you ever having to manually run a compiler, without serving all your assets through some script (thus saving RAM) and without worries about stale copies being served. In fact, you can serve all static files generated with sacy with cache headers telling browsers to never revisit them!
All of this, using two lines of code (wrap as much content as you want in {asset_compile}...{/asset_compile})
Sacy has been around for a bit more than a year now and has since been in production use in PopScan. During this time, no single bug in Sacy has been found, so I would say that it's pretty usable.
Coworkers have bugged me enough about how much better less or sass would be compared to pure CSS so that I finally decided to update sacy to allow us to use less in PopScan:
Aside of consolidating and minimizing CSS and JavaScript, sacy can now also transform less and sass (or scss) files using the exact same method as before but just changing the mime-type:
<link type="text/x-less" rel="stylesheet" href="/styles/file1.less" /> <link type="text/x-sass" rel="stylesheet" href="/styles/file2.sass" /> <link type="text/x-scss" rel="stylesheet" href="/styles/file3.scss" /> |
Like before, you don't concern yourself with manual compilation or anything. Just use the links as is and sacy will do the magic for you.
Interested? Read the (by now huge) documentation on my github page!
Why node.js excites me
Today, on Hacker News, an article named "Why node.js disappoints me" appeared - right on the day I returned back from jsconf.eu (awesome conference. Best days of my life, I might add) where I was giving a talk about using node.js for a real web application that provides real use: tempalias.com
Time to write a rebuttal, I guess.
The main gripe Eric has with node is a gripe with the libraries that are available. It's not about performance. It's not about ease of deployment, or ease of development. In his opinion, the libraries that are out there at the moment don't provide anything new compared to what already exists.
On that level, I totally agree. The most obvious candidates for development and templating try to mimik what's already out there for other platforms. What's worse: There seems to be no real winner and node itself doesn't seem to make a recommendation or even include something with the base distribution.
This is inherently a good thing though. Node.js isn't your complete web development stack. Far from it.
Node is an awesome platform to very easily write very well performing servers. Node is an awesome platform to use for your daily shell scripting needs (allowing you to work in your favorite language even for these tasks). Node isn't about creating awesome websites. It's about giving you the power to easily build servers. Web, DNS, SMTP - we've seen all.
To help you with web servers and probably to show us users how it's done, node also provides a very good library to interact with the HTTP protocol. This isn't about generating web pages. This isn't about URL routing, or MVC or whatever. This is about writing a web server. About interracting with HTTP clients. Or HTTP servers. On the lowest level.
So when comparing node with other platforms, you must be careful to compare apple with apples. Don't compare pure node.js to rails. Compare it to mod_wsgi, to fastcgi, to a servlet container (if you must) or to mod_php (the module that allows a script of yours access to server internals. Not the language) or mod_perl.
In that case, consider this. With node.js you don't worry about performance, you don't worry about global locks (you do worry about never blocking though), and you really, truly and most awesomely don't worry about race conditions.
Assuming
var a = 0; var f = function(){ var t = a; // proving a point here. I know it's not needed a = t + 1; } setTimeout(f, 100); setTimeout(f, 100); |
you'd always end up with a === 2 once both timeouts have executed. There is no interruption between the assignment of t and the increment. No worries about threading. No hours wasted trying to find out why a suddenly (and depending on the load on your system) is either 1, 2 or 3.
In the years we got experience in programming, we learned that what f does in my example above is a bad thing. We feel strange when typing code like this - seeking for any method of locking, of specifying a critical section. With node, there's no need to.
This is why writing servers (remember: highly concurrent access to potentially the same code) is so much fun in node.
The perfect little helpers that were added to deal with the HTTP protocol are just the icing on the cake, but in so many other frameworks (*cough* WSGI *cough*) stuff like chunking, multipart parsing, even just reading the client's data from an input stream are hard if you do them on your own, or completely beyond your control if you let the libraries do them.
With node you get to the knobs to turn in the easiest way possible.
Now we know that we can easily write well performing servers (of any kind with special support for HTTP) in node, so let's build a web site.
In traditional frameworks, your first step would be to select a framework (because the HTTP libraries are so effing (technical term) hard to use).
You'd end up with something lightweight like, say, mnml or werkzeug in python or something more heavy like rails for ruby (though rack isn't nearly as bad as wsgi) or django for python. You'd add some kind of database abstraction or even ORM layer - maybe something that comes with your framework.
Sure. You could do that in node too. There are frameworks around.
But remember: Node is an awesome tool for you to write highly specialized servers.
Do you need to build your whole site in node?
Do you see this as a black or white situation?
Over the last year, I've done two things.
One is to layout a way how to augment an existing application (PHP, PostgreSQL) with a WebSocket based service using node to greatly reduce the load on the existing application. I didn't have time to implement this yet, but it would work wonders.
The other thing was to prove a point and to implement a whole web application in node.
I built tempalias.com
At first I fell into the same trap that anybody coming from the "old world" would be falling. I selected what seemed to be the most used web framework (Express) and rolled with that, but I soon found out that I have it all backwards.
I don't want to write the 50iest web application. I wanted to do something else. Something new.
When you look at the tempalias source code (yeah - the whole service is open source so all of us can learn from it), you'll notice that no single byte of HTML is dynamically generated.
I ripped out Express. I built a RESTful API for the main functionality of the site: Creating aliases. I built a server that does just that and nothing more.
I leveraged all the nice features JavaScript as a language provides me with to build a really cool backend. I used all the power that node provides me with to build a really cool (and simple!) server to web-enable that API (posting and reading JSON to and from the server)
The web client itself is just a client to that API. No single byte of that client is dynamically generated. It's all static files. It's using Sammy, jQuery, HTML and CSS to do its thing, but it doesn't do anything the API I built on node doesn't expose.
Because it's static HTML, I could serve that directly from nginx I'm running in front of node.
But because I wanted the service to be self-contained, I plugged in node-paperboy to serve the static files from node too.
Paperboy is very special and very, very cool.
It's not trying to replace node's HTTP library. It's not trying to abstract away all the niceties of node's excellent HTTP support. It's not even trying to take over the creation of the actual HTTP server. Paperboy is just a function you call with the request and response object you got as part of node's HTTP support.
Whether you want to call it or not is your decision.
If you want to handle the request, you handle it.
If you don't, you pass it on to paperboy.
Or foobar.
Or whatever.
Node is the UNIX of the tools to build servers with: It provides small dedicated tools that to one task, but truly, utterly excel at doing so.
So the libraries you are looking for are not the huge frameworks that do everything but just the one bit you really need.
You are looking for the excellent small libraries that live the spirit of node. You are looking for libraries that do one thing well. You are looking for libraries like paperboy. And you are relying on the excellent HTTP support to build your own libraries where the need arises.
It's still very early in node's lifetime.
You can't expect everything to be there, ready to use it.
For some cases, that's true. Need a DNS server? You can do that. Need an SMTP daemon? Easy. You can do that. Need a HTTP server that understands the HTTP protocol really well and provides excellent support to add your own functionality? Go for it.
But above all: You want to write your server in a kick-ass language? You want to never have to care about race conditions when reading, modifying and writing to a variable? You want to be sure not to waste hours and hours of work debugging code that looks right but isn't?
Then node is for you.
It's no turnkey solution yet.
It's up to you to make the most out of it. To combine it with something more traditional. Or to build something new, maybe rethinking how you approach the problem. Node can help you to provide an awesome foundation to build upon. It alone will never provide you with a blog in 10 minutes. Supporting libraries don't at this time provide you with that blog.
But they empower you to build it in a way that withstands even the heaviest pounding, that makes the most out of the available resources and above all, they allow you to use your language of choice to do so.
JavaScript.
Do spammers find pleasure in destroying fun stuff?
Recently, while reading through the log file of the mail relay used by tempalias, I noticed a disturbing trend: Apparently, SPAM was being sent through tempalias.
I've seen various behaviours. One was to strangely create an alias per second to the same target and then delivering email there.
While I completely fail to understand this scheme, the other one was even more disturbing: Bots were registering {max-usage: 1, days: null} aliases and then sending one mail to them - probably to get around RBL checks they'd hit when sending SPAM directly.
Aside of the fact that I do not want to be helping spammers, this also posed a technical issue: node.js head which I was running back when I developed the service tended to leak memory at times forcing me to restart the service here and then.
Now the additional huge load created by the bots forced me to do that way more often than I wanted to. Of course, the old code didn't run on current node any more.
Hence I had to take tempalias down for maintenance.
A quick look at my commits on GitHub will show you what I have done:
- the tempalias SMTP daemon now does RBL checks and immediately disconnects if the connected host is listed.
- the tempalias HTTP daemon also does RBL checks on alias creation, but it doesn't check the various DUL lists as the most likely alias creators are most certainly listed in a DUL
- Per IP, aliases can only be generated every 30 seconds.
This should be some help. In addition, right now, the mail relay is configured to skip sender-checks and sa-exim scans (Spam Assassin on SMTP time as to reject spam before even accepting it into the system) for hosts where relaying is allowed. I intend to change that so that sa-exim and sender verify is done regardless if the connecting host is the tempalias proxy.
Looking at the mail log, I've seen the spam count drop to near-zero, so I'm happy, but I know that this is just a temporary victory. Spammers will find ways around the current protection and I'll have to think of something else (I do have some options, but I don't want to pre-announce them here for obvious reasons).
On a more happy note: During maintenance I also fixed a few issues with the Bookmarklet which should now do a better job at not coloring all text fields green eventually and at using the target site's jQuery if available.
Google Apps – Provisioning – Two-Legged OAuth
Our company uses Google Apps premium for Email and shared documents, but in order to have more freedom in email aliases, in order to have more control over email routing and finally, because there are a couple of local parts we use to direct mail to some applications, all our mail, even though it's created in Google Apps and finally ends up in Google Apps, goes via a central mail relay we are running ourselves (well. I'm running it).
Google Apps premium allows you to do that and it's a really cool feature.
One additional thing I'm doing on that central relay is to keep a backup of all mail that comes from Google or goes to Google. The reason: While I trust them not to lose my data, there are stories around of people losing their accounts to Googles anti-spam automatisms. This is especially bad as there usually is nobody to appeal to.
So I deemed it imperative that we store a backup of every message so we can move away from google if the need to do so arises.
Of course that means though that our relay needs to know what local parts are valid for the google apps domain - after all, I don't want to store mail that would later be bounced by google. And I'd love to bounce directly without relaying the mail unconditionally, so that's another reason why I'd want to know the list of users.
Google provides their provisioning API to do that and using the GData python packages, you can easily access that data. In theory.
Up until very recently, the big problem was that the provisioning API didn't support OAuth. That meant that my little script that retreives the local parts had to have a password of an administrator which is something that really bugged me as it meant that either I store my password in the script or I can't run the script from cron.
With the Google Apps Marketplace, they fixed that somewhat, but it still requires a strange dance:
When you visit the OAuth client configuration (https://www.google.com/a/cpanel/YOURDOMAIN/ManageOauthClients), it lists you domain with the note "This client has access to all APIs.".
This is totally not true though as Google's definition of "all" apparently doesn't include "Provisioning" 
To make two-legged OAuth work for the provisioning API, you have to explicitly list the feeds. In my case, this was Users and Groups:
Under "Client Name", add your domain again ("example.com") and unter One or More API Scopes, add the two feeds like this: "https://apps-apis.google.com/a/feeds/group/#readonly,https://apps-apis.google.com/a/feeds/user/#readonly"
This will enable two-legged OAuth access to the user and group lists which is what I need in my little script:
import gdata.apps.service import gdata.apps.groups.service consumer_key = 'YOUR.DOMAIN' consumer_secret = 'secret' #check advanced / OAuth in you control panel sig_method = gdata.auth.OAuthSignatureMethod.HMAC_SHA1 service = gdata.apps.service.AppsService(domain=consumer_key) service.SetOAuthInputParameters(sig_method, consumer_key, consumer_secret=consumer_secret, two_legged_oauth=True) res = service.RetrieveAllUsers() for entry in res.entry: print entry.login.user_name service = gdata.apps.groups.service.GroupsService(domain=consumer_key) service.SetOAuthInputParameters(sig_method, consumer_key, consumer_secret=consumer_secret, two_legged_oauth=True) res = service.RetrieveAllGroups() for entry in res: print entry['groupName'] |
tempalias.com – now with bookmarklet
let's say you want to create one of these temporary aliases, but you don't actually want to leave the page you are on.
Good news is: Now you can.
- Visit tempalias.com once.
- Create any alias you want the bookmarklet to create for you in the future
- In the confirmation screen, you will be offered the bookmarklet to drag to your bookmarks bar.
Now whenever you are on a site you want to create a temporary alias for, just click that bookmarklet, hover the email field and press the left mouse button. The alias will be generated and filled into that email form.
If you are interested in how this was made, read the next entry of my development diary.
If you like to find out more about tempalias and more projects of mine, you should follow me on twitter here.
tempalias.com – creating the bookmarklet
Now that the bookmarklet feature is finished, let me take a few minutes to reflect on its creation, in the spirit of continuing the development diary.
The reason for the long silence after the launch is, believe it or not, the weather: Over the time I made the initial tempalias service, I began to really enjoy taking my 17inch MacBook Pro outside on the balcony and write code from there. In fact, I enjoyed it so much that I really wanted to continue that tradition when doing more work on the site.
Unfortunately from May first until May 21st it was raining constantly which made coding on the balcony kind of no-fun to do.
Now the weather was great and I could finish what I began way earlier.
So. How does one create a bookmarklet?
I didn't know much either, but in the end, the essence of a bookmarklet is JavaScript code that gets executed in the context of the page you are on when you are executing it. So that's something to work with.
Of course, you don't want to add all the code you need for your magic to work into that link target - that would be unmaintainable and there's some risk of breakage once the link gets too big - who knows at what size of the script browsers begin cutting off the code.
So you basically do nothing but creating a script tag sourcing the real script. This is what I'm doing too - the non-minified version of that code is in util/bookmarklet_launcher_test.js.
Looking at that file, you'll notice that the bookmarklet itself is configurable using that c variable (keeping the names short to keep the code as short as possible). The configuration is done on the results page that is shown once the alias has been generated (public/templates/result.template).
Why the host name? Because the script that is injected (public/bookmarklet.js) doesn't know it - when it's sourced, window.location would still point to the site it was sourced on. The script is static code, so the server can't inject the correct host name either - in fact, all of tempalias is static code aside of that one RESTful endpoint (/aliases).
This is a blessing as it keeps the code clean and a curse as it makes stuff harder than usual at places - this time it's just the passing around of the host name (which I don't want to hard-code for easier deployment and development).
The next thing of note is how the heavy lifting script is doing its work: Because the DOM manipulation and event-hooking up needed to make this work is too hard for my patience, I decided that I wanted to use jQuery.
But the script is running in the context of the target site (where the form field should be filled out), so we neither can be sure that jQuery is available nor should we blindly load it.
So the script is really careful:
- if jQuery is available and of version 1.4.2, that one is used.
- If jQuery is available, but not of version 1.4.2, we load our own (well - the official one from Google's CDN) and use that, while restoring the old jQuery to the site.
- If jQuery is not available, we load our own, restoring window.$ if it pointed to something beforehand.
This procedure would never work if jQuery wasn't as careful as it is not to pollute the global namespace - juggling two values (window.$ and window.jQuery) is possible - anything more is breakage waiting to happen.
The last thing we need to take care of, finally, is the fact that the bookmarklet is now running in the context of the target site and, hence, cannot do AJAX requests to tempalias.com any more. This is what JSONp was invented for and I had to slightly modify the node backend to make JSONp work for the bookmarklet script (this would be commit 1a6e8c - not something I'm proud of - tempalias_http.js needs some modularization now).
All in all, this was an interesting experience between cross domain restrictions and trying to be a good citizen on the target page. Also I'm sure the new knowledge will be of use in the future for similar projects.
Unfortunately, the weather is getting bad again, so the next few features will, again, have to wait. Ideas for the future are:
- use tempalias.com as MX and CNAME as to create your own aliases for our own domain
- create an iphone / android client app for the REST API (/aliases)
- daemonize the main code on its own without the help of some shell magic
- maybe find a way to still hook some minimal dynamic content generation into paperboy.
tempalias.com – Public launch
After announcing tempalias.com here on my blog and sleeping over it, hoping the live server wouldn't die over night, last friday I first implemented a garbage collection facility to prune expired aliases and then publicly announced tempalias.com on both Haker News and Reddit.
The echo was overall positive and in the first two hours after the announcment, I fixed a lot of small things based upon suggestions of people posting to my announcement:
- I now serve a shortcut icon.
- While I'm expiring aliases, I'm also making sure that once used aliases are never reused.
- Node's HTTP parser throws under some circumstances and it's impossible to catch these errors which is why I had to greate a handler for the uncaughtException event as to keep the server up and running.
During the first day after its announcement, I had 4700 visits and in the second day it was still 1403 which might be some indication of the service being used by some people. As of right now, there are 652 valid aliases in redis.
During peak time, I got around 20 concurrent requests which the server handled easily (load of 0.01).
What was most interesting to me was that the announcement also generated quite a bit of traffic (3000 visits, so 75% conversion from the service to the blog which is nice) on this blog here and what I liked even more was the fact that the various entries in my development diary were read and sometimes commented upon which in turn lead to, drumroll please, 3 more twitter followers.
The project on github now has 22 watchers and on release day has seen 1496 page views according to their stats.
One question I was asked a lot is why I was writing an SMTP proxy instead of just hooking into an existing MTA. In retrospect, I was a bit unclear when I stated in the first entry of the diary:
Of course this old solution had one big problem: It required a mail server on the receiving end and it required you as a possible user to hook the script into that mailserver (also, I never managed to do just that with exim before losing interest, but by now, I would probably know how to do it).
My reasoning behind writing a proxy was the fact that I wanted you, my dear reader to fetch the source code and experiment with it or even host your own clone of tempalias.com. You should be able to do so with minimal effort, hence the solution should be as self-contained as possible without requiring a lot of infrastructure. Relying on a specific mail server would have severely limited the size of the audience, especially as the mail server I would have written the plugin for was to be Exim which isn't that widely used these days.
Then, there's another reason: As a long-time mail server administrator, I know that it is imperative to fork as little as possible during mail delivery. Hooking this into an existing mail server would have meant the server to fork for each incoming email, only to ultimately reject it in most of the cases as tempalias is much more about rejecting email than it is about delivering it.
No. Using the awesome performance of Node.js to reject tons and tons of email relying on any SMTP server as a smarthost only if needed felt more robust and easier to access for my readers. Hence I went the SMTP proxy route.
So. Am I happy with the launch?
Yes. I was able to make a service that is useful to some people. I was able to learn node.js from the inside out. I got to know some really bright developers in the process and I was able to contribute to open source projects.
On a personal level though, I would have hoped that spending 44 hours in developing an useful (and good looking) web service in a quite unknown but really sexy programming environment, documenting the steps in the process would have yielded a bit more social interaction with the community than a whole three twitter followers.
Maybe I should have stated my goal more clearly:
You should follow me on twitter here.
(this was a friendly nod to an article of the same name by Dustin Curtis, a person obviously way better in marketing than I will ever be)
Next time: Bookmarklet fun!
Announcing tempalias.com
Have you ever been in the situation where you had to provide a web service with an email address to get that confirmation email, full well knowing that you will not only get that, but also "important announcements" and "even more important product information"?
Wouldn't it be nice if they could just send you the confirmation link but nothing more?
That's possible now!
Head over to
type the email address that should receive the confirmation mail, specify how many mails you want to receive and for how many days. Then hit the button and - boom - there's your unique email address that you can provide to the service. Once the usage or time limit has been met, no more mail to that alias will be accepted.
tempalias.com is a fun-project of mine and also a learning experience. tempalias is written in node.js, a framework I had no prior experience with (but a whole lot of curiosity for). This is why I not only created the site, but I also documented my steps along the way. Here are the links to the various postings in chronological order (oldest first - I bolded the ones that contain useful information above just reporting on progress or bugs):
- development diary
- another day
- persistence
- SMTP and design
- config file, SMTP cleanup, beginnings of a server
- the cake is a lie
- rewrites
- sysadmin work
- learning CSS
- debriefing
If you want to get in touch with me to report bugs, or ask questions, to rant or maybe to send a patch to, please send me an email to y8b3@tempalias.com - erm... no. just kidding (you can try sending an email there - it's good for one day and one email - so good luck). Send it to pilif@gnegg.ch or contact me on twitter @pilif.
Sticking to the iPhone
Recently, I got a chance to play around with a Nexus One phone and I was using it as my main phone with the intent to use it as my new main phone. I had enough of the lack of background apps and the closedness of the iPhone, so I thought, I should really go through with this.
Unfortunately though, this didn't work out so well.
People who haven't tried both devices would probably never understand this, but the Nexus One touch screen is really, really bad. The bit of squigglyness you see on the picture in the linked article seems like no big deal, but after one week of Nexus One and then going back to the iPhone, you can't imagine how smooth it feels to use the iPhone again.
It's like being in a very noisy environment and then stepping back into a quiet one.
Why did I try the iPhone again?
While I got Podcast listening to work correctly on the Android phone, I noticed that a lot of my commuting time is not just spent by listening to podcasts, but that some games (currently Doodle Jump and Plants vs. Zombies) play a huge role too and the supply of games on the Android plattform is really, really bad.
And don't get me started on the keyboard: Neither the built-in one nor the one I had switched to even comes close to what the iPhone provides. I'm about 5 times as fast on the iPhone than on the Android. Worse: After switching to the Nexus One, I again began dreading having to write SMSes which usually spells death to any phone for me.
Speaking of keyboard: The built-in one is completely unusable for multilingual people: The text I write on a phone is about 50% english and 50% german. The Android keyboard doesn't allow switching the language on the fly (while the english and german keyboards are quite alike, the keyboard language also determines the auto correction language), and it couples the keyboard language to the phone UI language.
This is really bad, as over the years I bacame so accustomed to english UIs that I frankly cannot work with german UIs any more - also because of the usually really bad translations. Eek.
So, let's tally.
| iPhone | Android Device | |
| Advantages |
|
|
|---|---|---|
| Disadvantages |
|
|
While I thought I could live with the touch screen, the moment I turned on the iPhone again to play a round of "Plants vs. Zombies" that just came out for the i-Devices, I've seen how a touch screen is supposed to work and I could not bring myself around to going back, but I still wanted some of the one big iPhone disadvantage, which is lack of non-SMS-based messaging fixed for me, so here's what I've done:
- WhatsApp on the iPhone works really well as an SMS replacement (something I was after for a very long time)
- meebo so far never disconnected me on the iPhone which is something all other iPhone IM clients have done for me - and even on the android, meebo tended to disconnect and not reconnect.
For me, that's it. No more experiments. What ever I tried to get away from Apple's dictate, it always failed. The N900 is a geeks heaven but doesn't support my expensive in-ear iPhone headset and doesn't provide any halfway interesting games. Android has a bad touchscreen, next to no battery life, is slow and crashy.
It's really hard to admit for me as a geek and strong believer in freedom to use something I bought for whatever purpose I want to use it for, but Apple, even after two years, still rules the phone market in usability and hardware build quality.
Can't wait to see what the next iteration of the iPhone will be, though they don't have to change anything as long as their competition still thinks it's ok to save $2 on each phone by using a crappy touchscreen and a crappy battery.
linktrail – a failed startup – introduction
I guess it's inevitable. Good ideas may fail. And good ideas may be years ahead of their time. And of course, sometimes, people just don't listen.
But one never stops learning.
In the year 2000, I took part in a plan of a couple of guys to become the next Yahoo (Google wasn't quite there yet back then), or, to use the words we used on the site,
For these reasons, we have designed an online environment that offers a truly new way for people to store, manage and share their favourite online resources and enables them to engage in long-lasting relationships of collaboration and trust with other users.
The idea behind the project, called linktrail, was basically what would much later on be picked up by the likes of twitter, facebook (to some extent) and the various community based news sites.
The whole thing went down the drain, but the good thing is that I was able to legally salvage the source code, the install it on a personal server of mine and to publish the source code. And now that so many years have passed, it's probably time to tell the world about this, which is why I have decided to start this little series about the project. What is it? How was it made? And most importantly: Why did it fail? And concequently: What could we have done better?
But let's first start with the basics.
As I said, I was able to legally acquire the database and code (which is mostly written by me anyways) and to install the site on a server of mine, so let's get that out to start with. The site is available at linktrail.pilif.ch. What you see running there is the result of 6 months of programming by myself after a concept done by the guys I've worked with to create this.
What is linktrail?
If the tour we made back then is any good, then just taking it would probably be enough, but let me phrase in my words: The site is a collection of so called trails which in turn are small units, comparable to blogs, consisting of links, titles and descriptions. These micro-blogs are shown in a popup window (that's what we had back then) beside the browser window to allow quick navigation between the different links in the trail.
Trails are made by users, either by each user on their own or as a collaborative work between multiple users. The owner of a trail can hand out permissions to everybody or their friends (using a system quite similar to what we currently see on facebook for example)
A trail is placed in a directory of trails which was built around the directory structures we used back then, though by now, we would probably do this much more different. Users can subscribe to trails they are interested in. In that case, they will be notified if a trail they are subscribed to is updated either by the owner or anybody else with the rights to update the trail.
Every user (called expert in the site's terms) has their profile page (here's mine) that lists the trails they created and the ones they are subscribed to.
The idea was for you as an user to find others with similar interests and form a community around those interests to collaborate on trails. An in-site messaging-system helped users to communicate with each other: Aside of just sending plain text messages, it's possible to recommend trails (for easy one-click subscription) .
linktrail was my first real programming project, basically 6 months after graduating in what the US would call high school. Combine that fact with the fact that it was created during the high times of the browser wars (year 2000, remember) with web standards basically non-existing, then you can imagine what a mess is running behind the scenes.
Still, the site works fine within those constraints.
In future posts, I will talk about the history of the project, about the technology behind the site, about special features and, of course, about why this all failed and what I would do differently - both in matters of code and organization.
If I woke your interest, feel free to have a look at the code of the site which I just now converted from CVS (I started using CVS about 4 months into development, so the first commit is HUGE) to SVN to git and put it up on github for public consumption. It's licensed under a BSD license, but I doubt that you'd find anything in this mess of PHP3(!) code (though it runs unchanged(!) on PHP5 - topic of another post I guess), HTML 3.2(!) tag soup and java-script hacks.
Oh and if you can read german, I have also converted the CVS repository that contained the concept papers that were written over the time.
In preparation of this series of blog-posts, I have already made some changes to the code base (available at github):
- login after register now works
- warning about unencrypted(!) passwords in the registration form
- registering requires you to solve a reCAPTCHA.
JavaScript
