Contemplating the Future

In 2005 I obtained a job at a regional ILEC as a Data Operations Technician. As part of this job, I took over development of one of the tools we used to diagnose customer DSL connections. Problem was, this tool was written in PHP, a programming language I was, as yet, unfamiliar with.

At the same time, I was also looking for a web-based tool I could use to keep track of various tasks. While there were a few open-source tools I could use, none had the features I was looking for. So I decided to write one myself, and to write it in PHP so I could learn the language better. In the end, I’m glad I did as PHP has become indispensable for writing web-based tools.

The tool I wrote was a web-based todo manager called phpTodo. Since the alpha release in 2005, I have released 7 more versions. Work on phpTodo has ebbed and lowed with time, often interrupted by work and life in general. In fact, the last formal release was made almost 5 years ago, bringing the current version up to 0.8.1. In 2009, I found out that phpTodo was being packaged and released with Fedora as well.

After releasing 0.8.1, I decided to switch from using categories to using tags, similar to how the blogging system I use, Serendipity, uses them. This required rewriting a good deal of the back end of the system, as well as making extensive changes to the front end. I also started using the Prototype and Scriptaculous Javascript frameworks, and then later switched to jQuery. In all, a great deal of code has been rewritten.

I’m quite happy with the general feel of the new version I’ve been working on. While there is a good deal more code to be written, I’m confident there will be a code release soon enough.

I’ve been thinking a lot about the future of phpTodo and where I want to take it. When I originally started, I wrote the system such that I could see my todo list items via an RSS feed. At the time, I had a Blackberry phone and this worked brilliantly. Of course, this was purely a one-way feed with no way to update any todo items on the go. Since that time, I started working on a mobile view for the system, but stopped quickly after I realized how horrible working with WAP was. Fortunately, technology has progressed quickly since that time and WAP is no longer necessary. So, I’m considering working on a mobile version again.

A mobile version brings new challenges, however. It should be trivial to develop a mobile view that can be used while online, but my hope was to have an offline version as well that can be synchronized with the online version. One possibility is to develop an app that can be loaded onto a phone. That, of course, severely limits the platforms it can be run on. Another possibility is an HTML5 version, though that brings challenges of its own.

Another thought was to build a web service into phpTodo. The basic premise is an XML generator that, given a set of parameters, can supply an XML feed for external systems to use as input. And an XML parser that can receive data from external systems in order to update phpTodo data. I believe this can be used as the interface for the mobile view.

A web service can also be used to power another idea I had. I stumbled across the website of Brett Terpstra a while back and found a treasure trove of interesting ideas and useful code snippets. Among these is an obsession for recording notes to keep track of projects, interesting ideas, and helpful code snippets. Brett uses a number of custom scripts and software packages, most of which are exclusive to his platform of choice, OS X. To be honest, I find this incredibly intriguing, and potentially useful. So, I’ve been thinking about developing a command-line tool I can use to interact with phpTodo. A web service could make this a great deal easier.

I have no plans to stop working on the project, and, in fact, I’m eager to keep moving forward. As I continue to rely on phpTodo itself for my daily work, I rely on improvements I can make to the system. So overall, the future of phpTodo is bright.

phpTodo … In Fedora!!

Apparently I’m always the last to know… But.. I found out today that phpTodo, the todo list manager I wrote (and continue to write) has been included in Fedora. In fact, it seems it’s been in there since Fedora 7. It’s not in the main distribution, nor should it be, but apparently it’s a maintained package. Thanks, Marc!

Honestly, I’m truly honored. I wrote this on a whim and it has served me well. I use it every day! And since writing it, I’ve had a handful of people make suggestions and offer patches. I think it’s been pretty successful for a small project.

So, how about an update? Well, I’ve been working on phpTodo in my spare time, which, unfortunately, has been relatively lacking as of late. I have been able to add in a number of fixes and new features, however. The biggest change in the next release will be the removal of categories in favor of having tags. In using phpTodo over the years, I’ve noticed a number of times where I’d like to be able to put an item in multiple categories, and display multiple categories at once. While this may have been possible with categories as they were implemented, I think tags works a bit better. I’ve borrowed an idea from the Serendipity blogging platform to implement tags in a user-friendly manner, so I think the implementation works pretty well. I still have some more work to tie it all together, but it is coming along.

Another change is the addition of the Prototype and Scriptaculous javascript frameworks. There are a few reasons I decided to go this route. First and foremost, it significantly reduces the amount of work necessary to perform cross-platform javascript operations. To date, I’ve used relatively simple javascript functions, mostly for front-line input validation, but with the addition of tags, I wanted to move into some more advanced techniques. I’m striving to keep it simple and not overdo it, so don’t worry.

And, of course, there are the various bug fixes that need to be added. Overall, I’m excited about the next release of phpTodo. I don’t have a timetable as of now, but I’m hopeful that my free time will increase shortly, giving me more time to work on it. If so, then I’m optimistic about a new release sometime in the next 3-4 months. We’ll see what happens.

If you’re using phpTodo, I’d like to hear from you. I’m interested in what you like and what you dislike about the program, the interface, the workflow, etc. What features would you like to see? What features would you hate to see?

Thanks!

 

Common PHP Regular Expression Security Issue

Stefan Esser (PHP Security Blog, Suhosin) recently posted an entry on his blog titled “Holes in most preg_match() filters” about a possible security issue that apparently escapes a lot of notice.

Let me explain the situation.  PHP uses Perl Compatible Regular Expressions, PCRE, for pattern matching.  In PCRE the carat metacharacter (^) is used to match the very beginning of the string, and the dollar-sign metacharacter ($) is used to match the end of the string.  This is extremely useful to ensure that the expression you’ve written has matched the entire string.

However, PCRE_DOLLAR_ENDONLY is not used by default.  This means that the dollar-sign metacharacter still matches to the end of the string, but it also matches is a newline character is at the end of the string.  In other words, a newline character may, or may not be present at the end of the string and you won’t know either way by default.

So, how do we fix this then?  Well, there are two ways.  First, you can add a D modifier to the end of the regular expression like this :

preg_match(‘/^[a-z]+$/D’, $string);

Or, you can use the \z modifier like this :

preg_match(‘/^[a-z]+\z/’, $string);

Either method works, although from the comments at Stefan’s site, it looks like \z is more portable since Perl doesn’t support the D modifier.

Here is short script to “prove” this, as it were :

 

$badstring = urldecode(“test%0a”);

if (preg_match(‘/^[0-9a-zA-Z]+$/’, $badstring)) {

print “Test 1 MATCHES\n”

}

if (preg_match(‘/^[0-9a-zA-Z]+$/D’, $badstring)) {

print “Test 2 MATCHES\n”

}

if (preg_match(‘/^[0-9a-zA-Z]+\z/’, $badstring)) {

print “Test 3 MATCHES\n”

}

 

I’m posting this info for two reasons.  First, it’s something programmers need to know.  It’s important since security holes are a bad thing.  Second, I’m guilty of this myself.  phpTodo used the dollar-sign metacharacter without the D modifier, making my code somewhat insecure.

The good news is that I have corrected the problem and posted a new version.  This is a precautionary measure, I don’t believe this adversely affected the security of the application, but better safe than sorry.  Head over and grab the new version just to be on the safe side.

phpTodo 0.8 Beta Released

A new version of phpTodo, version 0.8 Beta, was released today.  It’s been almost six months since the last release, mostly due to lack of time.  My primary goal for this release was to add ATOM support and get all the bugs fixed.  I feel I was able to accomplish both of these goals.

I think an official 1.0 release is imminent, assuming I have time to work on the program.  I have a few features I’d like to add before 1.0 if I can.  If they do get added, a 0.9 gamma version will be released before 1.0 becomes official.

After the 1.0 release, I’d like to get group support added.  In addition, I’m thinking about switching from single category based tasks to tags.  This would allow a single todo item to be placed into several categories at the same time.  Feed support will be updated as well, keeping in-line with the current feature set.

 

Overall, I’m quite happy with this project.  It’s helped me out in numerous ways, organizing my personal todo lists as well as giving me the opportunity to work on an open-source project.  I’d love to hear some feedback concerning this project, especially if you’re using it on a daily basis.  I’m definitely open to suggestions for improvements and I’d like to get some additional CSS layouts to include with the distribution.  You can leave any comments you may have right here on this blog entry.

Thanks to everyone who has already sent me suggestions and bug reports.  I hope to hear from more of you soon!  If you’re interested in trying out phpTodo, check out the demo site.

phpTodo 0.7 Released!

After 7 months a new version of phpTodo has arrived. I’ve spent the last month or so working on this and polishing it up. I think I have a pretty decent release put together.

New additions include a “Next Action” field, validated RSS feeds, UI enhancements, and tons of bug fixes. You can read all about the enhancements and bug fixes in the release itself, so head over and download it!

Future plans include adding ATOM 1.0 support, sub task support (todos for your todos!), group support (so you can assign a single task to multiple people), and more. I’d like to eventually migrate into an entire management system that can be used for project management.

 

I’d love to hear any feedback regarding this project. This is my first sourceforge project and really the first open source code I’ve released into the wild. So please feel free to leave me comments!

phpTodo 0.6 Released!

I released version 0.6 of phpTodo last night. There were some minor bugfixes, nothing major though.

 

Added to this release were a few new fields in the database to track creation date, and last modified dates. Future releases may utilize these fields more, but at the moment they’re only being used for the sort stabilizer.. The task modify code was updated to deal with these 2 new fields. Each time a record is created, the create_date field is populated. Every change updates the last_modified field.

Which brings me to another feature I added. I noticed that if you sort by priority, status, or anything other than subject, the entries shifted when you reloaded the page. My initial thought was to just add a behind the scenes secondary sort on id. I changed my mind and decided to give that choice to the user. So, on the preferences screen, the user can choose what field to sort on. This is set to task ID by default.

 

At this point the program is pretty much feature complete. I’m adding in WML support before the 1.0 release, but that’s about it. Besides bugfixes, of course.

 

After the 1.0 release, I have some bigger plans. I read a book by David Allen about todo lists and handling tasks.. Really enlightening stuff. Basically, the idea is to process everything in your inbox (anything you need to do), and determine what the next action is. At that point, you file it away based on when it needs to be done. There’s obviously a lot more to it, and if you’re interested, you can find his book on Amazon.

Based on what I learned, I’m planning on adding a number of features to phpTodo. First, I plan on adding an email module. This will allow the user to email todo items to their list. I’ll be adding some sort of authentication schema to it to ensure the item goes to the correct list. That has yet to be worked out.

I’m also looking at updating the main screen. I’ll break it up a bit to become a dashboard of sorts like the presonalized google homepage. Essentially, there will be an inbox which will consist of un-sorted todo items, an interface to quickly go through those items, the main todo list, and a calendar with appointments.

Since I’m adding a calendar, I want to also add a tickler module that can send reminders via email, sms, IM, etc. The user can choose the method(s) they want to be notified by and the system will alert them when the time comes.

I also want to add group todo lists. In essence, another user that will “share” their list with other users. This will, I believe, add more project management capabilities. Anyone can add a todo list item, and anyone else can take it and work on it. Possibly some sort of notification feature to update all users regarding those items.

 

Overall, I think this project is working out pretty well. I’ve learned a lot about php programming and I’m working on solidifying my coding style. It’s helped me a lot with the coding I’ve been doing for work. I’ve put together a complete database system, dsl tools, and the like. Good stuff that I seem to be getting some decent praise for.. :)

 

You can download the latest version of phpTodo from the phpTodo SourceForge page.

phpTodo 0.5 Released!

Yesterday I released the latest version of my phpTodo project. In a nutshell, phpTodo is a todo list manager with RSS feed capabilities. I find it extremely useful, and I hope other are finding it just as useful…

 

Since this is the first entry I’ve written about phpTodo, let me give a little background information. I have things to do. Yeah, so does everyone else. And like most people, it’s hard to keep everything straight. I had my honey-do list at home, a list of stuff that I wanted to accomplish, projects for work, tasks for different projects at work I was working on, etc.. It was all a mass of confusion..

 

So, I decided to start using the todo list manager in Lotus. Well.. it works.. It’s kinda nice, but it’s slow, and a real pain to see everything in one shot. So, I started looking online for a web based one that I could use at home and work. I found a couple, but nothing that allowed me to categorize and view by category, etc. So, since I had wanted to start a sourceforge project, and I like programming, I decided to write one. And I got to thinking.. How could I ensure that I could see my todo list from anywhere? Well, a webpage is a good start, but web pages aren’t always that great on mobile phones.. I happen to have a blackberry that I carry with me, so I looked around a bit more.. I could get RSS feeds on my blackberry, so how about that?

 

And with that, phpTodo was born.. To date, I’ve had over 400 downloads of the software (that’s all vesion combined) .. The previous version, 0.4, had approximately 170 downloads. Not too bad for a piece of beta software.. :) At least, I’m happy with it.. :)

 

This latest version contains a number of bug fixes both big and small. I’ve also added some code to redirect the user properly when the login times out. Essentially, if the user is doing something and times out, it records the current information, redirects to the login page, and then redirects them back to where they left off after they login. Works pretty well… :)

 

Work continues on the project. I’m at 0.5 now and I’d like to get a 1.0 release out pretty soon. So, for the time being, I’m in a feature freeze. At this point I want to ensure that everything works correctly and iron out any bugs that may be lingering around. Once I get 1.0 out, I’ll look at adding some new features.

 

If you’re interested in checking it out, here’s a link to the sourceforge project site. I plan on setting up a formal project site for it, but I haven’t gotten around to it yet…