Secure your app API

The past month I tested 3 web / mobile applications on security, and 2 of them really had some big issues. They were medium sized business apps, I have sent them detailed reports, and they have fixed the issues. I won’t discuss any further details about them, I will however list the problems I found, so you can avoid having the same problems, and keep your customer data secure. Read More

Belkin Wemo plug & shellscript automated control

A client who uses paxton door access control for their gym wanted to have their TV switch on when a customer enters, and switch off after 1 hour. I bought a Belkin WeMo Switch and found a shellscript that can switch the wemo on and off (original script.) Read More

SlimPHP 2.x Custom Classes for Routes

If you want custom classes for your slim project you can do so by adding a route in the index.php file like this: Read More


Shoot for the moon

I dusted off our old (and never used) Bresser 45-46000 telescope, and found when i detach my Nikon d3200’s lens I can use it on the focusser of the telescope to get some nice images. Read More

Caching repetitive requests

For a client I created a php script that gets certain user profile statistics from another website and returns it as JSON to the ajax request that our own website sends.
This was the easiest way, since saving it ourselves and keeping the data up to date with all the changes would be too much work.

In order to lower the loadtime & keep the other website from being swamped with requests (every profile load) I used memcached to cache the data for 12 hours.
Caching data with memcached is fast and simple.

If you don’t have memcached yet, you can install it on ubuntu with the following command:

It should instantly start a memcached process, or you can start it manually:

the config file will be in /etc/memcached.conf or /etc/sysconfig/memcached

Here you can change the port (default it runs on 11211)

Now whenever my php script gets a request for a profile, I check if we have the data cached in memory:

the cachekey can be anything you wan’t wich will identify the data you are looking for (in my case I used the url encoded as the key)

If no result was found, I then get the result from the remote website, and save it in my memcached server for 12 hours

This way only the first request for every profile in 12 hours will be sending a request to a remote server, decreasing the average loadtime of the pages for the visitors.

Don´t forget we can also use memcached for caching results we get from database queries on our own database, to decrease loadtime and database cpu load.

Personally I prefer varnish for full page caching solutions (I will talk about that in another post), but for smaller stuff like a hand full of objects / results memcached is a very nice option.



C# application for paxton door access

Paxton offers a product range including IP, wireless and battery powered access control solutions to provide reliable security for any site requirement.

We ordered one door access card reader & control unit, with it comes net2 software shipped, in wich you can manage users access cards (wich doors who can open and when, expiration date etc..)

I will use the access control for a gym, where members can open the front door with their personal (rfid) card, untill their membership expires.

There was no way to automatically re-activate the members card after they renewed their subscription online, but since the net2 software paxton develops has a net2 sdk available, I created a c# application that updates the user automatically.

In this case a simple console application would be enough, wich runs every 5 minutes, checking a directory for xml files.
If a member renews their subscription or a new member is created an xml is sent to the server where the application picks up the xml and updates / creates the user in the net2 database:


The xml files that are added in the xml directory look like this:

After the file has been parsed it will be moved to the archive folder, for later reference or checking.

Frans Boone Store Realtime UPS Rates & Pickup points

Frans Boone wanted to offer his clients to choose between normal ups shipping rates & free shipping to ups pickup points near the client.
In order to do this I created a custom shopify app for Frans Boone, which uses the different ups api’s to get the pickup points near the customer & normal shipping rates, and return it to the shopify checkout process, where the client can choose the desired option.



SSH Key Authentication

If you are working with SSH a lot, it might be useful to generate a keypair, and setup the public key on your remote server, so you can easily login without needing to enter a password every time you connect.

Client config

A keypair consists of 2 files, by default they are located in ~/.ssh and are called:

  • id_rsa (private key, never give this to anyone, and never put in on any public location)
  • (public key, this key is meant to be configured on the server you would like to access)

Step 1. Generating a keypair with ssh-keygen:

If you don’t have a keypair yet, or want to generate a new one for this specific server, you should open terminal and enter: ssh-keygen and press enter.

Note: If you already have a keypair don’t use the default location, or it will replace your current private & public key


Enter the filename in which you would like to save the file, I’m using test for this demo purpose, press enter.

After this you will be prompted to add a passphrase, this is optional.


As you can see my test certificate has been generated.

Server config

In order to be able to connect to hour server without a password next time, we need to get the contents of the public key, and add it to the autorized_keys file on the server.

On your client terminal you can use cat to output the public key contents:

cat ~/.ssh/

Just copy and paste the output

Login to your server as you normally would (with your credentials) and paste the public key into ~/.ssh/authorized_keys if the file doesnt exist it will be created by calling
vim ~/.ssh/authorized_keys
nano ~/.ssh/authorized_keys
whatever you prefer 🙂

To doublecheck if your server config is setup correctly you can check the config file sshd_config with vim or nano (if you can’t find it use locate sshd_config)
the following lines should be present in the config file:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

If they are not you can add them at the bottom, and restart your sshd server with the following command:
/etc/init.d/sshd restart



  • If you used a different name for your public and private key (so not the default id_rsa) you will need to add an entry to your ~/.ssh/config so terminal knows which identity file to use for you server.
    an entry would look like:

    IdentityFile ~/.ssh/myidentityfile

    Note that you point to the private keyfile here.
  • If you are having trouble using your keys, make sure your private keyfile is readonly for you (chmod 600 ~/.ssh/id_rsa)

Using version control in your development workflow

I think every developer should use some form of version control (svn, mercurial or git).
I use git for all of my projects and have used mercurial / svn in the past, it saves me a lot of headaches in the projects in the long run.

There are great ways to use git for bigger projects, like the git branching workflow:


But for the smaller projects this is too complicated.
For the smaller projets I would recommend just using a development branch and a release branch.

checkout the release branch on the client’s webserver (first make sure your client isn’t hosted on a shared hosting service..)
checkout the development branch on your development server, make all the necessary changes, and have the client check the changes on the development server.
If all is well merge the development branch into the release branch, and pull the changes on the release server, and your done.

If any problems arise you can check the commits for any errors, and revert them or add necessary updates and merge them again.
I always keep a wiki page on github as well for all my projects, this is always usefull if a customer calls you 6 months later.

Magento isSaleable() false

If you are having problems with products not being saleable in magento, make sure you add the price attribute to the select, otherwise it will always return false!