Dear IndieWeb, it may be time to start considering the user, not just the technical spec. by Eli MellenEli Mellen
I’ve been working on a series of walkthrough posts that outline how to IndieWebify a Wordpress site. I presumed the initial setup would be fairly straightforward because a) I have a vague idea of what I’m doing, and b) a suite of plugins already exists. Boy-howdy, was I wrong. (ಥ﹏ಥ) I’ve...

I definitely agree with you, Eli! I was wondering out loud with a half-baked thought just yesterday about how we could help ease newer “generations” into the IndieWeb. Where you are coming from the technical side of things, I was thinking more about the on-boarding process and not expecting people to read swathes of documentation to get started. Having read your post I realise both need to be worked on (in tandem?)

I couldn’t hand over even a working WordPress + IndieWeb installation to my partner and expect her to have a good time using it. I’m trying to bring her round to the idea of moving to her own site, because she’s so frustrated with the social media giants, but the tools just aren’t accessible to her level yet.

What has been built so far in the IndieWeb is amazing. I’ve not been this enthused about having my own website – or what it’s capable of – in years. But I’ve been building on the web for 20+ years; I’m impressed by the technology because of my understanding of it, and I’m the sort of user who can work past the rough edges when I need to — in fact, part of me enjoys the tinkering aspect. On reflection, I might be the worst person to be evaluating how this stuff can be made more usable and accessible for someone who wants it to “just work” as smoothly as the existing options 😅

So I guess the question then becomes – who is best placed to help with this, and how do we bring them on board (if they’re not already)?

Social Reading User Interface for Discovery by Chris AldrichChris Aldrich
I read quite a bit of material online. I save “bookmarks” of all of it on my personal website, sometimes with some additional notes and sometimes even with more explicit annotations. One of the things I feel like I’m missing from my browser, browser extensions, and/or social feed reader is a social layer overlay that could indicate that people in my social network(s) have read or interacted directly with that page (presuming they make that data openly available.)

Feminist Internet (Feminist Internet)
The internet holds huge potential for liberation and political transformation. However many of society’s inequalities are encoded in its structures, processes and communities. Whether it’s digital platforms allowing online abuse against women, lack of workforce diversity in the tech sector, biased data collection reinforcing privileges or sexist naming of subservient chatbots, there are many issues to address. Feminist Internet is here to intervene and ensure an equal and just internet for all.

The algorithm-driven Instagram feed was rolled out a while ago, but it’s only recently I’ve noticed much of a difference. Unfortunately the difference, particularly in the last couple of weeks, has been increasingly negative. So much so I really wish there was a way to opt-out!

Basically it comes down to I’m not seeing what I want to see at the time I want to see it, often leading me to just close the app after scrolling down a little bit. So as a way of “increasing engagement” it utterly fails.

A trivial example: I follow WWE on Instagram. Every Monday and Tuesday night, they post 6-12 photos from the goings on at Monday Night Raw, and Smackdown Live. Every Tuesday/Wednesday morning, I would like to open up Instagram and be able to scroll through to see what happened. This used to work, but some time in the last few weeks it changed so these photos show up randomly in my feed over the next 2-4 days – after I’ve already got the information from other sources, and definitely past the point I want the photos to show up at the top. The photos never show in chronological order, and never show as a batch of more than 1-2 at a time.

For the accounts I follow who aren’t “brands” (i.e. friends, shared interest accounts, etc), often it’s the people I like or comment on the least who appear near the top, and often the most trite, uninteresting photos they’ve posted. Why show me the video of a friend’s baby’s adorable first laugh, another friend’s stunning macro photography, or a popular post from an interest account, when 4 out of 6 of the photos at the top of my feed are meme nonsense? With the other 2 being drinks/food from someone’s night out 3 days ago?

Is it just me? I don’t think so, but maybe it’s just particularly bad on my feed? What’re your experiences with Instagram lately?

So after the preamble, which should give you a frame of reference to what I’m aiming to do in this mini-series of posts about improving my online privacy and security, this short post will talk about the first steps I’m taking to tighten everything up. As this is all at the very beginning of my learning journey, all of these might change in the future. If they do, I will update the post and add a comment below.

In this post I look at two of the fundamentals of privacy on the web: the web browser and search engine. I’m mainly looking at the desktop for now, rather than mobile, mainly because it’s simpler to focus on one thing while I wrap my head around this stuff!

A Change of Browser

I’ve been using Chrome for years, after it usurped Firefox as the “fast, alternative” browser for Windows. These days, Chrome has become seriously bloated – it’s routinely consuming multiple gigabytes of RAM on my desktop. It may be (usually) fast despite of that, but it slows the rest of the computer. What’s more, it’s so deeply wired into Google’s ecosystem that it’s arguably as much a data hoover for Google as it is a browser.

So I was in the market for a new browser to begin with, and I was looking into alternatives like Chromium or Opera. But once I started diving into things a bit more, pretty much every recommendation for privacy-minded software recommended good-old Firefox, so that’s what I’ve gone with. I followed the configuration guide at PrivacyTools.io, as well as:

  • Turn on Do Not Track
  • Set Firefox to never remember my browsing/download/search/form history
  • Never accept third-party cookies
  • Only keep cookies until I close the browser
  • Never remember logins for sites
  • Turned off Firefox Health Report, Telemetry, and Crash Reporter

Extensions

Most of the extensions I had installed in Chrome were privacy-minded anyway, so were equally applicable to Firefox. Some additions came recommended. At the moment I am using the following:

Mobile

The situation on mobile (in my case, iOS) is a bit less clear. For now I’m not using the Chrome iOS app, reverting to Safari with the addition of a content blocker.

Downsides

The biggest issue with the above setup is it removes a few conveniences: remembering pinned tabs between browser sessions; having to login to websites every time you visit; having to retrace your steps to find a page in the future, if you don’t bookmark it at the time… that sort of thing. I might do a little tuning on this, relaxing the settings a little, but overall I think this might be one of those things that I need to live with.

A Change of Search Engine

Apart from a brief flirtation with DuckDuckGo a few years back, I’ve always used Google as my search engine. It’s constantly been the most reliable, fastest, and all-round best at what it does.

Even so, I’ve never been 100% happy with the fact that Google collects just about every data point they can, that it’s all wrapped up in your Google account, linked to everything you do in their other services, and made available for advertisement targetting (amongst who knows how many other things). As someone who’s had a Gmail account since they were invite only, I know Google has a fucktonne of data on me already; the genie is well and truly out of the bottle in that regard.

That doesn’t mean I can’t stop giving them more data. Sure, they’ll get the odd bit here and there when I use YouTube, or the odd email that hits my old, pretty much unused Gmail account, but that’s really it – if I change my search engine to somewhere else.

The obvious thing to do would be to revert back to DuckDuckGo, as I already have experience of it, and it’s accurate enough… but I wanted to try something different for the moment, while I’m still in the learning phase of this little project.

I tried all the recommendations at PrivacyTools.io. Searx generally gave me terrible results, but is an interesting idea; Qwant gave me some decent web results, but the included News results were mostly irrelevant, and I couldn’t find a way to turn these off. StartPage had been recommended in other places too, and overall was the best performing of the bunch – possibly not surprising, as it’s effectively a proxy for Google search, so seems like a win-win in this case. For now, I’ve set it as the default search engine in Firefox.

Mobile

For searches on my iPhone, I’ve set the default search engine to DuckDuckGo, as it’s the best of those available.

In 2017 I’m trying to be be a bit more privacy and security-minded when using the web (on all devices). I’ve been increasingly interested in these areas for a few years, and especially since the Snowden revelations, and recent events like the IP Bill, aka the “Snoopers Charter,” in the UK have pushed me further towards them. Over the next few weeks I’m going to look into (and try to document here) various things I can do to increase my security, decrease the amount of information applications and services can collect on me, and generally “take back control” of my online privacy.

I work in the tech industry, I’m fairly conscious about this stuff, and understand a few of the elements and technologies, but it’s really a very basic understanding. What I do know might be out of date. At this stage it might be too little too late… right now I don’t really know.

Upfront: I fully recognise that if the police/MI5/NSA/FSB/whoever really wanted my data, nothing I could do would be able to stop them.

security

Also upfront: even with that in mind, whatever I put in place won’t be considered “perfect.” What I’m looking to do is balance convenience, practicality, and security. If something is too difficult or fiddly to use, it will end up not being used.

Thinking specifically about the IP Bill, far too many agencies for my liking will have complete, unfettered access to what I get up to on the internet. Beyond that one example, the amount of web ad trackers we have to contend with nowadays is snowballing, as are the services amassing data to pay for those “free” apps we enjoy.

While it might be that none of these data collectors have nefarious purposes in mind (if you’re trusting), data security breaches are becoming bigger and more frequent. Data being stored is likely to leak or be stolen at some point, so the best you can hope for is to limit the amount of potentially harmful data1 being held.

On a lighter note, here’s a great spoof from Cassetteboy about the IP Bill

So all this is a bit of a long-winded preamble to saying look out for the future posts where I talk about what I have learned, how I’m applying it, any recommendations I have, and how you can do the same. The first post on some of the basics, and links to reading materials will be coming today/tomorrow. In the meantime, are there any tips or good sources you’ve come across? Feel free to share in the comments.


  1. Insert definition of what you would consider “harmful data if leaked” 

Lock Screen

Raise to Wake is a feature I’ve wanted for a while, so I love that. It sometimes seems a little sensitive, but I guess I’ll either get used to it, or it’ll be tweaked in a software update. The new behaviour of unlocking your phone without going to the Home Screen until you press the Home button seemed a bit unintuitive to me, I’ve changed a setting under General > Accessibility > Home Button to remove the press.

Notifications

Functionally, the new notifications are great, and will get better as more apps embrace the feature. Like others, I’m not a fan of the styling, which is very evocative of “Web 2.0”. Clear All is another minor feature I’ve wanted forever, so I’m glad that’s there; I just wish I hadn’t had to Google to discover it’s hidden behind a 3D Touch gesture. These hidden or unintuitive features and gestures are probably my biggest peeve with iOS 10 for now.

Related to the notification area, I don’t get why the “Today” widget area is duplicated here and to the left of the Home Screen. One or the other would’ve been better, at least in my opinion. Maybe because I never used the old “Today” screen, but did use the old search screen which used to be to the left of the Home Screen…

Messages

Overall I like the update, but I’ve found some of the new features to be really unintuitive to use. The message styles (hidden ink, balloons, etc) are hidden behind a 3D Touch of the send button – so if you don’t get it right you’ll find yourself accidentally sending the message before it’s finished. This is a very minor thing, but it does cause frustration. I also found the Digital Ink features to be confusing to use, and the associated gestures a bit hit-and-miss. “Playback” of these messages is also hit-and-miss: sometimes they play automatically, but most times they don’t.

This article from The Verge has a good rundown of the new features of iMessage and how they work.

Other

Being able to (finally) remove in-built apps is obviously something which has received some headlines. Surprisingly, I’ve removed fewer than I expected… I think it’s only Stocks, Tips, Find My Friends and weather. I’ve actually found myself switching to a couple of the in-built apps

For someone who’s primarily a developer/support person, I spend a lot of time setting up and configuring – or fixing – servers. I guess this came from an eagerness to learn and I got tarred with the “Linux/Server” Guy brushes at some point!

My interest in Operations has had an uptick again recently, so I’ve been doing a bit of reading of late. This morning, while waiting on news about some work-related activities I’ve come across a couple of interesting articles:

My First 5 Minutes On A Server; Or, Essential Security for Linux Servers by Brian Kennedy is a fantastic little quick-start for securing a Linux server. It’s not everything you need to do, but as noted in the article, it sets the foundations for a secure server which is easy to keep secure. Do these steps first, then go about securing any additional services you need to run.

One thing I’ve been wondering about, is setting up my own email system, rather than run on Google Apps. As convenient as the Google platform is, I do sometimes think I’m trusting them with a bit too much of my information. Recent revelations about the NSA/GCHQ, PRISM, and whatever-comes-next, from Edward Snowden haven’t done much to allay those worries.

But Google Apps is convenient. It wraps my mail, calander, contacts, and many other things into a nice package that is available everywhere and syncs across platform, with Push notifications, search, and other modern conveniences… but never the less, I’ve been thinking about how I could move away from the “Do-No-Evil” Empire, which is why Drew Crawford’s excellent, in-depth article “NSA-proof your e-mail in 2 hours” was a great find. I might spin up an instance on my dormant Joyent account and give it a try on one of my spare domains, so I can evaluate the process and benefits before deciding on moving my primary mail domain.

Other topics which have crossed my path this weekend are system configuration, maintenance, and automation using tools such as Chef and Puppet. The idea of taking a known-good environment and replicating it with just a few commands is definitely appealing – particularly when it comes to tasks such as setting up development/test environments! I haven’t gone too far into these topics yet, but I’m hoping to find the time in the next few weeks to go through some of the articles I’ve found.

That cool little “Coder for Raspberry Pi” project from Google which I linked to earlier doesn’t just run on Raspberry Pi. You can run it on any old Linux PC (Mac works too, but the instructions are slightly different).

I set it up in less than 2 minutes using these commands (note that I’m running Debian Sid):

sudo useradd -M pi
sudo apt-get install redis-server
cd ~/projects
git clone https://github.com/googlecreativelab/coder.git
cd coder/coder-base
npm install
npm start

Node.js is also a requirement, so if you don’t have that, you’ll need to install that at step 2 as well.

Once everything is up and running, point your browser at https://localhost:8081/. You’ll need to specify a password the first time you run Coder, after which you’ll be able to try the environment out. It’s pretty neat, and the sample clone of Asteroids is quite addictive!

My Deactivated Facebook Profile

On Thursday night I deactivated my Facebook account. It’s something I’d been considering for a while, as I’ve found using Facebook lately to be less a useful “checking up on friends and family” thing, and more something slightly depressingly monotonous which I continue to do out of sheer force of habit. It just so happened on Thursday there was a trigger which finally led me to push the button.

I admit, for a moment, I did consider deleting the account full-stop. Deleting you Facebook account is notoriously difficult to achieve. It seems to have gotten better and easier over the last couple of years, even before you consider services such as the new JustDelete.me.

For better or worse I decided that in all likelihood I would return to using Facebook one day… that this was just a temporary hiatus to give me space to clear my head. So, as the title of the post indicates, here came the hard part.

The process of deactivating your account in itself is “reasonably” straight-forward: Go to Account Settings > Security, then click the small link under the main list of options. Facebook will first try to emotionally twist your arm into staying, by showing big profile pictures of some of your friends. It’ll ask you why you’re leaving, then ask for your password, and then, just to be sure you really, really, really do want to deactivate, present you with a CAPTCHA image for verification. So far so simple. The difficulty comes in staying deactivated.

Deactivation only lasts so long as you stay logged out of your Facebook account. Log back in for whatever reason and it’s instantly reactivated again. Fine, just stay logged out then? OK, consider how many sites, services, even apps on your phone connect with Facebook, or even use it as their user login mechanism (the “Facebook Platform”). My iPad is logged in and connected to Facebook at the OS level, never mind using an app. Now factor in how many other computers you might be logged into Facebook using – often this could be 2 or more (say, home plus work). In my case I had to unlink iOS on my iPad from Facebook; uninstall the Facebook app from both the iPad and my phone; uninstall the Facebook Messenger app from my phone; logout from Facebook on my work laptop and some browser sessions on my iPad; change my OpenID settings on StackOverflow; and log out/change settings on a few other sites and apps… All so I could be as sure as possible my account wouldn’t spontaneously reactivate itself. There’s probably some that I’ve missed, so chances are I’ll need to deactivate again at some point.

I’m not (entirely) blaming Facebook for this though. Facebook has had to grow, and has done so by spreading itself across the web, to be more than just a profile and social stream. By wanting to opt-out of a profile for a while, I can no longer “like” an interesting blog article; I can’t try out that buzz-worthy new service or app that relies on logging in using Facebook; I can’t click that link to the apparently-hilarious cat meme my workmate just posted… OK, I’m not really going to be bothered by that last one, but you get the idea… there are now certain things – increasingly common things – I can’t do on the web any more, just by wanting out of Facebook for a while.

Wireless charging is one of those things I really, really want to succeed. I hate plugging stuff in; I hate having wires trailing all over the place, and I hate having to fiddle with connectors. Eight times out of ten I will try to plug in a micro-USB any cable upside down on the first attempt.

Over the last few years more and more wireless charging has appeared, and it’s starting to become more common in mobile phones. The Palm Pre was the first I was aware of, but recently Nokia has been on board, and of course, my Nexus 4 has the capability. Aftermarket accessories are available for most major phones.

It’s a shame it just doesn’t work well in my experience.

I have two different wireless chargers at home – a Nokia, and a generic charger bought on eBay. I’ve given up on both of them. I’d try the official “orb” charger for the Nexus, but it’s not available in the UK without paying an extortionate amount for it on eBay.

Problems I’ve had include:

  • the “charging spot” is small, and you have to place the phone in a very precise manner to get it charging. Sometimes even the angle of the phone on the face of the charger can have an effect. (Imagine the charger surface like a clock face – 12 o’clock: no charge; 2 o’clock: charging works)
  • if you do get the phone in just the right spot, it’ll charge for a few minutes then mysteriously stop charging… then randomly start charging again… and so on. When your phone insists on making a noise whenever it is plugged in or unplugged from power, this gets annoying fast.
  • All the chargers I’ve seen or tried have a smooth, glossy plastic surface. The back of my Nexus is smooth and glossy (glass). Unless you have the charger perfectly level, eventually the phone is going to slide off, either completely, or just enough to stop charging. The Nokia has a slightly raised ring in the centre, which seems to exacerbate this problem.

On the generic charger I tried to mitigate some of these issues using thin rubber bands near the edges to provide some grip for the phone to stay in place. When stretched over the charger they were maybe 1/2 mm thick. Sadly this was thick enough to prevent the phone charging at all – presumably for not being close enough to the charging circuit.

What I’d really like to see – and it’s something I think would solve a lot of the “fiddliness” I’ve encountered so far – is a QI-compatible wireless charger similar to an old mouse-mat (the soft fabric + foam/rubber type). The surface texture would stop the phone sliding around, and if you embed one big (or many small) charging spots it should maintain a constant charge even if it does move around. It seems obvious to me, so I can only presume there’s some sort of technical/manufacturing limitation which prevents something like this being made.

If I get some free time over summer I’ll try hacking this idea together (hopefully it doesn’t cause a fire!). In the meantime, here’s a really well done video of someone combining the Nokia charger with an Ikea nightstand. It would be wonderful if this was the reality of wireless charging.

TLDR; I’ve switched from an iPhone 5 to a Google Nexus 4.

OK, so I’m behind on the times a bit. The Google Nexus 4 has been out for several months, and I’d paid it no heed. I’ve been chugging along with my bought-at-launch iPhone 5 in that time, and barely paid the Nexus any thought. I read the reviews, and concluded it was a great Android phone, but I had no wish to rush out and buy one.

Then something strange happened.

I’m not sure why, but I got disenchanted with my iPhone. I never had that with my 4S, or 3G/3GS, despite the 5 being – in every way – better than all of them. Once that feeling settled in all the little niggles started to grate1. The easily chipped and scratched aluminium casing (as gorgeous as it is to look at); the way the sharper edges of the back felt in my hand; the random network-stack drop-outs; the hoops you sometimes need to jump through to share files/data from one app to the next; the keyboard that seemed to miss random presses, and still took me longer to type on than I could on my 4S (where I could at times type whole messages without looking at the screen).

I caught myself checking out other phones in the stores. Clearly it was time for the iPhone and I to “take a break”.

I looked at Windows Phones, but decided there wasn’t enough there to make it last. Blackberry? Err, no. That left Android.

I have a history with Android. I bought the HTC Desire HD on pre-order, as it had been loudly proclaimed “King of the Hill” at the time. Before it was even in my hands its crown usurped by (I think) the Galaxy S. We had some fun times, but I could never get along with the Sense UI. I rooted and flashed the phone, trying ROM after ROM. The experience was akin to installing Linux on an early Centrino laptop (anyone who tried it, back in c.2002-2003 will know what I mean) – where a feature worked, it worked very well… but only if you could live with the unsupported stuff. In the end, as much as I enjoyed parts of Android, I ended back in the warm embrace of iPhone.

Anyway, as I was saying, Android seemed the obvious choice, but which phone? I immediately gave up any notion of trying to get a phone that would be top of the specs pile for more than a few weeks2. I also ruled out those ridiculous “Phablets” like the Galaxy Note 2. The recent HTC phones look brilliant, but they’re still packing Sense. Sony’s Xperia line look distinct, but seemed to come with another GUI skin and a load of unneeded apps. Samsung… well I’ve never had a good experience with Samsung’s phone build quality, and they have the TouchWiz skin3… lets just say I ruled them out quickly. There’s the also-rans, but I was keen to get a phone that would get at least a few regular OS updates in its time.

I think I’d initially dismissed the Nexus because there was nowhere locally I could find one to try it out. Eventually I found somewhere with a display model, but I still couldn’t test it because the security system used by the store blocked most of the screen. In the end (after a couple of weeks mulling it over) I went ahead and ordered one through the Play store anyway4. A little over 24h later and the phone arrived.

First impressions were good. The unboxing experience was nice, and the first switch-on and setup was very fast. Within a few minutes my phone was syncing all of my Google services. If you use Google apps, then the experience is very, very smooth – everything “just works”. Contacts, Calendars, GMail, Google+, Picassa, YouTube, Music… all setup with just one login during start-up. I had some data issues with contacts and calendars, due to the way I had my iPhone setup, but that’s the subject of another post.

Of all the apps I regularly used on my iPhone (a decreasing amount recently), the only one I haven’t don’t have is Everpix, but I can keep using that one on my iPad Mini. Everything else either had an Android version – even my banking apps5 – or a suitably good equivalent (Falcon Pro instead of Tweetbot, for example).

Android itself has come a long, long way since I last used it. Jelly Bean is amazingly well polished, and the experience is very smooth. Coming from an iPhone, things do take a while to adjust to. I’ve found myself missing notifications on the lock screen, and application badges as indicators of which app just beeped at me. This is something I’ll get used to I guess.

If I can get round to it I’ll post a more comprehensive look at the Nexus 4, but for now I’ve not had it long enough to form more than first impressions. What I will definitely write-up is some of the experiences of moving my data from iOS/iCloud into Android/Google.

  1. These are all anecdotal, and in no way intended to imply they are common issues, or even that they’re not “all in my head”
  2. I think by now, in the age of quad-core CPUs and multi-GB RAM that Smartphone specs are good enough for most tasks they need to do.
  3. What is it with Android OEMs and custom GUI skins?
  4. I recommend going this route. Despite the £10 delivery charge, it’s at least £150 cheaper than buying at a retail store.
  5. I wasn’t too impressed by one of them insisting I needed to install anti-virus on my mobile…

If you were a good boy or girl this year (like me), you may have been lucky enough to get a Raspberry Pi under the Christmas tree. Which is awesome, but (like me) you may be wondering what on earth you’re going to do with it!

Raspberry Pi in a PiBow case
My new Raspberry Pi, in a PiBow case

The choices are limited only by your imagination, but as per usual – the more choice you have, the harder it is to choose! I’m still deciding what to do with mine, but here are a few links which might inspire you:

Things said about the iPod Mini:

  • Competitors are cheaper
  • Competitors have more features
  • Competitors are smaller
  • It’s not “open”
  • It’ll never sell (or, my favourite: “the only people who’ll buy it are Apple ‘Sheeple/fanboi’s/posers’ with too much money”)
  • You’re paying an “Apple Tax” just because it looks pretty/has an Apple logo

Things said about the iPad Mini in the 24 hours since it was announced:

  • Competitors are cheaper
  • Competitors have more features
  • Competitors are smaller
  • It’s not “open”
  • It’ll never sell (or, my favourite: “the only people who’ll buy it are Apple ‘Sheeple/fanboi’s/posers’ with too much money”)
  • You’re paying an “Apple Tax” just because it looks pretty/has an Apple logo

Even though I doubt I’ll be buying one in the short-term, make no mistake – I think the iPad Mini will sell in droves, just like the iPod Mini went on to.

I confidently believe it will outsell the Google Nexus 7, and probably also the Kindle Fire (the biggest competition in my mind) this Christmas, despite the much higher price. Apple has shown consumers will pay that extra “tax” for the overall experience. Not only that, Joe/Jane Consumer can now see the name brand iPad on sale below £300 for the first time. That’s a really big deal for anyone not trapped in the Tech Bubble.

Dear Viewer,

By the time you read this, I will be dead.

When I started out in 1974, I was the future – TV’s first robot newsreader. But what once seemed cutting-edge is now regarded as hopelessly old-fashioned, and I have been frozen out by the powers that be, yet another victim of BBC ageism.

I can’t take it any more. It’s a struggle to get up for the nightshift, and my poor pixels are tired. My friend Oracle said it would end like this.

Goodbye, cruel world.

The Last Broadcast from BBC Ceefax.

* By “The Right Way”, I mean following the guidance and practices at the PHP: the Right Way website. I make no claims this is the “best” way 🙂

Works n my machine badgeMac OS X is a pretty good web developer OS. It comes as standard with PHP, Ruby and Apache all out of the box, and the underlying UNIX system makes it easy to add in other languages and components to suit your needs. On top of that, some of my favourite development tools are on the Mac, so unless I’m writing .NET code, nearly all my development is on an (ageing) Mac Mini.

Now, while all that stuff comes as standard on OS X, lately it seems Apple has made it harder to get to. The versions shipped with OS X also tend to be a little behind the latest releases. As a result, most Devs I know use something like MAMP to make the server-side of their environment as easy as running an app. Personally, while I think MAMP works, and is a good time-saver (and I’ve been using it for the last year or so), but I like to get into the nitty-gritty of the system and get things running “native”. So last night I fired up the terminal and got PHP set up on my Mac with the latest version, and following the Right Way Guidelines. As a result I have PHP 5.4, Composer, the PHP Coding Standards Fixer, and MySQL all setup quite slickly (i.e. to my preferences).

The whole process was pretty easy, but does involve the command line. If this makes you uncomfortable, then it might be best to skip the rest of this post.

This all worked on my Mac, but I make no guarantees about it working on yours, and I’m not responsible if you break something.

If you find any glaring problems with this guide then leave a comment/get in touch, and I’ll make any required edits.

Step 1: Setup Your PATH

Edit the hidden .bash_profile file in your home directory. If you use Sublime Text 2 you can use the following command:

subl ~/.bash_profile

TextMate has a similar mate command, or you can use vi(m)/nano/emacs/whatever.

It’s possible you already have a line defining your PATH variable. It’ll look something like export PATH=<something>. I’ve found it most useful to change the PATH so /usr/local/bin is at the start, making sure anything you install there is used over the system defaults in /bin. Add this as a line below your existing PATH definition (or just add it in, if you don’t have an existing line):

export PATH=/usr/local/bin:${PATH}

Step 2: Install Brew

Strictly speaking, Brew (aka Homebrew) isn’t required, but I used it to install MySQL later, and it does make it stupid easy to install stuff into OS X. I think you should install it. The best instructions are found on the Homebrew home page, so go have a read there. There are a few pre-requisites, but nothing too difficult.

Step 3: Install PHP-OSX

Now we’re beginning to get somewhere! PHP-OSX is the latest versions of PHP compiled for OSX by Liip. Installation is a real doddle, from the command line:

curl -s http://php-osx.liip.ch/install.sh | bash -s 5.4

Follow the prompts given, including entering your password. After a few moments everything will have installed. For convenience I created a symbolic link to the newly installed PHP binary in /usr/local/bin:

ln -s /usr/local/php5/bin/php /usr/local/bin/php

Step 4: Install Composer

Now we have PHP installed, it’s time to look at the nice-to-haves, like a good package/dependency manager. Composer is relatively new on the block, and allows others to download your code and automatically grab any dependencies by running a simple command.

You can install Composer in your project, or you can install it globally. I prefer globally. As with PHP, installation is simple, from the command line:

curl -s http://getcomposer.org/composer.phar -o /usr/local/bin/composer
chmod +x /usr/local/bin/composer

Step 5: Install PHP Coding Standards Fixer

Another nice-to-have, this little tool will try to find and fix parts of your code where it does not conform to one of the PHP Coding Style Guides. Installation is almost identical to Composer:

curl http://cs.sensiolabs.org/get/php-cs-fixer.phar -o /usr/local/bin/php-cs-fixer
chmod +x /usr/local/bin/php-cs-fixer

Step 6: Install MySQL

If you installed Brew in step 2, then you’re good to go with this little command:

brew install mysql

It’ll take a few minutes, but you shouldn’t need to intervene at all. Once done you will need to run two more command to setup the MySQL tables:

unset TMPDIR
mysql_install_db --verbose --user=`whoami` --basedir="$(brew --prefix mysql)" --datadir=/usr/local/var/mysql --tmpdir=/tmp

If you didn’t install Brew, then you will need to install MySQL through some other means, such as packages on the MySQL website. I can’t help you with that, I’m afraid.

For managing MySQL, I use the excellent Sequel Pro, which is a successor to the venerable CocoaSQL.

As a next step you should look into changing the root password of your MySQL setup. This is a local dev environment, and likely only used locally by yourself, but it’s the proper thing to do.

Errata

  • Pear doesn’t seem to work, which is slightly annoying, but (to me) no real biggie. I didn’t test this with the built-in version of PHP, so I don’t know whether it worked beforehand. I’ll post an update once I figure it out.
  • I’d like to make bash script smart enough to stop MySQL when the PHP web server stops, but my early attempts haven’t managed to get this working (most likely due to the Ctrl-C used to stop the web server also stopping the script).
  • Throughout this process we’re running scripts directly from the web. This is pretty risky behaviour, especially with unknown/untrusted sources. You should always take a look at the raw script before running it, so you don’t get hit by something malicious.