EECI 2012 Conference Day Two

Written by in Technology on

The Business of ExpressionEngine

Brad Parscale

Owner of Giles-Parscale and DevDemon Add-Ons.

Summary:

This question always returns, “how do I increase revenue in my business?” I will break down different models of producing increased revenue utilizing ExpressionEngine. From the moment you meet a client, you can start preparing them to be a residual income provider. I will give details on how to prevent ExpressioneEngine income opportunities from passing you by. Learn how to maximize your income from each client and provide a more holistic approach to your web business.

His entire business runs with ExpressionEngine. He met his wife while selling ExpressionEngine

  • Founded Parscale Media in 2005
  • Built hundreds of websites utilizing ExpressionEngine and actively manage 98% of them

More people know me by DevDemon.

  • 7,000 active customers
  • 13 commercial add-ons
  • 20+ private add-ons

Notable Add-ons:

Common Practices:

  • do what everyone else does
  • charge hourly for your work
  • cycle of sell > build > sell > build

Difficulties

  • limiting your potential revenue
  • client frustrations over variable pricing
  • downward price pressure

An unreasonable model:

  • Holistic approach
  • “productize” your offerings
  • build strong partnerships
  • grow your bottom line through residual income
  • stop the downward price cycle
  • the sum is greater than its parts

Opportunity grows from a strong nucleus

  • content
  • design
  • email marketing
  • development
  • seo/ppc
  • hosting
  • support
  • brand


At the core of this nucleaus, Brad sees ExpressionEngine.

Support done via a live chat accessory from within their CP control panel.

Recommending vertical growth through partnerships.

  • brand
  • content
  • other
  • email
  • host
  • seo/ppc

Horizontal growth from expanding services.

  • extended dev
  • support

Fixed costs on design & development


Practical Tips for Writing Custom Plugins to Solve EE Development Problems

Blake Walters

Senior Front-End Developer at Viget.

Slide Deck URL
Companion Code

EECI changed how we build sites.

  • New Development workflow (Git, Rack and Capistrano)
  • Always up to date base install
  • the template partials approach (if you aren’t using stash you should be)
  • Custom add-on development

Why not in template php

  • It’s notoriously slow
  • it’s not “user” friendly
  • it’s not at all portable
  • it locks you into a single parsing stage
  • it gives you the I’ll just enable the php mindset. This means you are preventing more elegant solutions.

Even simple PHP can be about 20% slow. Each new embed runs another instance of the template parser again.

PHP on Input

——- EE Template Tags———-

PHP on output
How about building a custom plugin?

Why a Custom plugin:

  • Flexibility
  • Readability
  • Portability
  • Performance

Getting Started

Breaking down the template tag:
{exp:eeci:present style=”keynote” parse=”inward”} Just a little presentation about plugins {/exp:eeci:present}
present is the method name, its just like a function. style is your arguments

(see slide deck)

A couple places to go:

Plugins don’t have settings, control panel, you just drop them in and they work.

  • The simplest of plugins you can build.
  • The more interesting stuff happens when you start having plugin methods.
  • Passing parameters, now we are actually taking something from the front-end and doing something on the backend .
  • Tag Pairs: they are exciting because they are familiar like channel entries tags. This way we can build them ourselves.
  • Tag data is purely a representation of the content in between the tags (a string) version of your content.
  • Complex output is creating our own tags. We are reading in a template, parsing it and sending it back.

Now you can cram all sorts of data and perform logic on it.

Fixing the parse order.

Great additional information on parse order from Low’s blog here:

Count, total results and switch are totally free.

Stepping up your game;

  • Project specific
  • Abstracted and stand-alone

If you have a ton of methods that format output, an RSS intake engine, etc

  • You can also take and abstract those out into your own plugins. Almost all plugins are written for a client.
  • Anything that is a public function can be referenced by the template.
  • Some of the really awesome stuff comes from the built in EE classes.
  • The template class $this->EE>TMPL

A whole bunch more:

  • CP
  • Email
  • File Field
  • Form Validation
  • Input
  • Language
  • Layout
  • Localization
  • Logger
  • Security
  • Table
  • Typography
  • URI
  • XML Parser

He recommends sequel pro for working with DB queries, etc. (It’s free and if you don’t use it you should)

MySQL Workbench , PHPmyAdmin, are also other ways to use a GUI tool that wil allow you to work with queries and database.

Putting the CI back in EE

  • Benchmarking
  • Calendar
  • Encryption
  • Image Manipulation
  • XML-RPC
  • Zip Encoding
  • and tons more

You can also use the Helpers from CodeIgniter


Scaling Expression Engine: So, your site got popular?

Brian James Hill

Sys Admin at Nexcess - Beyond Hosting.

Slide Deck URL

Call your host. See how responsive they are.

  • Web developers don’t have time to be sysadmins
  • Communication is key! - begin/maintain relationship with hosting company. Client satisfaction is important.

Security

  • 777 is bad! Ellis Labs has this in docs. This is because apps assume site is running mod_apache.
  • Running as apache.apache is insecure. On shared hosting environments, if someone else’s wordpress gets hacked, then they have access to your site/data.
  • SuPHP - run as users
  • PHP-FPM - A php binary gets launched by apache to handle php request. Apache + PHP-FPM similar speed to Nginx + PHP-FPM. Best option.
  • mod_security - Helps against auto-scanners. Prevents Cross Site Scripting, Sql Injection,

EE Hosting Caveats

Performance Growth Arc

  • Quick Fix - Static Caching
  • Two Server Clustering (web + DB server) - prefer

Truthdig.org

  • Solution 1 - Started with shared
  • Solution 2 - Split to two servers (php + mysql servers) - can’t scale
    • Combat traffic with Hardware, software not good enough

  • Solution 3 - Load balanced cluster (web * 3 + DB + FS + LB)

    • Centralized storage is bad due to php flock in EE caching
    • Problems for massive spikes
      • Lindsay Lohan got drunk caused major issues
      • Hardware was needing to be added faster than it was able (+1 GB/s)
      • High cost to have this setup ahead of time

  • Solution 4 - Dynamic Caching (Varnish)

    • Pros
      • Memory Based Storage system for incredible speed
      • very low cost - great price/performance
      • relatively easy to implement and generally plays nice

    • Cons

      • induces some management headaches with publish
      • without ESI TTL is ultimate gate keeper for page refreshes

    • Varnish is great

      • Use on Static sites because Google “says” it takes speed into account
      • Substantial benefits for using Varnish on EE
      • Varnish is able to help realize all 100 m/b Transfer rate

  • MySQL Tuning

    • Change EE to InnoDB for non-full text search tables
      • Faster Writes
      • Transactions
      • Row level locking instead of table locking
      • Better crash recovery

  • Good programming Matters

    • Good template design Matters (watch your SQL queries)
    • Can’t throw more Hardware at Software
    • Planning ahead is a good thing

  • Make sure hosting company is doing backups
  • Turn off File Based Templating using NFS, Filebased Cache
  • MyISAM is a major database liability

Extending Add-ons: How to make popular add-ons even more powerful

Matt Weinberg

President of Vector Media Group

Slide Deck URL


Hacking ExpressionEngine: The good, the bad{ass}, and the ugly.

Lowell Kitchen

Slide Deck URL

  • Why hack the core?
    • Fix a critical bug
    • Change or extend functionality
    • Improve performance

  • Maintain the hack
  • Submit the havk to E-Lab
  • Core Hacks Examples

    • < 1.6.6 – Could not disable tracking
      • Mysql: show processlist

    • < 2.4 – post_parse_template

      • Make a copy of index.php
      • Bolted output buffering at the end of original index.php to allow for post-processing

    • Daylight savings time hack

      • Edited config.php to correctly set DST flag

    • Config file hack for multiple environments – Focus Labs
    • Parse global variables into snippets
    • Assigning multiple field groups to a channel

  • Attacking EE

    • SQL Injection
      • Mysql driver for PHP does not allow query stacking (ex. SELECT…; DELETE ….)
      • Postgres driver for PHP DOES allow query stacking
      • UNION query poisoning
      • UPDATE or DELETE all the records
      • DOS attack with LIKE
      • Protection
        • $this->EE->db
        • $this->EE->db->escape_str
        • $this->EE->db->insert_string
        • $this->EE->db->update_string

    • XSS

      • Stored Attack – stored in DB and output on page
      • Reflected Attack – not stored, but displayed in messages on page
      • Protection
        • $this->EE->security->xss_clean($str)
        • Use Typography class when outputting data
        • $this->EE->typography->parse_type($str, $prefs)

    • Shared Hosting Environments

      • File permissions
        • DB creds
        • Cache poisoning
        • Overwriting images

      • Provider check

        • Engine Hosting – locked down

    • Demos

      • SQL injection using sqlmap allows us to discover query vulnerabilities and eventually access users/passwords
      • OnlineHashCrack – cracks unsalted, simple SHA-1 passwords

    • Password Security – wireshark for sniffing traffic over http (not https)

      • WPA makes this more difficult


The Psychology of Distributed Teams.

Carl Smith

Chief Keeper Upper of nGen Works

Slide Deck

The future of teamwork has a distinctively distributed slant to it. While much attention is being paid to the tools to keep a distributed team running, a more critical focus is the psychological health of distributed team members. Like it or not, we’re primates and we have social needs. Pixels don’t engage us like personalities. Carl will review the issues distributed teams face now and in the future. He’ll also share the path to creating a warm, nurturing environment where timezones are just a footnote.

Notes:

Failing forward - things we’ve learned, etc.

I don’t recommend the way we do things, i think it’s insane.

I have Imposter syndrome - I deflect praise, etc. There is one known cure for imposter syndrome getting drunk.

I fell victim to Sheen. One thing he said was winning or losing.

  • Management
  • checking email
  • managing team
  • managing growth
  • project management
  • new biz

So i decided screw it i quit.

Friendeneers.

What we’re talking about here is Jellyfish. He blogs about this here

Stop reading business books and look at nature. Jellyfish are transparent, there are no egos.

They are self-propelled, they are adaptable. Jellyfish are BAD ASS. They come together to solve a problem.

They are good at breeding and dying. They are decentralized.

When you start thinking about individuals in this model.

Intrinsic then extrinsic.

Everyone in my company gets to choose what projects they are going after, the tools, etc.

We want to be part of a team, we want to be part of something but not lose ourselves in it.

The concept of ambient accountability. The idea is how we act when people are watching. If you are a distributed team and nobody is seeing you. You need to know people are watching. You pick it up a notch.

In our company everyone can see everyones timesheet.

What do you do when things go wrong? The day I screw up. What I decided was we need to have a team meeting. We’re gonna work it out as a team and everyone was invited to listen.

Power without experience. There is no pot of gold.

We all need to be special. When the hierarchy is gone you have to pay attention to.

Kill the silence - talk to people often.

You gotta fight…for your right.. you have to make sure you share face-time. It’s those shared experiences that you can come back to and when things get rough you can go back to that.

Celebrate all the things. We’ll do pre-recorded video. We do a props report. This is where we recognize each other.

Who are you?

People get to select their titles and they have to argue this to their team. He feels titles need to be real and emotional for that person.

When are you?

A quick basecamp add-on that shows things across timezones. Need ample time to spin up.

Culture Games

We don’t have this in a distributed environment. This is when you create something that should be amazing that goes away.

The cake is a lie. they put icing on a burnt cake.

We experiment

we give someone $100 and you should give it to someone behind yourself (this failed)

5pm somewhere skype thing. (this failed)

The one thing that did work out is Real culture just happens.

You need to figure out what matters to your team. For some people it was money, for others its time and flexibility, for Kyle he just wanted to get to St. Louis. When you understand what is important to people.

We’re not always supposed to be. Figure out what your value proposition.

Q&A?

Q: you mention basecamp a lot. other tools you used?

A:Google+, Skype, Viget’s product, we get on the phone a lot.

Q: do you use anything else besides ambient accountability

A: the team has to always involve people to look at the team.


So, you wanna build an add-on…

Lodewijk Schutte

Creator of many popular add-ons.

So, you wanna build an add-on…
You’ve built your fair share of EE sites and have used third party add-ons on multiple occasions. You’re pretty sure what the difference is between an Extension and a Module. Perhaps you’ve read a “Hello World” plugin tutorial online somewhere, and maybe you’ve even downloaded a template package from pkg.io. But, as you might have found out, cone does not simply build an add-on.

In this talk, Low will explain the thought process behind building an add-on. What choices have to be made, what resources can be used and how to write clean and efficient code. As a result, novices will hopefully feel more comfortable building their own add-ons while more experienced devs will have discovered some practical tips and tricks.


Notes from Day One at the ExpressionEngine CodeIgniter conference
Have a look at some of our ExpressionEngine design and development projects.

Listen to the ExpressionEngine podcast from the Conference.

Discuss on Twitter