Speed and efficiency are key factors when running a website. All code needs to be optimized, whether it is PHP, ASP, Python, or SQL. Internet users are notorious for having a low attention span, and a fast page load will help to keep their attention focused on what is on the page, rather that what is slowly being displayed on the page. This sparked some thought for me while I was at work the other day.

I work primarily out of an Oracle database and often have a list of values that a field needs to be checked against. In my opinion, it is nicer to look at the values in a list because it is cleaner and easier to follow. I wondered if the cleaner look of the "IN" statement was worth any performance difference between the "IN" and the "OR". Both statements provide the same output when used correctly so I was curious if one was faster than the other. I then tested the difference, and the "IN" statement came up short.

This test was conducted using MySQL (Version 4.1.22) because all of my websites run on MySQL and, dare I say, most other websites do as well.

I used a test database I had readily available (WordPress) to test 2 SQL statements, 1 using "IN" and 1 using "OR." Here are my results:

Results

The "IN" Statement

SELECT *
FROM wp_posts
WHERE post_author IN ( 1, 2, 3, 4, 5, 6, 7, 8, 9 )

• Records selected: 60
• Execution Time: 0.0066 sec.
• Average Time Per Row: 0.00011
  

The "OR" Statement

SELECT *
FROM wp_posts
WHERE post_author = 1 OR post_author = 2 OR post_author = 3 OR post_author = 4 OR post_author = 5 OR post_author = 6 OR post_author = 7 OR post_author = 8 OR post_author = 9

• Records selected: 60
• Execution Time: 0.0064 sec.
• Average Time Per Row: 0.000107

Projections

Based on the average execution time per row, I have created a graph to show a scaling of the difference between execution times as the selected row count becomes larger. The results are as follows:

Discussion

I have tested this on a small scale with a simple test database, but these results could be substantial on a larger scale. With major websites like Yahoo! storing 2 petabytes of data and Ebay processing 10 billion records per day, you can see how quickly .0002 seconds can become a problem. Major websites will definitely have a better and faster setup running than I do. They will also have incredibly optimized queries, but we (the smaller scale) should work hard and do our best to make our SQL easily scalable. A query that works on a table with 1,000 records may not work on a table with 1,000,000 records.

How do you optimize your SQL and database setup? Give your tips and tricks in the comments.

Needing Salt

There are few things that aren't better once salt has been added, and encryptions are no different. Adding a salt can make a simple encryption exponentially harder to break/crack. "Salt data complicates dictionary attacks that use pre-encryption of dictionary entries: Each bit of salt used doubles the amount of storage and computation required" (Wikipedia). You can see that by adding a good sized salt, the encryption can become very difficult to break by dictionary or other brute force attacks. A lot of programmers rely entirely on the md5 encryption for storing passwords because it is built into both PHP and MySQL. While md5 is an easy function to implement, it is pretty easily reversed using rainbow tables. Thankfully, there are many other available encryption options that include salt, and the best part about adding salt to your encryption is how easily it can be done.

Adding Salt

• PHP - crypt("string to encrypt","salt")
• Perl - crypt("string to encrypt","salt")
• ASP - Set crypt = Server.CreateObject("Persits.CryptoManager")
  Set ctx = crypt.OpenContext("", True)
  Set hash = ctx.CreateHash
  hash.AddText Request("string to encrypt") & salt
  hashvalue = hash.Value.Hex
• Ruby On Rails - "string to encrypt".crypt("salt")
• Python - crypt("string to encrypt","salt")

Enjoying Salt

Now that you have added salt to your encryption, I'm sure you would like to know how much more secure that encrypted string really is. This is actually a very easy calculation. Let's say for example that you know your users are creating easy passwords that they can remember and are therefore picking words out of the dictionary. The users are picking from let's say around 100,000 of the words in the English language. Using encryption without salt, basic brute force attacks would have to compute 100,000 hashes to find the correct one. On the other hand, if you take their password from the dictionary and add a salt, using say a 32 bit salt, the same size as md5 encryption, you multiply the word possibilities by the salt possibilities; see below:

• Password Possibilities: 100,000
• Salt Possibilities: 2^32

This basic calculation shows that simply adding a salt makes the encryption 4,294,967,296 times harder to break.

Additional Resources

• Cryptography Demystified
• Cryptography for Dummies

Chances are we've all been to a web page that no longer exists and have been staring at an error page that looks plain and provides virtually no useful information (other than the warning saying the page no longer exists). That's because Apache has included hard coded error pages in its httpd server, and while they get the job done, the job could be done better in just a few small steps. Custom error pages can be developed to help provide more information about the error, to automatically redirect the viewer to a landing page, and to integrate your site design.

Apache's ErrorDocument Directive can be used to display the default page packaged with the server or show custom error pages tailored specifically for your site. The 5 most common custom error pages used are listed below.

• 400 - Bad Request
• 401 - Authorization required
• 403 - Forbidden
• 404 - Wrong page
• 500 - Internal server error

Creating custom error pages can be accomplished simply by creating a web page for each (or one web page accepting dynamic input) and adding a few lines to your htaccess file. I have listed examples for a static page for each error and a dynamic page for all errors below. This code should be added to your htaccess file.

Static Pages

ErrorDocument 400 /error/custom_400.html
ErrorDocument 401 /error/custom_401.html
ErrorDocument 403 /error/custom_403.html
ErrorDocument 404 /error/custom_404.html
ErrorDocument 500 /error/custom_500.html

Dynamic Page

ErrorDocument 400 /error/custom_error.php?error=400
ErrorDocument 401 /error/custom_error.php?error=401
ErrorDocument 403 /error/custom_error.php?error=403
ErrorDocument 404 /error/custom_error.php?error=404
ErrorDocument 500 /error/custom_error.php?error=500

Each of these pages could be stored wherever you like. I used the "error" directory as an example, and you can name the files however you like, using whatever type of file you wish. The ErrorDocument directive allows you to redirect to an external URL as well as a local path.

I am very excited to post my first interview today! I have asked the creator of GospelScoop.com, Kris Powell, to answer some questions about the site. Kris has turned a Digg like website for Christians into a common stop for Christian news junkies. "GospelScoop is your voice in the news world. You the viewer has control over what content hits the front page. You vote, You comment, You are in Control" (GospelScoop.com). There are topics ranging from family to technology. A big thanks goes to Kris for agreeing to answer some questions about the site. I hope you enjoy.

GospelScoop came mostly out of my own need for a one stop news source. I have always liked the Digg.com approach to handling news, but have been turned off by its anti-Christian user base. When I set out to start GospelScoop it was not to create a Christian news source, but just a news source and community that dealt with news, commentary, and websites that Christians may be interested in.

I had though about creating a digg-like site for several years, but it was not until the Christian Digg clone I was visiting became unmaintained, spam-ridden, and very buggy. So I decided to take some of the ideas that that particular site was founded on and went looking for a better solution to meet the needs of the community.

As I'm sure you understand its all because of domain availability! I went though probably 50 names and was pretty discouraged until this one popped in my head and the domain was available.

I like to think that GospelScoop offers and safe, friendly, and non-threatening community, as well as a lot of great content that you would find grouped together elsewhere.

It's an exciting time at GospelScoop, as we are still in our infancy; we have many great features coming in the near future including: A Facebook App, Google Gadgets, and other integration with other social community sties.

I would like to see GospelScoop.com become the premier Christian News site. I would also like to see it become completely self-sufficient which would allow for more expansion for the myIchthus Ministry Group.

Well I guess the best advice I have is to make sure there is a need for the site you want to create. Nothing is worse then spending weeks developing a site and then realizing it has already been done and established by someone else. Other than that everything else is in the name, be very careful in choosing the name for you website.

I think the hardest part of starting any new site is naming the site. Besides that I always find it difficult to not lose hope in those first few grueling months of slow growth. All of that changes once a community takes hold.

The development team consist only of myself and I have two moderators who help to keep the content clean.

Since our launch at the end of April 2008 we have had over 1,200 stories submitted. We average around 50- 60 submissions per day.

We are averaging around 130 unique visitors per day.

We are currently nearing our 100th user account.

When we launched the site in late April I never imagined that here less than two months later we would already have a community base that is rapidly expanding and nearly doubling every single week. This is mostly thanks to the Facebook Group "Support GospelScoop.com" that has jump started our community.

Thanks again to Kris for taking the time to answer these questions. Be sure to check out the site and submit some content.

Shared hosts offer great features and prices for both new webmasters just starting out and seasoned webmasters. The best feature is typically the price. A lot of shared hosts can offer basic plans for under $10 a month. The extensive bundle of features you get for that cost is not always the best way to go however. There are often terms and conditions (which are skipped over all too often) that can make the best price and feature combination not worth a tenth of what they are charging. Here is a list of 5 things, in no particular order, to verify before deciding on a shared hosting plan.

1. 99.9% Up Time - Verify that the plan includes 99.9% up time. This is in my opinion the most important one because if the host isn't committed to keeping the connections and servers running at all times, it doesn't matter what features or deal you get, your website will be unreachable.
2. Unlimited = Unlimited - Verify that if your host advertises an unlimited amount of anything, you will indeed get unlimited amounts of it. Some hosts will offer unlimited bandwidth for instance, but throttle you if you start consuming too much. Another downfall with unlimited (bandwidth in particular) is the impact other users can have on the system. If the host doesn't have a limit in place, one user could consume a large percentage of resources, which will in turn decrease the performance of your website.
3. Exceeding the Limit - Verify that the host doesn't suspend an account that goes beyond its allocated limits per month, whether it be bandwidth or another limited feature. This may not be a bad thing for those webmasters who are not relying on the website for anything, or those who are not looking to have a regular following (I don't know very many of those kinds of webmasters), but it is very bad for webmasters that can't have down time. If at all possible, try to make sure that your account isn't suspended for going over; have them charge you accordingly. If you aren't comfortable with this route, make sure that you keep a close eye on your limits and make the necessary adjustments to ensure you don't exceed your limits.
4. Established Support Record - Verify that the host has an established and verified customer support record. You will inevitably need to talk to support when your site goes down, because it will go down, and I have dealt with hosts that take around 4-6 hours to get back to you. Make sure that you can talk to someone within minutes if your site is experiencing problems. You aren't able to do much to help your site when using a shared host, so you will rely mostly on the support they offer. THIS IS KEY!
5. Speed of Upgrades - Verify that your host will upgrade to the new releases of features such as PHP, MySQL, cPanel, etc. as soon as possible after the stable releases become available. I have heard many cases, and been a part of cases, where you buy the most recent version as part of your hosting package and the releases don't get updated/upgraded after that. The new machines that are set up get the new releases, but the machine you are on might not get them for months or even years after the release.

Have you dealt with something that might not be a typical item to watch out for? Let us know in the comments if you have any tips to keep us aware.

.

Any webmaster knows the importance of a good FTP program. Although we can accomplish FTP requirements through a command line program, whether it be on Windows or a flavor of *nix, that is not always the most efficient way. A good program is typically advertised as a commercial software application with an associated commercial cost. While this is true in some cases, such as FlashFXP and CuteFTP, there are many options out there that provide great functionality at at an even better cost: free. I have listed 5 of the best below.

You can click on the icon to see a screenshot.

• | FileZilla - This is probably the most popular free FTP program available. It has a large following, in part due to it being an open source program. That certainly isn't the only reason though. FileZilla is not as nice to look at as SmartFTP, but is very fast and efficient. The program uses very little resources and provides all the typical functionality required in an FTP program. It boasts features like drag & drop, transfer queues, resume, large file transfers, and many more. If you don't care about the appearance and you just want a fast, easy, and full featured program, this is your program.
• | FireFTP - This is an add-on for FireFox. Don't be fooled by its simplicity though. It has many of the same features covered in the first two programs. FireFTP supports searching, remote editing, drag & drop, FXP (FTP to FTP), CHMOD, synchronization, and more. Although this harnesses the framework of FireFox, FireFTP is a good choice for many.
• | GoFTP - This program presents itself as the fastest multi-threaded FTP program available, working 314% faster than its competitors. Speed and ease of use are the biggest sellers for this program. GoFTP will also perform "on the fly compression," as well as instant connections and directories through its proprietary technology. It also supports the usual features, drag & drop, and transfer queues. This is another good alternative to a paid program.
• | WinSCP - This program doesn't have anything that I think separates it from the pack, but is still a good program. It supports all the common features like drag & drop, synchronization, and the common file operations. One thing I might point out is that is does offer a command-line interface and batch processing. This is an interesting feature to add because if I wanted to use command line, I'd use the basic FTP programs that come bundled in windows or *nix. At any rate, it works well and is a worthy entry in the list.
• | CoffeeCup Free FTP - This program is a basic no frills FTP program. It offers all the features necessary to be a FTP program like ASCII/Binary/Auto uploads and downloads. It connects to any FTP server, is capable of multiple server profiles, and remembers your server information. It is not the best looking program but it does what is needed and is best of all, free.

What FTP program do you use to meet your needs? Please comment below and let us know what else is out there.