Update 2: I got annoyed and added optional support for ImageMagick V6, some manual configuration is required.

Update: The PECL extension for ImageMagick is broken for PHP 8.3. It has been busted for over a year and nobody seems to give a damn, so this work is shelved until it gets fixed.

I've never been happy with thumbnails generated by PHP's native GD2 library, so I'm adding optional support for ImageMagick in the next release. If ImageMagick is installed, Tuskfish will use it by default, and if not, it will fall back to GD2. ImageMagick is widely available on most, if not all, commercial web hosts.

ImageMagick offers two benefits over GD2:

• It generates much better quality thumbnails than PHP's native GD2 library. The thumbnails generated by GD2 are a bit fuzzy, and larger images can actually look pretty bad.
• ImageMagick is aware of colour profiles and will preserve colour space information. GD2 is not only unaware of colour profiles, but actually discards them, which causes colour shifts in images that can render them drab and washed out.

To keep things simple, I will only be supporting the sRGB colour profile, which is the default for the web. You should already be converting your master images in sRGB before using them on websites anyway, because browsers generally will not be able to render other profiles correctly.

My Ryzen 5950x became unstable and started throwing random reboots. No errors are reported, and Windows logs just shows a kernel power loss event. The distinguishing feature is that the reboots usually happen when the CPU is lightly loaded or idle, or a few seconds after leaving a heavy workload. The machine passes stress tests without an issue. The consensus seems to be that the CPU is undervolting a bit too far under light/idle workloads. So people are experimenting with many different BIOS settings to try and fix it.

TLDR: After trying every BIOS adjustment under the sun, installing a different OS, and rotating every component bar the motherboard with old spare parts, I was left with only one option: It had to be the motherboard. So I bought a new one, and yes, everything just works great now.

I was going to write a guide to security-related HTTP headers, but it turns out that someone has already done it. So here you go, it's worth a read. I have locked down the out-of-the box Tuskfish headers a bit tighter. The content security policy header can break a lot of stuff (read 'any inline script or style sheet') and requires manual tweaking, depending on what you're doing.

Tuskfish 2.0.7 is a minor update to fix small bugs and add htmx support. Back end toggling of content on/offline now uses a htmx call to avoid reloading the whole page. This makes management easier when you have a large amount of content. The htmx library is now available in /vendor, but it is only used in the back end administrative theme.

Tuskfish 2.0.6 introduces automatic content expiry and sitemap update functionality, via a daily cron job script, updates third party libraries (jQuery 3.7.0, FontAwesome 6.4.0 and TinyMCE 6.4.2). A few bugs were fixed including custom RSS feed error if ID was empty, and indexing of soft 404 and enclosure links has been allowed.

In a blog post annoying titled Heroku's Next Chapter, Heroku's General Manager has announced they will discontinue their free plans. On 28 November they will reduce free resources to zero and start deleting hobby-dev databases. Yep, they are going to bin your data with no warning other than an email, to "manage fraud and abuse". The good news is that you don't need them. Get your virtual machines from a cloud provider and containerise your apps with Docker instead. You'll never look back.

No longer recommended. Trying to find truly free stock photos has always been painful. Usually, the available 'free' resources come with unwieldly terms such as the requirement to publicly attribute the source or acknowledge the author. Now I fully support the Creative Commons licenses for literary works, but you just can't plaster attributions across the artwork for a brochure, website banner or logo. It's not an appropriate model. Recently I stumbled upon unsplash.com, a stock photo site that is actually free, has a remarkably permissive license, and is also excellent.

A user management system is available as of Tuskfish v2.0.4, which allows trusted users to be enrolled as Editors who can create and edit content. The user management system is only accessible to the site Administrator, who is the gatekeeper for whom is allowed editorial privileges. Editors do not have access to the site preferences, but it is still a very sensitive role.

A demonstration of Tuskfish's mapping capabilities. This track was recorded on my Garmin Forerunner 245 watch, as I drove back from Batemans Bay on the south coast to Canberra. The map is automatically generated from an exported .kml file of the track, which Google Maps can put bounds around. The tracks are downloadable so others can use them on their own devices if they wish. You can also prepare maps in Google Earth or Google Maps itself.

Tuskfish 2.0.3 brings compatibility with PHP 8.1, so if you want to wring the last few milliseconds of performance out of your site, use this version. New features include support for embedding Youtube videos, a sitemap generation facility, a 'minimum views' preference before displaying the views counter, and a live character counter for the meta description field. Third party libraries have also been updated, including adoption of Bootstrap 5.1.

Tuskfish 2 is a rewrite of Tuskfish CMS to adopt a strict model-view-viewmodel (+ controller) architecture. You can think of it as traditional MVC except the view is split into a view and a viewModel to abstract the model/view relationship, which improves flexibility and reuse of components. A front end controller and static router has been added to allow custom URL schemes. With the adoption of namespaces, Tuskfish 2 is now a very modern (if small) PHP application.

Just a short note to say Tuskfish 2 is in the works. It's going to be a partial re-write of the back end, but there will be minimal changes on the front end or from a user experience point of view. The database schema will also remain unchanged to allow seamless upgrade. Tuskfish 2 will be designed as a strict MVC architecture to improved separation of concerns, rather than the loose MVC it currently has. Components will be assembled through composition and inheritance will be fully dispensed with.

I'm very happy about Github's decision to grant unlimited free private repositories. It's not that I objected to Github charging people for the services they provide, but to qualify for free access you had to make all of your repositories open source and public. The problem with that was that the world is actually better off with some repositories remaining private. Do you really want access to the scratch pad repository I'm using to learn a new language? I think not.

Sick of low quality clickbait articles about "the best" and " most popular" programming languages? Everyone seems to play this game, even otherwise reputable sites. I suppose they do it because "what language should I learn" is a question that every aspiring programmer has to ask. There's a lot of traffic in it.

Nearly all of these articles are bad, because they are based on irrelevant metrics such as trends in keyword searches, recent Github activity, average salaries or similar. For example, if a lot of people search for "Javascript" clickbait articles often extrapolate this into "popular" and/or "the best", and slap it into a "top 10" list of languages you should learn!

I have one more refactor of Tuskfish planned. The goal is to break down some of the more monolithic methods into smaller logical components that are easier to test. This will not involve adding any new functionality as the core system now does what I want it to do. From here on changes will largely focus on refining the structure, simplifying and clarifying the code to make the project more robust and easier to work with.

I was playing around with different password hashing algorithms and came across this password hash cost calculator. It's a simple script you can use to measure how long it takes to calculate a given hash on a particular machine. Since web hosting accounts often come with limited resources compared to your local dev box, it's useful for tuning the cost of your hashing algorithm (how many times you iterate the calculation) to keep it at a sane level.

Tuskfish has had a substantial internal restructure. Static methods have been removed in favour of dependency injection, and modularity has been added (beginning of course with the content management module). The documentation needs extensive revision, when it's all ready the result will be released as Tuskfish V1.1.

I just finished reading Clean Code: A handbook of agile software craftsmanship, by Robert C. Martin. It’s a highly regarded book and contains many useful ideas; I have started refactoring some aspects of Tuskfish based on things I learned from it. This will include improving names, shortening and splitting up some of the larger functions into smaller logical units, replacing magic numbers with named constants and so on.

It feels strange to criticise PHP after developing a substantial (for me) project in it. Obviously I like the language and the recent performance improvements have given it a significant boost. But there are a few things that grate on the nerves and make me wonder about its long term future. Here are some of them, presented in no particular order.

I almost forgot to say, welcome to the Tuskfish CMS Project. It started as a personal project that I created to solve a number of problems I was having at work revolving around ever-increasing maintenance overheads and ever-decreasing free time. I needed a robust and flexible but low-maintenance solution for web publishing, and here it is. Kinda growing...