Last month, I delivered my Beyond Frameworks talk at PHP UK 2011. The talk is all about the challenges that the framework-using members of the PHP community are going to face as major framework upgrades (such as Zend Framework 2 and Symfony 2) are released, and a clear strategy on what you can do to minimise these challenges in the future: build more components, don't put all your eggs into the frameworks basket.
If you didn't make it to my talk at PHP UK 2011, the video of the talk is now available...
I'm a keen believer of learning from other folks mistakes and attempting to not repeat them. Source code disclosure and even worse configuration disclosure which happened with tumblr. One thing to remember, if you keep your configuration for your app...
The wiki.php.net box was compromised and the attackers were able to
collect wiki account credentials. No other machines in the php.net
infrastructure appear to have been affected. Our biggest concern is,
of course, the integrity of our source code. We did an extensive code
audit and looked at every commit since 5.3.5 to make sure that no stolen
accounts were used to inject anything malicious. Nothing was found.
The compromised machine has been wiped and we are forcing a password
change for all svn...
It's interesting - sitting here writing a few emails, sending a few tweets - I was reminded of a me from not so long ago. He was the one that tried to convince you that conferences aren't about the talks. He pointed out that the real key to conferences was the people you met there. I'd sort of forgotten him until just this morning, and I wanted to invite him back to the stage.
See, the key to it all is the people. Sure, you can talk about one confernece or another specifically, but then you'd lose sight...
It's easy for us to look around at the technology we work with every day and think that we can solve all of the worlds problems with a few lines of elegant code. We think that just because we have a mastery of our language of choice, that we can conquer any challenge we might face. The only problem is that we're forgetting one thing. No matter how much code you write or how much time you spend pouring over that shiny new architecture you've dreamed up, there's one thing that can never be replaced - the...
We started development on Horde 4 almost 3 years ago, and we could probably work another 3 years and still would find things to do and to improve. So we decided to make a cut now and get Horde 4 out of the door. The lessons learned during development also lead to a different release model for Horde in the future.
The wiki.php.net box was compromised and the attackers were able to collect wiki account credentials. No other machines in the php.net infrastructure appear to have been affected. Our biggest concern is, of course, the integrity of our source code. We did an extensive code audit and looked at every commit since 5.3.5 to make sure that no stolen accounts were used to inject anything malicious. Nothing was found. The compromised machine has been wiped and we are forcing a password change for all svn...
In an interesting move to help make things easier (and better for the environment) for the attendees of their tek11 conference, the php|architect group is going with an "all digital" format for their conference materials this year.Conference programs are easily misplaced, pamphlets are often discarded, and so on, and so forth. The end result is an enormous amount of waste - I'm pretty sure that, last year, we probably shipped, handled, and handed out at least 500lbs. of paper - and less value than...
As posted on PHP.net, the latest version in the PHP 5.3.x series has been released - PHP 5.3.6.The PHP development team would like to announce the immediate availability of PHP 5.3.6. This release focuses on improving the stability of the PHP 5.3.x branch with over 60 bug fixes, some of which are security related.Updates in this new release include:
Enforce security in the fastcgi protocol parsing with fpm SAPI.
Upgraded bundled Sqlite3 to version 3.7.4.
Added options to debug backtrace functions....
Image by bertboerland via Flickr
Dear Gareth Heyes,
I thank you for your response that claims Regex html Sanitisation can work.
On the Web Builder Zone today Gorgio Sironi asks you, the larger development population of the web, what framework would you use today to start a new application?One of the difficult parts of framework adoption, especially in the PHP world, is about choosing the right framework. There is a proliferation of open source solutions and a team must analyze the overall picture thoroughly before locking itself into a particular framework. Changing the framework which an application is built with without shaking...
I'm finally getting back to some coding in my spare time (what little of it I have), and I'm starting slowly with some maintenance work on a Wordpress Plugin called Simple Graph.
Jeremy Brown, after working tirelessly on a REST API based around the Zend Framework (and a few other technologies), has come up with his three tenets for implementing a REST API to hopefully help you along the straight and narrow path that he forged himself.In the course of performing my duties at my day job I recently came across the need for our data to be accessible via an API. After researching the various types available, I settled on developing a REST API. The selection process wasn't the...
In a recent post to his blog Fabian Schmengler looks at mocking something in your unit tests that could cause problems in certain situations - needing a specific kind of response from a built-in PHP function. In his case, he shows how to mock time to return the same formatted date.A common problem in Unit Testing in PHP is testing something that depends on the current time. For a determined test it should be possible to set the time in your test script without really changing the system settings. In this...
Popular posts from PHPDeveloper.org for the past week:Ole Markus' Blog: Catching fatal errors in PHP
IBM developerWorks: Create a PHP development environment on the cloud
Steve Francia's Blog: Getting Started with Symfony2
PHPBuilder.com: Creating and Manipulating PDFs with PHP and FPDF
Query7.com: A Look At PHP 5.3 Frameworks - Symfony2
Zend Developer Zone: DrupalCon '11 Thoughts (Parts 1 & 2)
Community News: "Ideas of March" Kicks off a "Blogging Revival"
SearchCo.de: List of Most Commonly Used PHP...
git bisect can be used to find the change that introduced a bug. It does so by performing a binary search on the list of commits between a known good and a known bad state of the repository. A tool such as PHPUnit can be invoked at each step of the binary search to check whether or not the current state is broken.
Let us assume that the unit tests for our project fail at the current HEAD of the master branch:
sb@ubuntu bankaccount % ant
Dear PAˇdraic Brady,
I have not received any emails with any exploits, I am disappointed I want my html regex sanitiser to be broken please. Apparently you can find 2-5 vulnerabilities per solution so please execute XSS in my regex. Thanks! I'll be very impressed if you do and I will promise to dedicate a blog post to you.
html Regex sandbox
Thanks very much
In a new recent to his CodeFury blog Kenny Katzgrau (a member of the GetSparks team) looks at how to use the GetSparks.org service to get "sparks" for your CodeIgniter installation and make working with third-party services and other tools not included with the framework simple.If you aren't already familiar, a package manager and repository for CodeIgniter libraries was released last week at GetSparks.org. In the few days between then and now, some very interesting and useful packages have been...
On the PHPFog blog there's a recent post explaining their service in a bit more detail and how it provides the PHP applications out there with a huge amount of scalability that a traditional virtual server can't.PHP Fog is a new type of hosting provider for PHP applications developers to build applications the good old-fashioned way but with easy scaling, reliability, speed, and easy deployment/management compared to traditional shared/dedicated hosting.They look at a few situations where scalability can...