Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Paragon Blog:
Building Secure Web Applications in PHP
Sep 21, 2015 @ 16:15:56

The Paragon Initiative has posted an article to their blog talking about how to build secure applications in PHP. Rather than try to get into the specifics of specific vulnerabilities, they stay relatively high level and stick with concepts to keep in mind and steps you can follow to ensure your development practices are secure.

Whether you're planning the development of a brand new application or trying to prevent legacy code from causing a costly data breach, if you're going to be writing PHP, where should you begin? That is the question we will attempt to answer, in detail.

The article starts with an "easy way out" for those that don't feel like they know enough or just don't have the resources they need: hire consultants. With that out of the way, the article mentions two root causes for insecure apps: lack of knowledge about security and bad development habits. They then get into some suggestions about how you can learn to understand and prevent vulnerabilities in your own applications. They focus in on a few key places for PHP developers to pay attention to, complete with some charts showing the parts of the flow. The post ends with some advice on what do to if your site is compromised anyway and how to move forward.

tagged: secure application advice common issues developer

Link: https://paragonie.com/blog/2015/09/building-secure-web-applications-in-php

SitePoint PHP Blog:
Defensive Programming in PHP
Jul 21, 2015 @ 11:49:07

In an article from the SitePoint PHP blog author Jeff Smith walks us through some advice he has about defensive programming in PHP, that is good practices for writing code that more gracefully handles potential error points.

Defensive programming, simply put, is programming with the intent to anticipate likely failure points. The goal is to circumvent those likely problems before they occur. You see the problem, right? There’s something inherently difficult with the advice “expect the unexpected” and it’s made many times worse when one alters it to “expect the unexpected and try to prevent it”. Let’s look at some practical examples.

He touches on a few of the most common places where errors could be introduced with unexpected input or functionality:

  • Conditional Statements
  • User Input (and trusting it....hint: never)
  • Assumptions [Made] About Your Code
  • Tunnel Vision (or not using good development practices)
  • Consistency in Syntax and Naming

Each point in the list includes a brief summary of what to look out for and things you can do to prevent the problem. It's by no means an exhaustive list, but it is a good place to start.

tagged: defensive programming tutorial opinion advice

Link: http://www.sitepoint.com/defensive-programming-in-php/

Lorna Mitchell:
So You're Thinking Of Submitting A Talk
Jul 17, 2015 @ 09:21:40

With another round of "conference season" and Call for Papers starting up, there's some timely advice from Lorna Mitchell with some suggestions about submitting a talk to the conference of your choice.

I've been a conference speaker for a lot of years now, which doesn't make me an expert but it does mean that people ask me for advice pretty regularly! With the Call for Papers open for PHP North West at the moment (awesome conference, first weekend in October, CfP at http://conference.phpnw.org.uk/phpnw15/call-papers/), I've taken this question a few times. Here's my advice in a nutshell.

She shares five tips that she feels can help you make for a better abstract and submission including writing it down before submitting and asking for peer reviews before hitting that submit button. She also links to a few other helpful resources that can provide even more tips to help you even once you've been selected.

tagged: submit conference talk advice opinion callforpapers technical

Link: http://www.lornajane.net/posts/2015/so-youre-thinking-of-submitting-a-talk

Henrik Warne:
Lessons Learned in Software Development
Apr 29, 2015 @ 12:52:04

In this recent post to his site Henrik Warne has shared a list of advice around software development and some good practices he's picked up along the way.

Here is my list of heuristics and rules of thumb for software development that I have found useful over the years.

His list includes several points related to a few main categories:

  • Development
  • Troubleshooting
  • Cooperation (personal, not code)
  • Other Miscellaneous Tips

Each main topic has a few sub-topics and each of those includes a brief description (with twenty-two tips in the list overall). There's some great advice in the list as well as some good contributions in the comments, so be sure to read through those too.

tagged: lessons learned software development advice tips development troubleshooting cooperation

Link: http://henrikwarne.com/2015/04/16/lessons-learned-in-software-development/

Loosely Coupled:
Episode 19: How We Work
Feb 13, 2015 @ 09:45:50

The Loosely Coupled podcast has posted their latest episode today - Episode #19, How We Work. Join hosts Jeff Carouth and Matt Frost as they talk about work life, personal life and what tools, processes and techniques they've used during their careers to get the job done.

In this episode Jeff and Matt explore how they go about organizing their work life and our personal lives. They cover the idea of how the process evolves depending on your environment and even your personal inclinations. In 2011, Jeff wrote a blog post about the tools he used back then and realized that it has changed a little but for the most part works for him. They cover some pitfalls of processes that require tickets/stories to be broken down into parts where developers cannot understand what they’re doing or why, and how they’ve learned over time to get to that information. They also talked about learning how to be professionals and defend against situations that would impact your work or your code in negative ways. Finally they touch on Matt’s work scheduling experiment which is inspired by the Makers Schedule versus the Managers Schedule and how it has helped him be more productive.

You can listen to this latest episode either by using the in-page audio player or by downloading the episode directly and listening at your leisure. Be sure to subscribe to their feed or follow them on Twitter for the latest updates and show announcements.

tagged: looselycoupled podcast ep19 work advice tools pitfalls process professional

Link: http://looselycoupled.info/blog/2015/02/12/episode-19-how-we-work/

Cal Evans:
What Developers Want Recruiters to Know
Oct 15, 2014 @ 11:56:25

Cal Evans asked a question on Twitter the other day of his followers for advice, from developers, to share with recruiters and how they can do their job better when it comes to recruiting talent.

I post this not to belittle or ridicule recruiters. I think that good recruiters are a valuable part of the tech ecosystem. I post this to hopefully help more recruiter become good recruiters.

He's listed all of the responses he's gotten in the post (via Storify) as individual tweets. There's a few recurring themes happening and lots of good advice including:

  • "treat developers as human beings"
  • "We're smart people, we can see an email isn't personal. Treat us like the individuals we are."
  • "Read the profile before sending out CV, I am not a Ruby developer."
  • "Googlebing someone before emailing them. Know who they are."
  • "don't try to sound like you know what you're talking about if you don't. You just lose respect."
  • "build a relationship with me, not a one night stand"
  • " Have the decency to at least get back to devs if the end client hasn't chosen them"

If you are or know of a recruiter, please share this post with them. The unfortunate fact is that there's a lot of recruiters out there that don't realize that this is how to talk to developers (and sadly, some don't event care).

tagged: recruiter developer advice twitter feedback opinion

Link: http://blog.calevans.com/2014/10/14/what-developers-want-recruiters-to-know/

SitePoint Web Blog:
From Developer to Product Manager: A 3 Stage Plan
Aug 13, 2014 @ 11:55:34

As some developers move on in their careers, they start to progress more towards a management role. Sometimes this comes in the form of a "product manager" since most of their knowledge is wrapped around the product(s) they've been working on. However, making the move up from developer to product manager can be a difficult transition. In this new post to the SitePoint Web blog, Ernest Sliter tries to help with his own three-stage advice.

It’s certainly not uncommon for developers or other employees serving in technical roles to eventually transition to product management. Some developers may find they enjoy managing the product road map and solving customers’ problems rather than writing code and building the product themselves. Other seasoned engineers may be searching for a suitable career transition into a management position. If you’re interested in moving to product management in the future, here are three critical steps to make the transition.

For each of his steps he provides a summary of what the choice or action entails and includes a few sub-points that can help:

  • Decide Whether You’re Right for Product Management
  • Expand Your Knowledge of Product Management
  • Take Action!
tagged: developer product manager advice threestage plan

Link: http://www.sitepoint.com/developer-product-manager-3-stage-plan/

SitePoint Web Blog:
Code Manifesto: Words to Live By
Jul 28, 2014 @ 12:45:29

The SitePoint Web blog has posted an interesting article sharing something called The Code Manifesto. The "code" referenced here isn't so much related to the actual code developers write as it is the conduct they follow in their relationships with others (on a professional level).

The tech industry has a rather bad reputation. Stories of discrimination, disrespect, sexism and outright mistreatment aren’t exactly hard to come by. [...] In an industry ostensibly aimed at helping everyone to reach their potential, it’s clear that when it comes to issues of equality and respect, the tech world has a long way to go. Kayla Daniels is one person working to try to change this situation. A North Carolina PHP developer, Kayla is behind The Code Manifesto, a list of values she hopes can be a small step in the right direction.

Among the points made in the manifesto are things like:

  • Discrimination limits us.
  • We are our biggest assets. None of us were born masters of our trade.
  • Respect defines us. Treat others as you wish to be treated.
  • Reactions require grace.

The Manifesto was born out of the frustration felt by Kayla in her work in technology. The six points are designed to help with two main things: respect and equality and contributing to the community...all as equals.

tagged: code manifesto values advice conduct technology

Link: http://www.sitepoint.com/code-manifesto/

Matt Frost:
Avoiding Burnout
Jul 28, 2014 @ 09:59:32

Matt Frost (one of the two hosts on the Loosely Coupled podcast) has a new post to his site about some of his own experiences and advice around avoiding burnout.

Writing software is an incredibly gratifying profession; the idea that you can take a problem and find creative solutions through the use of technology is what drives a lot of us forward. What happens though when the drive is gone? What happens when that nifty little side project, training course, blog post or book goes from being nifty to being a drudgery? I came to this point a number of months ago and stayed there for a while, having now come out of this funk there are some things I learned that I'd like to share.

He talks about some of his own trouble with burnout, the project he was involved in and what it taught him about dealing with it (and life in general). He gives some sensible advice including "don't sit at your desk all day" and "prioritize things". The advice is simple and to the point - avoiding burnout is something only you can do for yourself. Waiting for things to "just get better" isn't going to work.

tagged: burnout experience personal programming advice

Link: http://shortwhitebaldguy.com/blog/2014/07/avoiding-burnout

Dev Recruiting 101: 10 Ways NOT to Interview a Candidate
Jun 02, 2014 @ 10:21:50

For those out there hiring developers to join their team, you might read up on a few tips in this new article on LinkedIn for the "things not to do" during the interview process.

It has been my observation that most recruiters and hiring managers tend to make the same common mistakes. That is why I've decided to write this new series, "Dev Recruiting 101". In it, you will have the unique opportunity to view your industry from the perspective of a veteran developer. You'll learn the secrets that will win us over and the pitfalls that will make us run for the hills. My goal is to give you the "inside scoop", as it were, about how to attract the best talent in our industry.

The list it broken out into ten different points, each with their own descriptions and real-world examples from the author's experiences:

  • Discourage the candidate by telling them how lousy the job is.
  • Don't show-up for the interview or initiate the call at the agreed-upon time.
  • Don't speak clearly.
  • "Okay, now we'd like you to write some code. Here's some blank printer paper and a #2 pencil."
  • Spend 30 minutes giving a detailed history of the company, then say you've run out of time.
  • "As you know, our site is an adult-oriented webcam service. How often do you watch internet porn?"
  • Make the candidate spend 6 hours interviewing with virtually every single member of the engineering department.
  • Ask niche-specific technical questions that are neither part of the job description nor the candidate's skillset.
  • "If a plane crashes on the border between Russia and Ukraine, where do they bury the survivors?"
  • Judge the candidate based on whether or not they're a telepath.
There is nothing more important in hiring the right candidate than conducting an effective interview. Not only does it help you narrow down your choices, but it's also an opportunity to show the candidate why they want to work for you and not someone else.
tagged: interview developer candidate opinion advice

Link: https://www.linkedin.com/today/post/article/20140530075430-11756056-dev-recruiting-101-10-ways-not-to-interview-a-candidate