Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Three Devs & A Maybe:
Episode 103 - Caching up with Joe Watkins
Jun 23, 2016 @ 10:55:21

On the Three Devs and a Maybe podcast they've posted a new show where they're joined by Joe Watkins, a core developer on the PHP development team.

In this weeks episode we are lucky to be joined by Joe Watkins. We start off discussion around the development of PHP 7.1 and the recent initial alpha release. Following this, we give an update on a couple of previously mentioned RFC’s, along with how Joe’s ones are doing. This leads us on to highlight how some small proposed changes are paving the way to optimal machine-code and finally integration of a JIT compiler. Some of these proposed changes may result in backwards compatibility breaks, we discuss this topic and when it is deemed acceptable to permit this. Finally, we chat about memorisation, caching and how it is not really feasible to distill a standard caching interface that fits all requirements.

You can listen to this latest episode either using the in-page audio player or by downloading the mp3 of the show. If you enjoy it, be sure to also subscribe to their feed and get updates on the latest episodes as they're released.

tagged: threedevsandamaybe ep10 podcast joewatkins core developer

Link: http://threedevsandamaybe.com/caching-up-with-joe-watkins/

SitePoint PHP Blog:
Contributing to PHP: How to Fix Bugs in the PHP Core
Apr 12, 2016 @ 10:37:27

On the SitePoint PHP blog Thomas Punt continues his series about how you can contribute back to the PHP language. In his previous post he talked about contributing to the PHP manual. In this latest part of the series he moves into something with a bit more complexity: contributing to the core of the language itself.

Previously, we covered contributing to PHP’s documentation. Now, we will be covering how to get involved with PHP’s core. To do this, we will be looking at the workflow for fixing a simple bug in the core.

Since submitting new features to PHP has already been explained pretty well, we will not be covering that here. Also, this article does not seek to teach PHP’s internals. For more information on that, please see my previous posts on adding features to PHP.

In this article he assumes you at least already have a working knowledge of the PHP source and how to locate/update code and execute it. He focuses instead on the bugfix process and workflow needed to:

  • find a bug to fix
  • create a test to reproduce the issue
  • use a debugger to find the exact spot where the problem is
  • and create a simple fix

In this case it's a pretty simple issue to correct, but there are much more complex things that would require more work than just a simple "if" check. This guide can help you get started on the correct workflow, however, and be sure you're handling things as the project expects.

tagged: contribute fix bug core language guide workflow test phpt

Link: http://www.sitepoint.com/contributing-to-php-how-to-fix-bugs-in-the-php-core/

Check Point Blog:
Finding Vulnerabilities in Core WordPress: A Bug Hunter’s Trilogy, Part I
Aug 06, 2015 @ 11:44:14

The Check Point blog has posted the first part of a series from one of their vulnerability researchers about finding security vulnerabilities in the core WordPress code (and some of the results along with CVE numbers).

In this series of blog posts, Check Point vulnerability researcher Netanel Rubin tells a story in three acts – describing his long path of discovered flaws and vulnerabilities in core WordPress, leading him from a read-only ‘Subscriber’ user, through creating, editing and deleting posts, and all the way to performing SQL injection and persistent XSS attacks on 20% of the popular web.

In this first part he focuses on the concept of "identity" in a WordPress application. He focused on the "roles and capabilities" functionality to find bypass methods in operations like editing and adding new posts. As he works through his process, code is included from the WordPress core showing where the issue(s) lie and what would be needed to exploit the issue.

tagged: bug hunt wordpress vulnerability core code part1 series checkpoint

Link: http://blog.checkpoint.com/2015/08/04/wordpress-vulnerabilities-1/

Evert Pot:
The problem with password_hash()
Feb 25, 2015 @ 10:51:04

Evert Pot has shared some of his thoughts about why he has a problem with password_hash (and friends). His thoughts are initially about this particular feature but they're actually wider than that.

The initial introduction and rfc for these functions made me uneasy, and I felt like a lone voice against many in that I thought something bad was happening. I felt that they should not be added to the PHP engine. I think that we should not extend the PHP engine, when it's possible to write the same API in userland, or there are significant benefits to do it in PHP, such as performance. Since the heavy lifting of the password functions is done by underlying libraries that are already exposed to userland-PHP, it didn't make sense to me to expose it as well in the core.

He includes a list of things he sees as drawbacks for new C-based functionality in PHP including the fact that it extends the "PHP specification" and forces other projects to implement it (like HHVM). He does include a few positives, though, such as the increased visibility and legitimacy, but still thinks they don't outweigh the negatives.

tagged: password hash core language c implementation opinion userland

Link: http://evertpot.com/password-hash-ew/

Voices of the ElePHPant:
Interview with Liz Smith
Jan 14, 2015 @ 10:24:22

The Voices of the ElePHPant podcast has posted their latest episode in their series of community interviews. This time host Cal Evans talks with Elizabeth Smith, a well-known PHP community member, speaker and core developer.

Cal and Elizabeth talk about her work contributing to the core of the PHP language and the PHP Mentoring organization she's currently involved with (and helped start).

You can listen to this latest episode either through the in-page audio player or by downloading the mp3 for listening at your leisure. If you enjoy the episode, be sure to subscribe to their feed.

tagged: voicesoftheelephpant community interview elizabethsmith phpmentoring core

Link: http://voicesoftheelephpant.com/2015/01/14/interview-with-liz-smith/

Cal Evans:
Five influencers you should thank this year for making the PHP community so awesome
Dec 22, 2014 @ 11:47:56

Cal Evans, PHP community member extraordinaire, has a new post sharing his suggestions of the top five influencers in the PHP community that "make it awesome" and help make it one of the best he's been involved in.

It is no surprise to anyone who has talked to me for more than five minutes that I think the PHP community is the most vibrant and engaging developer community out there. So as we approach the end of the year, I am going to list out the influencers that help keep this community at the top. These are the people that you need to seek out and thank because without them, the PHP community would not be what it is today.

He goes with categories rather than mentioning names (because, really, there's way too many too name them all):

  • 5: Core Developers
  • 4: User Group Leaders
  • 3: Conference Organizers
  • 2: Conference Speakers, Bloggers, and Teachers
  • 1: Any developer using PHP

That last one, while it might seem like an "everyone else" kind of category, is one of the most important in my opinion. After all, what is a language without its users. Core developers and community group/event leaders wouldn't have anything to talk about if no one was there to talk. There would be no one to teach or be taught to and the core developers wouldn't have any reason to drive the language forward. Even if you're not well-known in the PHP community, you and your code are making a contribution to the community, even if only in a small way.

tagged: top5 influencers thank opinion list core usergroup conference users blogger teacher

Link: http://blog.calevans.com/2014/12/21/five-influencers-thank-year-making-php-community-awesome/

Voices of the ElePHPant:
It's the Booze Talking #5: Core Developers
Feb 04, 2014 @ 13:56:36

The Voices of the ElePHPant podcast has released its latest episode, the next in their "It's the Booze Talking" roundtable series - Episode #5, "Core Developers".

This episode was recorded live at last year's ZendCon PHP Conference in Santa Clara, California. Guests for the episode were:

  • Sara Golemon
  • Derick Rethans
  • Illia Alshanetsky
  • Ben Ramsey Liz Smith
  • David Stockton

There's also mention of the PHP Mentoring project and the PHP RFC process. You can listen to this latest episode either through the in-page player or by downloading the mp3 for listening at your leisure.

tagged: voicesoftheelephpant community roundtable core developer booze podcast

Link: http://voicesoftheelephpant.com/2014/02/04/its-the-booze-talking-5-core-developers

PHP Interview With Michael Wallner A Full-Time Core PHP Developer
Oct 21, 2013 @ 09:51:14

On 7PHP.com today another community interview has been posted - this time it's with Michael Wallner, a full-time PHP core developer working at SmugMug.

Today I bring you an interview with someone (named Michael Wallner, @_m6w6) who has been hired to work full-time on PHP. Yes you heard it right: this guy is paid to work on The Core of PHP. As you know PHP is open-source, so why would a company hire someone to work full-time on such a free technology? (I let you get the answers from Mike himself). Besides since he is highly involved with PHP and it’s core, it’s a good opportunity to learn from his experience and know-how, so let’s hear from him!

He answers questions about his past, how he started with PHP and what he thinks of the language now versus when he started out with it. He gives some advice to budding PHP developers and some of the libraries/projects he suggests. They then talk some about his work at SmugMug and how much time he'll be spending dedicated to working on the PHP core. There's also a bit answering the "why" question of why SmugMug would hire him to work on the core...but you'll have to read the interview to find out that answer.

tagged: michaelwallner fulltime core developer interview community smugmug

Link: http://7php.com/php-interview-michael-wallner/

A New Frontier for Core Development
Aug 07, 2013 @ 10:21:32

WordPress, by far one of the most popular PHP-based applications out there has a new post to their site officially stating a change in core development practices:

In a little over a decade, we’ve made twenty five thousand commits to WordPress. WordPress (along with the web itself) has come a long way, but our development workflow has remained largely the same.

As a part 3.7, I’ll be leading an effort to revamp and streamline our development workflow. We’re going to bring all of our core components - our code, our tests, and our tooling - under one roof. Developers will be able to use and improve the tools we’re already working with day-to-day, and we’ll be able to add new tools to make working with WordPress even easier.

We’re also making sure that any changes are compatible with our current workflow, so you won’t have to change the way you work. These changes won’t break any existing checkouts or scripts that use core.svn.wordpress.org.

The post also details some of the new things they're doing to improve the development and deployment process. This includes the creation of a "develop.svn.wordpress.org" SVN repository to hold all new WordPress development. There's also a new build process involving a tool called "bumpbot" and the new addition of Grunt.

tagged: core development changes build process svn develop

Link: http://make.wordpress.org/core/2013/08/06/a-new-frontier-for-core-development

Ben Ramsey:
Contributing to PHP Core
Jul 12, 2013 @ 11:31:06

Ben Ramsey has a new post to his site today related to a talk of his that was accepted at this year's ZendCon conference about contributing to the PHP core:

I’ve been accepted to speak at ZendCon this year. One of the three talks I’ll be presenting is a new one: “Contributing to Core: My Journey to Add array_column() to the PHP Core.” While PHP conferences sometimes include talks or tutorials on creating PHP extensions or the intricacies of the PHP internals, I’ve never seen a talk about one’s personal experiences contributing to core, from start to finish, and how one would go about getting started. That’s what this talk is about.

He also shares a tool that he used when he was doing his own work on the array_column function - a PHP development Puppet setup that could be spun up and reproduced as needed. He also spends some time talking about the build cycle, how to run tests and a link to the Puppet Cookbook he kept close for reference.

tagged: contribute core puppet development build unittest

Link: http://benramsey.com/blog/2013/07/contributing-to-php-core