Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Paragon Blog:
Building Secure Web Applications in PHP
Sep 21, 2015 @ 16:15:56

The Paragon Initiative has posted an article to their blog talking about how to build secure applications in PHP. Rather than try to get into the specifics of specific vulnerabilities, they stay relatively high level and stick with concepts to keep in mind and steps you can follow to ensure your development practices are secure.

Whether you're planning the development of a brand new application or trying to prevent legacy code from causing a costly data breach, if you're going to be writing PHP, where should you begin? That is the question we will attempt to answer, in detail.

The article starts with an "easy way out" for those that don't feel like they know enough or just don't have the resources they need: hire consultants. With that out of the way, the article mentions two root causes for insecure apps: lack of knowledge about security and bad development habits. They then get into some suggestions about how you can learn to understand and prevent vulnerabilities in your own applications. They focus in on a few key places for PHP developers to pay attention to, complete with some charts showing the parts of the flow. The post ends with some advice on what do to if your site is compromised anyway and how to move forward.

tagged: secure application advice common issues developer

Link: https://paragonie.com/blog/2015/09/building-secure-web-applications-in-php

Run Geek Radio:
Episode 007 – Don’t be a jerk
Aug 10, 2015 @ 09:56:09

The Run Geek Radio podcast, with host and PHP community member Adam Culp, has posted their latest episode today: Episode #007: Don't be a Jerk

The topic for this episode is how developers treat other developers and consultants, and how we should strive to stick to the facts, stay professional, and not get personal. He shares a story of a friend and the trials they went through because another developer, in their haste to convince the client of their value, went on the attack of the consultant.

Adam also talks about his own conference talk plans and training for the Keys100 race. You can listen to this latest episode either through the in-page audio player or by downloading the mp3 of the show directly. If you enjoy the episode, be sure to subscribe to their feed too.

tagged: rungeekradio ep7 jerk training keys100 developer consultant conference speaking

Link: https://rungeekradio.com/episode-007-dont-be-a-jerk/

PHP Roundtable:
026: Documentation & Developer Experience
Aug 05, 2015 @ 08:44:24

The PHP Roundtable podcast, hosted by PHP community member Sammy K Powers, has posted their latest episode - episode #26: Documentation & Developer Experience. Sammy is joined by guests Ryan Weaver, Taylor Otwell and Frank de Jonge.

Documentation can make or break a project but it's often completely overlooked until the very end. And if we don't think about how developers will interact with our project before writing our opening We'll discuss some strategies we can take to improve the overall developer experience with "good" documentation and clean API's

You can catch this latest episode either through the embedded video player on the PHP Roundtable site or directly on YouTube. If you enjoy the episode, be sure to subscribe to their feed and follow them on Twitter for notifications when the live recordings are happening.

tagged: phproundtable podcast video ep26 documentation developer experience

Link: https://www.phproundtable.com/episode/documentation-and-developer-experience

Why experienced developers consider Laravel as a poorly designed framework?
Jul 03, 2015 @ 11:41:03

There's a huge thread that's been going on over in the /r/php subreddit on Reddit.com with opinions on why experienced developers consider Laravel as a poorly designed framework.

I have been developing in Laravel and I loved it. My work colleagues that have been developing for over 10 years (I have 2 years experience) say that Laravel is maybe fast to develop and easy to understand but its only because it is poorly designed. He is strongly Symfony orientated and as per his instructions for past couple of months I have been learning Symfony and I have just finished a deployment of my first website. I miss Laravel ways so much.

Currently there's over 200 responses to the question with a wide range of opinions, everything from support of Laravel and its ways to the other side supporting Symfony and its structure. As is par for the course, there's also a share of "troll" comments in the mix, so be sure as you're reading through them to weed those out. There's also some interesting and enlightening things about Laravel, its structure and what it has to offer that those that may not be familiar with it could learn.

tagged: reddit rphp experienced developer laravel poorly designed framework opinion

Link: https://www.reddit.com/r/PHP/comments/3bmclk/why_experienced_developers_consider_laravel_as_a/

Community News:
Launching Today: The Code Climate Platform
Jun 22, 2015 @ 09:57:56

Code Climate, the popular static code analysis service, has made an announcement that will definitely help make checking your PHP application for quality and security issues easier - the release of the Code Climate Platform. This platform provides, among other things, a command line tool that you can use to run their analysis rules on your own systems.

Today, we’re thrilled to launch the Code Climate Platform − the first open, extensible platform for all types of static analysis. [...] What does this mean exactly? First, we’re open sourcing our analysis tools, including the engines and algorithms we use to evaluate code. We’re also enabling anyone to write static analysis engines that run on our servers by following a simple specification. [...] Finally, using our new Code Climate CLI, you can now run any Code Climate-compatible static analysis on your laptop – for free.

This is a great step forward to helping ensure the overall quality of your codebase and makes it even easier than having to rely on a fully external service for the results. Plus, with the specification you can write rules and customize the checks according to your application or framework of choice. They have a developer program you can register for to find out more information about that.

tagged: codeclimate static analysis tool commandline platform opensource specification developer program

Link: http://blog.codeclimate.com/blog/2015/06/19/code-climate-platform/

QaFoo Blog:
Developers Life is a Trade-Off
May 27, 2015 @ 10:57:57

In a new post from the QaFoo blog they talk about a developer's life as a trade-off, the amount of work to put into one technology or approach before deciding it's not worth the trouble and moving on.

At Qafoo, we train a lot of people on topics like object oriented software design, automated testing and more. [...] There is no silver bullet and one of the most important skills every developer needs to hone is to assess possibilities and to find the best trade-off for the current challenge.

He uses personal experience to illustrate the point, a struggle they had with choosing a storage system for their application's data. While one technology seemed to be an ideal fit (Cassandra) the trouble it caused made them fall back to something more reliable. He also talks about another instance where he had to make a decision around using a state machine...or not, because of the overhead and time consumed around it.

One of the most important tasks of a developer is to make trade-offs. They occur wherever you look in your every day life. It is a highly important step to realize and accept this. And it is important to hone that skill. You need to open your mind for new technology and techniques, learn and try them wherever you can. But then you need to step back, analyze the current situation and then find the best trade-off between all possible approaches.
tagged: developer life opinion technology tradeoff decision

Link: http://qafoo.com/blog/075_developers_life_trade_off.html

Christopher Pitt:
Making Dependable #2 (Series)
May 27, 2015 @ 09:25:01

Christopher Pitt has posted the second part of his series about creating "Dependable", a Laravel-based application with a focus on Composer use and customization. In part one he laid the foundation, creating a new project, database and setting up migrations to create the tables. In part two he builds on this and creates additional functionality to store a GitHub user's repositories.

One of the ideas we’ve had is to create an application; which can build a custom Composer dependency map, and deploy that to a new server. It would also be great if there was an interface for deciding which dependencies are included, and a unique URL for each installation.

He starts with a brief mention of testing and why he hasn't included that in his current work. Then he gets into the new models for storing repositories and the migration to create the matching table. He also includes the code that will be needed to link a Developer to a Repository. He finishes the post with an endpoint that can be called to refresh the data from GitHub and pull the repository information down and populate it into the database.

tagged: tutorial series part2 dependable laravel github repositories developer

Link: https://medium.com/laravel-5-tutorials/making-dependable-2-36411b64b958

Run Geek Radio:
Episode 003 – OpenWest Namebadges, Overtraining, Dev Salary & Freelance Rates, [...]
May 15, 2015 @ 12:19:00

The Run Geek Radio podcast, with host and PHP community member Adam Culp, has released its latest episode - Episode 003 – OpenWest Namebadges, Overtraining, Developer Salary and Freelance Rates, Saving Money.

Adam Culp talks about the awesome namebadges at the OpenWest conference, and how assembly was required using a soldering iron. Then shares symptoms, causes, and treatment for over-training while running. (mentions Tension Tamer tea, but intended to speak about Sleepy Time tea instead) Following this the subject of developers and money was covered. What should developers charge per hour, what should a freelance developer pay themselves, and what should developers do to save money for a rainy day.

You can listen to this latest episode either through the in-page audio player or by downloading the mp3 of the show. If you enjoy it, be sure to subscribe to the feed too for more shows in the future.

tagged: rungeekradio ep3 podcast openwest namebadge overtrain developer salary freelance rates saving money

Link: https://rungeekradio.com/episode003/

How to Find, Hire, and Retain Developers – Interview with Cal Evans
May 15, 2015 @ 08:58:54

On FogCreek.com they've posted a new interview they recorded with PHP community member Cal Evans about how to find, hire and retain developers for your business.

We’ve interviewed Cal Evans, author of ‘Culture of Respect’, and we discuss how to find, hire, and retain Developers. He gives tips on where to find great developers, how to write job ads which appeal to them and how best to interview them. We also discuss ways to build a great team culture that can help startups and growing businesses compete with the big guys for talent.

You can catch the interview in a few different ways - either through the in-page video recording, audio-only over on SoundCloud or you can download it for listening offline.

tagged: calevans interview video find hire retain developer cultureofrespect

Link: http://blog.fogcreek.com/how-to-find-hire-and-retain-developers-interview-with-cal-evans/

Voices of the ElePHPant:
Interview with Ryan Weaver
Feb 18, 2015 @ 09:12:08

The Voices of the ElePHPant podcast has posted their latest episode today in their series of community member interviews. In this latest episode host Cal Evans talks with Ryan Weaver.

In this episode Cal and Ryan talk about the concept of "developer experience" (DX) and how the Symfony project has been working to make things easier. DX tries to make things that developers find consistently complex and simplify it. Ryan is hoping the concept will spread outside of the Symfony community into other groups.

You can listen to this latest episode either through the in-page audio player or by downloading the mp3 to listen to the show at your leisure. If you enjoy the show, be sure to subscribe to their feed too.

tagged: voicesoftheelephpant community interview ryanweaver developer experience

Link: http://voicesoftheelephpant.com/2015/02/17/interview-with-ryan-weaver-2/