Brandon Savage shares some of his thoughts on software development and how creating the spec for the project affects it by basic it on a rule - the 15 Minute Rule.

Since most developers (myself included) are also generally bad at developing good specs, it becomes even more difficult to create such a rule. However, I heard a great adage from someone recently that I thought summed up how developers can see specs nearly perfectly. "If it takes more than 15 minutes to determine what it is that you're building, the spec wasn't done properly".

He suggests that not a single line of code should be developed before the spec is completed and, since developers usually aren't the ones creating the spec, they need to have a clear, concise definition of what's expected before hand.

On Kovshenin.com there's a recent post looking at the whole development lifecycle of web-based applications, breaking it out into the three main steps - development, testing and production (splitting out some of these into other, smaller groupings).

Since January this year I've been working on a few projects with a team of over 5 people and high-demanding standards. This raised the problem of project managing and a completely different view of the web development cycle. In this article I'd like to outline the major steps of the software development cycle and how they could be applied to the web development business.

Along with the main three categories (dev, test and production) he also gets a bit more fine grained with things like:

• Development: Pre-alpha Stage
• Development: Beta Stage
• Testing: Release Candidate
• Production: General Availability

With the releases in the PHP 5.x series (5.3 and now a newly branched 5.4), people have been left wondering about PHP 6 and the promised Unicode support it will include. Development on that branch had all but stalled out and things weren't looking too good for the method of introducing full Unicode support to the language. Johannes Schluter has some good news, though - the effort has been restarted and a new approach has been decided on.

Yesterday the stagnation created by the situation has been resolved and it was decided that our trunk in svn will be based on 5.3 and we'll merge features from the old trunk and new features there so that 5.3 will be a true stable branch. The EOL for 5.2 has not yet been defined but I suggest you to really migrate over to 5.3, which usually can be done with very little work, as soon as possible.

Discussion are being made about which type of Unicode support will actually be introduced with a "string class" wrapper gathering some support behind it to provide an alternative to the current string handling.

According to this article in The Register, more PHP developers (of the ones polled by Zend) prefer to do their actual development on a Windows platform, but still host their sites on something like Linux (as shown in the results of a Zend survey).

In a recent study from Zend Technologies, forty two per cent of PHP programmers named Windows as their primary development operating system. Linux came second, with 38.5 per cent, while Mac's OS X was third on 19.1 per cent. Zend did not say how many developers it spoke to, but called the December poll a "global survey" ranging from independent consultants to organizations with more than 5,000 employees.

The same survey shows that the choice of Linux for the server is still strong, and that the rest of the options (Windows, OS X) are trailing by a large percentage. You can read Zend's official press release on the survey on PRWeb.net.

If you're in or near the Dublin, Ireland area and are interested at all in developing web applications on Microsoft's Azure platform, you really should check out a new post on the EchoLibre blog with details on a presentation from Josh Holmes (of Microsoft) that'll be happening On February 21st.

As part of their drive to let developers know about Azure, Microsoft have been reaching out to development communities that would traditionally be non-Microsoft centric - in particular PHP and Ruby. [...] So, this month Microsoft are bringing Josh Holmes to Dublin to talk directly to Irish developers about building and deploying web apps on the Azure platform.

It's a free event and all who are interested are welcome to come. It'll start February 21st at 7:30pm (19:30) at the Radisson Hotel on Golden Lane. There's no charge for the event, but you still need to register to reserve a spot - there's only so much room, after all.

On the Xebee blog there's a recent post looking at test-driven development with the Zend Framework and PHPUnit. They show how they work well together and make it simpler to use TTD to create and test your applications.

Over the past few days I was going through the Zend Framework reference docs and I found myself pleasantly surprised with all that the latest version of this web application framework provides. [...] Out of the many new features, what stood out for me was the ease with which Zend Framework and PHPUnit complement and work with each other.

He talks about some of the features of PHPUnit (including dependencies, testing for exceptions and errors) and how it fits into a good deployment strategy. He shows how you can use the Zend_Test component of the framework, along with the Zend_Test_PHPUnit features, to make a sample test case. There's also an example of using the Zend_Test_PHPUnit_Db component to test database information and your backend data stores to compare them to a formatted XML document.

Vinu Thomas has pointed out two upcoming webinars from Zend that he thought sounded interesting - one talking about development best practices and the other on troubleshooting PHP applications.

From Zend on the development best/worst practices:

Have you ever wondered how you could advance your PHP development? Have you considered using an Integrated Development Environment (IDE), an Issue Tracker or a Version Control tool, but were concerned about how complex it might be? Taking PHP development to the next level may be easier than you think.

From Zend on the troubleshooting techniques:

Understanding what's causing your PHP application to be slow or just break is often time-consuming, and almost always frustrating. Join this information-packed webinar, delivered by a senior Zend PHP consultant, to learn what techniques PHP professionals use for pinpointing PHP issues in development, testing and production

There are others happening this month as well including one on internationalization with the Zend Framework and a look at the Zend Server for IBM i.

In a new post to his blog today Derick Rethans talks about his move to what he calls his "PHP Development Environment 2.0" - an upgrade to some of his sites and servers prompted by an update of the Xdebug website.

I'd heard a lot about lighttpd and decided to give that a try - yes, that meant something that I didn't really know to well was going to run in a production environment. Unlike Apache, with lighttpd PHP doesn't run as a module, but instead you run it out of process with something called FastCGI.

He talks about his transition to this new web server and how he wanted to replace his current setup of having to use multiple static modules for PHP and having to recompile each time he wanted to use one of them. A few scripts later and a few modifications to the lighttpd configuration file later and he had a working installation with multiple versions of PHP running on multiple ports.

In this recent post to his blog Vinu Thomas touches on a few wrong ideas floating around about web application security (some specific to PHP) and tries to correct them.

When I talk to developers about security in web development, I usually get the answer that the security is taken care by the systems team by securing the server and by using the https protocol. In reality that is just the tip of the iceberg on security. There's much more you should do as a developer to incorporate security into your applications.

He points out that https doesn't secure your website, it only secures the communication between the client and server. You're still open to all of the usual attacks. Input validation can go a long way to helping to prevent this. He also mentions two insecure practices he's seen over and over - using file names in the URL parameters and using remote includes in an application (giving the remote site a direct line into your application's backend).

Brandon Savage has written up some thoughts on what can be a somewhat painful part of software development - creating the specification and schedule for the development of the application.

In the time that I have developed software, I don't know that I've ever met a developer who got excited about writing specs for anything. In fact, most developers loathe writing specs, or developing schedules of any kind. [...] Businesses need schedules to know when products will be finished and schedule things like trade shows, product launches, and write contracts with clients who need or want a particular product.

He has a few recommendations for things that could make the process a little easier including the fact that specs should not be considered documentation, that the developers should be the ones creating them and that scheduling out the development time line isn't all about the actual development.