Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

php[architect]:
June 2015 Issue Released - APIs (and it's free!)
Jun 02, 2015 @ 13:48:38

php[architect] has a new post about the release of their latest issue (June 2015) - "APIs" - and how it's been made free for download.

That's right-thanks to Nexmo, June's issue on APIs is free of charge for the month! [...] The promise of Application Programming Interfaces (APIs) is really bearing fruit in today's Web. Of course, we are not talking about internal APIs but of HTTP-based ones that allow us to interact with external systems-whether its saving or searching images in Flickr, getting weather conditions, or transcoding video. For many tasks, if you sign up to use the right APIs, you can build a fully functional application by writing PHP scripts which coordinate the workflow and communications between APIs.

This issue includes articles like:

  • "SPOIL Your Users with Great Helper Libraries" (Keith Casey)
  • "High-Performance PHP APIs" (Simone Di Maulo)
  • "Putting the Pieces Together: Building APIs with Aura (and Other) Libraries" (Ian Littman)
  • "The API Toolbox" (Tim Lytle)

If you've ever been interested to see what php[architect] is all about or want to find out more about making and working with great APIs, be sure to grab your free copy today!

tagged: phparchitect magazine june2015 issue release api free nexmo

Link: http://www.phparch.com/2015/06/june-issue-on-apis-free-download/

Blackfire.io Blog:
How Blackfire leverages Docker
May 01, 2015 @ 10:08:34

The Blackfire.io PHP debugging service (from SensioLabs) has a new post to thier blog today talking about how the service makes use of Docker to build the environments for testing out their users' code.

As you may know, Blackfire was represented at the SymfonyLive conference in Paris. During this event, several people came to us and asked how we use Docker at Blackfire.io. One of our goals is to make profiling straightforward for anyone, and it means that we need to be able to easily test our product on a lot of different platforms. And Docker gives us the ability to spin up new containers in milliseconds.

Moreover, our website relies a lot on different tools, so containers can also help us reach an iso-production development environment. But Docker is only available on Linux and a big part of the Blackfire's team is using MacOS X. So how one using MacOS X can use the best of both worlds?

The post goes on to talk about their use of the boot2docker tool and how they can use it to help with the environment customization most developers want out of their testing. They show how it updates the network settings, works with file sharing, allows for multiple domain names/containers and solutions to some other common issues including no container access, no name resolution and a "bonus" section with a Skydock plugin for custom DNS naming.

tagged: blackfireio docker example common issue boot2docker

Link: http://blog.blackfire.io/how-we-use-docker.html

php[architect]:
April 2015 Issue Released - Front-End Polish
Apr 14, 2015 @ 11:05:47

php[architect] magazine has officially released their April 2015 edition - "Front-End Polish".

It’s safe to say that a majority of PHP programmers prefer working on “back end” code. Many interesting problems live in that domain. But we can’t forget that the front end—usually HTML, CSS, and JavaScript—is where users will interact with our applications. The joy or frustration they experience trying to get a task done affects their perception of how good (or poor) your solution is for a long time. Even if you don’t want to be a front end designer or developer, you must be familiar with User Experience and the technologies used in the user interface (UI) to understand how people will use it, to help reduce sources of frustration, and to prevent errors.

Articles in this month's issue include:

  • Object Oriented JavaScript (Part the Second)
  • The Browser Capabilities Project in 2014
  • UX Without the Process
  • PHP Conference Newbies 101

Head over to the php[architect] website to pick up a (print or digital) copy of your own!

tagged: phparchitect magazine april2015 frontend issue release

Link: http://www.phparch.com/magazine/2015-2/april/

php[architect]:
March 2015 Issue Released - DB Migration
Mar 16, 2015 @ 12:50:49

php[architect] magazine has released their March 2015 edition of their magazine - DB Migration:

Because databases store the data our applications, they need proper care and feeding too. In “DB Migrations”, David Berube shares what he’s learned to properly design your databases, Harrie Verveer looks at “Database Versioning with Liquibase”, and Patrick Schwisow shows you how to consolidate Doctrine Migrations that have gotten unwieldly.

Other topics included in this month's edition include a "deep dive" into PHP extensions, object oriented Javascript, bitwise math and much more. You can pick up your own copy - either virtual (PDF) or in print - from the php[architect] website.

tagged: paprchitect magazine march2015 issue release db migration

Link: http://www.phparch.com/magazine/2015-2/march/

Anthony Ferrara:
Security Issue: Combining Bcrypt With Other Hash Functions
Mar 13, 2015 @ 09:32:02

Anthony Ferrara has a new post today looking at a potential security issue in PHP applications when using bcrypt with encryption and other hashing functions. His findings have to do with some research he did on long passwords and denial of service attacks they might lead to.

The other day, I was directed at an interesting question on StackOverflow asking if password_verify() was safe against DoS attacks using extremely long passwords. Many hashing algorithms depend on the amount of data fed into them, which affects their runtime. This can lead to a DoS attack where an attacker can provide an exceedingly long password and tie up computer resources. It's a really good question to ask of Bcrypt (and password_hash). As you may know, Bcrypt is limited to 72 character passwords. So on the surface it looks like it shouldn't be vulnerable. But I chose to dig in further to be sure. What I found surprised me.

To find out exactly how things are processed he gets down into the C code behind the PHP functionality in the crypt function. He discovers something interesting about the way it determines the length of the input password. It loops over the key, taking one byte at a time but resetting when it comes across a null byte. While this method is safe in itself, he points out the real issue - using pre-hashing before the bcrypt password checking to, possibly, allow for longer passwords.

The problem is that this method could lead to those null bytes and cause issues with the password checking, especially if opting for the use of raw data. He includes a simple script to illustrate this problem, finding a few collisions for his made up key and "random looking" password. Thankfully, he includes a method for checking to ensure the hash doesn't contain a null byte. He points out that not all hashing combinations are at risk and suggests a few alternatives that can keep your application 100% safe.

The underlying problem is that combining cryptographic operators that weren't designed to be combined can be disastrous. Is it possible to do so safely? Yes. Is it a good idea to do it? No. This particular case is just one example where combining operations can be exceedingly dangerous.
tagged: bcrypt hash function combination issue crypt null byte

Link: http://blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html

Brian Moon:
Using socket_connect with a timeout
Mar 12, 2015 @ 09:38:00

In a new post to his site Brian Moon has shared a problem he had with sockets and timeouts and having them perform the same way every time. He walks through the symptoms he was seeing and provides his own solution in the end.

So, it seems that when you try and connect to an IP that is routable on the network, but not answering, the TCP stack has some built in timeouts that are not obvious. This differs from trying to connect to an IP address that is up, but not listening on a given port. [...] After a lot of messing around, a coworker pointed out that in production, the failures were happening for an IP that was routable on the network, but that had no host listening on the IP.

After some testing, Brian figured out that his problem was using localhost for testing and not an actual non-host server. He made the switch and figured out how to set the timeouts low and work with error state checking to make things more stable. He explains a bit more about how the code in his solution works. You can find his solution in this gist on GitHub.

tagged: socket connect timeout issue stable consistent failure localhost

Link: http://brian.moonspot.net/socket-connect-timeout

php[architect]:
February 2015 php[architect] Magazine Launched - "Other Shores"
Feb 19, 2015 @ 13:19:23

The February edition of the php[architect] magazine has been released with the theme "Other Shores".

This month’s theme, “Other Shores”, explores other languages you may want to try. Tobias Nyholm introduces us to Hack, Julien Pauli talks about PHP Extensions, and Ricky Robinett talks “Swift for PHP Developers”.

Other articles in this issue include:

  • "MFA with Authy" by Dirk Merkel
  • “Access Any File - Anywhere - With the PHP League’s Flysystem” from Matthew Setter
  • "Teaching and Mentoring" in the "Leveling Up" column (David Stockton)

You can pick up a copy of this month's edition directly from the php[architect] website.

tagged: phparchitect feb2015 issue release othershores magazine

Link: http://www.phparch.com/2015/02/february-2015-phparchitect-magazine-launched/

php[architect]:
January 2015 Issue Released - Be the Boss
Jan 27, 2015 @ 13:18:45

php[architect] magazine has just released their January 2015 issue - "Be The Boss". This issue includes articles talking about freelancing, the importance of communication in open source and the usual columns.

This month is a personal favorite of mine, as the theme is “Be the Boss”. It speaks to those who wish stop working as an employee and strike out on there own, something I’ve done twice in my life. In Get Off the Freelance Roller Coaster!, Yitzchok Willroth (@coderabbi) talks on the importance of not placing all of your eggs in one basket (or projects with one vendor). In Choose Your Own Adventure—Freelancer or Founder?, Joshua Warren talks about the two avenues that are open to those going it on their own, freelancer or business founder.

Articles in this month's edition include:

  • Get Off the Freelance Roller Coaster! (Yitzchok Willroth)
  • Choose Your Own Adventure - Freelancer or Founder? (Joshua Warren)
  • PHP and OS Communication (Julien Pauli)
  • An Introduction to NodeJS

The usual columns (Laravel Tips and Education Station) return once again as well as a a new one from David Stockton called "Leveling Up" to help you become a better developer. You can pick up your own copy from the php[architect] website.

tagged: phparchitect magazine jan2015 issue release boss freelance

Link: http://www.phparch.com/magazine/2015-2/january/

Anthony Ferrara:
PHP Install Statistics
Dec 31, 2014 @ 09:29:43

Anthony Ferrara has a new post to his site sharing the results of some PHP version statistics he's gathered and how it relates back to the security of applications.

After yesterday's post, I decided to do some math to see how many PHP installs had at least 1 known security vulnerability. So I went to grab statistics from W3Techs, and correlated that with known Linux Distribution supported numbers. I then whipped up a spreadsheet and got some interesting numbers out of it. So interesting, that I need to share...

He starts with the versions that currently have no known security issues and matches those up with the linux releases that currently include them. He then looks at the adoption rates for more recent versions and maps those against the security status as well...with some "grim results". He summarizes the totals of all of the version results and comes up with an interesting statistic: over 78 percent of PHP installations (and thus applications) are vulnerable to some kind of security vulnerabilities just because of what they're hosted on.

tagged: install statistics security vulnerability issue percent

Link: http://blog.ircmaxell.com/2014/12/php-install-statistics.html

php[architect]:
December 2014 Issue Released - Taming Content
Dec 17, 2014 @ 11:55:27

php[architect] has posted the official release announcement for the latest edition of their magazine, the December 2014 edition: Taming Content.

The PHP habitat is well stocked with content management systems. Everything from mature projects like Drupal, WordPress, Joomla!, to in-house custom systems (come on, who hasn’t taken a stab at this at least once?). Even if you primarily work with backend applications, it’s good to know the options available for helping clients and coworkers manage and update site content on their own.

This issue includes articles like:

  • Advanced Sites Deserve Advanced Custom Fields (Steve Grunwell)
  • Drupalese 101 (Annika Garbers)
  • ProcessWire: Flexibility, Power, and a Generous Dose of Pure Fun (Teppo Koivula)
  • PHP Tips and Tricks (Julien Pauli)

All of your favorite columns are there too including Laravel tips, the Community Corner and the Education Station. You can check out more information about these and other articles in the page for the issue or just pick up a copy of your own (available in both print and digital formats).

tagged: phparchitect magazine dec2014 issue release taming content

Link: http://www.phparch.com/magazine/2014-2/december/