In a new post to the PHP.cc site today Arne Blankerts reminds us that not all security is about writing good code and handing data correctly - it's also about the systems they run on.

What seems to be so obvious for road traffic and its rules seems to be less obvious for many web developers. They tend to slack on defining (and monitoring) what is happening at the application level as well as the infrastructure level of their application. It is not enough to run a default install of your operating system of choice, add whatever services you need, and hope for the best. Considering the amount of money as well as damage to reputation, either directly due to fraud and abuse or indirectly by time lost to recover a hacked system or software, the "let's hope for the best" approach is of arguable quality. And we are not even considering general bugs here.

He mentions configuring the server, OS and network to ensure a higher level of security, noting that no matter how much work is put into secure code, if the attacker can get to points on the system they shouldn't, your app is still vulnerable.

But how can you tell if someone is actually trying to break in? Pretty much exactly as the police does for road traffic: with speed checks and by patrolling. A properly configured firewall will show as well as inhibit any unauthorized communication within the network and all you need to do is monitor the vital signs of your infrastructure.

New on his blog Phil Sturgeon has a post about the social integration package PHP has been dying for - NinjAuth. It has hooks for OAuth and OAuth2 connections and makes it simple to use them completely abstracted.

In the past I have never needed to implement oAuth into a PHP project. I have done it in Rails and boy it was easy thanks to OmniAuth. OmniAuth abstracts away so much of the grunt work that it takes about 5 minutes to add a new social network to your site, and 4 of those minutes are spent signing up for the API keys. What options do we have in the world of PHP? A bunch of screwy hacks or provider specific classes like TwitterOAuth. I don't want to hunt down 20 libraries with different methods, I want to get a key, bang it in and go to the pub. Well, now I can!

The fuel-oauth and fuel-oauth2 packages to drive its backend. He includes a code snippet showing how to configure the providers (complete with keys needed for auth) including Facebook, Flickr, GitHub, YouTube and - of course - Twitter. You can grab the latest version of this library from Phil's github account.

On PHPBuilder.com there's a new tutorial showing you some of the PHP functions that you can use to interact with the network surrounding (and even vaguely related to) your application.

PHP has a great many tools for interacting with a network and also with the Internet. In this article, I examine some of those tools and functions to show how exactly you can use them to make your scripts more useful in a network environment. Click here to download the accompanying source code.

They show how to use fopen to access remote sites, gethostbyname and gethostbyaddr for DNS resolution, getprotobynumber to check the port number for a TCP/IP type and quite a few more. This also includes a brief look at the PEAR Net_Whois package. You can download the examples if you'd like to just jump into the code.

New on the PHPClasses.org blog there's an article on neural networks written up by Louis Stowasser looking specifically at creating a neural mesh with PHP.

Neural networks are a relatively new technology that aims to reverse engineer the functionality of the brain within a mathematics model. This may sound daunting and complex but the underlying concepts are very simple and Neural Mesh does the hard work for you. In a Web environment NNs (neural networks) are considered too slow and complex to warrant effort on what might even be a trivial task. To solve this, Neural Mesh has been heavily optimized. It uses caching to speed up running and training of networks.

He explains what a neural network is on a base level and talks about it's ability to learn from the training its given (supervised or unsupervised). He also talks about how the networks can be useful and how to use the framework (found here) to create a simple network.

New from NETTUTS.com is this tutorial looking at the construction of a social network with the help of Joomla.

Social network implementation has become a necessity for successful websites. Joomla!, the popular Open-Source CMS, has some great and affordable ways to bring your site to the social networking level. Let's review how.

He defines some of the strategy of the site to start - who will use it, how will they use it, how much control should they have, etc. He also lists several extensions that can be dropped into place to add in some of the more popular social networking functions like EventList, MyBlog and JomComments. The implementation of a few of these is shown (with a few screenshots) and examples of sites using Joomla for social networking are thrown in at the end.

Chris Jones has announced that the latest build of the OCI8 drivers for PHP (the RPM of them) has been posted to their "Unbreakable Linux Network" site.

A "php-oci8-11gR1" RPM is now available on the "Unbreakable Linux Network" (http://linux.oracle.com/) in the Oracle channel. If you have the appropriate ULN subscription, you can use 'up2date' or 'yum' to install it and its dependencies (e.g. the Oracle Instant Client 11g RPM).

This new package includes drivers for 9iR2, 10g and 11g Oracle databases and uses connection pooling if it is available.

In a new tutorial from DevShed today, they take a look at some of the "networking" functions that PHP has to offer - basically anything that can make a network connection.

PHP has a great many tools for interacting with a network and also with the Internet. In this article we will look at some of those tools and functions to see how we can use them to make our scripts more useful in a network environment.

They look at the fopen, gethostbyname, gethostbynamel, getservbyport and the Net_Whois PEAR package (among others).

The Developer Tutorials blog has a new post full of links to some great add-ons for the popular WordPress blogging software to help make your site into more of a community.

Wordpress is a CMS that was built for blogging but many people have repurposed it for magazines, newspapers, blog networks and all sorts of other goodies! But did you know you can hack your Wordpress blog to be a no-cost solution for a social network? Well you can, and here's fifteen plug-ins that will let you do it.

Some of the packages they link to include Ajaxd WordPress, Profiles, Quick SMS, Invite Friends and SezWho.

As posted on Ben Ramsey's blog (and released out through the PHP community) - a press release about PHP Groups:

PHP Groups, a worldwide network for PHP user groups, launched today with the intent to foster an open community for PHP user groups to share and exchange ideas and information. Membership is open to anyone working with a PHP user group or interested in starting one.

At present, PHP Groups provides a mailing list where user group leaders and those interested may subscribe and take part in a dialog with other user groups. "I hope that part of our accomplishments will involve uniting and bringing together for an open dialog all of the PHP user groups across the world," said Ramsey. "I hope this mailing list can get that conversation going."

If you're interested in the project and want to get involved, check out their mailing list and website to get complete details.

There's a tutorial over on mpwebwizard.com that's been updated and talks about using a mirror to handle hits from a popular website (like digg or slashdot).

caching services such as coral content distribution network provide an alternative for when your site goes down, but why wait until it gets to that stage? why not just send all your hits from high-end websites to the coral cache version? well, there isn't a good reason not to, so i'll show you how to do it automatically.

He provides the simple script that looks for certain sites in the "HTTP_REFERER" value of incoming calls and pushes them off to the cached location with a header() redirect. The whole thing is only 12 lines, not counting the $sites array.