News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

BeMyCTO.com:
Why Doctrine ORM is not suited for PHP
May 20, 2015 @ 12:09:42

The ByMyCTO.com blog has a recent post that makes the suggestion that the Doctrine ORM isn't suited for PHP...or to put it another way why they think it's not a good option for database integration.

I know, this title sounds like a troll. But it's not, it's a fact. I'm not saying Doctrine is a bad technology or shouldn't be used. I'm just saying it's not suited for PHP and this can lead to critical problems if misused.

He covers a few different topics including:

  • Differences between Java and PHP (and the fact that Doctrine's inspiration was Hibernate)
  • The "session problem" (entity serialization)
  • Identity Map, useless in a stateless environment
  • UnitOfWork, far too complex
  • EntityManager, too magical

Despite all of these points, he does remind the reader that Doctrine isn't useless or inherently bad, it's just that he sees it as reinforcing bad behaviors and suggests using something else.

0 comments voice your opinion now!
doctrine orm avoid critical problem opinion

Link: http://blog.bemycto.com/software-architecture/2015-05-17/doctrine-orm-not-suited-php/

Peter Petermann:
A few thoughts about composer and how people use it
May 18, 2015 @ 10:17:43

In the latest post to Peter Petermann's site he shares a few thoughts about Composer and how people use it in the more modern PHP ecosystem.

Composer has changed the PHP ecosystem like now other tool introduced - almost everyone is using it today. Now, I have written about Composer before, and have always been a big proponent of using it. However, as i have spend some time with looking more closely on a few things, there is a few problems (some with Composer, some with how people (ab)use Composer) that I would like to write about.

He's broken the list up into six different point, each with a bit of explanation:

  • Composer gets slow and resource hungry
  • People are using composer as an installer
  • People use their own paths
  • People don't adhere semver
  • People don't tag their releases / don't release
  • People release packages with dependencies to unstable versions

He ends the post by looking at each of these points and offering a brief one-liner way to help solve the issue (or at least minimize the problem).

0 comments voice your opinion now!
composer opinion problem usage ecosystem package

Link: https://devedge.wordpress.com/2015/05/16/a-few-thoughts-about-composer-and-how-people-use-it/

/Dev/Hell Podcast:
Episode 58 I Have a Mouth Problem
April 06, 2015 @ 12:35:29

The /Dev/Hell podcast has posted their latest episode today: Episode 58: I Have a Mouth Problem with hosts and PHP community members Chris Hartjes and Ed Finkler.

So we kinda forgot we recorded this until a month after the fact. Whoops! This ep is all about side projects, kicking off with Chris and Ed talking about CBTTool, Ed's electronic worksheet for folks with anxiety disorders. Then we discuss Chris' new book The Grumpy Little Book of Hack, and Ed's experience technical editing Modern PHP by Josh Lockhart. Then we get into a boring discussion about marketing. Plus we have STICKERS!

You can listen to this latest episode either through the in-page audio player or by downloading the mp3. If you enjoy the episode, you can catch previous episodes in their archives or subscribe to their feed for the latest shows as they're released.

0 comments voice your opinion now!
devhell podcast ep38 mouth problem chrishartjes edfinkler

Link: http://devhell.info/post/2015-04-04/i-have-a-mouth-problem/

Anthony Ferrara:
A Point On MVC And Architecture
December 02, 2014 @ 12:10:24

Anthony Ferrara has posted another in his series looking at MVC as a design pattern and as an idea for building web applications. In this latest post he goes on to make a point about MVC, how it relates to architecture and CRUD.

Last week I post a post called Alternatives To MVC. In it, I described some alternatives to MVC and why they all suck as application architectures (or more specifically, are not application architectures). I left a pretty big teaser at the end towards a next post. Well, I'm still working on it. It's a lot bigger job than I realized. But I did want to make a comment on a comment that was left on the last post.

He responds to the comment (essentially that CRUD is a solved problem) and where the need for customizations is needed. He suggests what the real problem is, though: the three classes of developers - CMS users, custom developers and users of both.

0 comments voice your opinion now!
mvc architecture opinion problem crud comment response

Link: http://blog.ircmaxell.com/2014/12/a-point-on-mvc-and-architecture.html

Anthony Ferrara:
A Followup To An Open Letter To PHP-FIG
October 17, 2014 @ 11:51:35

Based on some of the responses to his previous open letter to the PHP-FIG (Framework Interoperability Group), Anthony Ferrara has posted a follow-up explaining some of his points made and the caching proposal in a bit more detail.

A few days ago, I wrote An Open Letter to PHP-FIG. Largely the feedback on it was positive, but not all. So I feel like I do have a few more things to say. What follows is a collection of followups to specific points of contention raised about my post. I'm going to ignore the politics and any non-technical discussion here.

He points out that while the previous post wasn't completely about the cache proposal (it was used as a "literary device") there was some confusion on it. He walks through the "unnecessary complexity" he sees with it, citing code examples, and makes points about performance, memory usage handling stampede protection and the creation of standard ways to avoid it. He ends the post with a look at group invalidation handling and two ways it could be accomplished, either via namespacing or through tagging the items and using that as a reference point for the invalidation.

0 comments voice your opinion now!
open letter phpfig cache proposal detail opinion problem

Link: http://blog.ircmaxell.com/2014/10/a-followup-to-open-letter-to-php-fig.html

SitePoint PHP Blog:
MVC - a Problem or a Solution?
July 28, 2014 @ 11:42:36

The SitePoint PHP blog has a new post by Jeroen Meeus that wonders if MVC is a solution or a problem when it comes to developing web applications.

Repositories, Adapters, MVC with all it cousins, SOLID, RTFM… As a (PHP) developer, those words are thrown at you from every corner of the web. And I hate it, I've had enough. Stop telling me what to do and show me those kittens instead. [...] When solving the web-application problem, we are forced to use MVC. The dev community often frowns upon those who don't use it, but seldom lets those they're frowning upon ask why. [...] MVC doesn't solve the Code complexity problem. It doesn't solve the code reuse or no-flexibility problem either. And it doesn't guarantee decoupled code.

He goes on to talk about how design patterns don't "solve problems". Rather they help us as developers by providing a best practice we can follow to get the job done. He suggests, though, that MVC has become "the new Singleton" but it has been used so much in so many different ways, it's boarding on the point of being abused.

Depending on the situation, and the problem at hand, different patterns can help you write robust, secure and understandable code. Just be careful using them - if you catch yourself using the MVC pattern for a 1-pager, ctrl+a del.
0 comments voice your opinion now!
mvc designpattern problem solution abuse

Link: http://www.sitepoint.com/mvc-problem-solution/

Docnet.nu:
SSL And PHP Streams - Part 1 You Are Doing It Wrong™
June 26, 2014 @ 09:54:40

On the Docnet.nu blog today they've kicked off a series looking at the use of streams and SSL in PHP and asking if you're doing it wrong in your current applications. The focus is more on the security aspect, breaking it down into a set of common problems (and how to work around them).

The upcoming PHP 5.6 release brings with it a number of improvements to encrypted PHP streams, both internally and externally. In these articles I will try to cover the most important changes, and how they affect your code. This article will focus on how to get the best security level in code that needs to be run on PHP versions below 5.6, and highlighting some of the gaps in the currently available functionality. Version 5.4.13 is the earliest version that supports all the options described below - and if you are running something earlier than this, then you really should consider upgrading to at least the latest version of the 5.4 series 1.

Their list is made up of six different problems:

  • Problem 1: Peer Verification
  • Problem 2: Cipher Lists
  • Problem 3: Protocol Support
  • Problem 4: TLS Compression Attack Vulnerability
  • Problem 5: Cipher Order
  • Problem 6: TLS Renegotiation Attacks

Each problem comes with a brief description of what it is and why it's an issues. Some also include code snippets showing how to correct the issue, usually relatively simply.

0 comments voice your opinion now!
streams problem list solution https tutorial

Link: http://www.docnet.nu/tech-portal/2014/06/26/ssl-and-php-streams-part-1-you-are-doing-it-wrongtm/C0

Nikita Popov:
The case against the ifsetor function
January 13, 2014 @ 09:22:52

In his latest post Nikita Popov aims to make a case against the introduction of the "ifsetor" function to be introduced into the PHP language. This function takes in a variable to find and, if found returns it. If not, it doesn't produce an error (or warning).

Recently igorw wrote a blog post on how to traverse nested array structures with potentially non-existing keys without throwing notices. The current "idiomatic" way to do something like this, is to use isset() together with a ternary operator. [...] Someone on /r/PHP pointed out that there is an alternative approach to this problem, namely the use of an ifsetor function.

He goes on to talk about by-reference argument passing, why requesting an undefined array index doesn't really throw an error and how writes don't have the same issues as reads. He then gets into his own issues around the "ifsetor" function, namely:

  • Creation of dummy values
  • No notices for nested indices
  • Null values treated as non-existing
  • Default is always evaluated
  • By-reference passing often forces a copy

He summarizes most of the issues in one statement - "there is way too much by-ref magic involved". He then looks at some of the ways that this could be helped but opts instead for something more like "get_in" as proposed by Igor.

0 comments voice your opinion now!
ifsetor getin array read write problem byreference

Link: http://nikic.github.io/2014/01/10/The-case-against-the-ifsetor-function.html

Anthony Ferrara:
Beyond Design Patterns
September 19, 2013 @ 10:43:11

Anthony Ferrara has written up a new post that looks beyond design patterns. He suggests that more emphasis should be put on learning proper methods for abstraction and communication between objects and structures.

Many people teach design patterns as a fundamental step to Object Oriented Programming. They are so universally seen as important that almost every single conference that I have been to has had at least one talk about them. They are quite often used as interview questions to test a candidate's OOP knowledge. However, just like inheritance, they are not needed for OOP. And just like inheritance, they are a distraction rather than a foundation. Instead of focusing on patterns, I suggest focusing on learning about abstraction and communication.

He briefly covers the three types of patterns most people are introduced to - creational, structural and behavioral - and his suggestions of other patterns that answer more of the "what the problem is" question:

  • Shim patterns (Flyweight, Iterator, etc)
  • Compositional patterns (Adapter, Builder, Facade, etc)
  • Decompositional patterns (Bridge, Command, Mediator, etc)

He spends some time later in the post looking a bit more closely at four specific patterns, Adapter, Bridge, Facade and Proxy. He points out that they (essentially) do the same kind of thing and boils it down to a more refined set of implementation patterns and the problems they help solve.

0 comments voice your opinion now!
designpattern communication abstraction implementation problem

Link: http://blog.ircmaxell.com/2013/09/beyond-design-patterns.html

Sherif Ramadan:
Password Hashing And Why People Do It Wrong
June 03, 2013 @ 12:18:26

In a recent post to his site Sherif Ramadan looks at the topic of password hashing and why most developers are (still) doing it wrong. He notes that "fixing the people" and their mindset about hashing/salting is much harder than just fixing the code.

Beyond just writing code I also have to solve some very tough problems on a regular basis. Some of which don't stem from code at all, but from the people behind the code. Fixing code is easy for me (computers just do what I tell them to do), but fixing people proves to be a lot more challenging. Unfortunately some people are of the mindset that they aren't wrong simply because they've never been proven wrong before. To some people being proven wrong goes beyond just words. Some of us are a lot more stubborn than others and so explaining something may not be enough. This is called the wisdom of humility.

He points out that even those that immediately think "rainbow tables" when they think about md5 hashing are behind the times. Most processing methods, including the use of a GPU, can be used much more effectively and don't require the overhead of the large tables. He illustrates with a "random" md5 generator that outputs around 916 million variations. With a GPU running 4k million per second, this kind of cracking won't take long. He also talks about salts and how they can help the situation - but not just append it, hash with it.

It's usually the result of several underlying factors that people end up making poor choices about security. Some times it's due to incompetence. Other time it's due to politics. Whatever the reasons are they are never excusable, because there are better alternatives out there and it's not as though they are more difficult or less available than others. So there really are no good reasons [not to do it] here.
0 comments voice your opinion now!
pasword hashing gpu md5 sha1 bruteforce people problem

Link: https://sheriframadan.com/2013/05/password-hashing


Community Events

Don't see your event here?
Let us know!


laravel podcast example release conference symfony2 introduction php7 community application opinion configure framework series api interview voicesoftheelephpant language performance library

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework