Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Aidan Woods:
Secure Headers for PHP
Jan 09, 2017 @ 13:14:11

In a recent post to his site Aidan Woods shares information (and code) related to the use of secure headers in PHP applications. He's even created a package to help make it easier to drop them into a new or existing project without too much trouble.

Recently I've been working on a drop in class to manage certain "Secure Headers" in PHP. By "Secure Headers", I'm of course talking about those mentioned in the OWASP Secure Headers Project. The project, SecureHeaders is available on GitHub.

He starts by covering why he created the library and what it can help you with including making things like a CSP policy easier to maintain. The article goes on to talk about the Content-Security-Policy header is and what kind of prevention it applies. He also shares how the package displays errors, modifies cookies to secure them (HTTPOnly and Secure flags) as well as provide a "safe mode" that "place an upper limit on things like HSTS and HPKP, and remove flags like includeSubDomains or preload until the header is manually added as a safe mode exception, or safe mode is disabled."

tagged: header security package project csp https cookies

Link: https://www.aidanwoods.com/blog/secure-headers-for-php

Free the Geek Podcast:
Episode 21 - Talking With Dan Allen Asciidoc Project Lead
Jan 05, 2017 @ 09:20:25

The Free the Geek podcast, hosted by PHP community member Matthew Setter, has posted their latest episode today - Episode #21: Talking With Dan Allen Asciidoc Project Lead.

In this episode I sit down with Asciidoc project Lead, and all round good fella - Dan Allen. If you love technical writing, technical documentation, and documenting your code, then this is an episode you’re not going to want to miss.

Dan share’s so much valuable insight into why Asciidoc is the premiere format for writing, regardless of the type of work you do, how the format came to life, some of the tooling available, plus so much more.

If you’re just getting in to technical writing, love documenting your code, but want to spend less time doing it, or just want to find a toolchain that demands less of you, but gives you so much more, then grab your favourite beverage, put your feet up, and tune in!

You can listen to this latest episode either using the in-page audio player or by downloading the mp3 directly. If you enjoy the interview, be sure to subscribe to their feed and follow them on Twitter for updates when new shows are released.

tagged: freethegeek podcast ep21 danallen asciidoc project lead interview

Link: http://freethegeek.fm/episode/episode-0021

Robert Basic:
Things I learned in the past four years
Jan 02, 2017 @ 11:14:41

In this new post to his site Robert Basic has shared some interesting (personal) insights about what he's learned over the last four years as a developer on a project.

Since yesterday was my last day on a project after four years and two months, I decided to take a look back on those four years and write down some of the things I learned.

Things I learned about being a better listener, a better communicator, a better team mate, a better programmer.

He shares his own personal experience around six different points, all good things to keep in mind for any developer out there:

  • Leave your ego at the door
  • Don’t play the blame game
  • Take responsibility
  • It’s OK to say I don’t know
  • Knowing the business domain is important
  • Ask why?

He ends the post by looking forward to the future and what the next challenge will bring for he and his team.

tagged: learning developer project insight lookback

Link: https://robertbasic.com/blog/things-i-learned-in-the-past-four-years/

Mattias Noback:
Project documentation with Sculpin
Dec 12, 2016 @ 09:43:43

Matthias Noback has a recent post to his site sharing some advice and examples of how to use Sculpin for your project's documentation to make it a quick and pretty painless process.

One of the key ideas is to generate documentation instead of writing it. This should help prevent duplication and outdated information that is not trust-worthy and would therefore be neglected. I'm currently looking for ways to technically accomplish such a thing with PHP projects. This should result in reusable tools which will make it easier and more fun to document future projects while writing the code.

[...] I wanted to use Sculpin to document another project, the main project. So I started figuring out how to run Sculpin and generate a static subsite (not a blog) based on files in a subdirectory of another project. It wasn't all that hard, but I'll share the steps here anyway.

He walks you through the creation of a new Sculpin-based site and how to test and ensure it's all working correctly with simple content, a layout and configuration. He finishes out the post mentioning the themes available for Scuplin applications and links to the Bootstrap 3 theme as an example.

tagged: project documentation sculpin static generator tutorial introduction

Link: http://php-and-symfony.matthiasnoback.nl/2016/12/project-documentation-with-sculpin/

Master Zend Framework:
How To Automate Projects Using Composer Scripts
Dec 06, 2016 @ 12:08:01

The Master Zend Framework site has posted a new tutorial showing you how to automate your projects with Composer, making use of the "scripts" section to add commands that can be automatically executed via a "composer" command line call.

Here, in the second part of the series, we’ll look at the scripts section of composer.json. If you’ve never heard of this section, it provides a way to automate tasks in your project.

Perhaps you think that this is unnecessary, as there is already such a wealth of tools available; including Make, Ant, Phing, and so on. But I see a place for having automation in Composer — though at first I didn’t.

Why? Because you can bring everything that much closer together. Because you can keep everything in a very tidy, organized, and well-structured way.

He starts with a brief overview of how the "scripts" section of the composer.json configuration works. He also shows examples of setting up scripts for code sniffing, running tests and generating test coverage reports. He also shows how to run these commands via the Composer command line and an the use of event handlers (like "post-install-cmd") to execute things at a certain point in the install/update process. He finishes off the post with an example from Zend Expressive calling an "Automation" to clear out the contents of the caches.

tagged: automate composer project scripts configuration tutorial event

Link: http://www.masterzendframework.com/series/tooling/composer/automation-scripts/

Ben Ramsey:
Building PHP Projects on AWS CodeBuild
Dec 05, 2016 @ 10:54:48

Ben Ramsey has a post to his site sharing the process he's worked up to deploy PHP applications on AWS Codebuild, a new service from Amazon Web Services that fills the niche for an easy to spin up and use build server.

The main highlight of re:Invent is always the keynotes and the new services and features announcements they make during the keynotes. One of the new services caught my attention, and I decided to give it a try. That service is AWS CodeBuild.

CodeBuild is designed to be used as part of the AWS CodePipeline, but it may also be used by itself. [...] Out of the box, CodeBuild provides some managed images that you may use to build your projects. These include environments for Android, Java, Python, Ruby, Golang, and Node.js. PHP is missing from this list, but since you’re able to use other images, I decided to see how easy it is to get up and running on CodeBuild with a PHP project. I chose to try out my ramsey/uuid library for a simple test.

He walks you through the creation of a new CodeBuild instance (complete with screenshots of the UI) and how to configure your project, explaining each of the settings as he goes. He includes the full build command he's using for the library running tests, a lint check and codesniffer checks for formatting. He shows how to get the project to build and what the UI will show when the build is successful (all green).

tagged: project aws codebuild pipeline library tutorial setup build server amazon

Link: https://benramsey.com/blog/2016/12/aws-codebuild-php/

Laravel News:
24 Pull Requests
Dec 01, 2016 @ 10:31:21

On the Laravel News site there's a post talking about a holiday-themed project, 24 Pull Requests, and a bit of personal perspective about it from a participant, Joe Ferguson (of LaraTraining.com).

24 Pull Requests is a project to promote open source collaboration during the month of December. The idea is to “Send 24 pull requests between December 1st and December 24th,” and it encourages developers to give back to open source with little gifts of code.

This is the fourth year and there are currently 11,093 developers and 10,201 organizations participating. If you are new to open source or are a seasoned pro it’s a great way of supporting the community.

The remainder of the post is the interview with Joe sharing answers to questions about:

  • why he decided to start participating
  • how it has improved his skills
  • what his biggest take away from participation is

There's plenty of links and suggestions in the post too helping you get started on your own road to 24PullRequests this month.

tagged: 24pullrequests project interview joeferguson opensource pullrequest

Link: https://laravel-news.com/2016/11/24-pull-requests/

Zend Developer Zone:
A Reverse Debugger for PHP…wait…WHAT?
Nov 16, 2016 @ 11:51:28

On the Zend Developer Zone they have a post talking about an interesting project - a reverse debugger for PHP making it simpler to step forward and backwards through breakpoints in your PHP code (instead of just forward).

Honestly, when I originally tweeted this out I really wasn’t 100% sure what it did. You never know when you see things like “reverse debugger”. It’s one of those “I understand the words separately…” type of things. Then I watched the short video. HO-LY CRAP! Seriously, it is exactly what it says, it allows you to step debug forward AND backwards. Well, almost. You have to record the session first and then you can step forwards and backwards. Still it is a powerful tool.

The project, Don'tBug, hooks directly into any IDE that supports XDebug (just about all of them) making it easy to integrate into your current workflow. You can see it in action in this video over on YouTube.

tagged: reverse debugger language tool dontbug project xdebug

Link: https://devzone.zend.com/7400/reverse-debugger-php-wait/

Tumblr Engineering Blog:
PHP 7 at Tumblr
Nov 11, 2016 @ 13:07:07

The Tumblr Engineering blog has a new post with details about how they made the switch to PHP 7 in their previously PHP 5 codebase (and some of the things they learned along the way).

At Tumblr, we’re always looking for new ways to improve the performance of the site. This means things like adding caching to heavily used codepaths, testing out new CDN configurations, or upgrading underlying software.

Recently, in a cross-team effort, we upgraded our full web server fleet from PHP 5 to PHP 7. The whole upgrade was a fun project with some very cool results, so we wanted to share it with you.

They start off with the timeline of events, starting with the original hackday project out through the final PHP 7 deployment in production less than a year later. They cover some of the testing methods they employed during the transition and the impact of the update on their application on request latency, CPU load and memory usage. They wrap up the post talking about some of the PHP 7-specific things they made use of in their update including anonymous functions and scalar type hinting.

tagged: tumblr php7 update php5 hackday project testing performance

Link: https://engineering.tumblr.com/post/152998126990/php-7-at-tumblr

Fred Emmott:
Greenfield Projects with Hack
Nov 03, 2016 @ 12:14:06

Fred Emmott has a new post to his site sharing some of his experience with creating a "greenfield" project in Hack, the language Facebook developed to work with its HHVM runtime for PHP.

Until late 2015, the Hack and HHVM documentation site was a fork of PHP's own documentation site. This had many shortcomings, and ultimately we decided that the best approach would be something custom. As most of the public Hack code at that point was toy examples, we decided to also make the site itself open, and start investigating the greenfield problems.

There are 3 basic approaches to 'library code' in Hack if there isn't already a Hack version:

  • Use a PHP library, without typechecker support
  • Use a PHP library, and add HHI files so that Hack understands it
  • Write something new

The Hack/HHVM site uses a mix of all three, though mostly #2 and #3.

He talks some about using plain PHP libraries in Hack projects and how you won't get the full benefit of Hack's features without some of the type-checking enforced (sometimes required to get some libraries working). Following this he covers the integration of three projects/structures, changed a bit for supporting Hack: FastRoute, PHPUnit and the things based on the PSR-7 request/response structure. He wraps up the post talking about writing "something new" and things to consider to make its APIs more "Hack-like".

tagged: hack greenfield project new facebook hhvm fastroute phpunit psr7

Link: https://fredemmott.co.uk/blog/posts/greenfield-projects-with-hack