Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Using Canaries for Input Detection and Response
Feb 28, 2018 @ 11:27:51

The Websec.io site has posted a new tutorial today showing how to use "canary" values and the psecio/canary PHP package to detect and respond to potentially malicious input.

I'm sure you've heard the common phrase "a canary in a coal mine" when people talk about safety and detection of issues. When miners used to go down to work, there was a danger of trapped gasses being released as they were digging. Some of these gasses were hard for humans to detect and, if enough was breathed in, could lead to illness or even death. In order to help the miners detect and avoid these kinds of issues, they would take a canary (the bird) down into the mine with them.

[...] The idea of a "canary" value in the security world is pretty similar. A "canary" value is one that - real or faked - is somehow exposed outside of your own system. If this value is used you need to be notified immediately so you can take action and gather more information about the usage and any other associated issues.

The tutorial then introduces the psecio/canary package and shows some of its basic use detecting input and setting up notifications. It also covers some of the package's integrations for notifications with services like Slack, PagerDuty and custom Monolog handling. It also provides an example of it in a more "real world" situation of a Slim framework middleware that detects incoming GET parameters.

tagged: canary detect respond value tutorial package pseciocanary

Link: https://websec.io/2018/02/28/Canary-Input-Detect-Response.html

Slim Framework Blog:
Apr 17, 2015 @ 09:34:17

Josh Lockart, the lead developer and creator of the Slim framework, has responded to some questions and comments around the recently released Laravel microframework Lumen and how it relates to Slim and its own goals.

Lumen happened. It’s a shiny new micro-framework from Taylor Otwell, and it joins the Laravel family today. It looks to be a pretty nice framework, and it shares many of the same features and goals as Slim 3.0. I’m sure this raises a few question about Slim’s future roadmap. [...] Is there overlap between Slim and Lumen? Of course. They both have similar goals and solve similar problems. There are also differences.

He talks about some of the current work being done on version 3.0 of Slim, the PSR-7 support it offers and some of the differences between Slim and Lumen. He points out two main ones: that Slim has fewer dependencies and that it is a supporter of the PSR-7 HTTP interoperability standard. Josh talks about why you might choose Lumen over Slim and that, in the end, he welcomes alternative microframeworks and challenges the Slim community to help consistently improve Slim and its place in the community.

tagged: slimframework slim lumen respond opinion framework laravel microframework

Link: http://www.slimframework.com/2015/04/14/lumen.html

Brian Moon's Blog:
Stop comparing stuff you don't understand
Jun 26, 2012 @ 09:09:19

In his latest post Brian Moon responds to another "PHP versus..." article from this site comparing it to Node.js and how it's less of a valid comparison and more of an "apples to oranges" comparison.

I normally don't do this. When I see someone write a blog post I don't agree with, I often just dismiss it and go on. But, this particular one caught my attention. It was titled PHP vs Node.js: Yet Another Versus.

He points out some of the problems with some of the arguments, specifically with some of the points made about Gearman, memcache, the PHP.net site and the creation of daemons in PHP.

Listen, I write code in PHP and JavaScript all day. I also use some Ruby, Lua and even dabble in C. I am not a language snob. Use what works for you. I do however take exception when people write about things they clearly have no idea about.
tagged: compare opinion respond nodejs understanding


Community News:
Responses to the Death of PHP4
Aug 08, 2008 @ 08:49:18

The community has responded to the fact that PHP4 is officially "dead" with a few posts to their blogs. Here's the list so far:

If you aren't sure what they're talking about - the last day for official PHP 4 support is today, 08.08.08. Only PHP 5 will be supported from here on. It is highly recommended that you upgrade your applications to run on the latest PHP 5 version, 5.2.

tagged: php4 death community respond blog


Michael Kimsal's Blog:
Magento book review found
Jun 11, 2008 @ 14:36:44

In response to another blogger's review of the php|architect "Guide to Programming with Magento", Michael Kimsal has posted some clarifications.

Starting off with "However, I'm not really the type of person to give accolades unless something is absolutely stellar. As such, this post will primarily be about the shortcomings of the book" I wasn't particularly surprised that there was more of a focus on negatives rather than positives.

Michael mentions three topics - the "first to market" point the reviewer makes about different versions of Magento between the book being authored and the release, some of the missing information the reviewer would've liked to see and the complexity of the example module that the reviewer complains is too hard to follow.

tagged: magento book review respond firstomarket complexity missing information