Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Paragon Initiative:
Guide to Automatic Security Updates For PHP Developers
Oct 25, 2016 @ 12:51:21

On the Paragon Initiative blog they've posted a guide to handling automatic security updates for PHP developers, helping to prevent security-related issues by keeping your libraries up to date.

Most of the software security vulnerabilities known to man are preventable by careful development practices. [...] However, even if you're trying to do everything right, eventually we all make mistakes and ship exploitable software.

[...] By making updates manual rather than automatic, you're forcing your customers to take all the responsibility for making sure that your mistakes don't hurt their business. Only a very small minority of your customers might prefer the responsibility of verifying and applying each update themselves. [...] Automatic security updates reduce the interval between points 2 and 3 from possibly infinite to nearly zero. That's clearly a meaningful improvement over manual patch management.

The post then walks through the aspects of a secure automatic update system that includes offline cryptographic signatures, transport layer security and separation of privileges (who will perform the actual update). The author gets into a bit of detail for each item on the list, explaining how the system should be set up and some tools you can use to start working up the process in your own applications.

tagged: automatic security update developers tutorial system

Link: https://paragonie.com/blog/2016/10/guide-automatic-security-updates-for-php-developers

SitePoint PHP Blog:
Is It Possible to Write and Run PHP Code on an iPad?
Oct 25, 2016 @ 11:23:52

In this new tutorial from the SitePoint PHP blog Christopher Pitt once again takes on an unconventional question around the use of PHP: "is it possible to write/run PHP code on an iPad?"

I love the iPad. It’s a fantastic form factor for media consumption and gaming; and it also works well as an e-reader. The trouble is I don’t use it nearly as much as I could. Most of the time I’m consuming media (Netflix, Twitch, YouTube), I’m coding in parallel.

I can do that on my MacBook, but I’ve never been able to do that until now. [...] Today I’m going to show you how I code on an iPad. I won’t pretend it’s a perfect workflow (what workflow is?), but this is as exciting for me as the first time I used a laptop instead of a desktop.

He briefly covers some of the hardware you'll need to get started including a good keyboard you're comfortable with and a way to hook it up (either Bluetooth or manually via USB). He then gets into the software and mentions DraftCode and WorkingCopy as his tools of choice. He then helps you get started writing your first PHP script, using SQLite in-memory and using Working Copy to pull the latest code from your external source. Now that you're comfortable with the setup, he shows you how to install a Laravel application and the changes you'll need to make to get it up and running. Finally he shows the push of the code the remote source, updating the repository with these latest changes.

tagged: write run code ipad workingcopy draftcode laravel tutorial

Link: https://www.sitepoint.com/is-it-possible-to-write-and-run-php-code-on-an-ipad/

Voices of the ElePHPant:
Interview with Larry Garfield (#2)
Oct 25, 2016 @ 10:49:10

The Voices of the ElePHPant has posted their latest interview with a member of the PHP community. In this latest show host Cal Evans interviews Larry Garfield, a well-known developer and member of the Drupal community.

Cal and Larry talk about Larry's work on the PHP-FIG overhaul (PHP-FIG v3), how it changes the structure of the group and how it effects its members. He talks about the "member projects", the "core community" and what's changing in the workflow related to these two groups. He also explains the new workflows the group's work will follow and the move of the group to include a wider focus on the entire PHP community ecosystem. They also talk about Larry's work at Platform.sh and what kind of services they offer.

You can listen to this latest episode either through the in-page audio player or by downloading the mp3 of the show directly. If you enjoy the interview, be sure to subscribe to their feed and follow them on Twiiter when new episodes are released.

tagged: voicesoftheelephpant community interview larrygarfield podcast phpfig

Link: https://voicesoftheelephpant.com/2016/10/25/interview-larry-garfield/

Matthew Weier O'Phinney:
Automating PHPUnit with Node
Oct 25, 2016 @ 09:06:40

Matthew Weier O'Phinney has a new post to his site today showing you how you can automate PHPUnit runs while doing local development with the help of a little Node.

I've been trying to automate everything this year. When working on OSS, this is usually as simple as setting up Travis CI; in some cases, even that becomes a little more involved, but remains possible.

But that's continuous integration. What about continuous development? With continuous integration, every time I push to a branch associated with a pull request or on the origin repository, a build is triggered. [...] Ideally, I should also be testing locally. [...] I'd like to automate running these as part of my development process. I want continuous development cycles.

He then walks you through the automation setup he's devised for his own local development, adding a few lines to his Composer configuration for scripts to run when "composer check" is called. This is where Node comes in: he uses Gulp (and a few dependencies) to watch the filesystem for changes. With that setup configured and working, he can then just run "gulp" and a Node process executes and watches for those changes. When an update is discovered, "composer check" is executed and a system notification is fired if an error pops up. He's also created a package you can use to set this all up a bit simpler, only requiring a single command to execute.

tagged: phpunit automation node gulp tutorial watch phpunit unittest

Link: https://mwop.net/blog/2016-10-24-watch-phpunit-with-node.html

Community News:
Latest PECL Releases (10.25.2016)
Oct 25, 2016 @ 08:05:01

Latest PECL Releases:

  • ui 1.0.0
    App::run changes (see docs) App::onTick (see docs) UIKey enumeration UIPoint and UISize math operations Reference counting for layout controls Fix build when x is not available

  • swoole 1.8.13
    - Fixed WebSocketServer automatically merge the incomplete data frame exists security vulnerabilities - Added the upload_tmp_dir option to set the HttpServer upload file temporary directory - Added Server->sendMessage automatic stringing function, and now sendMessage PHP variables can be sent to any other work process - Added Process::alarm high-precision timer - Added a bug where the protocol length function crashed when the connection was closed - Fixed swoole_select function in PHP7 can not modify the reference array problem
  • timezonedb 2016.8
    Updated to version 2016.8 (2016h)
  • varnish 1.2.2
    - fixed build with Varnish 5.x, thanks Remi Collet!
  • ui 0.9.9
    initial release
  • sqlsrv 4.0.6
    This version is for PHP 7 only. This preview contains the SQLSRV drivers for PHP 7 (64-bit) with limitations. Upcoming release(s) will contain more functionality, bug fixes, and more.
  • pdo_sqlsrv 4.0.6
    This version is for PHP 7 only. This preview contains the PDO_SQLSRV drivers for PHP 7 (64-bit) with limitations. Upcoming release(s) will contain more functionality, bug fixes, and more.
  • APCu 5.1.7
    - fixes gh#19: hung apaches on pthread wrlocks - fixes gh#203: segfaults in bailout / longjmp
  • mongodb 1.1.9
    * PHPC-820: Upgrade libbson and libmongoc to 1.3.6 * PHPC-820: Upgrade libbson and libmongoc to 1.3.6


/Dev/Hell Podcast:
Episode 84: Whiny Feedback Loops
Oct 24, 2016 @ 12:33:23

The /Dev/Hell podcast, hosted by PHP community members Chris Hartjes and Ed Finkler, has posted their latest episode - Episode 84: Whiny Feedback Loops.

Chris and Ed record a very quick show to talk about Ed’s latest conference adventure, the launch of some new stuff from OSMI, and Chris talks about feedback loops, hoodies that don’t fit, and the end of TrueNorthPHP.

You can listen to this latest episode either using the in-page audio player or by downloading the mp3 directly. If you enjoy the show, be sure to follow their feed and follow them on Twitter for updates when new shows are released.

tagged: devhell podcast 84 feedback loop chrishartjes edfinkler

Link: http://devhell.info/post/2016-10-22/whiny-feedback-loops/

Simon Holywell:
Importing and aliasing PHP functions
Oct 24, 2016 @ 11:34:29

In this recent post to his site Simon Holywell continues his look at namespacing in PHP with a look at importing and aliasing specific functions, not the entire class.

As a follow on to my short post about namespaces and functions from a year ago I thought it would be worth covering importing a specific function and aliasing functions via namespace operators too. This has been possible since PHP 5.6, but there is a nice addition in PHP 7 I’ll cover towards the end.

He starts with a refresher example of pulling in a namespace and using a method with the "use" statement. Following this he shares an update that just imports the one method via a "use function" call rather than the entire class/namespace. He again refactors this into something more usable (the original method name is quite long) with an alias. He then ends the post with the PHP 7 only trick using the braces to define grouped namespace handling (however, this doesn't allow for function level aliasing).

tagged: import alias function namespace grouping php7 tutorial

Link: https://www.simonholywell.com/post/2016/10/importing-and-aliasing-php-functions/

Building Your Startup: Notifying People of Meeting Updates
Oct 24, 2016 @ 10:37:50

On TutsPlus.com they've continued their series showing the construction of a startup (a calendaring site) using PHP and the Yii2 framework. In this latest article they walk you through their construction of a notification system when others need to be informed/invited to meetings in the system.

This tutorial is part of the Building Your Startup With PHP series on Envato Tuts+. In this series, I'm guiding you through launching a startup from concept to reality using my Meeting Planner app as a real-life example. [...] In this two-part series, I'll describe how we built the notifications infrastructure and their delivery. Today, I'm going to focus on the MeetingLog to track changes that help us determine when to send updates.

They start with their vision of how the notification system should work (starting at the UI level) and the types of responses an invited user could reply with. The article then gets into how the notifications will work and the creation of the first step: a log to track all actions taken around notifications. They include the model to work with the logging table, adding a new log message, defining the logging command and finding specific log messages. With that in place, the tutorial switches to the frontend, showing what the notifications should look like using flash messages and a few updates to the views in the application.

tagged: startup build tutorial series log message yii2 framework

Link: https://code.tutsplus.com/tutorials/building-your-startup-notifying-people-of-meeting-updates--cms-26594

PHPUgly Podcast:
Episode 33 - Hacktoberfest Countdown
Oct 24, 2016 @ 09:18:19

The PHPUgly podcast, hosted by Eric Van Johnson, Tom Rideout and John Congdon, has posted their latest episode - Episode #33: Hacktoberfest Countdown.

Other topics mentioned (besides Hacktoberfest) in this latest show include:

You can find links to these and other topics discussed in the show notes for the episode. If you enjoy the show, be sure to subscribe to their feed and follow them on Twitter to get updates when the latest episodes are released.

tagged: phpugly podcast ep33 hacktoberfest countdown ericvanjohnson tomrideout johncongdon

Link: https://soundcloud.com/phpugly/episode33

Stomt Blog:
Shared Components Across Multiple Laravel/Lumen Micro-Services
Oct 21, 2016 @ 12:19:30

On the Stomt blog today there's a post showing how you can share components across Laravel/Lumen applications using a simple structure and making things like microservices easier.

In this blog post, we show a way to split up large Laravel applications into smaller micro-services, in our case Laravel & Lumen applications, and the advantages and pitfalls it brings with it. As a result, we sped up our applications by more than 30% and achieved greater maintainability, too. These principles can, of course, be easily applied to other frameworks.

A lot of functions are needed in our REST API as well as in our administration panel. [...] While we still have a “monolithic” codebase, we have multiple completely independent backend applications. You might want to call them “micro-services” (because it’s so trendy).

These microservices required similar functionality and splitting those out into shared components made sense. They walk you through some of the basic requirements they had when splitting the application and how the components are structured. They then shift over to the Laravel/Lumen side and show how multiple applications can be hosted via the same installation and where the shared components fit in. They show how to define namespaces to load the components and set up the providers so Laravel/Lumen knows how to use them.

tagged: laravel microservice shared component tutorial

Link: https://www.stomt.com/blog/shared-components-across-multiple-laravel-lumen-micro-services/