Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Fortrabbit Blog:
Your responsibility: App security
Apr 09, 2018 @ 11:45:17

On the Fortrabbit blog there's a post from Oliver Stark about securing your PHP application based on an experience they had with a recent support ticket.

A few days ago, late in the evening, we received a support ticket with the [message asking if their site had been hacked]. The support team started the conversation with the client and checked the domain routing first. It quickly became clear that the redirects to the phishing domain happened on our platform, so they searched the access logs for suspicious requests.

As they searched the logs, other similar requests showed up pointing back to a root.php file that seemed to be taking commands from URL parameters. This kind of script is called a "webshell" and is usually uploaded via a vulnerability with a plugin, poorly guarded upload forms or bad input validation. After some additional tracking, the vulnerability was located in the site's "vendor" folder that was web accessible. The post finishes with some recommendations to keep this from happening to you and your application including keeping dependencies up to date and preventing direct "vendor" folder access.

tagged: application security fortrabbit webshell experience

Link: https://blog.fortrabbit.com/app-sec

Matthew Setter:
First Experiences with Symfony 4 & the Symfony Community
Mar 12, 2018 @ 12:45:14

Matthew Setter has a new post to his site sharing some of his experiences and interactions with Symfony 4 and it's community as someone new to the framework and community.

Recently, I decided to learn the basics of the Symfony (4) framework, so that I could better understand one of my client's applications, and provide better support to it. I never expected to use such a well-rounded framework. Nor did I expect to encounter such an engaged and supportive community. Here's the story.

He starts off describing some of his reasoning behind looking into Symfony, including the fact that a project at his work makes use of the framework. He then talks about getting started with v4 of the framework by reading the documentation, creating a core application and overcoming some of the common first-timer issues. He covers the use of templates, routing with annotations and using the bin/console to handle code generation. The post ends with some of his experiences with the community and their interaction with a tweet of his showing his appreciation for the framework.

tagged: symfony symfony4 experience community project introduction

Link: https://www.matthewsetter.com/first-experience-with-symfony/

Geoff Wozniak:
What ORMs have taught me: just learn SQL
Dec 20, 2017 @ 13:51:49

Geoff Wozniak has written up a post on the "Curried lambda" site sharing his opinion on ORMs (object relational mappers) for working with databases and how, after using them in his own development work, that they're a good side benefit but shouldn't replace knowing SQL.

I've come to the conclusion that, for me, ORMs are more detriment than benefit. In short, they can be used to nicely augment working with SQL in a program, but they should not replace it.

[...] Neward, in his well known essay, lays out many cogent reasons why ORMs turn into quagmires. In my experience, I've had to deal directly with a fair number of them: entity identity issues, dual-schema problem, data retrieval mechanism concern, and the partial-object problem. I want to talk briefly about my experiences with these issues and add one of my own.

He breaks the rest of the article up into several sections, for each sharing some of his own experiences with the feature and how it could be resolved using other query methods:

  • Partial objects, attribute creep, and foreign keys
  • Data retrieval
  • Dual schema dangers
  • Identities
  • Transactions

He ends the post with a look forward, thinking about where he'll end up, mentioning stored procedures, queries as APIs and how "easy" isn't always best when it comes to ORMs.

tagged: orm mapper database layer sql opinion issues experience

Link: http://woz.posthaven.com/what-orms-have-taught-me-just-learn-sql

Community News:
24 Days In December
Dec 18, 2017 @ 10:46:02

The "24 Days in December" project is an effort to share "thoughts from the PHPamily", members of the PHP community from all levels of experience and "age" in the community. For the month of December they've posted several articles, each from a member of the community building up to Christmas. If you haven't been reading along, here's a selection of the posts so far:

These are just a few of the great articles so far so be sure to check out the full list for perspectives and thoughts from other members of the community.

tagged: 24daysindecember community article experience december

Link: https://24daysindecember.net/

Josh Lockhart:
Advice For Aspiring PHP Developers
Jun 30, 2017 @ 09:18:09

On his site Josh Lockhart, author of Modern PHP and the Slim framework has shared advice for aspiring PHP developers, mainly centering around one core idea.

As a fledgling PHP developer, I aspired to be in the same league as legendary figures like Cal Evans, Chris Hartjes, Larry Garfield, Anthony Ferrara, Paul Jones, Sebastian Bergmann, Taylor Otwell, et al. I consider these folks members of PHP's inner sanctum, so to speak. They are decision makers, tool builders, and opinion shapers.

[...] My advice to aspiring PHP developers: there is no great Wizard of OZ. There are only opinionated men and women behind a veil of authority who bicker of politics and standards. It's not magical. It's messy. It's a minefield of polarizing politics, sensitivities, and opinions.

He points out that, no matter why you say or do, there'll always be someone that will take it the wrong way - it's just human nature. He uses a recent example of an interaction he had with another member of the PHP community around contributor guidelines on a project.

Aspiring PHP developers, stay above the fray. Don't seek out a Wizard of OZ. He does not exist. PHP's inner sanctum isn't worth your time. Instead, do your research, recognize and avoid propaganda, and trailblaze your own path.
tagged: advice aspiring developers community experience opinion

Link: https://joshlockhart.com/blog/2017/6/advice-for-aspiring-php-developers

Robert Basic:
Open source taught me how to work with legacy code
May 01, 2017 @ 09:36:29

In a new post to his site Robert Basic shares how some of his work on Open Source projects taught him how to better work with legacy code.

Contributing to open source projects has many benefits — you learn and you teach, you can make friends or find business partners, you might get a chance to travel. Even have a keynote at a conference, like Gary did.

Contributing to open source projects was the best decision I made in my professional career. Just because I contributed to, and blogged about Zend Framework, I ended up working and consulting for a company for four and a half years. I learned a lot during that time.

He shares some of the things that open source taught him about working with code and how it relates back to legacy code (including how to find his way around). He also tries to dispel the myth that all legacy code is bad and was "written by a bunch of code monkeys who know nothing about writing good software." He points out that, at the time the code was written, the changes may have been the best that could be done, it might be a necessary workaround or it could be an actual bug that needs fixing.

tagged: opensource legacy code opinion experience codemonkey

Link: https://robertbasic.com/blog/open-source-taught-me-how-to-work-with-legacy-code/

Danny van Kooten:
Moving from PHP (Laravel) to Go
Apr 27, 2017 @ 10:14:04

Danny van Kooten has an interesting post on his site sharing his experience in converting a Laravel-based application to Go, briefly describing some of the changes made, performance differences and the lines of code required.

Earlier this year, I made an arguably bad business decision. I decided to rewrite the Laravel application powering Boxzilla in Go.

No regrets though.

Just a few weeks later I was deploying the Go application. Building it was the most fun I had in months, I learned a ton and the end result is a huge improvement over the old application. Better performance, easier deployments and higher test coverage.

He talks about why he selected Go and some of the external services he would need to interface with to make the transition complete. He then gets into the actual porting of the codebase and some of the challenges involved to replace Laravel functionality. With the application ported, he then compares the performance of the Laravel application versus the Go version, sharing the request of requests/second for each. He finishes out the post looking at a lines of code comparison between the two and how testing was handled on the Go side.

tagged: laravel move rewrite application go summary experience performance

Link: https://dannyvankooten.com/laravel-to-golang/

SitePoint PHP Blog:
How Privileged Are Programmers? Are You a John, Too?
Apr 25, 2017 @ 09:31:16

On the SitePoint PHP blog Christopher Pitt has written up a new article, a story about "John" a developer caricature that's all too familiar in the development world and how you can grow up from "being a John". It's all based on Christopher's own experiences too.

John was a developer. To be specific, he was a young, white, straight, young, self-taught developer. He wasn’t rare, but he was special. John grew up with a couple parents, who paid for everything he needed.

[...] John got average grades, but it was ok because [according to mum]; “he’s just bored of schooling, and too clever”. He walked right out of high-school and into a programming job. The pay wasn’t great; only enough for a small apartment and modest groceries [for one]. In time he’d earn more. [...] Over the years, John quickly got bored of programming. He loved the thought of the career, but it was all so boring. He moved jobs every year or so, and only then when his idiot bosses stopped seeing how much he mattered to their company.

He talks about his own past, how he realized he was a "John" and how he made the conscious decision to grow up and out of that situation. He talks about those being born into comfort and how they're not always forced to grow up or to really struggle. He mentions other common "John" points of view ("we can always just move jobs" or "meetings are just a distraction"). He's angry with himself for seeing so much of his previous life in these examples. He's also angry to see these same patterns in other developers around him, other "Johns" that treat him the same way with excuses, failed promises and delays.

I think of all these clever little things I could do, to force John to work. All these processes and mantras and check-lists. Then I despair. The only thing that’s going to make John realise he is wasting away is wasting away enough to fall through his safety net. He’s going to have to grow up on his own, and maybe then he’ll pay it forward to his future employers and clients.
tagged: john programmer privilege example opinion experience

Link: https://www.sitepoint.com/how-privileged-are-programmers-are-you-a-john-too/

CloudWays Blog:
Stefan Priebsch Talks About ThePHP.Cc, His Experience With PHP Development, PHP 7 &
Apr 14, 2017 @ 12:50:39

The CloudWays blog has posted another in its series of interviews with members of the PHP community. In this latest article they talk with Stefan Priebsch of thePHP.cc (a consulting company) and some of his experiences, past and present, in the world of PHP.

Today, We are honoured to have Stefan Priebsch for this interview. He is a cofounder of thePHP.cc, a well known PHP consulting firm. He is also an entrepreneur, university lecturer and a thought leader in modern software application architecture. Stefan specializes in PHP powered enterprise applications and has built an enviable reputation as one of the best trainers in Germany.

Additionally, Stefan speaks regularly at international PHP conferences and wrote a book PHP 7 Explained with Sebastian Bergmann and Arne Blankerts. In this interview, he talks about his career, PHP 7 ebook and the latest developments in the industry.

In the interview Stefan answers questions about the benefits of the PHP 7.x releases, his work at thePHP.cc, his book, what development tools he uses and how he spends his free time. You can read his answers to these questions and more in the full interview.

tagged: cloudways interview stefanpriebsch thephpcc experience php7 book development

Link: https://www.cloudways.com/blog/stefan-priebsch-interview/

Quora.com:
What are some things you wish you knew when you started programming?
Mar 21, 2017 @ 10:24:44

Leonid Mamchenkov has linked over to a great thread over on Quora that asks the question "[What are some things you wish you knew when you started programming?

](https://www.quora.com/What-are-some-things-you-wish-you-knew-when-you-started-programming)?"

The post is originally from Ken Mazaika, CTO, Co-founder & Mentor @ thefirehoseproject.com but it has expanded way beyond his original list of 27 things. There's comments sharing everything from personal experiences out to their own lists of things they wish they knew. Topics mentioned include:

  • the "cognitive burden"
  • the importance of getting away from the screen sometimes
  • the value in listening, not just hearing, your colleagues
  • thinking about security at all times
  • learning the "why" of coding, not just the "how"

There's a lot more in this post so get over and start reading. There tips in here for everyone, both those new to programming and those that have been doing it for years.

tagged: wish you knew programming opinion experience quora

Link: https://www.quora.com/What-are-some-things-you-wish-you-knew-when-you-started-programming