News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Pádraic Brady:
Security Oriented PSR Proposed to PHP-FIG
November 11, 2014 @ 11:56:42

Pádraic Brady has a new post to his site today talking about a security-oriented PSR that's being proposed to the PHP-FIG group (by Lukas Smith). The proposal suggests the creation of a security policy to be used by members of the PHP-FIG and a way to make sharing security issues more standardized.

Lukas Kahwe Smith recently brought forward an idea to PHP-FIG with two broad objectives for a new PSR: To write a security policy that could be adopted by members; and proposal to make sharing security vulnerabilities more common and standardised. He has invited interested people to express their interest in joining a separate mailing list to discuss the details: https://groups.google.com/forum/#!topic/php-fig/45AIj5bPHJ4. Larry Garfield of Drupal and Korvan Szanto of concrete5 CMS have offered to sponsor the proposal.

He talks some about security policies in general - what they are, why they're a good idea and what Lukas is proposing for PHP projects. He also briefly covers the publishing of vulnerability data, the different options for publishing them and how the standardization of it could be integrated with current tools (Composer anyone)?

0 comments voice your opinion now!
phpfig security standard reporting proposal discussion

Link: http://blog.astrumfutura.com/2014/11/security-oriented-psr-proposed-to-php-fig/

Anthony Ferrara:
What's In A Type
October 24, 2014 @ 13:55:39

In a new post to his site Anthony Ferrara takes on the topic of typing in PHP, discussing some of the main ideas around the current typing scheme and the discussions being have about potential changes.

There has been a lot of talk about typing in PHP lately. There are a couple of popular proposals for how to clean up PHP's APIs to be simpler. Most of them involve changing PHP's type system at a very fundamental level. So I thought it would be a good idea to talk about that. What goes into a type?

He starts at the highest level, covering what "typing" is in general and some of the tradeoffs that come with being a strongly typed versus weakly typed language. He then gets into PHP's two "semi-independent type systems" - one for objects and one for everything else. He includes some code examples to illustrate and how, for the non-object handling, context means everything for how the types are switched. He also talks about polymorphism, the chaos that could come from scalars becoming objects and a current RFC suggesting the addition of "safe casting" functions to PHP to provide less "magic" when shifting values from one type to another.

0 comments voice your opinion now!
type switching casting rfc proposal function weak strong

Link: http://blog.ircmaxell.com/2014/10/whats-in-type.html

Robert Hafner:
A Walkthrough of PSR-6 Caching
October 23, 2014 @ 09:17:41

The PHP-FIG (Framework Interoperability Group) has been helping to define standards that can be adopted by projects to make them easier to cross-pollinate and give developers more choices with less hassle. One of the latest to be proposed by the group is PSR-6, the Caching proposal. For those not familiar with it, Robert Hafner has written up an introduction to the proposal and what it all entails.

There's been a lot of discussion about PSR-6, the php-fig caching interfaces, so I thought it was time to step in and describe what this system is all about. Be prepared to read far more about caching interfaces than you probably thought possible.

He starts with a look at why a standard like this might be necessary (and links to the PSR-6 docs for the official word). He does also mention some alternative proposals and gets into details - with code examples - of each of them and shows how they relate back to what's proposed in PSR-6. He finishes off the post with a brief Q&A trying to dispel some of the myths that have com up around the standard. These include "This is all just too complex", "The Pool/Item model isn't used anywhere" and " This is just standardizing Stash", each with their own summary and feedback.

0 comments voice your opinion now!
walkthrough psr6 caching proposal alternatives examples

Link: http://blog.tedivm.com/rants/2014/10/a-walkthrough-of-psr-6-caching/

Anthony Ferrara:
A Followup To An Open Letter To PHP-FIG
October 17, 2014 @ 11:51:35

Based on some of the responses to his previous open letter to the PHP-FIG (Framework Interoperability Group), Anthony Ferrara has posted a follow-up explaining some of his points made and the caching proposal in a bit more detail.

A few days ago, I wrote An Open Letter to PHP-FIG. Largely the feedback on it was positive, but not all. So I feel like I do have a few more things to say. What follows is a collection of followups to specific points of contention raised about my post. I'm going to ignore the politics and any non-technical discussion here.

He points out that while the previous post wasn't completely about the cache proposal (it was used as a "literary device") there was some confusion on it. He walks through the "unnecessary complexity" he sees with it, citing code examples, and makes points about performance, memory usage handling stampede protection and the creation of standard ways to avoid it. He ends the post with a look at group invalidation handling and two ways it could be accomplished, either via namespacing or through tagging the items and using that as a reference point for the invalidation.

0 comments voice your opinion now!
open letter phpfig cache proposal detail opinion problem

Link: http://blog.ircmaxell.com/2014/10/a-followup-to-open-letter-to-php-fig.html

Michael Dowling:
A Case for Higher Level PHP Streams in PSR-7
July 15, 2014 @ 10:54:53

In his latest post Michael Dowling looks at a recently proposed PSR standard (the HTTP message one, created by him) and some of his thoughts around it and what it could do for the community.

There's been a lot of talk lately about the PSR HTTP message proposal, PSR-7. The purpose of the proposal is to create a shared interface that can be used by projects to interact with HTTP messages for both clients and servers. When I created the proposal, I envisioned the purpose is not to say projects that utilize HTTP messages need to make breaking changes to use the proposed interfaces, but rather give projects an interface for which they can create an adapter.

He points out that the major part of the proposal that's being debated is the message body methods and structure. He gives a quick overview of this API and how streams could fit in with it, providing a flexible abstraction layer over the actual data. He includes a few ideas for some functionality that could make streams work relatively easily with the proposal (using a StreamInterface):

  • No Auto-registering of stream protocols and filters
  • Exceptions cause warnings in stream wrappers and filters
  • Functionality is spread over many functions

He also shares an example (based around the Guzzle HTTP library) showing how this interface could be put to work. He also talks some about one of the major concerns voiced right now, getting the actual stream itself to work with, and shows how the "detach" method matches this goal.

0 comments voice your opinion now!
usecase streams highlevel psr7 proposal http

Link: http://mtdowling.com/blog/2014/07/03/a-case-for-higher-level-php-streams/

Paul Jones:
PSR-4 "Autoloader" Has Passed
December 04, 2013 @ 10:37:51

As Paul Jones mentions in his latest post, one of the latest proposals to the PHP-FIG (Framework Interoperability Group) has officially passed, PSR-4, providing a more strict standard for autoloading than the widely used PSR-0.

Counting from the date of that first formal proposal, it has taken exactly 8 months of discussions, one botched vote, one rescinded vote, an entirely new FIG workflow, and four or five rewrites to get PSR-4 passed. Maybe 8 months doesn't sound so long when you look back on it, but while you're in the middle of it, it's interminable.

Paul talks about some of the differences between it and PSR-0, making for "shallower" and more concise directory structures for packages. He also points to some of the packages from the Aura framework as examples of its implementation.

0 comments voice your opinion now!
psr4 autoloader phpfig proposal vote pass directory structure namespace

Link: http://paul-m-jones.com/archives/4804

Phil Sturgeon:
Potential Variadic Function Syntax for PHP 5.6
September 03, 2013 @ 11:55:37

Phil Sturgeon has another post to his site about a recently proposed RFC for PHP. This time it's about implementing a variadic function syntax in the language. This kind of handling would allow for a variable number of parameters on a function/method and not having to use func_get_args to pull in the list.

An awesome RFC popped up the other day: Syntax for variadic functions, developed by Nikita Popov. I read through it and I loved it, but I did have to Google to see what the hell a variadic function was. This is what happens when you teach yourself how to code. You know how to do things, but don't know any of the words. Variadic functions are already possible in PHP and have been throughout 4.x and 5.x in the form of func_get_args(), which is pretty gross.

He includes an example of how it would work and some of the pros and cons of implementing it in the language including:

  • Type hinting (pro)
  • Argument unpacking (con)
  • Easier documentation in docblocks (pro)
  • Keeping up with the "Joneses" (con)
0 comments voice your opinion now!
variadic function syntax rfc proposal

Link: http://philsturgeon.co.uk/blog/2013/08/potential-variadic-function-syntax-for-php-56

Phil Sturgeon:
Progress in the PHP-FIG
August 15, 2013 @ 11:13:55

Phil Sturgeon has a new post about some of the progress the PHP-FIG is making (the PHP framework interoperability group) and how some of the more recently proposed standards...and a workflow he thinks can help keep things from fading like they are now.

For the last two years the ML has been chock full of different discussions about potential PSRs that could be worked on. [...] This to me is the central point of the PHP-FIG as by defining these standards it can stop the need to build 6 different damn adapter classes for your composer package if you want it to work with Buzz, Guzzle, Zend HTTP, Curl, Whatever). [...] It became apparent to me that the PHP-FIG wasn't going to get all that far as things stood. I actually saw quite a few problems with the workflow.

To try to help resolve these problems, Phil has proposed a bylaw that aims to help (and has since been voted in as part of the process). The flow has several steps that a PSR proposal has to go through, all tracked by co-sponsors, one being the main coordinator. It goes through a pre-draft, draft, review and acceptance phases. There's also some points in there about attribution, the use of the voting protocol and the flow of the voting process.

0 comments voice your opinion now!
phpfig interoperability voting process flow bylaw proposal

Link: http://philsturgeon.co.uk/blog/2013/08/progress-in-the-phpfig

Community News:
PHP-FIG Proposal - Resource Location
June 19, 2013 @ 10:55:29

A new proposal has been made to the PHP-FIG group that would provide resource locator functionality as a standard part of an application's structure.

This specification proposes to refer to files and directories through URIs. [...] These URIs can have different schemes ("classpath", "file" etc.), but only the scheme "file" is specified in this document. The resource locator is able to turn URIs into file paths which can be read or included by PHP code. The general goal of this PSR is to locate files (PHP, XML, YAML, INI, JPG, etc.) and directories in a generic way. For example, there should be a unified notation to refer to the file of a class ABCD and other files located in the same directory (or nested directories).

Code snippets are included showing a pseudo-code interface to this locator with five requirements:

  • Locate files relative to classes
  • Locate both directories and files
  • Short identifiers when the context is known
  • Locate resources independent from PHP classes
  • Support resource overriding

There's also some definition as to what is meant by a "resource location" and how the URIs should be structured and located.

0 comments voice your opinion now!
phpfig proposal resource location framework interoperability standard psr

Link: https://github.com/bschussek/fig-standards/blob/master/proposed/resource-location.md

Pádraic Brady:
Publishing Security Disclosures In Consumable Formats
May 16, 2013 @ 09:03:59

Pádraic Brady has a new post today proposing that what the PHP ecosystem needs is a way to better publish security disclosures in a format that's easy to parse and deal with.

This is a branch off from a separate discussion on the PHP-FIG mailing list about other ways the Framework Interoperability Group can encourage and foster wider interoperability among its member projects (and by extension, the whole PHP community). I'll start by noting two interesting developments in recent months and one long standing best practice.

The two "interesting developments" he mentions are the relatively recently released SensioLabs Security Checker that uses you Composer file to find security issues and the new entry in the latest version of the OWASP Top 10 list for "Using Components with Known Vulnerabilities". The best practice he talks about is more around the timely/responsible disclosure of vulnerabilities and how some kind of decentralized tracking of these issues that puts the responsibility back on the developers of the tool and not on one tracking resource.

0 comments voice your opinion now!
security disclosure feed proposal sensiolabs checker owasp

Link: http://blog.astrumfutura.com/2013/05/publishing-security-disclosures-in-consumable-formats-for-simpler-aggregation-and-security-checking


Community Events





Don't see your event here?
Let us know!


series version library security framework release community symfony introduction application install interview composer opinion language tool package laravel podcast voicesoftheelephpant

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework