Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Matthias Noback:
Mocking at architectural boundaries: the filesystem and randomness
Mar 06, 2018 @ 09:39:55

Matthias Noback has continued his series of posts covering mocking and testing at the "architectural boundaries" of your application. In this second post he offers two more suggestions of these "edges" where mocking could be useful: filesystem interfaces and randomness.

In a previous article, we discussed "persistence" and "time" as boundary concepts that need mocking by means of dependency inversion: define your own interface, then provide an implementation for it. There were three other topics left to cover: the filesystem, the network and randomness.

He starts with the mocking of the filesystem handling and makes the recommendation of using either vfsStreamor Flysystem to provide an interface that's more easily testable. These libraries abstract away the filesystem and make it easier to mock out the functionality rather than going directly to PHP's filesystem functions. His second example, randomness, is a bit tougher as the output isn't predictable. He still recommends abstracting it out, however, and offers suggestions as to what might be possible to test.

tagged: mocking boarder architecture filesystem randomness series part2

Link: https://matthiasnoback.nl/2018/03/mocking-the-filesystem-and-randomness/

Running Monte Carlo Simulations in PHP
Jun 28, 2013 @ 12:19:53

On PHPMaster.com there's a new tutorial by J Armando Jeronymo that shows how you can run Monte Carlo simulations in PHP (more on that simulation type here).

One of the exciting things in the 1980′s was programming simulations to solve complex analytical problems, and one of the most useful techniques employed was running Monte Carlo simulations. The approach repeatedly runs a simulation many times over to calculate the most likely outcome. Although PHP isn’t known as a scientific or research programming language, Monte Carlo simulations can easily be written in a PHP web app. In this article, I’ll show you how.

He walks you through the whole problem he tries to solve with the simulation - a multi-step trip that involved different roads, situations and possible stops along the way. He breaks it out into the various stages (labeled with letters) and shows how you might render this as a "MyTrip" class with distances in "travel minutes". Following along with the Monte Carlo randomness, though, he shows how to inject a bit of randomness into the mix accounting for some of the trouble he had along the way.

tagged: montecarlo randomness travel plan tutorial

Link: http://phpmaster.com/running-monte-carlo-simulations-in-php

Pádraic Brady:
Predicting Random Numbers In PHP - It’s Easier Than You Think!
Mar 26, 2013 @ 09:54:15

Pádraic Brady has a new post to his site about "randomness" in PHP and how, depending on the method used, you might not be as random as you think.

The Zend Framework team recently released versions 2.0.8 and 2.1.4 to address a number of potential security issues including advisory ZF2013-02 “Potential Information Disclosure and Insufficient Entropy vulnerabilities in ZendMathRand and ZendValidateCsrf Components”. Quite the mouthful! In short, Zend Framework used the mt_rand() function to generate random numbers in situations where neither openssl_pseudo_random_bytes() nor mcrypt_create_iv() were available. This is possible when the openssl and mcrypt extensions are not installed/compiled with PHP.

He talks some about the mt_rand function and how it generates its "random numbers" (designed for speed, not ultimate randomness). He notes that all of PHP's internal randomization functions use the concept of "seeds" to prime the random number/string generation. Unfortunately, the seeding method is known inside PHP, so it is possible - if the method of generation is weak, as it is with mt_rand - that an attacker could brtute force their way into a correct value. You can find more about randomness in PHP in this chapter of his PHP security handbook including a mention of Anthony Ferrara's randomness library.

tagged: randomness seed mtrand openssl mcrypt randomlib