InfoWorld Interviews Andi Gutmans
Infoworld recently published a short article in which they talk to Andi Gutmans about the Zend Framework. (Disclaimer: Andi one of the founders of Zend, Zend pays the bills at DevZone) The article is a fly-by look at the Zend Framework. Here’s one of the things Andi had to say.
“The goal of the Zend Framework was to provide a very, very easy-to-use, well-established and supported framework,” Gutmans said. But he did note that there are more than 40 PHP frameworks available, including Symfony, Prado, and CakePHP.”
Andi goes on to mentions that he expects the Zend Framework to support OpenID in the future.
It’s a short read but interesting if you are following the Zend Framework.
Report from the Field: MySQL Conference and Expo
The yearly gathering MySQL users, DBAs, vendors and employees is in full-swing. Here’s a look at the first couple of days of activities.
Monday’s tutorials were very interesting. I missed out on the morning session but for the afternoon session I attended “Real-world MySQL Performance Tuning” given by Ask Bjorn Hansen and Jay Pipes. What a great session. I had seen the short version of Jay’s talk at Codemash.org earlier this year but the long form was so much better.
Tuesday dawned bright but a bit too early for me. However I managed to down a cup of coffee and make it to the keynote on time. After the normal welcome and housekeeping churn, Guy Kawasaki took the stage by storm. His speech was great, invigorating and all in all, a great way to kick off the conference.
Even though the sessions by Rasum Lerdorf, Laura Thomson and others were great session, I hate to say it but the keynote was the highlight of the day for me. Laura’s, PHP and MySQL Web App Security was still a very good session.
After lunch, I tried to squeeze into SQL AntiPatterns by Bill Karwin. (Bill is a fellow Zender and head of the Zend Framework team) However by the time I got there, it was standing room only. From the comments I heard after the session, I’m sorry I didn’t stand in the back; apparently Bill wowed them.
Then came my session, I was on a panel discussion with several other community managers. (We don’t manage communities, we manage the relationship of our respective companies with their communities) It was really interesting and I think that the outcome will be a little tighter integration between the PHP and MySQL communities since there is so much overlap in the members. The session was better attended than I expected and the audience really got into the discussion in helping us find ways to make their lives easier.
Finally, the official day ended with a “Booth Crawl” in the expo hall. There was lots of good food, good booze and even a few T-Shirts. There were several great BoF sessions and I really wanted to attend them (Jay said his went well past midnight) however, some friends of mine, employees of Jupiter Hosting, were playing softball about a mile away and I had to go cheer on “Desk Rage”.
The big news that was announced this morning was that MySQL AB and IBM Announce Open Source Database Support. Here’s a short quote:
The two companies will work together to offer the MySQL Server for i5/OS, the flagship operating system for System i, and plan to deliver DB2 for i5/OS as a certified MySQL storage engine on the System i platform. This will allow System i customers to implement online and transactional MySQL applications while storing all data in a single, easy-to-manage DB2 database.
I know that’s interesting news for all the PHP developers working on i5.
For those of you who like playing with new toys, you can follow my thoughts on the conference semi-live (updated as I feel like it) on twitter.com.
Manual Lemos on Defensive Programming
Manual Lemos posted the PHPClasses newsletter recently and in it he posts 8 rules he uses for defensive programming.
This article describes software development practices that have been used to prevent problems that can break Web sites. This message also explains recent changes that were made to the site newsletter user options to reduce the site bandwidth usage to keep the hosting costs on budget.
Manual goes on to describe a problem he had, the issues he faced with PHPClass’ newsletter delivery system and 8 rules he uses to hel minimize embarrassing programming errors. (In his case, to help him from accidentally sending out newsletters while testing)
Those of you who regularly read DevZone have read some of Manual’s articles and know he is a great writer. It’s easy to recommend this article to anyone looking to hone their skills as a PHP developer.
=C=
php|architect Introduces New Training Courses
Sean Coates recently announced php|architect’s two new live, instructor-led training courses to their online training lineup.
Building Rich Internet Applications With PHP 5 and AJAX
Take control of Web 2.0 with this in-depth course on AJAX, PHP and Web Services.
The first class starts on June 5th, 2007.
Web Development with Komodo IDE
This six-hour interactive course is designed to help you take full advantage of ActiveState Komodo IDE’s major unique components and features from the point of view of a PHP developer.
Classes start on May 3, 2007.
Zend Core 2.0.1 Released
Zend is pleased to announce the release of Zend Core 2.0.1. This is a minor version that fixes some critical bugs and includes some important enhancements.
This includes:
- All “The month of bugs” security fixes (PHP 5.2.1 plus)
- Virtual Hosting Installation (up to 2000 VH)
- Vista 64 Bits support (32 mode)
- Adding PDO Drivers (PDO_MYSQL, PDO_PostgreSQL )
- Oci8 updated version
- Update phpMyAdmin 2.10.0.2
- Web Server detection improvements
- Zend Framework version auto-update
- Adding DB2 as an optional download
- Documentation enhancements
- Optimizer version 3.2.7
Coming Releases:
In the next few weeks we plan to align all Cores’ products with this version and to release:
- Zend Core for Oracle 2.0.1
- Zend Core for IBM 2.0.1
- Zend Core for I5/os 2.0.1 (2.0 Beta already released)
Program Unveiled and Registration Opens for the 2007 O'Reilly Open Source Convention
Sebastopol, CA, April 24, 2007—Registration is now open for OSCON, the O’Reilly Open Source Convention. This year’s program will examine how open technologies are making breakthroughs in the mainstream IT community, and delve into the advances on the open source horizon. Now in its ninth year, OSCON is the annual gathering of developers, hackers, visionaries, and alpha geeks who are driving the open source movement. OSCON returns to the Oregon Convention Center in Portland, Oregon July 23-27, 2007.
OSCON will feature more than 400 sessions and tutorials in fifteen tracks that will cover Administration, Business Databases, Java, Linux, People, Perl, PHP, Programming, Python, Ruby, Security, and Web Applications. Also happening concurrently will be the O’Reilly Radar Executive Briefing, a full-day discussion and debate that will give attendees the opportunity to take part in the conversation between Tim O’Reilly and the innovators, entrepreneurs, and leaders who are fostering the evolution of computing via open source technologies.
For more information and to register for OSCON and the O’Reilly Radar Executive Briefing, visit:
http://conferences.oreillynet.com/pub/w/58/register.html
Speakers, tutorials, and sessions at OSCON this year include:
- Kirill Grouchnikov, Amdocs, “Advanced Effects in Desktop Java Applications”
- Rasmus Lerdorf, Yahoo!, “PHP – Bigger and Faster”
- Lamont Peterson, NeverBlock, “High Availability Xen”
- Simon Willison, “OpenID Bootcamp”
- Rachael Madsen, “Exploiting Multi-Core Capabilies From Python”
- Guido van Rossum, Creator of Python, “Python 3000”
- Theo Schlossnagle, “OmniTI Advanced Production Troubleshooting”
- Chris DiBona, Google, “A Year of Open Source at Google”
- Simon Peyton Jones, “Microsoft A Taste of Haskell”
- Michael Koziarski, “Generating Gorgeous Word Documents, PDFs and Excel Spreadsheets”
- Jesse Vincent, Best Practical, “Building Domain Specific Languages in Perl”
- Ben Krug, Adapt Technologies, “DBA Tales from the Front: from Oracle to MySQL”
- Dawn Foster and Danese Cooper, Intel, “Art of Community”
OSCON 2007 will feature an expo hall where companies offering open source products and services will display their latest innovations to the more than 2,500 attendees that are expected at the convention. Sponsors and exhibitors so far include: Autodesk, Novell, Google, Intel, The New York Times, Sun, Microsoft, Optaros, IBM, and Ingres. Networking opportunities at OSCON will be plentiful for the entire open source community, particularly during evening events such as the Open Source Alliance SSO Hack-a-Thon, “Meet-n-Geek,” and the Google O’Reilly Open Source Awards.
About O’Reilly
O’Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O’Reilly has been a chronicler and catalyst of leading-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying “faint signals” from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism. For more
information: http://www.oreilly.com
# # #
O’Reilly is a registered trademark of O’Reilly Media, Inc. Other products mentioned may be trademarks of their respective companies.
phpMyAdmin Cross-Site Scripting Vulnerabilities
The following phpMySQL security advisory was released today on the Secunia Security Advisory list.
http://secunia.com/advisories/24952/
Description:
Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the “fieldkey” parameter in browse_foreigners.php and input passed to the “PMA_sanitize()” function is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
The vulnerabilities are reported in versions prior to 2.10.1.
Solution:
Update to version 2.10.1.
Using Zend_Lucene Inside of symfony
Spindrop has just posted a new tutorial on how to use the new sfZendPlugin to bring the power of Zend_Lucene into your symfony project.
The author (DaveDash?) lays out a good tutorial on how to get everything installed and up and running. It’s not a terribly long tutorial which is a tribute to the stability of both frameworks.
In this tutorial we’re going to delve into the Lucene index. Zend Search Lucene relies on building a Lucene index. This is a directory that contains files that can be indexed and queried by Lucene or other ports. In our example we’ll be creating a search for user profiles.
The rest is mainly code on how to integrate these two frameworks. it’s a great tutorial for anyone using symfony.
Rob Young: Non-blocking I/O With PHP-MIO
Rob Young recently posted on his blog an interesting article on non-blocking I/O in PHP. He gives a pretty good explanation of what multiplexed I/O is and why you may or may not want to use it.
Before I go any further I suppose I should explain exactly what multiplexed (or non-blocking) I/O actually is. When reading from or writing to a stream PHP usually blocks until the operation is complete, however, a stream’s blocking mode can be set such that operations on streams don’t block and instead return immediately. Used correctly this technique can vastly improve performance in networked applications. This comes at the price of increased complexity and some would argue a more confusing program flow. For this reason I wouldn’t suggest it for trivial applications.
Rob goes on to give a very nice tutorial on how to use his new package, phpmio.
This isn’t really a beginner’s guide. If you are not familiar with sockets, streams and all the terminology he uses, you may want to just keep moving. However, for those working in this area, this is a great article and interesting project.
Joomla!Day USA West - May 12-13, 2007
Tickets are going fast to the first ever Joomla!Day USA to be held on May 12-13, 2007 at “The Googleplex”. There are only 125 seats available to this 2 day un-conference. So if Joomla is your thing, you need to head on over to http://www.joomladayusa.org/ and register now.
While the conference itself is at The Googleplex, recommended hotels are Wild Palms Hotel or Avante. (The Wild Palms is the hotel Zend puts guests and roving reporters up at when we are in town.)
The conference is being organized by Ryan Ozimek.
Ryan said the event will be driven by the innovative “un-conference” format, facilitated by Penguin Day creator Allen Gunn, of Aspiration. “Having Allen here to help with the format is going to excite and challenge minds … and, I hope this will be welcomed as an interesting way to share knowledge and have fun simultaneously.”
It sounds like it’s going to be a fun time for all, so fun in fact that the blog says that 2 more are in the works:
- Joomla! Day Midwest – Austin, TX
- Joomla! Day East – New York, NY
Golden Rules for Starting and Running an Open Source Project
Recently Tobias Schlitt posted his 10 Rules for Getting Started in Open Source. Following on with that, Greg Beaver took a look at the other side of that coin wihen he posted his 10 Rules for Running an Open Source Project.
Tobias’ post was to give comfort and aid to those new to contributing to an open source project. Getting involved in an existing open source project can, at times, be a daunting task. Tobias gives new members a list of guidelines to follow. Here are a couple of my personal favorites.
Stick to your level of Karma
Don’t overrate yourself
Flaming is bad
One would think that you wouldn’t have to tell people that last one but alas, it is still necessary.
Beyond just a bulleted list, he also goes into detail about each topic. On “Flaming is Bad” he wrote:
This rule is almost the same as rule 6, but it is still very important. Read every conversation carefully. I know the feeling quite well, if you think, your conversation partner “is an idiot”. He is not! There are no idiots out there. He just has a different view on the things that you have or has a different technical background. Stay cool, think about your reply for some minutes/hours/days and write it, when you don’t feel angry anymore. Try to state your points in polite words and explain in detail, why you are of a different opinion. If you still feel anger coming up while writing, save your reply and review it later again. Flame wars are a really bad thing and pollute the communication channel of your project. They will definitely not stop occuring but that’s the way it goes. The only thing you can do against this is not taking part in them.
Tobias’ post inspired Greg Beaver to write about open source project governance in his post 10 Rules for Running an Open Source Project. In it he details his ideas for successfully running an open source project.
Despite the evidence, it’s probably your fault
Follow the rules you apply to those with lower karma!
Dream big, baby. Plan for the future
My favorite from Greg’s list is the last one, plan for the future. Here’s his advice for that.
People like to be involved with cool, life-changing things. Don’t sell your project short, write great code, and solve intractable problems with beautifully simple, eloquent solutions, and do it all from the comfort of your living room. To put it another way, unless you are some kind of freak, you won’t have the energy to sustain the initial push behind the project all by yourself for more than a few years. Make sure you’re planning ahead for your inevitable retirement or at least scaling back involvement, and seek out proteges to take over the project. The more attractive the project is, the more likelihood you will find that magical dreamer who will carry the torch off into the open source sunset.
Both articles are well thought out and well written. I recommend reading them if you are thinking about joining a project or if you are already involved in one.
=C=
Ed Finkler on The PHP App Insecurity Top 20
Ed Finkler, the author of phpsecinfo, blogger, and all around nice guy, has posted his PHP App Insecurity Top 20. In it he aggregates NIST NVD data on PHP applications.
I’ve spent some of my down time in the past couple weeks working with the NIST NVD data to get stats on PHP application vulnerabilities. What follows is a breakdown of the 20 PHP-based applications that had the highest aggregate vulnerability scores (NIST assigns a score from 1-10 for the severity of each entry), and the highest total number of vulnerabilities, over the past 12 months. Of the two, I feel that the aggregate score is a better indicator of security issues.
Ed even created a couple of cool looking graphs to illustrate his findings.
Report from the Field:Web 2.0 Expo Wrap-up
The Wi-Fi is now silent, (but at least it’s up) the 20 foot banners are now all rolled up and for the first time this week, booth minions are smiling because they want to, not because they have to. Let’s take a look over our shoulder at the very first Web 2.0 Expo before adjusting the Fedora and heading on to the next one.
First, let me clear something up. I made the comment in my first report that PHP wasn’t represented at Web 2.0 Expo. That’s not entirely true. Honestly, it would be next to impossible to hold a conference revolving around the web without PHP. PHP was there, in the form of vendors. After the initial T-Shirt rush on Tuesday – it is a known truth among us professional conventioneers that if you want to actually talk to a vendor, wait till they run out of T-Shirts – I was able to talk to many of the vendors represented. I was pleasantly surprised to find that many of them either supported PHP (like Etelos) or built on PHP (like RightMedia)
The Good
Like any O’Reilly conference, the content was great. It was well run and the parties were fun. Tuesday evening Nokia threw a party up on the third floor of Moscone West with a live DJ and “booth babes”. The phone demonstrators and Nokia called them were young women wandering the floor taking their picture with the party goers using Nokia phones. All in all it was fun even though they kind of ignored what I thought to be Nokia’s coolest device, the N800. if they shoe horned a cell phone in that thing it would be the perfect device. (Well, at least until the iPhone comes out)
I met a couple of new friends while I was there. First, Greg Elin from the Sunlight Foundation. These guys do some cool stuff with PHP for those interested in US politics. Sunlight Foundation is a non-partisan group that builds, among other things, APIs to help people build political mashups. The Sunlight foundation builds it APIs on PHP.
Another new friend I met was Ed Kozek of rightmedia. Right Media has built a network that allows advertisers and publishers to work together. Not only is their platform built on PHP but they used the Zend Framework to build it.
So while PHP was absent from the agenda, it wasn’t absent from the conference.
The Bad
There was so little bad about the conference that it’s really hard to find anything concrete. The only disturbing thing I found was the lack of sessions discussing PHP and it’s related technologies.
The Ugly
There was one thing that was bad about the conference but I really can’t fault O’Reilly for this. The Wi-Fi was horrible. I know there are very few situations where you have to build an ad-hoc network to handle 3,000 users. (each with laptops, blackberries, and Nokia N800s) Most of the time it was hit or miss as to whether you were going to be able to get access during a session. During the keynotes, you could kiss it good by. Again, I don’t really blame O’Reilly, it’s a difficult task. it would just be nice if someone could figure this problem out and share it with all the conference sponsors.
And with that, we face forward again. Another one is behind us and this reporter squares his Fedora and sets his gaze firmly on the future.
Until next time,
=C=
ZendCon '07 Call for Papers
As previously announced, the ZendCon call for papers opened earlier this month. Make sure you get yours in soon.
We’ve received a lot of papers so far but we want to make sure that everyone who has an idea, has the opportunity to pitch it. So if you’ve got one rolling around in the back of your head, go ahead and submit it here.
One area we are specifically looking for new papers is PHP use in both Government and business. If you are doing something cool with PHP, make sure you drop us a line.
Report From the Field: Web 2.0 Expo
O’Reilly now hosts 2 Web 2.0 events per year and in the last 6 months, I’ve attended both of them. I’ll have to say, bang for the buck, Web 2.0 Expo is the better of the two in my opinion. That’s probably because Web 2.0 Expo is targeted less towards CEOs and VCs and more towards developers, designers, and system administrators.
Sunday was (typical of many conferences these days) the tutorial day. The day was broken into four slots and there were a hand-full of two-hour tutorials you could attend. Because it was a pre-cursor to the actual conference, attendance was lighter than the rest of the conference and wi-fi was plentiful.
Sunday night’s Ignite session was very interesting. Even the boring sessions were great because of the live commentary provided by mozes.com. The most interesting (although not the highest rated) presentation of the evening was Instructables.com. Her presentation talked about open source hardware design and for an example, she showed off the knex weaponry that is available on Instructables. Fascinating stuff!
The sessions I have attended have all be very good. Really, the only problem I’ve had is that there are 0 (Zero) PHP based sessions. It is sad that at a conference this large and energetic, they’ve chosen to ignore the most popular language for building web applications.
That having been said, there have been some great sessions that have really started my creative juices flowing. I think, so far, the coolest thing I’ve seen is swivel.com. It’s hard to describe exactly what they do. You can upload your data and make a graph out of it. You data becomes available to everyone else to use in their graphing products. They describe themselves as “the Youtube for Data”. I’m pretty sure that is a trademark violation but it does go a long way to explaining what they do. If you are a data junkie, you are going to love swivel.com.
Beyond that, Etelos.com, whom I mentioned in my Web 2.0 Summit roundups, is showing off some new features. Etelos has a platform for building and distributing applications. Their EASE language excels at building the core parts of most business applications, lists and forms. When you need to move beyond that, their platform supports multiple languages, including PHP, that will allow you to leverage the native functionality of the language in your application. Looking beyond all the market-speak, they are a cool bunch of people trying to make it easier to build the web.
That’s it for this report from the field. If you are at Web 2.0 Expo, look me up, I’m the one in the fedora.
=C=