I've added another free article to my growing collection:
This article creates the necessary functions in steps, so that you hopefully better understand the final product and can make your own modifications to better suit your needs. If you're just interested in the code, you can look in the code repository for Essential PHP Security:
You might also be interested in Trick-Out Your Session Handler, an article by John Herren on Zend Developer Zone.
Note: Over the next few weeks, I hope to catch up on posting past articles as well as resuming my regular writing of both Security Corner and Guru Speak. Until then, there are 17 free articles available for you to read. Enjoy!
Good news - the Zend Framework License is now compatible with the GPL. This means you can use the ZF for your own GPL-licensed PHP project.
From Andi's email:
We have decided to change the license of the Zend Framework from a PHP-like license, to the simpler new BSD license. This was after many discussions we have had with the community and the partners.
The big change is the removal of the advertising clause:
Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes the Zend Framework, freely available at http://www.zend.com/"
Note: Personally, I don't like calling this an advertising clause, because advertising isn't necessarily the primary purpose. The reason the PHP license includes such a clause is to make sure people don't get fooled into thinking they must pay for something which is available for free.
In addition to compatibility with the GPL, this change also has the added benefit of using an existing license, so it's not necessary for companies to evaluate yet another license.
Compatibility with the GPL isn't something I appreciated in the beginning. There were a few complaints about the license not being compatibile with the GPL (some that seemed to suggest the GPL itself as a better license), but it wasn't until I discussed this with Zak in Montreal that I learned the root cause of the incompatibility. Although I think the advertising clause has value, I think Zend has made the best decision in this case.
Because I've been busy with work and travel in the last few weeks, there's a lot I haven't had the time to blog about. So, I decided to try to summarize the important stuff I've missed in one rushed, disorganized post. (Maybe you missed some stuff, too.) Please feel free to add to this quick summary, and be sure to keep up with PHPDeveloper.org for more thorough PHP news coverage.
I dropped by the April meeting of the Nashville PHP User Group. It is a very cool group of people who meet at a local cafe and chat about PHP and related technologies. I had a few pints of Murphy's Stout, so I can't imagine a better meeting. Paul Jones drove up from Memphis, and it was nice to meet him in person.
The Zend Framework Preview 0.1.3 was released (release notes). Along with the new release comes a new look for the web site, compliments of Varien. Maybe Zend can provide a clean copy of the new logo for people to use. :-)
I heard from Peter MacIntyre that the second edition of Programming PHP has been published. (Wez and I made small contributions to this edition.)
Zak announced PHP Vikinger, an "unconference for PHP enthusiasts held in Skien, Norway from June 24 to 25." That's the weekend before ApacheCon EU in Dublin, so perhaps a cheap Ryanair flight will make it fit into your travel plans. It should be an awesome unconference.
Speaking of ApacheCon EU, I'll be there! I really love Dublin, and ApacheCon always brings together smart and friendly people, so this should be a great conference. I'll be speaking about Agile PHP Testing, Essential PHP Security, and The Truth about XSS. You can also see talks from Rasmus, Andrei, Christian, Laura, and Theo on a variety of topics. Did I mention it was in Dublin?
The MySQL Users Conference begins this week. George, Wez, Zak, Andi, Rasmus, Michael (Schmichael), and Laura are there, so keep an eye on their blogs.
I'll be at LinuxWorld and php|tek this week, and I'll try to summarize those conferences in my blog.
Thanks for reading!
I've been keeping up with Planet PHP for a while now. I like the Planet style of feed aggregation, and I think Christian and Toby have done a good job with it.
Unfortunately, the blogs I read and the blogs Planet PHP aggregates no longer match very well. Sean has a nice greasemonkey script that lets me read only the blogs I care to read on Planet PHP, but that only solves half of my problem.
Here are a few of the PHP blogs I read that are not on Planet PHP:
Note: Please feel free to add a URL to your blog in the comments if PHP is one of the topics you write about.
If someone is looking for a project, it would be cool to have a simple PHP script that uses the del.icio.us API to create a personalized Planet based on the blogs tag.
There's an interesting blog entry on O'Reilly's web site discussing Digg's PHP Scalability and Performance. As part of his research, the author (Brian Fioca, a Java developer) interviewed Owen Byrne, cofounder and Senior Software Engineer at Digg, and built his own PHP application, Jobby.
Here are some quotes and interesting notes:
- He used the WASP PHP framework.
- Digg gets 200 million page views per month. (Yahoo gets billions per day.)
- Digg uses 3 web servers and 8 database servers.
- "None of the scaling challenges we faced had anything to do with PHP." (Owen Byrne)
- "In fact, we found that the lightweight nature of PHP allowed us to easily move processing tasks from the database to PHP in order to deal with that problem." (Owen Byrne)
- Digg uses APC and MCache.
- "It turns out that it really is fast and cheap to develop applications in PHP." (Brian Fioca)
Note: See PHP Scales for some related content and discussion.
From Laura Thomson's blog, OmniTI is looking to fill a Junior Web Developer position. If you like web development technologies (mod_perl, PHP, etc.) and working with some of the best in the industry (Laura, Wez, George, Theo, Amy, etc.), this might be an opportunity you don't want to miss.
Note: If you're too much of an expert to consider a junior position, you might be interested in an upcoming senior position that Laura mentions at the end of her post.
PHP Quebec was an educational and entertaining conference as expected. The PHP Quebec User Group does a great job organizing the conference each year.
My talk, Agile PHP Testing, was very well received. I think KISS might be the missing ingredient that we need to ignite a testing revolution in the PHP community. Most people who approached me after the talk appreciated the simplicity of using test-more.php with no testing framework at all. I think they also appreciated knowing that using TAP allows them to "upgrade" later.
Although the slides are much less valuable without commentary, a PDF is available:
Here are the other slides that have been posted (to my knowledge):
I've also posted my pictures from the conference. If you look closely, you'll see a t-shirt of Wezzy Wezbourne that was quite popular (and funny).
Au revoir et merci!
I've been too busy to blog this past week, but Apple's Boot Camp seems particularly noteworthy. If you have an Intel-based Mac, you can run Windows XP without having to do anything complicated. From Apple's announcement:
More and more people are buying and loving Macs. To make this choice simply irresistible, Apple will include technology in the next major release of Mac OS X, Leopard, that lets you install and run the Windows XP operating system on your Mac. Called Boot Camp (for now), you can download a public beta today.
Very cool. Now, back to work. :-)