PEAR metapackage for Statusnet

January 17th, 2010 by kenguest

A short while ago, someone popped into the PEAR irc channel on efnet and asked about installing Statusnet – which is a “open source micro messaging platform that helps you share and connect in real-time within your own domain.” It’s what powers identi.ca and similar micro-blogging services.

Specifically, this person wanted advice on installing the six or so PEAR packages on which this software depends; eight if you include the optional ones.

Foreseeing a number of people wanting similar help, I thought it would be best to create a metapackage to bundle these PEAR packages together – at the least it would mean only one “pear install” command would be required and it would reduce the number of potential mistakes that could be made.

Following my own instructions in the “Dependency Tracking (Meta Packages) with PEAR” section in the PEAR documentation, I quickly came up with Statusnet_Statusnet-0.1.1.tgz.

Install it via “$pear install http://short.ie/statusnettgz” for the moment – as the location of where it’s being hosted may change during the week.

Posted in pear, php | 3 Comments »

A response to “Better Postal/Zip Code Validation Method for CakePHP 1.2″

December 15th, 2009 by kenguest

Just a few minutes ago I read Jamie Nay’s A Better Postal/Zip Code Validation Method for CakePHP 1.2 blog post.

Jamie says that “The Validation::postal() method that comes with CakePHP 1.2 is good in that it can handle a number of different country formats, but the problem is you can only validate your data against one country. What if you want to accept, say, either Canadian or US postal/zip code formats? I ran into this problem earlier today, and decided to write my own postal() function that can take either a string as the country, just like Validation::postal(), or an array of countries.”

I’m probably going to have to wait for Jamie to wake up before my comment on that blog-post is approved, but the crux of it is “Don’t”. Don’t write your own code to validate user input, unless of course the input data is specific to a problem domain that others haven’t catered for yet.

I drew attention to two things. The first is that there are Validation packages in PEAR, including the main Validate class and all the Validate_xx subclasses such as Validate_US, Validate_CA and some 22 others).

The second item I drew Jamie’s attention to is that his validation code counts a zip code of “00000″ as valid, when the USPS zip code look up tool correctly (and they should know!) identifies that code as invalid.

Why spend time writing and debugging regular expressions, compiling lists of valid data and so on when other people have already done this work? Especially when it comes down to such things as validating data input which is crucial when you need to guard against cross site scripting vulnerabilities.

Focus on what you need to do rather than reimplementing what others have already done.

Honestly, this probably should be subtitled – “Stop the NIH craziness, please” – though to be fair Jamie might not have known of the solutions already out there.

Posted in pear, php | 6 Comments »

Book Review: jQuery 1.3 with PHP

December 13th, 2009 by kenguest

jQuery 1.3 with PHP

jQuery 1.3 with PHP

Before I start this review proper, I need to disclose one nugget of information first: The author, Kae Verens, and I are both currently serving as members of the Irish PHP Users Group Committee and have known each other for quite a few years. If you believe I can remain impartial and objective (as I hope you do – because I am), read on:

This is the first book sent to me from Packt where I wasn’t left dizzy from trying to understand just what it is the author was trying to get across. It looks like their proof-reader was awake for this one – totally awesome.

jQuery, as the vast majority of us already know, is a JavaScript library that simplifies HTML document traversing, event handling, animating, and Ajax interactions for rapid web development. In other words it does all the heavy lifting and takes care of cross-browser compatibility issues so you don’t have to and thus allows you to focus on the work that you need to do without all those distractions.

“jQuery 1.3 with PHP” is aimed “for PHP application developers who want to improve their user interfaces through jQuery’s capabilities and responsiveness”. Over the course of ten chapters Verens starts the off with an introduction, then a series of ‘Quick Tricks’ that almost immediately help you add some measure of “Web 2.0″ functionality to what I’d term a “web 0.2 application” rather sharply.
The book ends with a chapter on Optimization – some of which you are bound to already know and some which are complete gems.

In the middle are chapters with mini-projects on tabs and accordians, forms and form validation, file management, calendars (and how to make your own google-calendar-like application), image manipulation, drag and drop and data tables.
In each case, projects are analysed and the required steps for each are outlined in the simplest terms – no extraneous buzzwords are used or are the projects over-analysed for the sake of pedantry.

I was a little surprised in some places where, for example, the json encoded output was not created via json_encode; but then thought not everyone is going to have PHP 5.2 or greater installed. Thumb forward a few pages and this is mentioned. So all’s o k.

It was good to see Kae suggesting use of the PEAR Validate package (or similar) in the Forms and Forms Validation chapter (chapter 4). I had to wonder if there was a PEAR package for creating and shunting down jQuery validation rules to the client – and found that there isn’t. That’s something to consider for later on, I guess.

The rest of the book is similarly both easy to read and easy to understand – my first port of call for learning how to do something that I’d almost term exotic with jQuery and with PHP in the background is usually Google but that is going to change (actually it already has).

Honestly, I wouldn’t be surprised if this books working title was “JQuery and PHP: The HowTo” – it is that good.
Now, this book is not for learning jQuery – that is not within its remit, but I would heartily recomend “jQuery 1.3 with PHP” by Kae Verens to anyone wanting to utilise jQuery from a PHP background.

Posted in JavaScript, OpenSource, Reference, Web Development, linux, pear, php, review | 6 Comments »

Two security fixes for PEAR’s Net_Ping and Net_Traceroute packages

November 15th, 2009 by kenguest

As David mentioned in the PEAR Blog yesterday, in the PEAR Security Advisory PSA 200911-14-01, Net_Ping and Net_Traceroute had been found to have command injection venerabilities in them.

These were fixed and new versions released immediately – further details are available on the Official PEAR Blog.

Posted in pear, php | No Comments »

PHP Team Development by Samisa Abeysinghe

November 15th, 2009 by kenguest

PHP Team Development by Samisa Abeysinghe

A few weeks ago I received a copy of “PHP Team Development” from Packt.
Split into seven chapters, all equally sprinkled with phrases that are disjointly written and that don’t get a point across, and some that make you think the book was written using some speech-to-text software (“Vendor locking” anybody?) , this book which “is for PHP developers who work in teams on complex projects” has given me an aversion to seeing three little words printed alongside each other (“the PHP code”).
If you have read this book you too will develop this aversion. I think Lorna Jane Mitchell and Brandon Savage who both bravely reviewed this book before me might be inclined to agree.

Published only in September of this year, I found it surprising that its section on coding standards and best practices does not suggest the use of phpCodeSniffer (for checking the adherence to coding standards, and which, incidentally, has been available in one form or the next for the last three years). Nor does Samisa suggest the use of phpUnit or SimpleTest for unit testing (Actually, nothing is mentioned for unit testing – the concept isn’t even described, nor is Test Driven Development). These tools have been around for a very long time and I was honestly startled by their ommission.

In a way that’s fine – these are only tools and the book is about team development – not about listing and reviewing each and every tool that could be used to help team members make more efficient use of their time.
But I’d rather use these tools during peer review to help highlight what a team member may be doing wrong in an efficient use of my time, than have to analyse the code myself.

So, moving on, there’s a section explaining that frameworks should also be assessed on the basis of the various open source licenses they are distributed under but the author doesn’t really explain why this is important – or discuss what the prevalent FLOSS licences are (MIT, BSD, GPL etc), or what issues they each attempt to address and what they are best suited for.

The NIH (Not Invented Here) Syndrome is mentioned and to be fair the author does give a long list of frameworks to be considered; probably the one detailed list in the book, to be honest.

PEAR had been mentioned in passing elsewhere in the book so I was expecting it to be listed in the frameworks section too, as I was expecting ezComponents to be referenced somewhere as well – but then, these are a component framework/libraries so perhaps he thought it did not belong in such a list.

To be honest, I think that is part of the problem. The book focuses on what the author thinks and his thoughts on the subject are written in such a manner, that once you put in the immense effort in trying to understand what he is attempting to communicate, that you are left with the impression that
there are no alternatives; that X & Y & Z are the true and tested ways of doing things in PHP and there are no two ways about it.

This is a complete shame.

Some other observances about this book;

  • Continuous Integration is mentioned; but CruiseControl and PHP-Under-Control are not.
  • Source Code Control is mentioned, and here Subversion and GIT are covered. CVS is mentioned elsewhere, under a section, and chapter, far-far-away. Mercurial, bazaar and others don’t even get a look-in.
  • There is no mention of how approaches to Team Development might vary depending on whether some team members might be working remotely, Pair Programming is barely mentioned let alone suggested as one way of ensuring that each team member is learning from the other and reviewing the code that his partner has written.
  • Under issue- or bug-tracking, jira and bugzilla are mentioned as two popular bug tracking tools, and although Abeysinghe states “there are numerous tools that are available, both opensource and commercial for bug tracking”, no others are listed. Fogbugz, Mantis, RT, Trac, and plenty others get left by the wayside.
    Actually, I’m wrong. Sorry. Trac is mentioned – at the other end of the book; though not in the glossary or index.

I honestly considered giving up on reading this book and not writing this review. The book truly is that bad. The thought of someone paying out close to thirty euro for a book that I’d call poorly researched, badly proof-read, woefully incomplete, badly structured at worst and self-opinionated at best did force me to reconsider.

Nobody should spend close to thirty euro on a book and get so little in return.

So my oneliner opinion of PHP Team Development by Samisa Abeysinghe?
I’d seriously suggest you give it a miss – do something more meaningful with the money and buy bread to bring your team on a duck-feeding-mission.

Posted in Web Development, pear, php, review | 2 Comments »

Beginning Joomla! (Second Edition); A review

October 27th, 2009 by kenguest

A while ago I was sent a complimentary review copy of “Beginning Joomla! (Second Edition)” by Dan Rahmel and published by Apress.

In a clear non-patronising and concise manner the author explains to the reader just what Joomla is (a content management system), how to install, add content, administer, design templates and write extensions for it. He touches on SEO and covers the aspects of both deploying Joomla on Windows, Linux and Mac.
Done in a gentle manner with graceful explanations along the way, he explains everything in a clear manner: how to troubleshoot not being able to access the web or database servers and even mentioning the password system differs from version 4 to version 5 of mysql, for example.

There are a few points in the book that startled me however; Rahmel informs the reader in chapter three that if XAMPP is used as a means of installing the base requirements then certain security concerns need to be addressed. In chapter two he states PHP 4.3.10 as the lowest version required – I’m surprised that a later version of PHP 4 wasn’t recommended, even though 4.3.10 may be the lowest required version – version 4.4.10 4.4.9 for example which is the very last version of PHP to ever be released. I hope this is just a typo that hadn’t been caught in time.
If it was not, then I’d have to express a certain level of professional disappointment; the security enhancements and bug fixes in PHP 4.4.10 should definitely have been enumerated. While it is true to say that most installs of Joomla are into shared hosting environments where such changes can not be implemented, I also would have expected the author to have mentioned that Apache, and by implication Joomla, performs better when configuration directives are specified in the httpd.conf files rather than .htaccess files which must first be scanned for at a directory-by-directory level.

I had been looking forward to reading the chapter on creating extensions (chapter thirteen) but was rather disappointed. I had expected Rahmel to go into much more depth, especially as the blurb on the back of the book mentions how he has coded other solutions from scratch in PHP and ASP, so surely there would be hard-learned tips and some advice that he could share? Instead he hardly mentions the Joomla API nor does he provide a reference or link to where further information on the subject could be found.

I would like to say that the second edition of “Beginning Joomla!” is well rounded but the lack of detail on creating extensions and the differing levels of detail regarding security and performance tips makes me shy from saying that.

Also, I do wish that there was a list of recommended reading and a glossary in the book too – it is invaluable to have a “cheat sheet” of what different terms mean and also to know what other bodies of work are available to help you learn more.

To summarise – “Beginning Jooma! Secong Edition” is a well-written book aimed at (surprise) people new to using Joomla – it just could be better and the section on developing plugins or components should simply be dropped as it is not adequate and probably could have an entire book devoted to the subject.

Posted in OpenSource, Web Development, php, review | 4 Comments »

OSSBarCamp lightning talk on PEAR: slides now online

September 23rd, 2009 by kenguest

I was the the OSSBarCamp event in Dublin last Saturday and gave a lightning talk on PEAR. It went well (I think). The slides for it are now online at the talks.php.net website.
I’ll write up more thoughts on the event later if I find the time ;-)

Posted in OpenSource, pear, php | 2 Comments »

OpenStreetMap in the news again

August 28th, 2009 by kenguest

Spotted two new articles on OpenStreetMap recently – one on the PocketLint site: “OpenStreetMap – Crowd sourced cartography set to re-map the world“; and the other on Wired: “GPS Hackers Blaze Own Trails With Crowdsourced Maps“.
They both mention how OpenStreetMap cartography is more detailed than the alternatives produced by Navteq, Teleatlas et al and the Wired article even goes to include at least four links to various parts of the OSM wiki and mentions some of the devices that our maps can be used on such as iPhones, TomToms and so on.
What with this and more OSM ‘love’ spilling into Episode 83 of Floss Weekly – Steve Coast, founder of OpenStreetMap, was interviewed in Episode 81 it looks like activity is only going to increase.

Posted in General, OpenSource, openstreetmap | No Comments »

OpenStreetMap at the Farmleigh Park Geeknic in Dublin, anybody?

July 21st, 2009 by kenguest

There’s a Geeknic (picnic for geeks if you aren’t too sure) on in Farmleigh Park, Dublin in a few weeks time (on Sunday 2nd August @ 1pm). I can’t help but notice that the OpenStreetMap map of Farmleigh could do with a bit of attention – from what I can make out there are unnamed roads on the OSM map along with ones that aren’t there – and as we all know, we can add as much detail as we feel necessary ;-)

So, anybody on for a bit of socialisin’, evangelisin’ and map making?

Posted in OpenSource, openstreetmap | No Comments »

New Accessibility mailing list for Open Street Map

July 2nd, 2009 by kenguest

Lulu-Ann posted to the general Open Street Map mailing list an announcement of theaccessibility mailing list .

From her posting, this mailing list will be focused on the discussion of

  • How to create non visual maps for the blind and visual impaired
  • New tags that allow to map objects of special interest for disabled persons
  • New maps that contain information about barriers like steps for wheelchair users
  • Special routing, like wheelchair routing or pedestrian routing for the blind
  • New maps that contain worthful information like theatres with subtitles for the deaf or braille writing signs or acoustic traffic lights for the blind
  • Data exchange to the navigation tool “Loadstone-GPS” for the blind

All very interesting.

Posted in openstreetmap | 1 Comment »

Reorganising the WikiProject_Ireland Page

July 1st, 2009 by kenguest

I sent a post to the talk-ie mailing list wondering whether we should reorganise the “WikiProject_Ireland” page to be more useful for those of us that are interested with mapping in Ireland.

If you’re interested please chime in with your opinion so we can arrive something workable.

Posted in openstreetmap | No Comments »

Celebrate with Packt as We^W They Turn 5

June 23rd, 2009 by kenguest

I was emailed this a short while ago – thought it worth sharing ;-)

<quote>
Five years ago, Packt published its first book, ‘Mastering phpMyAdmin for Effective MySQL Management’. In the years that followed, Packt has published over 200 books on many different subjects and technologies.
We think it’s important to take the time to celebrate and thank the people who have made this possible. Therefore as our way of saying thank you for your support over the last five years, we have decided that over the next few weeks, Packt will be offering new and existing customers’ five exclusive offers.
The PEAR Installer Manifesto is one of the eBooks that we are offering to our readers. This book shows users the power of this code management and deployment system to revolutionize their PHP application development.
To download a free PDF copy of this book, simply visit http://www.packtpub.com/account and login to your account, or create one if you don’t already have one, and scroll down to your download area. Here you will see a link to the eBook, which you can download as many times as you like. In addition to this book, you can also download other eBooks on various technologies for free.
You can find more information on this offer by visiting http://www.packtpub.com/article/celebrate-with-us-as-packt-turns-5
</quote>

Posted in php | No Comments »

OpenStreetMapping Nenagh

June 16th, 2009 by kenguest

So yesterday I had a quick interview with a journalist from the Nenagh Guardian – my local paper – about this OpenStreetMap (OSM) mapping malarky.

As most of you will probably know OSM is to printed atlases from AA, Ordnance Survery etc, as wikipedia is to encyclopedias. People can contribute data to the project through a variety of activities: going out and actually mapping an area with a sat nav or gps unit [even a mobile phone with GPS in it such as an iphone, nokia n95 or whatever], tracing data off Yahoo [and other] aerial imagery, filing bugs on the openstreetbugs website or literally drawing in information via the walking papers map making website. And better again, this is about providing free geographic data such as street maps to anyone who wants them.

Anyway…I mentioned how the OpenStreetMap map of Nenagh is more complete than even the latest commercially available maps for Garmin and Google Maps and listed off a few ways how OSM could be used commercially: by real estate agents, courier companies, how being able to pin-point where all the amenities are would be useful for tourists, and so on.

Compare the Open Street Map of Nenagh with the Google Map of the area – as you can see, there’s still quite a bit of work to be done – Millers Brook needs to be marked as such along with the various groves, avenues etc that comprise that estate. Plus all the amenities, shops [perhaps even their opening hours] and the Shannon Development Industrial Centre still need to be added – as I’m sure are some other small portions of the town that I’ve unknowingly neglected.

It’s fair to say that this will never be finished – existing housing estates will be extended, there will always be urban development plans that when implemented would also need to be included on the map.

It would also be cool to have the new “Nenagh Cycling Hub” rendered on the opencyclemap.org website.

I discovered the OpenStreetBrowser site to be a great test of the data that myself and others have entered – it’s also a great way of demonstrating just what can be done with OSM data.

If you happen to spot something that I’ve missed please either drop me a comment or use the openstreetbugs website.

On a related note: it would be good to see a PEAR/PHP based client/component for interfacing with the OpenStreetMap server so that interesting apps utilising that data could be implemented on the LAMP stack – something to go alongside the Services_GeoNames package from pear ;-)

Posted in OpenSource, linux, openstreetmap, pear, php | 6 Comments »

Book Review: Learning jQuery 1.3

June 16th, 2009 by kenguest

A while ago I was sent a review copy of “Learning JQuery 1.3” by Jonathan Chaffer and Karl Swedberg, as published by Packt. I’ve now had a chance to read it objectively and compare it against the original “Learning JQuery” which Packt also sent me to review about a year ago. That earlier edition covered a much less mature version (version 1.1.3.1 to be precise) of this popular Javascript framework.

Aimed at web developers and designers with a basic understanding of HTML and CSS (and some level of comfort with Javascript), the later book is thicker than the original – it weights in at some 440 pages compared to the 360 pages that were required for the first. A new chapter, “Developing Plugins” covers how to write plugins for the framework and how to “share it with the world” – naming conventions, documentation style and other advice are included. There is also a new “Quick Reference” appendix which just begs to be reproduced in “Cheat-sheet” format for pinning up on your wall. Chapters already present in the earlier book are more detailed and read better.

The subject matter is expertly covered and unless you were aware of the changes in jQuery 1.3, compared to the older version that the original was focused it would be difficult to tell which portions of the book are new – the revision and updates to the original are seamless.

Quite rightly, Swedberg and Chaffer do not explain all differences between jQuery 1.3 and its predecessors – they rightly assume that if you’re reading “Learning JQuery 1.3″ then you don’t need to be informed of exactly how jQuery 1.3 differs from the version they previous covered. The book flows better because of this and remains very easy to understand because of this approach.

There is no hint of the selector engine in 1.3 being any different than what was already covered. The language used for explaining the different concepts to the reader is more precise, especially so in the Events chapter and this makes understanding the concepts being covered much more easy – for this reason alone buying the revised edition is well worth the money.

The book doesn’t focus on new additions that were freshly added to jQuery 1.3 but also ones that had been added to jQuery since the first edition was published; JSONP, which was introduced in jQuery 1.2 is covered in the chapter on AJAX, as is the more low-level $.ajax() method; it also mentions which features have been removed from jQuery since the first edition was published – XPath being one such example. The listing of development tools has also been reworked, as has the Online Resources section. These listings mention resources that are current and up-to-date.

I remember mentioning in my review of the first book (trying hard not to use the word ‘original’ again!) that until a later edition of it was released that you wouldn’t be able to find a better book on the subject. I stand by that assertion – the only book that covers jQuery better than the first edition of “Learning jQuery” is the second edition of the same.

Posted in JavaScript, Web Development, pear, php, review | No Comments »

Alex’s PHP micro-optimization tips

March 10th, 2009 by kenguest

Just a quick link to Alex Netkachov’s PHP micro-optimization tips; via planet.php.net. Note these are mico-optimization tips – they won’t dramatically speed up an ineffectual algorithm.

Tags:
Posted in php | No Comments »

Save Nenagh Hospital

January 31st, 2009 by kenguest

I’m back home from a “Save Nenagh Hospital” rally earlier on today – I estimated the number of people there to be at least two thousand.

As you might infer, this is quite serious – the Health Service Executive in Ireland have already made the first steps in downgrading and then closing the General Hospital in Nenagh. Already there are plans for numerous cuts, including a proposal to remove 24-hour accident and emergency services at the hospital in favour of the introduction of advance paramedics to partly replace the present service.

The only numbers important to the HSE, it seems, are those balanced on their accounts sheets – not the number of lives that will be lost, the number of minutes late that ambulances will arrive to road accidents, the ill and those in need.

Representatives of the HSE were invited to attend but did not – most likely because they know no matter how they try they can not make sense of their own arguments. In short, they can not justify what they are proposing.

Google for phrases such as “save nenagh hospital” and “friends of nenagh hospital” to see just how serious and important this is – you’ll find links such as this article in the Irish Times (Doctors to fight cuts at Nenagh hospital).

Please add your voice by joining the Save Nenagh Hospital group on facebook, by writing to your political representatives and by writing to the papers.

Don’t let Nenagh become the next Monaghan.

Posted in General, linux, pear, php | No Comments »

7 things…

January 14th, 2009 by kenguest

I got tagged by Chuck for this “7 Things” meme. So here are 7 things you may not know about me:

  1. I first met my wife at her house warming party seven years ago – it took four years for anything to happen though! I’m so happy it finally did though!
  2. My first computer was a ZX Spectrum 48K that was bought when I was seven years old – I’ve since progressed through BBC computers, Apple Macs and then onto PCs. I also had a accounts on the WRTC vax – VMS and OSF/1.
  3. I’ve similarly gone through a number of differing computer languages: Basic in various incarnations (ZX Basic, BBC Basic, VB), Z80 Assembler, HyperCard (yes, really), C, C++, JavaScript, Perl, PHP, Python, ColdFusion, Java.
  4. I might be Irish but my surname isn’t.
  5. I read a lot of fantasy: Gemmell, Eddings, Tolkien, Pratchett; though I also enjoy Tom Clancy and Dale Brown novels.
  6. I’m long-sighted in one eye and short-sighted in the other: one good reason why I’ve never been that good at sports.
  7. I am an active PEAR developer.

Tagging Others

I’m supposed to tag 7 other people who then repeat the whole process:

  • Proinnsias Breathnach for being such a good friend all this time. And because he doesn’t blog enough.
  • Kae Verens for having a name that sounds the same as his first inital – and for helping out loads at the IPUG stand at last year’s Irish Opensource Technology Conference.
  • Donncha O Caoimh for his trojan work back in the day with the ILUG CMS and for Wordpress mu.
  • Jaime Hemmett for her exuberance and energy she’s brought to the Irish PHP scene.
  • AJ McKee for starting the Irish PHP Users Group in the first place!
  • Justin Mason for Spam Assassin, SiteScooper and being an all round nice guy.
  • Fuzzix for his levity and humour. That plus he’s a ZX head like myself.

Rules

  • Link your original tagger(s), and list these rules on your blog.

  • Share seven facts about yourself in the post – some random, some weird.

  • Tag seven people at the end of your post by leaving their names and the links to their blogs.

  • Let them know they’ve been tagged by leaving a comment on their blogs and/or Twitter

Posted in General, OpenSource, linux, pear, php | 2 Comments »

PHP for Enterprise/Business Whitepaper

January 8th, 2009 by kenguest

I’m very proud to have been involved as an editor and help with the translation and update of the AFUP’s PHP en Enterprise livre blanc into the PHP for Enterprise/Business Whitepaper: as far as I know this is the first full English language translation and update of the work done by the Association Française des Utilisateurs de PHP (French PHP Users Group). Also there is a lot of new content in the Whitepaper that with regards to how PHP is now utilised in Enterprise. Figures have been updated and techniques available in later versions of PHP have been referenced.

We’ve had an interesting time translating and updating the content – especially as I don’t know French let alone their idioms. Many thanks to Stéphane Lambert for his boundless energy and devotion to getting us this far!

Thanks also to PEAR President and fellow IPUG member David Coallier who also helped with the translation work and not forgetting Derick Rethans and Peter Keung who also assisted in fine-tuning our work into something a bit more fluent and graceful ;-)

I would be remiss to not mention Blacknight who have sponsored the IPUG from the start – without them there truly would not be a php.ie!

If I’ve left anybody out – please remind me!

All in all, as Chairman of the Irish PHP Users Group, I can say this is an exciting moment for us to have achieved – we’ve given something tangible back to the PHP Community as a whole and to top things off we’ve published the Whitepaper under the Open Licence Content – you may
freely use it if you clearly acknowledge the Irish PHP Users Group and if you retain the Open Content Licence. This means you can localise the Whitepaper to your own language and national figures if you so desire.

Posted in linux, pear, php | 10 Comments »

Book Review: Learning Facebook Application Development

August 29th, 2008 by kenguest

It’s been a while since I posted a review about a packt published book.
I was sent a copy of “Learning Facebook Application Development” by Hasin Hayder and Dr Mark Alexander Bain a while ago. The by-line description of the book is “A step-by-step tutorial for creating custom facebook applications using the Facebook platform and PHP”. It is precisely that.

Here’s my review of it:

The book was published prior to Facebook’s facelift but this doesn’t really impact on the usefulness of the book.
An overview of FBML, FQL, FBJS (a restricted subset of JavaScript and enforced for security reasons) are given along with information on how to use the test consoles, publish to news feeds, some multimedia aspects of what can be done in Facebook applications and more.

Happily the book focuses on using PHP5 for developing Facebook Applications – while there are classes available for developing FB apps with PHP4 there really is no point in doing so; especially now that official support for PHP4 was withdrawn last month.
MySQL appears to be the database system of choice for the examples and Linux/Unix oriented solutions for scheduling tasks to occur regularly are given – some Windows screenshots feature in chapter one with regard to setting up the client libraries for local development but other than that everything else is unix-centric.

I found “Facebook Application Development” more useful than facebook’s own documentation with regard to the main aspects of developing a Facebook application – it is written well and easier to follow than the online documentation and while it is true to say that the Facebook Platform is evolving I am of the opinion that Heyder and Bain’s work will still be applicable for a long time.

Tags: ,
Posted in Web Development, php, review | 3 Comments »

Is PHP vulnerable software?

August 26th, 2008 by kenguest

Thanks to Ivo Jansch, I spotted Matt Assay mentioning in his article on cnet that PHP headlines in IBM’s list of most vulnerable software and I have to say this is complete balderdash on the part of IBM.

He quotes from the report:

Another commonality between these three vendors is that they are all written in PHP. If we look back over last year’s disclosures and apply the new CPE methodology to them, we would uncover another newcomer to the top five list, PHP itself, which would rank number four in the 2007 top five vendor list.

What are featuring in IBM’s top ten of vulnerable that makes the report insinuate that the PHP language is a security risk are Jooma, Wordpress and Drupal. How PHP would feature in a list of “vendors” is beside the point – if a construction company were to build a house where the windows don’t close fully, the security alarm doesn’t work and where bare wires are exposed you don’t “blame” the windows, alarm system and cabling. The responsibility rests with the construction company and/or the individual contractors hired by that company. Similarly, we can’t “blame” PHP for bad software architecture and security risks present in Joomla, Wordpress or Drupal – the onus is on the software developers and architects to design secure [web] applications.

They should, at the least, ensure input data is of the expected type, of certain values; handle uploaded files in a secure and cautious manner that they don’t overwrite files crucial to the health/security of the system running the application or the application itself; use an audit trail for checking against attacks, ensure security in depth against SQL injections, Cross Site Vulnerabilities, Command Injection and … I could go on but won’t – search for php security best practices, get the Zend PHP 5 Certification Study Guide, check out the library resource at the PHP Security Consortium.

Now where’s ruby, cobol, C, and z80A assembly language on that list? And why is Linux mentioned there as a vendor?

Tags:
Posted in Web Development, linux, linux.ie, pear, php | 1 Comment »

« Older Entries