Hello, welcome to the Lately in PHP podcast. This is episode number 10, I am Manuel Lemos the host of the podcast, and as always I have here with me Ernani Joppert. Hello Ernani, how are you doing?
Ernani Joppert: Hello Manuel, doing great, working very hard within those past weeks but very, very happy to be here.
Manuel Lemos: Okay, I am glad that you are working hard and happy with it.
PHP 5.3.6 security bug fix release (0:48)Manuel Lemos: Today in our podcast we are going to talk about several interesting subjects starting with the release of PHP 5.3.6. That is mainly a release to fix several important vulnerabilities, basically stuff that affects the security of your PHP sites.
And coincidentally or not there is also the news a sub-site of the PHP.net site, namely the wiki.php.net was attacked, suffered an attack. I'm not sure if the attack itself was related with the vulnerabilities fixed by this release, PHP 5.3.6, because from what I heard what was vulnerable was the wiki software that was used in the wiki.php.net site, which I think if I'm not mistaken is Docuwiki.
And anyway it is always prudent to upgrade your PHP version if you are using the latest version in your servers to upgrade, so you do not suffer from any vulnerabilities that may open holes and opportunities to having your server attacked.
Built-in PHP Web server (2:43)Manuel Lemos: But moving on with our podcast, today we are going to talk a bit about an interesting feature that was proposed by Moriyoshi Koizumi from Japan, a core PHP developer, or at least a great contributor, that basically proposed to have PHP being shipped with a sort of a web server integrated in PHP itself so you can run PHP without having to also run a separate web server program like Apache, IIS or whatever is the web server that you are using.
And basically this is meant for use in development environments, so you can have a solution to test your PHP scripts without relying further on the components that you need to install in your develop machine.
Basically this is a proposal that was posted in the wiki.php.net, but that proposal was submitted before the vulnerability that I mentioned before was discovered, and unfortunately for now you cannot see the proposal, but I'll leave a link to it in the show notes in case the wiki site comes back and you can check what it is proposing, what is the idea.
Actually I wanted to invite Moriyoshi to this podcast so he can talk a bit about his idea. Unfortunately as we all know this tsunami problem that happened in Japan has left many people probably without a chance to do much, other than taking care of what is happening in their regions. Actually I contacted Moriyoshi, he told me he's okay, his family is fine, but unfortunately he could not make it to the podcast.
Anyway, we are going to discuss a bit further about this topic, I tried to research a bit more about the work of Moriyoshi. Actually I found some interesting videos about his presentations, some of them in Japanese, and oh by the way, Ernani, do you have any idea how do you say PHP in Japanese?
Ernani Joppert: I would have to use Google voice translator to basically try to get something similar, but I don't know, I really don't.
Manuel Lemos: Actually it is curious because I tried to while trying to find the work of Moriyoshi I found some video presentations, and it turns out that they say PHP in Japanese exactly PHP, probably with a little Japanese accent, so it's not different from what you could imagine, because for instance here in Brazil and in Portugal we say PHP Pay-Hagah-Pay because that's the way that you spell the letters P H P, but in Japan due to the fact that they use a different character set they just spell our alphabet letters just like you do it in English, and anyway this was just a curiosity.
But moving on back to this idea of having a web server shipped with PHP, I also found another article that was syndicated by the Planet PHP by Alexey Zakhlestin, I hope I'm pronouncing his name right.
And he published an interesting article in his blog about this proposal by Moriyoshi. And he tells that Moriyoshi's proposal is basically to provide a basic Web server just for development purposes like I mentioned before, so it is not really meant for a production environment.
But he also commented that he is developing a more robust solution for an eventual PHP application server that he named AIP. And it's basically an application server dedicated to run PHP applications similar to others that exist for the Ruby language like Rack or WSGI for Python.
And AIP basically what it does, which can actually be very beneficial to PHP applications, is to provide means to preload some classes, or establish database connections, or pre-warm data in caches. So every time you run the same script you already have that data preloaded in a way that it will eventually avoid the usual PHP script initialization overhead.
Actually I also tired to contact Alexey but for some reason I did not get an answer, maybe my email did not reach to him. Maybe if he's interested he can come up in a future show to talk about this project because I think that it is very interesting.
Ernani, what is your experience with application servers? I know that you are probably more experienced with Java, what do you think about this idea of moving on to a different level of maturity in terms of implementing PHP application servers? Do you think PHP could reach an interesting level just like we can find using a regular Java environment?
Ernani Joppert: Yes, given the latest model, object model change on PHP 5, and the benefit of object oriented language programming, and the benefit of the PHP performance, it would be a very, very nice feature to see happening because on most Java based application servers they have to allocate some memory, and the Java VM sometimes require lots of RAM in order to be up and running, and by having an application server in PHP which doesn't rely on a resident VM, and as far as I know the garbage collection in PHP is way different than in Java is done, it would be a very, very nice competition between the two worlds.
And given the situation that lots of companies adopt some sort of model, enterprise tier model within n-tier where you have your database tier, you have your application server tier, you have your LDAP directory server or your database cluster or network appliances or anything else or any other tiers on your application, having an application server handling most of those communications would be very, very nice to see in PHP and I would be really looking forward to see it working.
Manuel Lemos: Right. Well, I'm not so familiar with the Java world, but one thing that I think it would be interesting to have in an eventual application server for PHP would be, other than these features as preloading data and initialization structures that cause repetitive overhead in the execution of the PHP scripts, one thing that I think would be interesting is to have a way to execute tasks regularly just like the cron tool.
A task scheduler similarly to cron but without relying on cron, because cron is usually something specific to Linux or other UNIX based systems, and it's not so well integrated with PHP, you eventually have to have PHP CLI program available in your environment to run your regular tasks that need to be executed by PHP scripts, and that would be one interesting feature that I would like to see in eventual PHP application servers.
Ernani, from your experience, I know that you develop both in PHP and Java, what do you think would be interesting features from the Java application servers that you would like to see in an eventual PHP application server?
Ernani Joppert: Yes, most of the application servers that work in Java they follow the J2EE standard, which is a set of standardizations for web communication which in Java you can translate as servlets in JSP, and you have other standards for the J2EE model.
But they are quite tied to the Java world, so I feel a little bit afraid to tell it would be a copy of the whole model, but having just features like database connection pooling or standardization of authentication mechanisms by passing through the application server, so let's say exchanging keys between web server A or web server B or let's say a web application through a client side application, and all that's talking PHP or via web services or anything else.
But the key aspect would be the ability to write those plugins or that interface would be friendly for the user to set up, and the whole application server would serve requests between let's say a client server application and trying to contact a web service relying on that specific application server, or there is a connection pooling interface which connects to let's say a MySQL cluster of databases, and the application server would pool those connections between your web application and your database so it would handle more requests, so then you scale up your architecture by having multiple machines doing multiple tasks at the same time.
So that's all, that's one of the key aspects of the idea of having an application server in PHP.
Right. Well, we'll have to see, I'm not sure how far these projects, both the integrated web server and this other PHP application server by Alexey, how far they will go. I'm not sure if there are other people involved, if this is a project that will be carried on, we'll have to wait and see. Hopefully it will turn out to be a good thing that demonstrates maturity of PHP, and it will help PHP to be taken even more seriously in the enterprise world.
PHP March Ideas (17:17)Manuel Lemos:
But moving on with our podcast, now I'd just like to comment on one thing that is not exactly related with PHP, although it involved people from the PHP world, namely I'm talking about a post submitted by Chris Shiflett in his blog that is somehow calling for a revival of the blogger environment, in this case regarding the PHP world.
I think the idea is to bring back people to blog more about PHP and other interesting subjects because nowadays, since the introduction of Twitter, every time somebody has some thought to express it's faster and probably will reach a broader audience more quickly using Twitter than an eventual blog post.
But his proposal is to try to revive the blogger scene, in this case around the PHP community because certain things, certain thoughts need more than 140 characters to be expressed, and the blog format is probably more adequate than just using Twitter.
So several people that have their own blogs around PHP have followed the suggestion to post more interesting articles about PHP. It was interesting to see great adherence to this initiative. If you follow the Planet PHP aggregation of blogs you can see that until now there have been many posts, many interesting posts around PHP.
And I hope this initiative that was called Ideas of March will go past this month, not just do something in March and then the initiatives of posting more about PHP will drop again.
And on a related topic to this blogging more about PHP, some time ago the PHPClasses site launched a new initiative
, it was not really related with Ideas of March initiative, but it somehow goes along those lines.
And this idea is to encourage authors that have posted PHP Classes on the site to blog, post blog articles about their classes. And there are certain requirements about what those posts can be, but if the requirements are satisfied the site can promote them as featured.
And featured blog posts will appear in the main PHP Classes site blog, thus giving much more audience than what a regular post in the blog of each package. As some of you know the PHPClasses site provides a blog to each package that is published in the site. But if you just publish there the site just sends a notification about a new post to the users that have downloaded that package before.
And with this featured blog post initiative, the authors of the packages can get a much broader audience to their posts, and eventually attract more users to their own packages. All they need to do is to post articles that are interesting.
And just to give an example I have just published a couple articles in the latest weeks. One before it was related with a forms class that I developed many years ago and it continues to be developed. And I just put an interesting article up about validating form inputs depending on the state of other inputs
I'm not going to go into too much detail about the content of the article. I'll post a link in the show notes of this podcast episode for those that want to know more about this, but the idea here is just to give you an idea what qualifies to be a featured article, a featured post to get this extended audience.
And the other article that I have posted more recently is about several ways by which you can send email in PHP
. And the article basically compares the different ways that you can send messages, and the comparison evaluates the delivery performance. And if you also want to know more I will also post a link to this article.
And the basic idea here is just to encourage authors that have their own packages published in the PHP Classes site to also publish interesting articles. And when they publish those articles flag them as featured so the articles can be evaluated by a moderator, in this case it will be myself, just to determine if they are interesting to the general audience, even though they can be specific to the features provided by their own packages.
So if you have an interesting article that you would like to post about your packages that you published in the PHPClasses site, go ahead and contribute to make the site even more interesting, and hopefully also help to this initiative, Ideas of March, to have more interesting PHP related blog posts.
Ernani, were you familiar about this PHP.JS? Were you aware of the project?
Well, basically the project is, from what I understood, the functions are provided individually, so there are minimal dependencies on core libraries that implement common functionality shared by different functions.
And to talk about this just recently we recorded the podcast with Brett Zamir
Ernani Joppert: That is a really nice thing for education purposes. It's really nice.
So it's a different way. You can use it in different ways, and this one I suspect would be probably the most used way to take advantage of that project.
Other than that, if you want to go straight to the project page the URL is phpjs.org. Go ahead and check it, if you didn't know about this project I'm sure that you will appreciate it.
And also as a side goal of introducing this new section of this podcast would be to also get some interest from the listeners of this podcast to also become contributors of the JS Classes site.
As you all know the PHP Classes site became reasonably popular thanks to the contributions of thousands of PHP developers. Until now the site counts over 3,000 contributors, which is quite a lot of people, and hopefully in the future the JS Classes site will get to a similar level, not just in quantity but also in quality.
But let's comment a bit about some of the most interesting objects that were published there, Ernani, what interesting objects did you find there from what you've seen?
Yes, I've been looking into the web site and given the latest entries I would point to one or two, but I could point to even three. And the one which I've been looking for in the past and tried to do it on my own because I couldn't find anything before is the Marquee
display which scrolls things.
Of course you have the marquee from HTML the old one, but I'm not even sure if it works right now, so having this ticker it's really useful for some applications.
Manuel Lemos: Right. I think it was a feature just of was it Netscape or IE? I'm not sure.
Ernani Joppert: I guess it was from Netscape, yeah, in the really early days.
And it's interesting because it's quite configurable, you can define scroll direction, not just horizontally, it can be vertically. And you can also halt the scroll if you drag the mouse over the text. And it's useful to implement tickers like you mentioned.
Oh yes, and the other two that I was looking over and I said "oh this is very nice", the one is the Content slider
which would be really nice to combine with the marquee one because you could probably make a live slide Web application based off of those two libraries, with some creativity of course.
And the other one I would say the Guitar neck
, which displays chords of a guitar I like because this is something I've been learning in my younger ages and having the chords on the screen would definitely save some time.
And given that most of the browsers today are embedded in smartphones you could have this on your hand and then you could learn it anywhere you are just by using your phone and without the need of setting up a web application or a custom application to display chords, you could basically go to a specific website which displays some musical information of your favorite artist and then having that component generating the chords for you to learn as you will dynamically.
Let's say you start playing your song through your guitar and it would then go popping out the chords as you play so it could detect that and ensure that this is on the right tone. I mean it's just ideas that pop up, and this is one of the ideas that I've been having in the past, and having this component in a Web application is crucial sometimes.
Right. There are many, many interesting packages here, I probably would mention all of them but since we do not have much time I will just mention a couple of those that I found more interesting.
One of them is this jsGET
, it is basically an object by Fabian Vogelsteller. I'm not sure if I'm pronouncing his name right. But it does implement an interesting feature that will be helpful for AJAX applications because when you have an AJAX application you can click on links and the links do not go outside the page, it just changes the hash value that is in front of the URL.
And this object allows you to monitor the changes in the hash, and since Ajax applications do not refresh the whole page automatically you need to listen to changes in the hashes to update the state of the content that appears in the page of the AJAX application. And this object allows you to implement that effort to listen to this pseudo event.
Another interesting object besides this one that I mentioned by Fabian from Germany, there is another very interesting and useful object this time provided by Arturs Sosins from Latvia. I'm not sure again if I'm pronouncing these names correctly. If I'm not pronouncing them correctly I hope they can excuse me as I wouldn't be able to know the proper spelling.
But this component by Arturs basically implements an onscreen Keyboard
which is something useful to users that for some reason do not have a keyboard at hand to access to type something in the forms, the inputs that take text.
And this is interesting because not only does it allow you to enter characters of your own character set, but it also supports replacing the key maps, so you can input characters in any idiom, and this is very interesting.
There are several other interesting components. I'd just like to mention several authors that are posting objects in the JSClasses site are also authors that are also posting interesting PHP classes on the PHPclasses site. It's the case of Arturs that I just mentioned but certainly there are others.
PHP Programming Award nominees of January 2011 (40:46)
But now moving on with our podcast, now very close to the end of this episode I would like to get back to another regular section now back to the PHP world which is the latest packages nominated for the Innovation Award.
This month we are going to comment on the classes nominated to the January Innovation Award edition that were voted on in February and the winners were announced in March. Ernani, what are the classes that you think would be more worth mentioning this month?
Ernani Joppert: Yes, I would like to pick the class from... lets see if I can spell his name correctly here, Artur Graniszewski, I don't know if I can say that out loud.
Manuel Lemos: Me neither.
Yeah, so sorry about that. He's from Poland, right, and he did a very, very nice class
here which I've never thought about seeing working in PHP which is a key OS solution, so you could perhaps throttle your network or throttle some services within your local area network or probably your Web site.
Manuel Lemos: Right, in this case it's just for throttling the download speed.
Ernani Joppert: Oh, that's very nice. Yes, some users may be leeching from files within your web site and you could probably slow them down.
Manuel Lemos: Right. I think that's the main purpose to avoid abuses, people eventually by evaluating users that are downloading multiple files from different IP's, so if they are downloading the files too quickly they may end up exhausting the bandwidth available to certain servers in PHP and in this case the solution is quite clever.
Ernani Joppert: Oh yeah. So that would be my only vote for this month because it was the very finest idea in my opinion.
I also think that is very interesting, but other than that I liked the Code Graph
class by Colin McKinnon from the UK. And what this class does is to analyze the code, parse it to determine the call graph, I mean the way each function of the class is called eventually by other functions of the same or other classes.
And it can evaluate that graph and render it using the GraphViz format. For those that are not familiar, GraphViz is a tool for rendering graphs. You pass it a simple specification of a graph. You can define nodes. You can define links between the nodes and some labels to explain what is each of the nodes and the links.
And in this case Colin used this GraphViz format to generate the output of his class. So GraphViz comes with tools that take that graph description in the GraphViz format which is basically a text format, and it renders images or other documents in a format that you can use to show how the graph looks. And this is also a very interesting class.
This month of January only had five nominees. Sometimes there are almost three times more nominees. It was not the case. The other classes are also interesting but since we are getting close to the end of this episode we do not have much time to comment about it.
So to end I would just like to thank you, Ernani, again for your participation. And I hope to see you back in the next episode next month.
Just another reminder, keep contributing not only to the PHPClasses site not only in terms of classes, objects, but also posting interesting blog posts about your classes. Also do the same in the JSClasses site. I'm sure many users of both sites will appreciate your contributions.
So from my part that's all for now.
Ernani Joppert: Thank you, Manuel, and I'm glad to be here and I'm glad to back again next month. And other than what you've said I wish everybody a great week, bye, bye.
Manuel Lemos: Bye.