|PHP Classes blog||PHP 5.4 Alpha Feature...||Post a comment||See comments (3)||Trackbacks (1)|
|<< Previous: The Plot to Kill PHP ...||>> Next: Top 10 Wrong Ideas Ab...|
Download Size: 23MB Listeners: 2493
Introduction music: Harbour by Danilo Ercole, Curitiba, Brazil
RSS 2.0 feed compliant with iTunes:
In iTunes, use the Subscribe to Podcast... item of the Advanced menu, and then enter the URL above to subscribe to this podcast.
Discontinuation of register globals and other options
Manuel Lemos: Hello, welcome to the Lately in PHP Podcast. I'm Manuel Lemos, the host of this regular podcast about what is going on in the PHP world. And as always I have here with me Ernani Joppert that will follow discussions and give his insights about what we're going to comment on. Hello, Ernani, how are you doing?
Ernani Joppert: Hello, Manuel, I'm glad to be back here, there is not much good news here but I guess there is enough, so let's go on and discuss them all.
Manuel Lemos: Well, it depends on the point of view whether we have good news or not. Anyway, we have several interesting topics to comment about.
Manuel Lemos: First I'd like to comment about basically an article that I posted that just told the PHP community that was not aware about a proposal by Phillip Olson about an eventual, let's say encouragement to the PHP developers to stop using the old MySQL extension, all the functions that start by mysql_,.
For now the idea is to discourage the developers to use those functions and encourage them to use other MySQL database access functions provided by other extensions such as the MySQLI or PDO MySQL extension.
And it was interesting to follow the repercussion of this post because most people seem to not be aware about this proposal. Ernani, did you follow the discussions? What are your opinions about what was proposed and the reactions from the PHP developers?
Ernani Joppert: From what I heard about it, it was proposed as you mentioned to discontinue the usage of mysql_ functions, this means by built-in to the core PHP. In my opinion this might be or it might not be a good decision, although this was discussed under the internals of PHP, bringing this to the table so we can talk about it and make our listeners aware of the slight changes that may affect the PHP engine and the PHP core configuration.
I guess it isn't trying to cause any harm but just to make them aware. And as far as I know this is the major big change on the next release of PHP. And the other ones I wasn't much aware, I recall reading about those but it isn't that much fresh in my mind right now.
Manuel Lemos: Well, actually for now this, as I mentioned, this is just a proposal to educate users to stop using the old functions, and from what I understood the idea is to encourage the PHP developers to start using functions of newer MySQL extensions that provide certain features like prepared statements.
And I understand there is some good purposes on this proposal from the point of view of those that would like that PHP developers that are now not so much security aware to stop using code that may be insecure like such code that can cause SQL injection attacks because they simply concatenate parameters from request variables directly in the composition of the SQL statements.
And if they use prepared statements there will be an eventual filtering of values that may inject certain clauses that can lead to eventual security attacks. Well, what I think about this is that just because you use the old MySQL extension it does not mean necessarily that you are prone to have security holes in your PHP applications.
So the fact that people will start using the newer MySQL extensions it does not mean that they also will not have SQL injections holes in their applications. The idea is to encourage them to use those prepared statements in the hope that they avoid having those security bugs, but one thing may not necessarily lead to the other.
And on the other hand the eventual deprecation that may happen in future PHP releases, and let me put this clearly because there is some confusion, there is some misunderstanding of what was written, is that the eventual deprecation would not happen now in PHP 5.4 nor eventually in PHP 5.5, I mean discontinuation of the MySQL functions.
From what I understood Pierre Joye, a core PHP developer has been commenting that now there are some rules regarding what features may be discontinued in which releases. So from what I understood only major releases will lead to discontinuation of these functions, but that does mean that there will not be some warnings being issued when you call MySQL functions in upcoming PHP versions, 5.5.
And in the proposal of Phillip Olson he clearly states that for now it's just a measure to educate users, but the topic of deprecation will be revisited in future PHP releases. He mentions explicitly PHP 5.5 or PHP 6.0 as examples. So the intention to deprecate this function is not something of anybody's imagination, it's clearly written in his original message.
Well, between now and then maybe people that support this proposal may think better about whether they should move forward to the actual deprecation and discontinuation to have this extension in future releases because this may cause certain headaches to developers or companies that hire developers to write applications that are working well now in current PHP releases but may not work in future PHP releases in case their hosting companies on which they have their applications running, decide to upgrade the PHP version.
And you know when you are on shared hosting, you probably don't have much to say because you are not paying much to the hosting company. And if you want to have the option to choose which version, which PHP extensions will be enabled or not, you have to purchase a more expensive plan like VPS or a dedicated server, and not everybody that hosts PHP sites want to do that.
Well, anyway, the discussion was intense, there is still some confusion, but I hope now with these clarifications that I have mentioned things are more clear to whoever was concerned about when and how this MySQL extension will be deprecated and eventually removed from the core PHP distribution.
For now the idea is for users to not panic, but they should plan to an eventual deprecation discontinuation of this MySQL extension in future PHP releases.
Manuel Lemos: But this is just one topic that was discussed recently, other than that there are other interesting topics related with the newer PHP releases, namely two PHP 5.4 Alpha versions were already released in the latest weeks, and there are some interesting features that were already implemented.
Besides the features that are already implemented there are also other features that were voted and were mentioned in the past posts, but for now they will take some time to be implemented.
Ernani, did you look at the list of features that are planned, actually that were already implemented in these PHP 5.4 Alpha versions?
Ernani Joppert: Yes, I've been digging into them. Most of those I'm not that much familiar with and I would like to ask you to follow-up, but I guess you can better explain them all and we can go further, but I don't see much of a big change here, if there is any which you can point out I think it would be best.
Manuel Lemos: From those that I noticed, well, there are some old features that are already removed, they have been deprecated for quite some time. If you have been using the current published PHP versions if you use those features they were already triggering deprecation notices as in a way to warn you that the features will be removed like, for instance, the reliance on the register globals feature and others.
Register globals itself is often itself associated with security holes, actually the fact that you have registered globals enabled does not mean that you have security holes in your PHP programs, you just have to be careful the way you access request variables.
But since the presence of register global option being enabled in certain environments was allowing for certain security holes to be abused, the decision to remove the register globals was planned many years ago, and it will be effective starting with PHP 5.4, and this is just one example of several other features that are being removed.
Manuel Lemos: Other than that there are several, well, I will not say major, probably bigger features being added to the language, namely the support for traits. And regarding traits this is soatmething that I have not tried myself, I just read the Wiki page that explains what traits are about and what are they are useful for, and this is probably not a thing that is easy to explain.
I'll post a link in the show notes to the Wiki page, so anybody that wants to know more can learn about it. But just to give a brief overview it's basically a different way to extend code of packages, actually promote the reuse of code that you want to be used in different classes, for instance.
You can define a trait that includes the definition of several functions. I was not sure if this also includes variables, at least functions is what it seems to be about, you can define a trait, if you look at for example trait definitions is very similar to a class, but it's not a class it's just probably more similar to an interface on which you define several functions.
And if you want to use that group of functions defined in a trait in different classes you just include in the definition of those classes a use statement that defines the trait that has the code that you want to be included in that class.
Well, I'm sure this is very abstract, Ernani, did you have a good idea of what a trait is from what I explained or is it still a bit confusing?
Ernani Joppert: Yeah, for me it's not something I guess I would make use of right away. It seems that it's a different way to do different code. And it could be used for reuse of components, but as we could also try to understand this while we were discussing this a while ago, it seems to be similar to inheritance, multiple inheritance, in a different way and may be somewhat compared to this in the way we can explain to familiarized adopters.
But other than that, also it's a very different name. I don't know where it came from, and I don't know if there is anything that made sense of this name, but I guess we will see how it goes, right?
Manuel Lemos: Right. I think if a feature is not very easy to explain it probably won't get much adoption, but anyway what matters is that somebody seemed to have had a need for this.
Ernani Joppert: Yes, it's like the goto situation. Whenever someone complains about the goto, it's somewhat one thing you always point out, it's not that a function or an implementation is useful for most of the developers, because goto is sort of an old programming model, so it's like an old way to develop code.
But in sort of situations like writing applications that generate code and doesn't rely on a specific way to work around the code itself, goto can save a lot of time by helping it out, so it just depends on the way you are focusing your development.
And sometimes the time constraints to accomplish an estimated task and to get it going, it's very hard, and if you have the benefit of complex language it can give you this feasibility, this is something I would go for. And I guess if traits are very useful for a particular situation and we can benefit from it, why not, right?
Manuel Lemos: Right. Well, a trait is one feature. I do not recall if it had many discussion, great discussion around it, there were other discussions about other features that did not get a good sense of agreement between the developers that were discussing it, and ended up not being implemented.
But apparently there are not many people objecting to this, and I also do not see a great use for myself but you never know about the future, maybe we'll take a second look to it in the future and end up using it in future versions of my code.
Anyway, another interesting feature that was added to PHP was support to the Dtrace, and to understand what Dtrace means you probably needed to be a user of Solaris.
And despite at least in Linux there is a similar implementation of the dtrace command which is called strace, and what it does basically it allows you to peek on a given process that is running and see what calls it is doing at that very same moment, I mean without having to start the process with a debugger. You can simply either run Dtrace with a certain system command and it will output the list of system calls that it is doing.
And another possibility is to pass it the number of process that is already running, it was started a long time ago, and see what system calls it is doing that very same moment. And this is what Dtrace command does in the Solaris and also Linux systems, except that in Linux it is called strace.
And the support of Dtrace in PHP is very interesting because it allows you to see what PHP code is being executed in certain moments by a certain process, it could be a process started by just now just using the DTrace command or process that is already running.
And this can be useful, for instance, if you have a PHP script that is for instance taking a long time to execute, you can actually take a look at what it is doing that is probably taking so much time. And you can do this without having to use more specific debugging or profiling tools.
And this seems to be interesting except for the fact from what I understood this Dtrace support is only available if you are using PHP on Solaris 10, and most of us do not use Solaris at all. I don't know, Ernani, do you use Solaris, were you familiar with this feature?
Ernani Joppert: I have used Solaris in the past by developing some applications in Java and interfacing with a Solaris environment as well as using file system particularities of it, but other than that my involvement with this Solaris was just as a UNIX system itself.
But, yeah, Solaris, I know that Solaris is one of the most used systems out there, especially on the telecom sector which uses a lot of processing, and as well as with HPUX and AIX from IBM, so there may be some particularities within Solaris that PHP adopters might benefit from, but I've never heard about this Dtrace or strace before so my input on those would be very poor.
Manuel Lemos: Well, personally I think it would be very interesting if this could somehow run on Linux because most of the servers... or even in Windows because PHP is very popular on Windows for development purposes. From what I understood about 80% of the PHP developers use Windows as their development environment.
I don't know if there is anything for Windows that is similar, but I know that for Linux there is strace which is quite similar, but I don't know if it is possible to use a similar feature as Dtrace for Linux in this case because I suppose it would be very useful.
Well, maybe this is just a start, I don't know if there is any hope to have this running, this Dtrace support running on anything else other than Solaris, we'll see.
Ernani Joppert: I just wanted to input here that having such a powerful way to understand how PHP interfaces with the underlying operating system would extend the possibility to make users have a further and deeper understanding of what PHP is doing itself and interacting with the system to actually perform a database query or specific situations that are allocating variables and sometimes calling system functions as the date functions and how long it takes to process it.
And having this ability to provide this kind of metadata information, either on Windows or other UNIX based systems would be very powerful and would bring lots of benefits to PHP. I guess it wouldn't be used that much in production environments unless you want to track every system call, the process that PHP process is doing itself, but I guess it's for the deeper understanding of what could be improved on each specific operating system would be very powerful in my opinion.
Manuel Lemos: Right. But let me make it clear that under Linux if you use the strace command on a process running PHP code you can already see the system calls that is calling. What this Dtrace support in PHP provides is that it shows the actual PHP code that is running, not the system calls which are probably very hard to understand for most users.
But I'll add a link to the show notes. There's a blog article on the site of Oracle. Oracle is now the owner of Sun and Sun was the company that created Solaris. That's why you'll find articles on this topic on the Oracle site.
It's quite interesting what you can see, basically you get a trace of all code that was called. I can see in the example that it shows the names of the functions that are being called, I'm not sure if it also shows the parameter values that are passed through the functions, but if it does that already it would also be great, although it would be in some cases probably very complex if you call a function with a very large array as parameter it probably would be a very cluttered output.
But if it just shows the function calls in PHP that are being called in the moment it would probably be a very good thing as a debugging tool to understand what is happening, what is going on on a certain PHP script that is running without having to rely on being able to use a debugger which in some cases may not be feasible at all.
Well, basically those are the features that I think are more interesting. There are several other features that I do not think are so important, or at least in my opinion. There are also those that were voted and will eventually be implemented in future PHP 5.4 Alpha or Beta versions.Well, I think we have to wait and see and we can follow up in upcoming shows of this podcast.
Now moving on to another section of this podcast, actually a regular one, we are going to comment on the latest objects published in the JS Classes site.
But first I would like to mention one important development that is finally made available in the site which will affect the way developers will be able to submit their packages to the sites, both PHP Classes and the JS Classes site.
Some time ago I announced the support for importing code packages, classes, whatever, from remote repositories. Initially it was only available to import code from CVS repositories, but the intention was to implement support to import packages also from Subversion and Git, at least the intention was to support those two version control systems.
And what I am announcing now is that SubVersion support has been also added now. It took me a while to develop SubVersion protocol which is basically relying on WebDAV, a protocol for accessing files in repositories, and it is quite complicated, it requires many requests, HTTP requests to perform certain operations, and lots of XML code is being exchanged just to retrieve that information, and it took me a while to study and develop the necessary code to import packages in Subversion repositories.
Ernani, do you use any version control systems? Which one do you use?
Ernani Joppert: Yes, I've used CVS at the beginning, then I switched to SVN Subversion, and I'm trying Git for the last two months and I have been impressed with the performance because it's a local repository and then you just push it along and you can merge things very easy.
So I am on Eclipse adopter and the integration with Eclipse IDE is very powerful. There is also for Mac users a program named Tower which I have been testing under trial and has a lot of nice graphical visualization of the repository.
And I think that Git is growing fast and very strong, and most of the open source projects I guess are trying to go within this way, and having this as a distributed version control brings the difference between Subversion and CVS, I guess they had their time.
But I see that there's a lot of legacy repositories under either CVS or Subversion, and sometimes if you are under a company or a centralized repository that requires it to be centralized and all the access in a site's control, then I guess Subversion is very powerful itself, it can do whatever Git does.
But the only thing is branching repositories and merging repositories is very hard. So I've been also dealing with this by having a local Git repository pulling it from a Subversion repository and then within the Git SVN integration I could easily maintain both, and it helps a lot but it's not the best way to go, but it was the beginning way I migrated most of the source code of the projects I've been working with.
Manuel Lemos: Right. I think I mentioned this before, but sometime ago before I started implementing this feature to import packages from existing repositories, I made a sort of a survey, actually asked authors that contributed their packages to PHP Classes site if they would like to be able to update or even import new packages from code that is in these remote repositories.
And the vast majority of developers uses Subversion despite Git is a more modern version control system that provides certain features that are more interesting. But I think the majority of developers that replied they actually used the version control systems that are made available in popular project hosting sites like SourceForge and Google Code and even CodePlex of Microsoft which also supports Subversion. That's probably the reason why the majority of the developers mentioned that they are using Subversion.
And, well, the good news now is that Subversion support is now available for PHP Classes and JS Classes users, and this means now they can with a fraction of the effort import and update their packages on the site, and this will encourage them to publish newer versions on the site more frequently, and that was the main intention of implementing this support.
Ernani Joppert: So basically, just so I can understand it better, will you allow for each of the packages the user submits within PHP Classes will they have a repository for each of those packages or you are hosting it differently?
Manuel Lemos: No, no, that's not the point. The idea of the PHP Classes and JS Classes sites are not to replace the existing project hosting sites. The idea is just to give them visibility.
Ernani Joppert: Oh, I see.
Manuel Lemos: The idea, this is something PHP Classes does very well since many years ago. You have some code you want to share it with the world to get some feedback, and now you can as always publish it so others can see what you have been doing, give you feedback and eventually contribute with bug reports and feature suggestions and so on.
So there are no plans to provide repositories in PHP Classes itself, I think it would not make sense. The idea for now is just that to make it easier for developers that have their projects hosted in those other sites to update the packages that are published in the PHP Classes site so they can get even more feedback than they can just publishing in those other sites.
Ernani Joppert: Oh, yes, because that's the gap between let's say SourceForge or Google Code or anywhere else, because the interface between those sites they're pretty much standardized and it's just a hosting of source code. Within your sites you can provide the users a community interaction, right?
Manuel Lemos: Right.
Ernani Joppert: Also participating in contests and providing innovative implementations, ideas and making this task easy, even for bigger projects where there's a lot of code to maintain and to make them easy to interface within your sites and those other places where the code relies on.
Manuel Lemos: Right. That's exactly the idea because a developer only has interest to publish their code if he is going to gain something about it. If you just publish your code on some project hosting it does not mean that you'll get any feedback. You may get some feedback or not.
And PHP Classes and JS Classes sites go further in the sense that they promote your packages, and, for instance, when a new package is launched there is an alert message going out by email that will tell all the users to interested to know about new classes that there is this package and what it does.
And the same goes when a package is updated. If you release a new version of a package that you have developed everybody that downloaded it before can get an alert message telling you that the package was updated and let the users know which features were added or changed.
And with this it encourages users to upgrade and use the latest and greatest features of each package, and that is one thing that I did initially just to promote my own packages, but then I opened the site to other contributors so now over 3,000 developers can benefit from this level of exposure.
Ernani Joppert: Very nice.
Manuel Lemos: And I hope this continues to grow and the development of this feature of being able to import packages from remote version control repositories will foster it further.
And the next step now that Subversion support was implemented is to also support Git because it's also a version control system that became quite popular, and at least Git will be supported.
Maybe I will support version control systems, I don't know, it will depend on how those version control systems are accepted by the general open source community, but we'll see.
Manuel Lemos: But getting back to the original regular topic that we are going to talk about in all podcasts of the Lately in PHP podcast show, now we are going to talk about some of the latest objects published in the JS Classes site.
Recently there have not been many packages being published there because it's summer time in the North hemisphere and many developers just go away. They will probably return in September or so, but there are still a few objects to comment on. Ernani, which of the latest objects would you like to highlight this month?
And the author from Latvia his name is Arturs Sosins provided this and he brought my attention to it, it's very, very nice to see this coming through.
So I would also like to invite you to listen because he has very good insights, he talks about all these objects which are very interesting and somehow unusual. And in this particular case, as you mentioned, it's a component that collects some user feedback using a form, lets the user type some comments and also rate a site using a star rating system.
And whatever the user enters in the site is reported to Google Analytics by using some Web services calls. And so if you are using Google Analytics to track the audience of your site you can also monitor the feedback users are sending using this component to report to Google Analytics as events. This is quite an unusual solution and very interesting.
On my part I would like to comment on a template engine component named Templ, and it was developed Aliaksandr Astashenkau if I'm getting his name right, from Belarus. And what this component does is something that you are very much used to do in PHP which is basically to parse a template string and find some marks that you can place in the string to determine where certain variables will be inserted, so you can use this as a regular template engine except that it will work on browser side.
And this is quite useful for AJAX applications, those applications just send requests to the server, they retrieve the information from the server eventually in a JSON format and then using a template engine like this they can render it in the page reducing the need to exchange whole sections of HTML with the messages or parts of the page that are going to be changed.
That would be a different way to use templates on the server side, so this kind of saves some time exchanging data with the server thus making your AJAX applications eventually faster.
And there are several other classes, objects, published in the JS Classes site. For now we'll just comment about this because we are practically at the end of our current show.
Manuel Lemos: We're just going to move on to the last section which is to comment on the latest classes nominated in the Innovation Award contest that PHP Classes organizes every month. And in this case they are the nominees of May which were voted on in June and now in July were announced the winners.
Ernani, which of the classes would you like to highlight from these that were announced as winners in July?
Ernani Joppert: Oh, yes, so I have also another particular class that brought my attention to it is the cDWF. As I can see it renders diagrams in HTML or Flash. And this is for documentation and for diagram generation.
Sometimes you don't have the tool to do it and sometimes the tools are paid, so you have to find a way to do it on your own, and benefitting from Flash sometimes it's attractive, sometimes it's not, it's just a design decision.
And given that this produces HTML and Flash it's very nice and a very innovative code so I would vote for this. And the author is Omar Ortiz from Mexico and it's a very nice, very innovative object I can see on here.
Manuel Lemos: Right. It's very interesting to render workflow diagrams. It's not something that you ever need frequently but once you have it, it probably would be nice to have this integrated in your applications having a ready-to-use component to perform this type of graphical presentation of diagrams.
And on my part I would like to highlight the Fuzzy Logic package by Wojtek Jarzecki if I'm pronouncing it right, he's from Poland. And what he did is a component and what it does it's not a trivial solution.
Basically it simulates a control system with many components, many inputs and outputs. It could be used to simulate for instance the machinery that you have in a factory. And it takes some values as inputs and then you can define the outputs according to rules. And all this is executed as a simulation and you can see the progress of the outputs.
This is also a type of component for which you won't have everyday applications, but if you are of this area of control systems you'll probably find it very interesting. So kudos to Wojtek for submitting something that seems to be quite advanced. And I hope he can contribute with other also interesting components like this one.
Well, there are a few other components to talk about, but unfortunately we do not have much more time.
Manuel Lemos: Basically we are at the end of this podcast and next month we'll certainly have more components and PHP related stories to talk about. So on my part I think that's all for now, bye.
Ernani Joppert: Although it hasn't had very much news that we could see would benefit lots of users here, I guess this was a very interesting episode because it interacts with unknown, at least at my side, unknown features from PHP and other topics that may imply.
So I'm very happy to participate and would like to say thanks to everybody and would like to get some feedback as well for further ideas and also to suggest interesting topics for the next episode. Thank you, bye, bye.
1. PHPDeveloper.org: PHPClasses.org: Lately in PHP podcast episode 14 - PHP 5.4 Alpha Features (2011-08-01 10:47)
On the PHPClasses.org blog today they've released the latest episode of their "Lately in PHP" podcast hosted by Manuel Lemos and Ernani Joppert. In this new episode they talk about some of the features to be included in PHP 5.4...
|<< Previous: The Plot to Kill PHP ...||>> Next: Top 10 Wrong Ideas Ab...|
|PHP Classes blog||PHP 5.4 Alpha Feature...||Post a comment||See comments (3)||Trackbacks (1)|