Download Size: 21MB Listeners: 2572
Introduction music Harbour used with explicit permission from the author Danilo Ercole, from Curitiba, Brazil
RSS 2.0 feed compliant with iTunes:
In iTunes, use the Subscribe to Podcast... item of the Advanced menu, and then enter the URL above to subscribe to this podcast.
Note that the timestamps below in the transcript may not match the same positions in the video because they were based on the audio timestamps and the audio was compacted to truncate silence periods.
See the Lately in PHP podcast play list on YouTube and Subscribe to this channel there.
PHP 5.4.3 and 5.3.13 bug fixes (1:24)
Visualization of PHP Releases over time (4:30)
Will GitHub Limitations Affect PHP core project submissions? (5:32)
PHP Coding Standards Proposals (11:43)
PHP Programming Award Winners of March 2012 (41:01)
Manuel Lemos: Hello, welcome to the Lately In PHP Podcast, I am Manuel Lemos the regular host of the podcast. Unfortunately Ernani Joppert, my regular co-host, could not come, but on the upside I have here with me as my guest Arturs Sosins from Latvia. Hello Arturs, how are you doing?
Arturs Sosins: Hello, I'm fine, thank you.
Manuel Lemos: Well, actually I invited Arturs not just to fill the space of Ernani, but also to comment on something interesting related with both JS Classes site.
PHP 5.4.3 and 5.3.13 bug fixes (1:24)
Manuel Lemos: But first we are going to start with our regular review of topics that we comment on related with the PHP world, and first I would like to start with just a comment briefly on the latest releases of PHP, and namely PHP 5.4.3. Actually since the last podcast did not comment on 5.4.2 because it was also released recently.
And basically there was also a PHP 5.4.3 release that aims to in part to the same goals which is basically to fix some bugs, security bugs, that effect PHP when running on CGI model, if I can put it that way.
Well, I don't know if this affects many people, personally I do not use PHP on CGI mode, I don't recall if I ever used it, maybe in the early days PHP 2 or 3, but since mod_php for Apache was made available it is preferable, it's faster, so I do not use it. Arturs, do you have any environment in which you use PHP on CGI mode?
Arturs Sosins: I haven't used it myself. I remember there was one situation where only CGI based set up only could be used because of some kind of restrictions, but well I haven't worked with it myself, so again I guess it's pretty rare when someone uses CGI installation because most hosting software uses mod_php as standard PHP setup.
Manuel Lemos: Well, anyway, this is only maybe worth noting that if you use PHP on CGI mode, because if you use PHP as Apache module or FastCGI this vulnerability that was found does not affect you.
Other than that, there was also vulnerability that fixes a buffer overflow when using the call apache_request_headers, but this only affects PHP 5.4 series, not PHP 5.3.
So, it's always good to know when there are important fixes. This probably does not affect many people but just keep in mind what is being fixed, so you figure if you should operate or not to avoid being exploited. On this matter I think there is not much more to say.
Visualization of PHP Releases over time (4:30)
Manuel Lemos: And moving on to the next topic that we planned for this podcast, I'd like to also make a brief comment on the initiative that PHP developer took to let's say elaborate a diagram of the PHP releases over time, starting from PHP 1 in 1995 and then going all over all those releases being minor or major releases.
And for those that are curious, of how PHP evolved in terms of releases over time this may be an interesting curiosity. I'll post the URL in the show notes in case it is not easy to see what I am sharing on screen, and maybe in the future people will want to check it out with more attention.
Will GitHub Limitations Affect PHP core project submissions? (5:32)
Manuel Lemos: And, anyway, moving on to another topic which is not really related with PHP but may somehow be because the latest events on the way PHP is being used, at least offered to the community so that people can contribute and submit eventual patches, is somehow related with GitHub.
It happens that Linus Torvalds, the creator Git version control system, posted a sort of rant or complaint that regards some limitations of GitHub, the way they implement the so-called pull request.
For those that are not familiar, pull requests are sort of feature submission or code submission process by which the maintainers of the main repository can receive patches that implement improvements to a project.
And Linus Torvalds was complaining with GitHub people about the way Git pull requests are arriving to the Linux project, namely he was complaining about the formats of the comments, for some reason they are not coming as well-formatted as he expected, and it makes it hard to read what is being patched, what is being affected.
That is one complaint, another complaint is about the email addresses of the pull request submitters that are not validated. For those that use GitHub may not be well aware, but GitHub when you register it does not verify your email address, so it somehow allows people to create fake accounts and start pushing patches, pull requests to projects.
Although this does not affect the projects if pull requests are not accepted, maybe annoying, and this is one of the complaints that Linus Torvalds had. And there is a long thread here of discussion in GitHub about these complaints.
Basically he's saying that he complained already before to the GitHub people, but somehow they are not following his complaints, or do not seem to be reacting.
And the reason why this somehow has to do with PHP development is that nowadays the PHP project is also accepting pull requests via GitHub, and I wonder, well, so far I did not see anybody from the PHP Core complaining, but I wonder if this will not also affect the process.
Well, it will not affect the PHP development, per se, but somehow I was wondering if sooner or later people from the PHP Core will not complain. Arturs, do you use GitHub in your developments or for some project?
Arturs Sosins: Well, actually I'm a user of another versioning system, and as I understood Torvalds would call me an ugly for using that. But I've tried using Git, it seemed more complex than the version system I was using, and as I understood from this topic then the web interface that GitHub provides for Git is actually pretty useless for many of the Git options that you can possibly do, so I don't know.
Manuel Lemos: Well, actually it's true that Git is more complex because it's probably more powerful, well, namely this feature of pull requests makes it easier to integrate changes than by others.
They can take their own copy of their repositories and make their changes and then submit pull requests, and that's why some people are enjoying more Git than any other version control systems.
And, anyway, so far I have not seen anybody from the PHP Core complaining, maybe those complaints come sooner or later, or not.
And as a side note I would like also to comment that since some time ago the PHP Classes site, also JS Classes site, is allowing people to register or login with using accounts of other sites such as Facebook or Google Gmail or Microsoft Live or Hotmail accounts, and this somehow made it easier for people to login.
And I also have considered allowing people with GitHub accounts to login or register because it also uses OAuth 2. And what happened is that since I realized that people are able to create accounts on GitHub that do not have their email addresses verified, I mean they can easily create fake accounts, I decided to not enable the support for people to login with GitHub accounts because it will open a door for people to easily spam the site creating many accounts.
It would probably allow certain unfair situations to happen like creating accounts to vote on themselves. Although that is not impossible, nowadays allowing to use fake accounts would make it easier to happen, and it certainly is not a good idea.
PHP Standards Proposals (11:43)
Manuel Lemos: Anyway, moving on to the next topic I would also like to comment now about something that has been going on for a while that is related with an attempt with a group to define some standards for PHP development.
From what I can remember this all started in 2009 if I'm not mistaken, and the idea is to define some common standards for PHP projects to adopt.
They started with an initial proposal which would be basically to define some rules for class naming and namespace qualifiers, and so define a common autoloader for PHP 5 applications, so using the same naming conventions.
That was just the initial attempt to define some standard specifications because PHP has no history of defining standards for the PHP programming itself that are widely adopted. There have been attempts in the past, projects like PEAR that define their coding styles, but a lot of people did not follow PEAR for many reasons, either for not agreeing or did not know the project.
And this effort now, actually since three years now, they are trying to define more formally adopted standards that people may follow, or not. Now they are actually defining more standards, more specifications that define other things besides the initial proposal which just covers class naming.
They have now defined more proposals that tend to require that projects that embrace these proposals be more strict in terms of formatting their code. There is basically what they call PSR-1 that defines a few more standards, and then there is PSR-2 which is more demanding in terms of code formatting and the way you write your PHP code in a way that is more uniform between projects.
There are many projects that are involved here and, well, these are just people that represent those projects. Despite this is not a small number of projects I just wonder if this is going to have any adoption since now we are already in 2012, and a lot of time has passed since the beginning.
Arturs did you read any of these specifications, what do you think about them? Are you willing to adopt them or you just do not care?
Arturs Sosins: Well, I do care. If you ask me does PHP world such standards then I definitely say yes. I've never tried Ruby, but even without trying it I've heard there are similar coding standards in that each Ruby developer may come to another developer application and quite easily navigate through the code and try to understand what he's doing, then well something like this is needed for the PHP world.
For sometime I thought that frameworks would solve this problem, you know, if the project is built upon let's say CodeIgniter then other CodeIgniter developers that understand this framework could also easily manage this project.
That really helps to understand other developer's code because, well, I guess it's the most common problem and also why these standards should be defined. For example, in the PHP Classes site you share your code, you want others to easily understand it, use it, modify it, so yes, I say yes to standards.
But we will say be applied by most developers I probably need to say that I guess not because even now I've encountered projects where other PHP developers do not even use OOP practices, you know, they are like coding in the first version of PHP where I was not using the object oriented approach. So even if this object oriented approach is not common, well maybe, it's a rare situation, but not all developers use them, then to try to make them apply a new coding practice would be too difficult to accomplish.
Manuel Lemos: Yeah, well, there is a lot of say about standards because one thing is having standards for formatting your code, and it is good to have standards in the sense that if you use the same standard consistently your code will be more readable, but there are many ways to format your code and it still be readable, and getting people to agree it's very hard.
Actually this project, this group that was formed from developers of different frameworks and CMS projects, they did not all have the same standard, they are trying to agree on a single standard, there are variants, which means their code would be formatted in slightly different ways, but they would still be readable I suppose, and I think that is the most important matter.
And now if you want to push a more demanding standard that includes things like tabs and spaces, line breaks and braces, where you put them, I think there will be no big consensus about on this because PHP developers nowadays have been developing PHP since many years, and if they adopted one standard, probably defined by themselves, it's hard to change habits, and if they do not see the motivation for changing habits they do not do it.
There is this principle about motivation, motivating people to change habits, which consists of three conditions: one is people have motivation, and other to have the ability to change the habits, and the third would be to have the information that would be important to do it.
There are some motivations to do it, but some people do not have the ability to go through all their code bases and change from one style to another because it takes a lot of time to reformat their code.
I see there is an attempt to produce some tools that will allow developers to reformat their code, I don't know if they are reliable, they will not break stuff on the code that people have written so far, so I don't know if that will be a solution but at least it will tackle the problem of the lack of time to change those standards.
And thirdly, people having the information that would be important to change their coding styles, well, at least here we're sort of helping on that by talking about this problem, maybe people will look, now that they have this information of this standardization effort they will try to learn about it and try to follow those standards.
But between knowing about it and following this initiative I think it's not that easy, and people may or may not adopt these standards, and especially the PSR-2 because it is really demanding, I think things like tabs versus spaces are needless...
Arturs Sosins: Completely agree.
Manuel Lemos: ...because it doesn't matter, and we'll never get a general agreement on something that is very old, like the vi versus emacs editors, which is several decades dispute, which one is better, and tabs versus spaces it's like having people to agree on that it's like an impossible mission, but still they are proposing it on PSR-2. I think PSR1 defines some conventions that are more acceptable.
Arturs Sosins: Yes.
Manuel Lemos: And they are more reasonable. It would be more feasible to adopt them but PSR-2 when it starts imposing on tabs versus spaces and CamelCase or StudlyCaps, that seems like somebody trying to push their personal preferences.
And since PHP on several things is case insensitive, trying to push case standards for names, well, I don't know, I don't think that probably will get great acceptance, I don't know, what do you think, Arturs, on that?
Arturs Sosins: Well, I completely agree that some standards are too demanding and, well, I would prefer tabs not for spaces because it's what's simple, it's easy to navigate, and newer text editors support multiple tabbing.
But yes, some of the suggestions could be accepted, for example, positioning of properties and methods, and visibility in class that if every developer would follow one convention it would be much easier to just read through the class and what it does and how you can modify it, so some of them are useful but not all.
Manuel Lemos: Yeah, well, I think the most important matter is that people should change their longtime habits, and trying to push some of these conventions here, which they are just conventions, people already have their own conventions, they are not wrong because they have been using them consistently for many years.
So trying to push some of these conventions is like asking people now you are writing with your left hand, now you should write with your right hand because the right majority is using it. And it's also not true that the majority will use these conventions because they are defined by a small group of people, even if many people agree on them the PHP community is very large, it's just there are no standards since the beginning, my opinion is that probably will not go very far.
But okay, this is just my opinion and I'm just one person, and I'm not trying to influence anybody, I'm just giving my expectation of whether this will work or not in the future, and well, we'll see.
Manuel Lemos: Now moving on to another topic of this podcast, it's time to first comment on the latest classes, objects.
Very briefly, we comment on all the nominees every month, people that sent innovative components, but just for those that are not familiar with this initiative, basically it consists in nominating all the innovative packages that have been published in the previous month, and then since that month there is a vote, people vote on the most innovative package of the month, and after that month the results are announced and the developers are entitled to earn prizes provided by sponsors.
And that has been going on since 2004 in PHP Classes site. It was a very successful initiative because it encouraged a lot of developers to send very interesting components. They are quite innovative and often very useful because they do things that there were no other components in the site to do that.
In the end no packages would be distinguished, they would be considered all innovative and it would not fulfill the purpose of the initiative, which is to distinguish which are the most innovative packages.
And so I've actually been talking with Arturs about this since several months ago I think, and Arturs suggested we have some kind of a goal to reach a minimum, and then just show the users of the site a sort of progress bar like this one that is being shown on the screen right now which is in the Innovation Award page on the JS Classes site which shows how much of the goal has been met and how much is remaining.
Arturs had this idea of providing a special prize to the author that contributes more to this phase, but I was also concerned that many authors start submitting rubbish packages, very simple packages, just to raise their rankings to be considered for getting this special prize.
And so I decided that only those that submit notable packages would be considered for this ranking. So as you may see now on the screen there is this ranking of notable packages that have been submitted so far. So far we only see three packages because it was just announced, but it's a good start because it is getting a good pace to reach the goal sooner.
And actually I'm showing you now on the screen there is a new mascot that I mentioned in previous programs that is being produced which is more based on the logo of the PHP Classes site, designed by Ifat Amit, and the current version of the prototype that is being designed is still being adjusted, but it's getting closer to a final version which more or less is like what you see on screen.
And this is one interesting aspect of these sites, the JS Classes, which also is based on PHP Classes initiatives.
Arturs Sosins: Well, firstly I'm quite confident that it will attract more users, interest more users, and motivate them to submit more packages because, well we all are users of PHP Classes site, and this contest where a lot of PHP Classes members participate intentionally or unintentionally submitting innovative packages that they have.
And even if someone doesn't know about the contest, once he gets into one month's top, well, he will also want to try more and collect more points and basically I guess this is what is missing in JS Classes site.
So this promotion basically will try to motivate those users not to hold on these innovative components and try to submit them now because, well, this promotion is actually like its own little contest where people can participate, and maybe in some way it's even bigger than the monthly Innovation Award contest because it's for the cause, or cause for all the JS Classes users.
Manuel Lemos: Yeah. Well, we have to wait and see how the adoption is coming. We can see that since this Innovation Challenge Award started that we already have several authors, not just Arturs Sosins submitting his own packages but other authors.
And it is interesting to see them already contributing. I hope this keeps with the pace, well, if we get like three new packages a week, reaching the goal of 67 packages remaining, I think people take like 24 weeks or so, so this gives us enough time to reach that goal before the end of the year which would be great in my opinion. And, well, we have to wait and see, I'm quite anxious to see the results of this initiative.
And just as a side comment I would like to mention that there will be other initiatives coming up hopefully soon, they have to be implemented, there needs to be some code to be written to implement them that will not only engage users in this Innovation Award but also engage users on activities of sharing their code, so they will get more attention to the work, the good work that they have been sharing in these sites.
But we'll get back more on this in the future, hopefully soon in the next show so we comment more on that.
Arturs Sosins: Yes, I will try, even try to run a demonstration. Well, basically the class is called Gravity, which provides a way to apply physics to simple HTML elements. It uses a Box2DWeb library, I guess it was the same library that was used in a Google library project if someone knows it.
And I have simply created a wrapper to allow easy implementation on HTML elements because I designed it as meant for canvas animations. And actually there are quite a few features implemented, just some six, it could be extended even more if people show interest, but I've already received great comments.
Manuel Lemos: Can you just increase the font? Okay, that's better now, actually I'm seeing my own screen.
Arturs Sosins: Well, I've already received great comments for the idea. So I will even try to advance it more and add more features later.
Manuel Lemos: Yeah, that's true. Basically despite nowadays there are those standards for defining whether a page would be allowed to send cross domain AJAX requests, I'm not sure if it is well supported by all browsers, and in that case an object like this by Hansel would be great to have.
Actually Hansel has even written a blog post about it but it was not yet reviewed, that should be published by the time this podcast has been published, and you may want to read that later.
Well, on my part I would also like to comment on a couple very quickly because we are getting closer to the end of our podcast and we still have PHP Classes to comment about.
One of the classes is this jQuery pidCrypt which is basically, well, it is a plugin for jQuery, although most of its functionality is not implemented on jQuery features, so it will probably not really need to be a plugin for jQuery.
But what it basically does is to encrypt form values using public keys infrastructure, RSA. And this is probably interesting on those cases that you like to use some browser side storage to store values that will be used later but you want to store them securely, and so it uses encryption, they can also decrypt the information.
And storing those form values in different types of containers like cookies or local storage or session storage, it provides a means to let you pick the different type of storage container.
And also another advanced component is another one from Alexey Znaev, am I pronouncing this name right, Arturs?
Arturs Sosins: Alexey Znaev, well, yeah, mostly.
Manuel Lemos: My Russian accent is not very good. Well, Alexey submitted several other packages. This is yet another one which also does something that is not very trivial, which is basically to compress and decompress data with LZF algorithm.
And this is basically compression routines that can be applied more efficiently on text. And the point here that concerns PHP developers is the fact that it uses functions that have the same names of other functions that exist on PHP, like LZF compress and LZF decompress. So if you need some compression components I think you can use this component by Alexey.
PHP Programming Award Winners of March 2012 (41:01)
Manuel Lemos: And now moving on with the podcast, we are going to talk now about the PHP Programming Innovation Award that we talk about every month.
In this case these are the nominees of March, so they were voted on in April, so now we are in May and are commenting about them. Arturs, would you like comment? Which ones do you think would be the most relevant?
Arturs Sosins: Well, yeah, I would comment on two of them. The first one is a winner of Innovation Award, it's a class by Mohamad Reza Kavoosi, hope I'm pronouncing it right, from Iran.
Basically what he did, he created sort of a template engine, but, well, basically what it does it does not look for some definitions of values inside the template, but it uses... I saw there was an example of a form where you can define values to fill a form, and well it automatically detects them and fills them, which is kind of an innovative approach despite other templates use some kind of string marks where values should appear. Well, that's why probably he's a winner.
And another which I'd like to mention is HAAR PHP, which is basically a face recognition package in PHP, well, how could you say no to face detection. As I understood it uses open CV, some kind of OpenCV data, and generated by this library and applies it here in this PHP class to detect faces from the photos.
Well, I guess that's a really advanced thing to do, and you need to do it efficiently. And I guess that unknown author, foo123 from Greece, well done, this job is pretty great.
Manuel Lemos: Since I had to contact him to give away his prize I realized his actual name is Nikos, but for some reason he prefers to use an alias in the site, although I always recommend people to use their real names because it gives more credibility.
Arturs Sosins: Even in Google Hangout.
Manuel Lemos: Right, even Google Hangouts uses some face recognition features to detect where the actual faces are of the people on screen and apply some effects, like for instance putting glasses on people's faces, like you can see now.
But this is just an entertaining application, as a more serious application it is often used by sites like I mentioned, Facebook and Flickr, to detect where people's faces are so you can name the person that appears on pictures.
And this is quite interesting, and kudos for Nikos for sending this class, I hope he can keep sending more advanced classes like this because this is not only innovative, it's also very advanced, and this certainly enriches a site like this, makes everybody enjoy it more.
And on my part I would also like to comment on a couple of classes actually. And one of them is this Data Pivot sent by Andry Zulfikar from Indonesia. I don't know if that's the right way to pronounce it, we never know, I'm sure we always pronounce it wrong, but okay at least we try, I hope people can excuse us for not pronouncing their names correctly.
But back to the actual class, what it does is very common functionality that is necessary to produce so-called pivot tables, they are commonly used on spreadsheet applications. And in this case Andry managed to generate pivot tables to show them from data retrieved from MySQL databases, so it not only shows the data but it also can show summary fields like totals and other grouping functions.
And although this is quite common, having this bundled in a package that does it directly just from a few inputs and the class figures all that out, it's quite innovative and useful to other people.
And I also would like to comment on this File Info from Uku-Kaarel Jo~esaar, maybe Arturs you can say it better because he's from a neighbor country, right?
Arturs Sosins: Well, the language is pretty different, I doubt that I could pronounce it better than you, but it could be something like Uku-Kaarel Jo~esaar.
Manuel Lemos: Okay, so I figure if I was wrong you are wrong too, so it's alright. Anyway, Uku-Kaarel has been a regular contributor for quite a while, and his packages were nominated like five times, and this is yet another one of the nominations that he got.
Basically what this class does, File Info, is a way to detect the type of files that you can perform by looking to some probably initial bytes of the files.
This is not exactly new in the sense that there is an extension PHP that does precisely this, and this class tries to emulate its functionality. What is new in this package is that it is all implemented in PHP, so if the file info extension is present it will call its function, if it is not present it tries to emulate the same function with several other methods, and still provide a solution to users that for some reason cannot use that file info extension. And for that reason that is why this package is innovative and useful, and Kudos to Uku-Kaarel from Estonia for this contribution as well.
Manuel Lemos: Well, with this I think we basically conclude this podcast. Arturs, I don't know if you have your final words to conclude?
Arturs Sosins: Well, I'd only like to again mention and motivate all PHP Classes users to try to submit their packages to JS Classes and finally bring the Innovation Award also to JS Classes.
Manuel Lemos: Yeah, I think that will work great, and I also would like to thank you for sharing your ideas. Although the idea itself it's simple, somebody has to have it and suggest it.
This also is a reminder to other users of the site that would like to see it improved somehow, not just the JS Classes site as we are mentioning, but also the PHP Classes site because both sites share the same code base.
And I would like to encourage everybody that has ideas for things that can be improved to go ahead, contact the site. There is a link on the bottom of all pages to contact the site and send your ideas, if you want to send them privately, or you can also post a comment on an article of the podcast, of the site's blog, like the one of this podcast, to comment send your ideas.
And other than that, also use the comment section to comment on other topics that we have commented on in this podcast.
So on my behalf I would just like to say that's all for now, so thank you for your participation and see you next show, bye.
Arturs Sosins: Bye all.