Login   Register  
PHP Classes
elePHPant
Icontem

The Debate About All PHP Frameworks that Suck - Lately in PHP podcast episode 44 - PHP Classes blog

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Blog PHP Classes blog   RSS 1.0 feed RSS 2.0 feed   Blog The Debate About All ...   Post a comment Post a comment   See comments See comments (0)   Trackbacks (0)  
<< Previous: 4 Reasons Why All PHP...>> Next: How to Use a Webcam t...

Author: Manuel Lemos

Posted on:

Categories: PHP Innovation Award, Lately in PHP Podcast, PHP community, PHP opinions

The video and the article about when Rasmus Lerdorf stated that in his opinion all PHP frameworks suck had great reprecussion. In this podcast the debate about reasons for this opinion continued with Manuel Lemos, Cesar Rodas and Yasir Siddiqui, the winner of PHP Innovation Award edition of 2013.

They also talked about the the Uniter PHP interpreter written in JavaScript, plans to remove the MySQL and IMAP extension in PHP 5.6, whether the next major PHP version should be PHP 6 or PHP 7.

Now listen to the podcast audio, or watch the hangout video or read the transcript to learn more about these and other interesting PHP discussions.




Contents

Introduction (0:20)

PHP Releases 5.5.8 and 5.4.24 (1:48)

Attaching a Session to the User IP Address (3:29)

PHP interpreter in the browser with Uniter (7:13)

Will MySQL be Removed from PHP in Version 5.6? (11:31)

Shall IMAP Extension be Removed in Version 5.6? (17:54)

Shall the next Major PHP Version be 6 or 7? (19:38)

The Debate on whether All PHP Frameworks Suck (22:43)

Interview with Yasir Siddiqui, Winner of the PHP Innovation Award of 2013 (50:05)

JavaScript Innovation Award Winners of November 2013 (1:19:36)

PHP Innovation Award Winners of November 2013 (1:25:40)

Conclusion (1:31:04)


Contents

Listen or download the podcast, RSS feed and subscribe in iTunes

Watch the podcast video, subscribe to the podcast YouTube channel

Read the podcast transcript


Click on the Play button to listen now.


Download Size: 74MB Listeners: 2451

Introduction music Harbour used with explicit permission from the author Danilo Ercole, from Curitiba, Brazil

View Podcast in iTunes

RSS 2.0 feed compliant with iTunes:

http://www.phpclasses.org/blog/category/podcast/post/latest.rss

In iTunes, use the Subscribe to Podcast... item of the Advanced menu, and then enter the URL above to subscribe to this podcast.

Watch the podcast video

Note that the timestamps below in the transcript may not match the same positions in the video because they were based on the audio timestamps and the audio was compacted to truncate silence periods.

See the Lately in PHP podcast play list on YouTube and Subscribe to this channel there.

Show notes

  • PHP interpreter in the browser with Uniter

Introduction (0:20)

Manuel Lemos: Hello. Welcome to the Lately in PHP podcast. Today, there will be special episode because we have a guest. But first, let me introduce to you first our now sort of regular co-host, Cesar Rodas.

Hello, Cesar. How are you doing?

Cesar Rodas: Hello. I'm doing just fine.

Manuel Lemos: Yeah, that's good to know. So our guest is Yasir Siddiqui from Pakistan. Hello, Yasir, how are you doing?

Yasir Siddiqui: I'm doing excellent.

Manuel Lemos: Well, Yasir is here today because he was the winner for 2013 of the PHP Programming Innovation Award that goes on every year.

And later during the show, we will be talking more about why and what made this award be assigned this year to Yasir.

But since we have a long show because we have many interesting topics to discuss lately in the PHP world, we are going to jump right to the topics and then, we will get back to the part of the Innovation Award. We have more detailed interview ahead with Yasir about his work.

PHP Releases 5.5.8 and 5.4.24 (1:48)

Manuel Lemos: So first, let me start by commenting on the recent PHP releases. Well, in January, there was basically only PHP 5.5.8 release, which seems to be, as usual, one of maintenance releases with mostly bug fixes and probably some minor changes. I didn't see anything the worth noting.

Cesar, did you find anything interesting to comment on this release of the PHP 5.5.8?

Cesar Rodas: Not something outstanding. I have it running and I don't see much much difference. I'm looking at the change set now and it seems that they fixed a couple of C internal errors and then a bunch of bug fixes, which is always good.

Manuel Lemos: Yes. And then, there's also PHP 5.4.24 practically at the same time as usual. And it seems to address similar bugs. So, it was yet another maintenance release. There is not really much more to say about this.

Attaching a Session to the User IP Address (3:29)

Manuel Lemos: And so, we are going to move on to the next topic, of the things that have been happening in PHP world, mostly discussions in PHP Internals.

One of those discussions is related with an eventual feature of matching IP address is to sessions. Well, there is this proposal here. But usually IP address maybe a source of problems, especially when you are accessing PHP sites on the Web, I mean, the public Web, because some ISPs rotate IP addresses.

I mean , the IP addresses that the sites see are usually of proxies and those proxies keep rotating the IP addresses. And for the same user, it may  change the IP address.

But the proposal here is to have some option to verify the IP address of a session, which would be useful more in intranets on which there is no such problem of rotating IP addresses. And so once the session is attached to an IP address, if it changes for some reason, probably the session should not be accessible to that user. Probably it's a stolen session.

I don't know. Did you guys look in to this topic? What do you think about it?

Cesar Rodas: Well, I guess it has good intentions. But it is starting at the wrong place. The way I see it, and I might be wrong, it's a generic thing , so it should work. And if you worry about that, you should either implemented your own session or use any other framework that already does that. Like I used some frameworks in the past that actually they encrypt the first bytes. So if  something changes like the IP address or something like that, they cannot get any valid session.

So I think that it has good intentions but that it won't be approved.

Manuel Lemos: Well, I don't know if it's going to be approved. But I understand your point. Basically, you are saying that there are many classes and frameworks that already do the IP verification.

Cesar Rodas: Exactly. To me, this is a high-level problem and they want to fix this in a very, very low level. What happens if I don't care about that? I have a very busy site and my client's ISP, they are just bouncing or they get out through a pool, so what's going to happen there? And that is the thing. I think that it has good intentions but it is pointing at a wrong direction.

Manuel Lemos: Well, I don't know. For me, it wouldn't hurt if they have that feature built in. But as you said, it's not really necessary.

PHP interpreter in the browser with Uniter (7:13)

Manuel Lemos: Anyway, moving on to the next topic. I have found this interesting site. I think it's a library or something which basically allows you to interpret PHP using JavaScript. And with this, you can have a sort of an interpreter PHP code in your browser. So basically, here on the left, you have some reconfiguration of the engine. On the right, you have the PHP program.

This is still beta so it won't work as a full PHP engine, but you can do the usual echo Hello World and it is interpreting it at runtime. So once you have a PHP script with the correct syntax, it will work. And it also allows you to pass some configuration options, like for certain object called info that is defined here on the right.

I tried to paste some PHP code like full-blown classes and it starts complaining for some reason. So, something will work but some things will not work. Well, it doesn't like functions. That's probably because they are not public. It requires it. And it's…...

Cesar Rodas: No, that is not necessary because it's your constructor OK and OK.

Manuel Lemos: Yeah, OK. Silly me. So it called it twice. One for the object. OK, that will be the way.

Cesar Rodas: OK.

Manuel Lemos: So the search is not working. But I tried to put classes with... I tried to paste full-blown classes with more details, it starts complaining.

But well, as you can see, it works. It's still alpha as they say. But it may have its purposes. I don't have any application for this in mind. Do you, guys, have any ideas? Why would you want a PHP interpreter in the browser?

Cesar Rodas: Well, I don't know. I think it is a very nice pet project, to be honest. And I know, in a very very distant future, but very distant future though, you can just take one PHP class and that can be just converted into JavaScript so you can use it either in your browser or in the service-side using Node. But that is in a very distant future.

I see this as a very nice pet project. So I wish I could have free time to actually do that, but I don't unfortunately. Or fortunately, it depends from...

[Laughter]

Manuel Lemos: Well, somebody has to work and to get you paid. Or else, you won't make a living from developing if you just have fun and no pay.

Cesar Rodas: And I do have a lot of fun but different fun.

Manuel Lemos: Yeah, paid fun.

Cesar Rodas: Yeah, exactly.

Will MySQL be Removed from PHP in Version 5.6? (11:31)

Manuel Lemos: OK. Now moving on with the next topic, we are going to comment about something regarding several discussions that concern already the next versions, what to do with the PHP development. And one of those discussions is an eventual cleanup between PHP 5.5 and 5.6.

As you may probably be reading on screen. It says that in PHP 5.5, they have deprecated several things including the MySQL extension. So the question was more shall they remove the MySQL extension finally in PHP 5.6 already or this will cause serious problems to the PHP world and nobody will upgrate PHP 5.6?

I mean, almost nobody. There are always some people brave that no longer have a legacy applications that rely on this extension.

What do you guys think? We'll just take five more years for PHP 5 to be adopted?

Cesar Rodas: I think that the PHP, as they said, they should eventually get rid of it because it's legacy code. And there is nothing bad with old code, but in this case, I guess that it takes time, precious time, from the Internal guys to actually maintain that.

And there are some alternatives out there. I used to use the  MySQLi - I think that is how it is pronounced - or the PDO class and they are just fine. The problems are that as far as I've been reading into the email threads is that WordPress is actually using that.

And WordPress, because it is Open Source and because it is quite popular, that means that millions of Web sites won't be able to actually upgrade.

And what is going to happen is that I saw what was the solution they provide, was that we will remove it from our core. And they want to remove it to a PECL extension, which is a repository for C code, for C PHP extensions, which is nice.

But the problem is that PHP is different than many other programming languages like Perl. I don't know, it's similar to Perl but like Ruby or Python where these compiled extensions are quite popular.

And the reason being is for you to deploy a Ruby application or a Python application, you would more likely have your own server or your own VPS where you can compile things.

Manuel Lemos: Right.

Cesar Rodas: In the case of PHP because it is so massive popular, most of the people - I don't know exact number - but I would say like 90% or so, they don't have any VPS. They just run it into shared hosting, so they don't compile anything. They just drop something and it works and that's fantastic.

So what if this is going to happen? I think I saw one class in PHP classes, correct me if I'm wrong, people will actually write equivalent code in PHP that will underneath be something else like PDO or the MySQLi extensions, so improved. And which isn't that bad also but it's a tough decision and I believe that it is having a...

Manuel Lemos: Right. What about you, Yasir? Do you have legacy applications with MySQL extension to probably maintain? What is your experience?

Yasir Siddiqui: Well, I will agree that is really a tough decision if they remove the MySQL support in PHP 5.6.

Manuel Lemos: Yeah. The problem is that will it give you a lot of work to maintain the existing applications just to move on to MySQLi or PDO?

Yasir Siddiqui: I guess it should be better to move on to MySQLi or PDO. That would be better.

Manuel Lemos: Right. But in your case, do you have many applications that would require that effort or you have already migrated in the past?

Yasir Siddiqui: Well, I have been using MySQLi.

Manuel Lemos: OK. So you don't have legacy applications? That's good for you.

Yasir Siddiqui: No. Yeah.

Manuel Lemos: Do you use a WordPress?

Yasir Siddiqui: Yeah, I do.

Manuel Lemos: Well, so I guess at least until somebody gives an upgrade to WordPress. Probably there are some plugins or something that's already do the switch but personally I don't use WordPress. I don't know.

Well anyway, this problem of requiring newer extensions and newer versions is always a problem for many people and not just with MySQL.

Shall IMAP Extension be Removed in Version 5.6? (17:54)

Manuel Lemos: Another extension that is being proposed to be removed from PHP is of the IMAP extension which lots of people use to retrieve accessed mailboxes. And there is a proposal here to remove it because it relies on a library named C-client that is dead and has been for a while.

Well, it's not that it stopped working. It's just that it not being maintained. But if it is working, it's not that much of a problem unless somebody finds bugs that are not fixed.

Well, the PHP extension relies on that library, so they are considering also to remove it sometime in the future, maybe 5.6. So the discussion is still up regarding this topic because it's not very recent. I don't know what they will decide, but I'm sure if it is removed from PHP 5.6, it will be yet another thing that developers have to be concerned if it is removed.

And like Cesar mentioned for MySQL, there is even somebody that developed a class and some functions to wrap around code that emulates the MySQL functions in case they are not present. 

But for IMAP, I have not heard of anything like that. Well, we have to see how  all this is going to happen, if they're going to remove it or not.

Shall the next Major PHP Version be 6 or 7? (19:38)

Manuel Lemos: So moving on with the next topic which is also related with the future. There was a long thread of being discussed about what will make it into the next PHP versions, things like generics and changing the function naming.

And it's interesting that people are very eager to create backwards incompatible changes in newer versions just because they don't like the way it is handled now. It doesn't mean that it's not working, it just means that they may not be happy because there are inconsistencies. There are new features that they would like introduced.

And one of the related discussion is whether the next major version should be called PHP 6 or PHP 7, because PHP 6 is already associated with a project failure, which was the addition to implement Unicode in support, I mean, built in the language engine. And it was a challenge that was too big and they have ended up giving it up, so PHP 6 was sort of killed.

So the discussion here is also whether they should call PHP 6 the next major version or PHP 7. What do you guys think? Do you have any opinion about this?

Cesar Rodas: It's a political change and it is a branding issue. If I complain and if I was someone with actually position, I would propose like, OK, guys, why don't use like 6.1 and end off the discussion. But that is not the really important thing.

Manuel Lemos:  Right. People sometime seems to be concerned with some silly details. OK, but I think like somebody mentioned, it should be called PHP 6 because it will restore somehow the credit that PHP lost when they canceled PHP 6. So there will be a new PHP 6 that get over the past memories.

Well, I don't know. Yasir, what do you think? Should it be called PHP 6 or PHP 7?

Yasir Siddiqui:  Well, that's not really important. Whatever it should be called, 6 or 7, it doesn't matter, I guess.

Manuel Lemos: You're right. As long as they move on and stop discussing silly things. OK, that case is settled.

The Debate on whether All PHP Frameworks Suck (22:43)

Manuel Lemos: So now, we are going to move on with a hot topic. This is interesting because it had so many reactions. The topic is about a conference that Rasmus Lerdorf, the creator of PHP, gave on which somebody ask at the end some questions and one of the questions is what he thinks about PHP framework.

And that was in an event about PHP frameworks. And what was interesting is that he said that the PHP frameworks, they all suck. This was an interesting reaction, especially in a PHP event for frameworks.  So, it's like saying, All you guys are using things that suck.

[Laughter]

Manuel Lemos: And well, but he explained it. He was not just trying to annoy the audience. He explained several things that are relevant. His main concern seems to be performance because I think it's related with his current work. I think he's consulting with companies that call him to help them to optimize PHP to run on environments that... All scalability enhancements help because it reduces the cost of the servers.

And basically, he commented about several aspects, that frameworks seem to have very annoying problems, according to him. He mentioned that frameworks tend to make the very same decisions on every request.

Like he mentioned, for instance, that if you have a framework that wraps around MySQL to access databases, on every request, it keeps asking, Am I using MySQL? OK, let's load this class. On the next request, it has this very same question, Am I using MySQL? OK, let's load this class.

So it is sort of decision that the scripts tend to waste time repeating the process to take the same decisions. And since the decisions don't change from one request to the other, he sees that as a waste.

And this is interesting. Well, I don't know. Did you guys follow? Did you read this article? Let's try to comment a bit more on each of these points. What do you guys think?

Cesar Rodas: OK. Let me open the tab. I was lucky enough of that I went to same conference a week before that talk, that was in Buenos Aires and we had the opportunity to actually talk and he mentioned all those things.

I kind of think like the way he sees it, like framework, everyone use a set of classes and a set of functions, either their yours or for somebody else. The problem are with the generic framework, like "OK, this is a bazooka. You will look and just kill a fly or kill 20 men." So it will serve its purpose but it won't be perfect solution for just one problem. And I think basically that.

And the other thing is that many frameworks, especially those new frameworks, they were just inspired on frameworks from all the languages. And all the languages where it's totally different, like starting how it is deployed, they create a Web server so they can have some state in there. So they can just afford to just load 20, 30, 50 classes because that happens once.

And in case of PHP, that is different because that happens on every request. And even if you think that is not optimized, that has a beauty that you can use add like 20 servers and it scales. Also you don't have memory problems because one worker dies and nobody cares. Because they are multiple processes most of the time.

The important thing is that from PHP points of view, you cannot use anything from one request to another unless you stored into a database. So the frameworks, they have to adapt into that.

Manuel Lemos: Right. For PHP framework should be optimized for the PHP environment rather than trying to copy what is done on the Java world. I know you are avoiding to say the name Java and probably Ruby.

[Laughter]

Cesar Rodas: Yeah.

Manuel Lemos: But the fact is that that's one typical inspiration. I don't know but I think it's related with the fact that in college, many people learn about Java, not PHP. So whatever is done in Java that they learned in college, they use it in the PHP world because the teacher said so.

The problem is that the teacher is somebody specializing in theory and probably not very experienced in the practical aspects. And whatever he says sometimes leads to expensive decisions like, Oh, you should use all this piles of design patterns just because I'll give you a great score, a greater grade in the end."

Well, the real world is no longer about college. You are no longer trying to get the best grade. You need to achieve goals that matter to the company that you work for.

And if your company requires that you develop, implement, solutions that scale to the point that requiring less servers and be less expensive, that's probably the most important goal, not how many designs patterns that you have used.

And regarding to what you said that is related to another point, which is the dependency of the classes among them. So, if you load one class, you also need to load the several other classes because they are dependent for some reason. Even if it's just a tiny bit, very small use case, you still need to load it or else it fails to load. But for whatever you are using on your application, you probably don't, won't ever call the dependent classes.

And this is problematic when you have many, many classes. I have seen frameworks with so many classes that I wonder if all those classes are necessary. And this is actually very interesting.

Another aspect related with many classes being load is the current… Well, some frameworks has used Object Relational Mapping, the so-called ORM components that try to compose the SQL code that they will execute at the runtime.

But from one request to the other, the actual code does not change. The resulting SQL will always be the same but they always will try to compose the SQL that they will run dynamically as if anything will change. And since it won't, I see it that as a waste. That was one thing that got my attention.

And on a side note, I would like to comment something that probably was most misunderstood. This article that I wrote is mostly my opinion about what Rasmus said. It's not just Rasmus' opinion.

So I commented about other things that Rasmus did not say at least directly. So I now mention about ORMs, it's not exactly Rasmus that commented about that. It was me. So, please don't be confused which person is emitting which opinion. When I mentioned ORM, that was my opinion.

But I was talking about ORMs because many years ago I developed a solution that does not follow that route of composing SQL queries at runtime. What it does is generate code that has the queries already composed in the code that is generated.

So you don't have to go through a repeated process of executing the queries. I mean, composing the queries at run time. And some people say, Oh, but that's not much time. It will not spend so much time composing queries dynamically.

Well, if you add all the small amounts of time that you be wasting here and there - just using the database wrapper class that you need to load, reading the PHP options that you need to load from somewhere, and also composing fields dynamically and other aspects - if you add all those small amounts of time, it will start becoming significant and they start hitting your performance.

I don't know if you, guys, have thought about this. What do you think?

Cesar Rodas: I think that the way that it should work is that it should be in the middle of both work. It doesn't matter when I'm developing something, if it does a lot of checking because it's in my development sandbox.

But I would like to see framework pushing some sort of production mode that it will just walk through my project and just generate a exact bootstrap of what I'm going to actually use always. Because things don't change in production that often.

And the thing is people say it's just a tiny overhead when you use an ORM or something like that. But the thing is that you do it all the time, because PHP doesn't have a memory. It's like a person with Alzheimer, it forgets everything.

Manuel Lemos: Yeah.

Cesar Rodas: And you do it all the time and if you do have one million queries, one million visitors, so you will do it one million times. And if it takes like three milliseconds, that three milliseconds plus one million and those take some time.

Manuel Lemos: Right. And that can be really problematic, especially if you are in an environment on which you need a cluster of many servers to handle requests from many users.

Because if all you are doing is doing small sites that you are still hosting on share server or even a VPS, this problem is not for you, because once you are in a shared server, you pretty much have given up all the performance optimizations that you could make because the shared server is so unoptimized, that forget it.

But if you are working for a company that needs reasonable level of scalability, all these things that are being discussed here on the Rasmus' conference that he participated, all these things matter.

And people should be really, really concerned about this because if they want to evolve as PHP professionals, they should be concerned about all these details that may affect the quality of your work.

And if you are not working for yourself, you probably do not feel it much because in the end of the month, it's not going to be your bill of hosting to pay. But your boss will be concerned and you should follow whatever the needs of the company that you work for.

And another aspect that I think, Yasir, you can also help commenting here is about implementing solutions that are too complicated for the needs. And one thing that brought to my memory is that precisely one of the classes that Yasir submitted for the Innovation Award, and he was nominated for it, it's precisely one class that generates code to use a well-known framework.

Well, I think you can mention that in the case, it was the Zend Framework because it's not a secret. It's one of the nominated classes and everybody we'll be able to see exactly what it was.

In the conference, Rasmus did not mention any specific framework that could cause more or less problems. But what he said is that once they adopt a framework, they try to rip off all the parts that are needless and probably are wasting too much resources.

And I don't know what exactly he was thinking. But for instance, the class that Yasir developed wraps around Zend Framework to actually generate code to use with the Zend Framework, I think it's the form's package, because the way I see it, it is very complicated.

Yasir, can you explain better why exactly did you use, develop, that package?

Yasir Siddiqui: Actually, I have been using Zend Framework over the last three years. And the most complex part of the Zend Framework is, I guess, was using the Zend forms. Especially, the decorators are really very complex.

And even if you want to enter data, you have some validations you encounter, you have to write almost 15 to 20 lines of code like getting objects up. So, they are really complex and they are really difficult to do Zend even if they have a very steep learning curve.

So, after suffering some time, I guess I got it right. I'm not sure I write a better class that should simplify creating a Zend form. So you don't have to go in particular at the Zend form element. You just use this class as a really simple interface and simple functions, just add validators that can help someone instead of, rather than go down into the Zend form complexity.

Manuel Lemos:  Right. So if you were able to develop a package that generates code that is simpler to call the actual Zend Framework, why do you think the Zend Framework is not as simple as the code that you generated? Do you have any clue?

Yasir Siddiqui: Well, no idea.

[Laughter]

Manuel Lemos: Exactly. That's the problem. Nobody understands why a framework's so complicated. It's needless.

Let me make clear that I have nothing against Zend Framework or any specific frameworks. But this is just to highlight one point, which is that frameworks tend to be very complicated, because they try to address many types of needs and in the end, the interface becomes to cluttered.

I think the only solution for that is to rewrite it completely. Probably make it as simple as the code as your package generates and relieve the pain for everybody that wants to use the framework.

But also related with code generation, I think that's what Rasmus said and also Cesar also mentioned a few moments ago, that it would be better if frameworks actually do a sort of production push that maybe generate some code that is optimal for the environment you are running on.

So they actually only execute efficient code rather than generic code that tries to address everybody's need, but it's not the need of the developers that applications that are running.

And one final point that I commented, this again was my opinion. And I wanted to mention this because I think this detail, from what I understood, is a thing that not everybody knows about.

I mentioned duplicating Web server functionality when I was talking about the front controller pattern. The front controller usually is some code that looks at the request URL and tries to match it against a pattern, a URL pattern or list of patterns. And then according to the matched pattern, it loads the actual controller to actually handle the request.

And I thought to myself, well, but at least Apache already does that. Actually, all Web servers do that. Cesar, you once noticed that since the early days of the PHP Classes, the URLs of PHP Classes are not ending in .PHP and that's the same time I'm not using mod_rewrite which is the traditional solution to map any arbitrary URL to a .php request.

And this is a feature of the Apache Web server that allows you to, for instance, let me show here... For instance, in this URL, it's probably very small here on the screen. It starts with blog and then there's post and so on.

In practice, I have a script named blog and Apache looks for filename blog and sees that it exists. And if it exist and in the case, the Apache's configured to interpret it as a PHP script and it runs this.

So instead of a having front controller to look at the URL pattern, in this case it is executing the script and that script will figure any parameters that you may want to extract from the rest of URL if necessary. So there is no need for a front controller to implement this.

Anyway, the front controller is just one case of an additional resource that frameworks tend to push because they somehow were inspired in the Java world and the Ruby world.

And then, the Java world and Ruby world, they use application servers. So the whole request is not handled exactly inside the Web server. It's the application server that handles it. So it must take the whole URL at a certain point and do what Apache already does. But in that case, it's necessary because there's the separation between Web server and the application server.

In case of PHP, there is no such separation because Apache and other Web servers, call PHP directly. So, if you do additional processing of your URL, you are duplicating Web server functionality in this case.

But this is yet another example of things that probably will take a very small time on each request. But adding all small things that are wasting time because you are using a certain framework, you start spending a significant amount of resources that may hurt your performance and scalability in a way that you cannot ignore.

Basically, this is what was sort of discussed by Rasmus. I added also my opinions and let's make clear that this article was not exactly just about Rasmus' opinion.

Other than that, he also mentioned some other questions that I'm just going to mention them very quickly, specifically about the decision to drop APC in favor of Zend Opcode that we already mentioned in past episodes.

He also asked a question about somebody that wanted to compile PHP into some form of binary to protect from copying or at least somebody poking in your code in production.

Well, there are some PHP encoding solutions that are not perfect because they can always be cracked, as Rasmus mentioned.

But if you just want to prevent your boss going in your server, then start changing your code, you may try to make it more difficult for him. Now, you can bundle your code in PHAR packages, which is something that I mentioned in this article just went up besides the Rasmus argument that compile code will always be possible to break.

He also answered the reason why he use $ sign for PHP variables. He also commented about the non-blocking I/O solutions for PHP which are not very common. He actually mentioned that if he had to do some synchronous programming, he probably would go for the Go language. But he also agreed that if he want to do it all in PHP, it is possible.

He also mentioned about the inclusion of JIT in PHP and also supporting Unicode natively, probably not in PHP 6 but rather in PHP 7. And that was basically it, what he commented.

I don't know if you guys want to add any more comments regarding these topics. If you are fine, we can move on with the next topic here in the Hangout.

Cesar Rodas: I think that we can move on. At least my from my point of view, you just explained it, what I was about to say, I like the way that he exposes things. He is not a blind fanatic. When someone ask him about Node, he say, Probably no, I would go by PHP or by Go.

And that is something that if you are programmer who wrote his own programming, that is not very often that you would say that.

Manuel Lemos: Right.

Cesar Rodas: But he said so.

Manuel Lemos: Right. I think he's quite sincere and he doesn't seem to be too biased, which is not usual, as you mentioned.

Interview with Yasir Siddiqui, Winner of the PHP Innovation Award of 2013 (50:05)

Manuel Lemos: OK, so let's move on. Finally, we are going to mention about the PHP Programming Innovation Award of the Year, which finally the results come out after the end of the year nomination, which is about the December classes. They were voted on January, so in February, the results came out. So we can compute the final ranking of the winners.

So this year, the winner was Yasir Siddiqui from Pakistan. Congratulations, Yasir, once again.

Cesar Rodas: Congratulations.

Yasir Siddiqui: Thank you very much.

Manuel Lemos: I hope you're very happy with this. You actually deserved it. It was not a small difference. You had six packages nominated. So you earned 33 points.

The second one who was Chi Hoang from Germany had only four packages, 24 points. It was also a great performance, but did not beat you.

And the third one was also close, but still lagging behind, Ovunc Tukenmez from Turkey, with four packages and 20 points.

I also like to comment that starting this year, 2014, so, this was not yet started in 2013, there is an award for winners by countries. So, besides individual award, there will also be a collective award by country.

So in the year that passed, all authors of each country accumulated points which are added and we compute the ranking by country. In the year 2013, in the case, it was Brazil that won ten packages, with 71 points, followed right behind by Pakistan, your home country.

Certainly, Yasir, you have helped Pakistan reach the second position with nine packages, 51 points. It was not just you, which is great when a country has several people that are talented enough to contribute with great packages. But certainly, you helped Pakistan reach the second position.

So let's talk a bit more about yourself, Yasir. Can you tell us your name, where you live, your work and so on.

Yasir Siddiqui: My name is Yasir Siddiqui and I'm from Pakistan. I completed my graduation in 2006 and right after graduation from the university, I started coding in PHP since 2006. And I have been working till recently, till now in PHP and it has been really a great experience working with PHP as a programming language.

Manuel Lemos: Right. Can you tell exactly where you live in Pakistan? Maybe it will be interesting for your colleagues that live in the same city too sort of find you.

Cesar Rodas: Yeah.

Yasir Siddiqui: Actually, in Islamabad, the capital of Pakistan.

Manuel Lemos: OK, are there many developers of PHP where you live? Is it big?

Yasir Siddiqui: Yup. In Pakistan, Islamabad is the second largest city which you can find PHP resources and programmers in Pakistan.

Manuel Lemos: So, I suppose it's not a small PHP shop, I imagine.

Yasir Siddiqui: Yeah.

Manuel Lemos: So let's talk about your nominations. I wonder if you could comment about well, like six packages. But if you can comment briefly what each package does and why did you develop them, it would be interesting.

Yasir Siddiqui: OK, first I would like to start Zend Framework one I have already discussed about it.

Manuel Lemos: OK. Can you share your screen and show your package actually in the page so we can see? I mean, on screen.

Yasir Siddiqui: OK. Let me...

Manuel Lemos: It's always a challenge but you can make it.

[Laughter]

Yasir Siddiqui: OK, be right there.

Manuel Lemos: OK, let me...

Yasir Siddiqui: OK.

Manuel Lemos: Can you zoom it a bit? It's like Ctrl +. OK, that's enough. OK, let's start talking, one of those packages, one at a time.

Yasir Siddiqui: First of all, I would like to comment on Apple PassBook. Actually, this package generate passes for the Apple devices like iPhone and iPads.

The PassBook system passes a JSON file containing pass entries. Actually, this package can generate that JSON file and the images and the local signature to that you don't have to go deeply to the JSON data, how it is managed and how to put the images. You just use this class and it will generate complete pass with it give you for you.

Manuel Lemos: Right. Is this specific for mobile applications?

Yasir Siddiqui: Yeah, it's only specific for Apple iPhone and iPads.

Manuel Lemos: OK. So the next one is also related with iPhones, right?

Yasir Siddiqui: Yeah. Actually, the Apple Push Notification Service is really common now. Almost every app uses the Apple Push Notification Service to send notifications to the Apple devices using the application.

So this class can be used to send push notifications to Apple devices like iPhone, iPad, iPod Touch. It actually connects to the Apple Push Notification Server using secure sockets and then, it will just  deliver JSON to the Apple server and then Apple server gives the notification to the device. So it is a complete level, what you can see the secure sockets which you can use for sending notification to the Apple devices.

Manuel Lemos: Right. This is sort of similar to those that communicate to the Android Google Cloud messaging platform.

Cesar Rodas: Yeah.  

Manuel Lemos: But specific for Apple, right? 

Yasir Siddiqui: Yeah.

Manuel Lemos: OK, and the next one.

Yasir Siddiqui: The next one is the PHP Circuit Breaker class. The circuit breaker which is basically the service background which is used to test to check if the service is available before trying to reach it.

So sometimes, it's very common to display Twitter tweets and Facebook wall posts and each and everything on the... So sometimes, when a service is down, you just ping them and you just waste the server resources and page load time.

So, what this class does is that if you use PHP APC OpCode Cache to store the last access of each service, and then before sending the request of each service, we just check if their service is available. If it's available, then you ping it. If it's not, then you just simply don't ping it so you don't utilize, waste server resources.

Manuel Lemos: Right. It's for avoiding the overhead, trying to connect to a service that is down for a while, right?

Yasir Siddiqui: Yeah.

Manuel Lemos: But it will eventually check it again, sometime later.

Yasir Siddiqui: Yeah, it will actually check again once sometime later. Exactly.

Manuel Lemos: OK, what about the next one.

Yasir Siddiqui: The next one is the PHP Google Cloud Print API. Actually, this one was really interesting.

You can send documents to a remote printer and can get print of them. This actually uses Google Cloud and it connects with the Google Cloud and then it sends the document to the Cloud using print and then Google Cloud just points to that printer and then the documents get printed over there.

Manuel Lemos: Right. This is sort of also meant to help mobile applications to send the stuff to printers, right?

Yasir Siddiqui: Yeah, exactly. You can do it.

Manuel Lemos: OK, what about the next one?

Yasir Siddiqui: The next one is the PHP URL Compare. It compares basically two PHP URLs. Sometimes, URL get longer especially when you get a request with lot of query parameters. And then sometimes, you have to compare them.

Its very difficult to eyeball each one and then get the difference between them. So you just use this class for both URLs and it will show each and every parameter that is different. So you can easily just tell what's the difference between the two more or less.

Manuel Lemos: Right. So if you have to get parameters in a different order, you'll still match the URL as being the equal, right?

Yasir Siddiqui: Yeah.

Manuel Lemos: So, the last one is, we already commented but you can comment on it again.

Yasir Siddiqui: Well, I would like to comment using Zend Form is very complex. But I would like to say that Zend Framework is really an awesome framework. Whatever you think, whatever you want to develop, it's there in the Zend Framework. But you know, sometimes, things get complicated, especially when the Zend Framework using forms. It's very complex, especially if you want to decorate your form in Zend Framework 1.12. Then, they're really complex.

So this class is a wrapper class. It generates, it provides a simple interface with the programmer. So he can use a simple interface by generating the Zend form files, Zend form class and then you can just put those classes in the Zend form and get them start looking easily. So you don't have to do complex thing, do deeper complexity of the Zend forms.

Manuel Lemos: OK, OK. So, as we commented, this is meant to simplify the lives of those that want to use the Zend framework. Well, maybe Zend could actually hire you to make their framework simpler, so nobody needs a generator.

[Laughter]

Yasir Siddiqui: Yeah, yeah.

Manuel Lemos: Well, so, OK then. That is awesome. That is quite a good bunch of interesting innovative classes. I hope you can continue to send more innovative classes in the future.

Now, I would like to know, from the other packages nominated to the award, was there any one that you notice, any package that you notice that would be worth noting? I mean, from the other authors, of course.

Yasir Siddiqui: Yeah, there are few packages which I would like to say. The one with iFile.

Manuel Lemos: If you can share the Innovation Award winners page.

Yasir Siddiqui: OK, yeah, there it is. It's from the November 2013. It ranks number two, IFile, Index and search documents using Lucene or MySQL. I think that is really an awesome class. It uses the full text search, you can use full text using MySQL lot, such Lucene. This is really a good class to have.

Manuel Lemos: Any other class or just that from the top of your mind?

Yasir Siddiqui: The other was Status 404 PHP Best Match Page. I really like this class because sometimes when you see a 404 page, then you would also like to show users that there are some similar pages. Maybe he is searching. So you just play it, you can see basically four format pages.

And the other one which I would to say was a really good class, Web Site Traffic and Pages Access, which you can analyze traffic when your server, which pages are being mostly visited by the visitors.

Manuel Lemos: Which one is that?

Yasir Siddiqui: The last...

Manuel Lemos: Sorry, I didn't get it. The previous one that you mentioned.

Yasir Siddiqui: I guess it is from...

Manuel Lemos: So the Status 404 is from Peter Kahl from Vietnam, I think. No, Hong Kong, sorry. And it was in September. And the previous one that you mentioned.

Yasir Siddiqui: That was Status 404 and then Website Traffic.

Manuel Lemos: Website Traffic, right. The one from MarPlo from Romania, I think and I think it was in August.

Yasir Siddiqui: August 2013, yeah.

And the last one is the PHP Google Driving Directions, which I like. It's really a good package to have.

Manuel Lemos: Oh, I see. It's from May, from Marcus Brasizza from Brazil. PHP Google Driving Directions.

Right. Exactly. There are so many good classes that probably we wouldn't have the time to talk about. I think it's like 50 or 60 nominated classes during 2013.

Cesar Rodas: Yeah.

Manuel Lemos: And this is great because it always adds a lot to the site and everybody benefits from the community. OK, so, basically, I was trying to actually get your opinion on these packages, not only about yours but also about others.

Now, I wanted to know more a bit about if you feel that your participation in the Innovation Award somehow influenced your career already or maybe it didn't influence much yet?

Yasir Siddiqui: Well, I would say it has much influence in my career, yeah. You know, when you write in your CV that your classes have been nominated in the PHP Classes and you are the winner and then, the most important thing is you are contributing to the Open Source community and helping people to find out a solution. That really helps, that really gives you an edge.

Manuel Lemos: Right. Well, I imagine but in some countries, people may pay more attention to that or not, but it's good to know that somehow it has been helping you.

Well, moving on, another thing I wanted to ask is more about if the participation in this award somehow already motivated you to contribute more, maybe send more innovative classes? Or maybe you need some time. What are your plans?

Yasir Siddiqui: Well, honestly speaking, I need some rest by the next two or three months and then I will once again start contributing some good work to the Open Source community.

Manuel Lemos: Because here, you actually sent quite a good bunch of classes. It must have given you a lot of work.

Yasir Siddiqui: Yeah.

Manuel Lemos: Right. It's like Cesar that won the Innovation like two years in a row. He sent tens of innovative classes and now he's resting because he's very tired.

Yasir Siddiqui: Yeah.

[Laughter]

Cesar Rodas: Right. The thing is that I didn't work that much back then. But now, I have a lot of ...

Manuel Lemos: Well, you have to work.

Cesar Rodas: I have a lot of clients, yes. I would say that if you can tell us how it goes in six months or so. Because in my personal experience, back in 2008, I was contacted through the web site for doing some telecommuting work and since then, I'm not working from an office. And it has been the best thing that ever happened to me.

So without Open Source, probably I would be just writing a very stupid program using forms or probably Oracle or something, what they teach at the college. I think Open Source is very important. And I think it make you outstanding into and it makes you different from the crowd.

Manuel Lemos: Right.

Cesar Rodas: And in my personal experience, it really helped me. So, I wish you the best of luck and let's see who can win this 2014.

[Laughter]

Manuel Lemos: Right. By the way, Yasir, do you work for companies in offices or do you work remotely, probably to companies in other countries.

Yasir Siddiqui: Yup. In Pakistan, we usually work Muslim day offices of the companies. It's usually nine to five or nine to six. And sometimes, people work in night shifts from eight PM to four AM or five PM.

Manuel Lemos: Oh, I see.

Yasir Siddiqui: So most of the people work with the companies over here.

Manuel Lemos: Right. I would say that you are above the average. Did you get any offers to work directly to companies abroad? Or you didn't get those yet?

Yasir Siddiqui: Well, I didn't get those yet at the moment.

Manuel Lemos: Ok, but if some company would like to hire for you to work probably remotely, so you don't have to leave home, would you be interested?

Yasir Siddiqui: Yeah.

Manuel Lemos: As long as it pays well, of course.

[Laughter]

Yasir Siddiqui: Yeah.

Manuel Lemos: That's an important detail.

Well, so anybody, that might be interested to hire Yasir, now you know that he's talented enough to win the year's Innovation Award. it was not just one monthly award. It was six packages, so it's not a trivial amount of skilled work.

OK, other than that, I also wanted to ask you. Now, that we have the championship awards by country, based on nation championship that we'll sort of make a contest by country, so the country that wins will get a special prize that all nominated authors of that country will get an elePHant. By the way, I did not mention but you also will get an elePHant like this.

But in the case of the country winners, I also would like to comment... Actually, I announced it a few weeks ago that the country that wins will get a special prize that will include one of these elePHants for each of the winners.

So in this case, the Innovation Award, if it's already happening in 2013, the winner was Brazil. So all the developers of the ten packages that were nominated would get their own elePHant apart from a special prize that I'm yet to announce.

So anyway, my question to you was, do you think this championship award are encouraging enough? Do you plan to encourage authors from your country to also contribute, so your country eventually wins the nation's award this year?

Yasir Siddiqui: Yeah. Well, first of all, I would like to say that this is really a good initiative, the country championship. This will encourage more and more people from the different countries so that they can contribute more and more packages for their country. If not this time, maybe next year, it can win and get the first place.

Manuel Lemos: Yeah. Well, did you already contact other authors from your country to also send in innovative packages, probably collaborate with ideas to see... Because the nominated package needs to be innovative, of course.

Yasir Siddiqui: Well, I have a couple of friends, I talked to them about the contributing to the PHP and then I just told them about the prizes which they get if they get nomination in it. And the most important thing is the recognition which they get, and they were really excited about them and they said that they will try to contribute this year.

Manuel Lemos: Right. That's good to know. And also, as I mentioned it, besides recognition, there is also the exposure that you got. Cesar can tell more about it. Cesar, you also mentioned last month that you are now working for Megaupload, thanks to the many Open Source contributions that you have posted, right?

Cesar Rodas: Right. Basically that, and I've heard of more and more companies - I cannot give names - but they are all thinking of sharing the product that they have because they don't make money out of the product but they make money off their services they provide.

And they are thinking to make it Open Source. Not only to just show how they build things but also to just discover talented people and how to hire them as quickly as possible.

So, if companies are thinking in that way, it's because it really makes sense. Because we are in a profession that we can show all our talents and they can see how we worked without a trial period. So that's something good.

Manuel Lemos: Right. Your work is already there in the...

Cesar Rodas: Exactly.

Manuel Lemos: ... public sites. Not only in PHP Classes, GitHub and many other sites that expose your work and they can already see it. Not only they can see your work, but for instance in the case of PHP Classes, if your package is innovative, it will be exposed that you are capable of creating new solutions that probably nobody thought before.

And that's quite a great value that you can add to companies. So I'm sure that for instance, Yasir, if he was not already contacted by foreign companies, I think it's a matter of time. In my opinion, of course.

Cesar Rodas: Yeah.

Manuel Lemos: OK, we'll just end this interview, we'd like to make a couple of questions that I usually make to invited guests. Basically, the first question would be just to mention one thing in particular that you like in PHP Classes.

Yasir Siddiqui: Well, the prize which you get.

Manuel Lemos: The prizes, of course.

Yasir Siddiqui: Yeah, yeah. I really like it.

Manuel Lemos: Well, in that case, we have to thank the sponsors that have joined this initiative. We have all them listed here: Codenvy, IP2Location, Zend, NuSphere, ActiveState, Human Profile, JCX Software, Code Lobster, PHP Architect, PACK Publishing and O'Reilly.

There were others that left and others came in their places and this has also served as a notice to companies that want to sponsor the Innovation Award that can always join in. It cost you nothing other than actually sending the prizes to the winners.

There's no money amount to be paid to the PHP Classes site and you get a lot of free exposure. We can call it free because the only duty is to actually send the prizes to the winner that pick the prizes.

Other than the prizes, now I like to ask one final question which is to... One bad thing or one thing that is probably not so good in the PHP Classes site that you would like to highlight and would like to see improved somehow.

Yasir Siddiqui: Well, I have been having a real good experience with the PHP Classes but I would like to give some suggestions regarding improvements.

Manuel Lemos: Sure.

Yasir Siddiqui: I guess, first of all, PHP Classes should also launch a smartphone app, like Android and iPhone app. Yup, so people can log in using the smartphone app and see their packages.

And each and every functionality of the site should be also be there in the smartphone app like on iPhone. That could really help. And sometime people ask questions that they need help about, so they post on your package forum, you can just log into your smartphone app and then just reply from there. That would really help the people.

Manuel Lemos: Right. That's interesting. Actually, last summer, when PHP Classes reached 14 years of age, I tried to put some plans about things that I was considering. I also asked about making the site more mobile friendly.

Well, not many people answer to that but I can understand probably in some countries more than others, people use more smartphones than actually computers to access the Web, especially the younger users. So it makes sense. I don't know if it's something that could develop sometime soon. But I certainly will keep that in mind, so I appreciate the suggestion.

And, OK, regarding this interview, we practically ended. I don't know if there's anything else that I have not asked to you that you'd like to comment.

Oh, by the way, you can stop the screen sharing. You still have the screensharing on your... OK.

Yasir Siddiqui: OK.

Manuel Lemos: OK, go ahead. Is there anything you would like to comment, any question that you would like to be asked that I didn't ask or anything? 

Yasir Siddiqui: Nothing, I think. It's all there is to it.

Manuel Lemos: OK. So, thank you for this interview. Congratulations once again.

JavaScript Innovation Award Winners of November 2013 (1:19:36)

Manuel Lemos: So now, we are going to move on to one of our final sections on which we comment about the Innovation Award nominees of the last month. It is the last month that we commented, it was also the next month to comment about November. Then in November, they were nominated and then in December, they were voted by the users and then in January, the results come out.

So we'll start first from the JS Classes site with three nominees. Let's start by you, Yasir. Which one you would like to comment?

Yasir Siddiqui: Well, I would say the winner of November 2013, JS Image Magnifier.

Manuel Lemos: OK, if you can share your screen to show the package.

Yasir Siddiqui: OK. That's it. It's the winner of November 2013, JS Image Magnifier, show a zoomed version of an image under the mouse.

Manuel Lemos: What I see... For some reason, the screensharing is not appearing. I don't know. So, anyway, I'll try to show it here.

Cesar Rodas: I can see his screen.

Manuel Lemos: Oh, really? Oh, OK, it got here. Probably it's a bit slow, but anyway. So which one you would like to comment?

Yasir Siddiqui: JS Image Magnifier.

Manuel Lemos: OK, if you can open that page, it will be helpful. OK, so can you comment about that package?

Yasir Siddiqui: Actually, I really like this package. Sometimes, you need to show the zoomed of an image, especially when you click on an image at a page your are on, what the image is. Especially, it's a need when you are showing some products like a shopping cart where the user want to see a more zoom image, usually use this class, rather than unloading a full high resolution image.

It will just show your thumbnail, then the user wants to see the detailed image, he just holds over the mouse on the image and then it shows the full high-resolution image. That's really what I like about this package. It's really good. Good one.

Manuel Lemos: Right. That one is Mark Rolich from Armenia. He has sent quite a good bunch of packages. And that is interesting because... I think you can show a demo. If you scroll on the page, I think there's a related link that says Demo something. Yes, that's the one that says Demo and Docs. in the Related Links below.

Yasir Siddiqui: Yeah. There it is.

Manuel Lemos: Right.

Yasir Siddiqui: You can see the...

Manuel Lemos: Right.  Yes, this is interesting. I have seen this in many e-commerce sites this effect and it shows a low resolution picture on the left and on the right, a picture is on the right.  OK, this one is interesting.

Cesar, now we're going to move on to the next package. Which one would you like to comment?

Cesar Rodas: Let me show my screen first. Can you see it?

Yasir Siddiqui: Yup.

Manuel Lemos: It's a bit slow here.

Cesar Rodas: Right. I'm going to talk about one class, precisely it is an application that is named Web Notes. It is a Web application that can manage notes which looks like Opera apps. Apparently, I don't use Opera.

I use it because it is unusual to me to see like a complete product, not just classes. I think the result was cool and here is a demo and basically, with this you just add notes, you can send notes and many other things via email. So I choose it. And it was written by Arturs Sosins, he's from Latvia. And apparently, he is a very active user. So kudos.

Manuel Lemos: Actually, he was one of the three winners that JS Classes Innovation Award of 2013 had. And that was one of the classes that helped him to be nominated, actually to win the award.

Now, moving on, in my case, I would like to mention the third package that was submitted by Oliver Leuyim Angel from Mexico. In this case, it implements the Facebook Connect OAuth protocol to get the tokens.. And so, it does without, I think, needing the JavaScript API that Facebook provides. So this is interesting that won't develop packages based on Facebook applications.

PHP Innovation Award Winners of November 2013 (1:25:40)

Manuel Lemos: So with this, we are going to move on to the Innovation Award winners of November of PHP Classes site.

There were many innovative packages, like 13 packages this month. Unfortunately, this hangout is already too long and we don't have much time to cover all of them. But we can cover like three. Well, we already talked about Apple Passbook PHP Class by Yasir.

So Cesar, which package would you like to comment.

Cesar Rodas: I'm going to comment... Do you see my screen?

Yasir Siddiqui: Yeah.

Manuel Lemos: Yeah, OK.

Cesar Rodas: OK, I'm going to talk about a parser from Esri Grid ASCII files. So it basically can extract geolocation data from those file formats. I am particularly interested into this class because my father, he is an engineer and a geographer so he uses these programs. So I know what it does.

And secondly, it's because it is a file parser, so I am always interested in parsing things. And it was written by Karim Ratib. I think I'm pronouncing it right. And he's from Canada.

Manuel Lemos: Right. That's an interesting package for people working with GIS and geography systems in general.

And on my part, I also to comment on one package that I found very interesting somehow. It is related with the problem that we mentioned about two months ago that PHP.net site was attacked and somebody, somehow, for a reason - that it was not yet disclosed if there was any conclusion that was reached - changed JavaScript files that were served by the site.

And that was sort of infecting the computers of the users, at least make them work in a way that is not the way it's supposed to be.

So this package from Larry Wakeman from the United States... Actually, he has been a great contributor. He already had two nominated packages. One of them was winner, which was this package here.

What it does is basically to compare files in two directories to find the changes. So if you have your site files in a directory and then, there's another directory with the copy of the files, if any of the files was changed, you can actually run this class and detect the changes and be warned that somebody, somehow invaded your site and was able to change the files.

This would have been helpful to address the problem of security issues that happen in PHP.net site sooner rather than later. Because what happened is that PHP.net maintainers only realized that they were attacked when some user complain in their forums.

So if they used an automated process to detect changed files like this, they certainly would have detected it early and save them from the small embarrassment.

I say this because I somehow sort of passed that problem, not sure, a few years ago, I don't know. I think there was a vulnerability in the server that serves static files and some attacker sort of was able to change the file and make it serve some ads or something.

And I only realized it because Google detected it and sent a notice to  me so I could fix it. I had to run and rush. And when something like that happens, Google stops sending you search traffic because your site is considered to be infected with malware and this is bad for the site.

So components like this are very useful and can be used for helping to fix problems sooner rather than later. And we also commented about this in a previous Hangout, with Jim Malico from OWASP that was kind of enough to show up in the Hangout.

Conclusion (1:31:04)

Manuel Lemos: So with this class, we practically ended this podcast. I would like to thank you, Yasir, for coming. Congratulations once again for your award. Yasir, I wonder if you would like to leave your contacts in case somebody wants to contact you, maybe to hire you or for some other reason. Would you like to leave your contacts so they can talk to you?

Yasir Siddiqui: Yup, OK.

Manuel Lemos: What would it be? Do you prefer email or something?

Yasir Siddiqui: Yeah. It's email, my email address at PHP Classes.

Manuel Lemos: Oh, OK, the email address?

Yasir Siddiqui: Yeah.

Manuel Lemos: Currently it's not being exposed. It used to be in the past. Probably, you can... You would need tell it here because the site does not... Or you prefer them to contact you via private messages in the site?

Yasir Siddiqui: That's fine by me. If they want to contact me using the private messages, that can also work for me.

Manuel Lemos: OK, that's fine.

So with this, we practically ended the podcast. I also would like to thank you, Cesar, again for coming.

Cesar Rodas: No problem. My pleasure.

Manuel Lemos: OK, with this, that's all for now. Bye.

Cesar Rodas: Bye.

Yasir Siddiqui: Bye.

[Music]


You need to be a registered user or login to post a comment

1,251,317 PHP developers registered to the PHP Classes site.
Be One of Us!

Login Immediately with your account on:

Facebook ConnectGmail or other Google Account
Hotmail or Microsoft Windows LiveStackOverflow
GitHubYahoo


Comments:

No comments were submitted yet.


<< Previous: 4 Reasons Why All PHP...>> Next: How to Use a Webcam t...

  Blog PHP Classes blog   RSS 1.0 feed RSS 2.0 feed   Blog The Debate About All ...   Post a comment Post a comment   See comments See comments (0)   Trackbacks (0)