Author: Manuel Lemos
Viewers: 29
Last month viewers: 9
Categories: Lately in PHP Podcast, PHP community
This was one of the main topics discussed by Manuel Lemos and César Rodas in the episode 43 of the Lately in PHP podcast.
They also discussed other topics like FastCGI support in HHVM, having PHP function naming consistency plans for PHP 6, TLS peer verification for secure connections, and using Composer to install JavaScript, CSS and images for PHP projects.
Listen to the podcast, or watch the hangout video, or read the transcript to learn more about the details of these PHP discussions.
Contents
Introduction (0:20)
The latest PHP releases: PHP 5.5.7, PHP 5.4.23, 5.3.28 (5:08)
TLS Peer Verification (8:02)
The Proposal for the get_class_constants function (13:17)
Function Naming Consistency in PHP 6 (18:14)
Faster CGI with HHVM (23:08)
Is HHVM ready to replace Zend Engine for PHP 6? (29:40)
Using Composer to Install JavaScript, CSS and Images Under the Web Document Directory (38:07)
JavaScript Innovation Award Winners of October 2013 (1:06:12)
PHP Innovation Award Winners of October 2013 (1:08:19)
Conclusion (1:16:12)
Contents
Listen or download the podcast, RSS feed and subscribe in iTunes
Watch the podcast video, subscribe to the podcast YouTube channel
Read the podcast transcript
Introduction music Harbour used with explicit permission from the author Danilo Ercole, from Curitiba, Brazil
RSS 2.0 feed compliant with iTunes:
http://www.phpclasses.org/blog/category/podcast/post/latest.rss
In iTunes, use the Subscribe to Podcast... item of the Advanced menu, and then enter the URL above to subscribe to this podcast.
Watch the podcast video
Note that the timestamps below in the transcript may not match the same positions in the video because they were based on the audio timestamps and the audio was compacted to truncate silence periods.
See the Lately in PHP podcast play list on YouTube and Subscribe to this channel there.
Show notes
- Proposal: get_class_constants function
Introduction (0:20)
[Music]
Manuel Lemos: Hello. Welcome to the Lately in PHP Hangout. I'm going to start calling this 'Hangout' from now on. There will no longer be podcasts, just Hangouts. And this is Episode 43. As before I have here with me, Cesar Rodas.
Hello, Cesar. How are you doing?
Cesar Rodas: Hello. I'm doing just great. I could not be better.
Manuel Lemos: Oh, really? What have you been doing of good to be so happy?
Cesar Rodas: Well, it happens that what I mentioned in the last Hangout, that was in December. Technically, it was last year, I am working for a New Zealand company...
Manuel Lemos: Oh, you told me.
Cesar Rodas: Yeah.
Manuel Lemos: But you're making it secret. You said it was a known or famous or whatever. What is that company? Can you reveal now or is it still a secret?
Cesar Rodas: No. I can reveal it now. It's MEGA company. So, it's a mega company and the name is mega.co.nz. It's the successful web site from Megaupload. So I am there as a....
Manuel Lemos: Oh!
Cesar Rodas: Yeah.
Manuel Lemos: Oh, you're kidding me, right?
Cesar Rodas: As a developer, yeah. No, no way.
Manuel Lemos: I don't know. Are you sure? No, no, is that a... No, you are making fun of me, right?
[Laughter]
Cesar Rodas: No way. No way.
Manuel Lemos: So, it's serious?
Cesar Rodas: Yeah. And for the first time in my entire life, I can tell to any mere mortal where I am working and chances are, they know what I'm talking about.
Because before, it was just some shopping at a given city that chances that they will never ever have any, even heard of it. So, it's the first time that I'm working in a so famous company and I'm just, just, just very happy. So, if anybody...
Manuel Lemos: Now, I know what you mean. So that's why you have put it here on the subtitle 'MEGA developer'.
Cesar Rodas: Yeah.
Manuel Lemos: That's explains it. So are you really working for the famous Kim dotcom?
Cesar Rodas: Yeah, I didn't meet him yet but I'm working with so many great people. The things that we are building, it just blew me away. Basically all that was before running from the server side, it is running now in the browser side. It's just amazing.
Manuel Lemos: Are you working on something in PHP? Or what are you doing? Can you tell? I don't know if you can tell.
Cesar Rodas: Sure, sure. At the moment, I am a JavaScript developer, so I'm working on improving some of the parts of the Web applications.
I guess at some point in the future, I might help in the backends doing some PHP because they do use PHP with MySQL and it does SQL. And so, I don't know. At the moment, I am doing JavaScript, but the kind of JavaScript that nobody else does. So, it's so exciting.
Manuel Lemos: Yeah.
Cesar Rodas: I can't say how happy I actually am.
Manuel Lemos: Oh really, wow. At least you are working for a company that made fame. I'm not sure that everybody would think it's famous for the right reasons.
But, at least, I'm sure your work will probably will make an impact to many people that probably were not able aware of what exactly they do. I don't know, I think congratulations should be due, right? I know.
Cesar Rodas: Thank you.
[Laughter]
Manuel Lemos: Well, OK, anyway, we are here to talk about PHP but it was interesting to know about your new job.
Well, if you are working with JavaScript, I hope you gain interesting experience there and also share some interesting JavaScript components at least in JS Classes. You said, for now, you are not working with PHP.
The latest PHP releases: PHP 5.5.7, PHP 5.4.23, 5.3.28 (5:08)
Manuel Lemos: But OK, let's move on with the podcast. Now, we are going to talk as usual about the latest developments in the PHP versions.
And we are going to start exactly about the latest releases in December of PHP. There was the 5.5.7, which is basically, as before, bug fixes mainly. But I think they are like in in the update for 5.4 and now also for 5.3. There was a security bug fix related with OpenSSL.
Here it says 'fix memory corruption openssl_x509_parse()' but it doesn't say exactly what this fix is. But it seems to be an important security fix because there was actually a release of 5.3.28, which means that it is an important security fix, I supposed. Right?
Cesar, did you look into this fixes or am I not right in calling this important?
Cesar Rodas: It might not be important for many people but I saw the fixes on the PHP 5.5.7 on the getallheaders(). So that was implemented, because this function... I don't know how to call it but it is implemented differently for each SAPI, for each server interface.
So, that function was missing for the PHP built-in Web server which by the way I was skeptical about how useful that would be. I'm using it now for all my development and it's so handy. I don't have to go and deal with any Apache configuration.
Manuel Lemos: Yeah.
Cesar Rodas: It's so helpful that I would recommend to any developer that if we do have many virtual host, you want to take a look to what the PHP guys, what the PHP folks, what they have done in the PHP 5.5. It's just amazing.
TLS Peer Verification (8:02)
Manuel Lemos: Yeah. Well, that's interesting , but we are talking about security. And regarding that, now we are going to move on also talking about a proposal for a feature, eventually to make 5.6 right, which is about peer verification when using TLS layer, security layer for everything that requires a secure connection using TLS 1.0.
Cesar Rodas: Yeah.
Manuel Lemos: Well, it seems that at least the initial proposal was to consider three options, which would be to continue with peer verification disabled as we have in the current versions, or implement a patch that would force the verification on the connections.
I don't know if it would still be an option but I take it that every time you connect to secure server to verify if the peer is real, the server, I mean, is really who it says it is using certification authorities. I mean the certificates too would be bundled with PHP and the other alternative would be to implement the proposed batch but not bundle, just use it probably what you have in your Linux distribution.
And there was a vote, everybody seem to vote yes, but in the end it seems that those with discussion with Rasmus and it was determined that the original peer verification vote it should be discarded. So it seems it didn't count.
Well, I don't know if this is a good idea. I'm not sure what was exactly the reasoning. Cesar, did you follow these discussions? What do you think about the outcome?
Cesar Rodas: I didn't follow much. However, I stumbled with this problem not long time ago. I was building a private RSS parser and I have some issues like trusting HTTPS.
So I stumbled and I found this problems by default it doesn't care about the sites and I was using a curl, so it was complaining.
So I end up just saying that just don't verify that because I didn't know how to configure that. Apparently, that would continue being, but they will explain how to enable that, which to be honest, I don't know what could be the downside of bundling it and making it working by default.
I could say that it would be like an easy target. Say I want to just do malicious sites, I could just add it and if nobody verifies that, that would be distributed into a few million servers and that will be chaos.
But I don't see any down sides.
Manuel Lemos: Yeah.
Cesar Rodas: If that ever happens, that means that the release cycle is broken, which is not in PHP. So, I don't know, to be honest about that. But I would like to as a mere mortal developer, I would just like to just help PHP fetch me this HTTPS and just forget about all those details, like it should just work. But it doesn't right now.
Manuel Lemos: Right. Well, I thought this is an important matter regarding developing secure applications that need to request resources from secure servers. Because it could cause some security problems, man-in-the-middle attacks, which are the usual types of attacks that could happen when you do not verify the peer, the certificate of the server.
Well, I don't know. Maybe there is a good reason, at least, for not doing it right away. But we'll see. So it seems that the vote didn't count.
The Proposal for the get_class_constants function (13:17)
Manuel Lemos: OK, now moving on to another feature that was proposed. This time was one about adding a new function to PHP that would allow to get the constants of a certain class that may have defined some constants.
This is a simple feature request actually. I don't know if they already submitted it has a proposal. This is just first a discussion from Stefan Neufeind.
I don't know, this probably can be useful. I'm not sure about any use cases. Cesar, do you have any idea of any use cases that a function like this could be useful?
Cesar Rodas: Sure, that would be really useful in places where you want to get information about a class, a constant. So, from the top of my head, I could use it in several projects.
Specifically, because what I tried to do with my spare time is just to write codes that could rate some input that most of the time are other objects or classes and do something with it.
So if you ever use it, any functions like a get_all_functions or get_class_vars and things like that, so it would behave in the same way. And the reason why he asked it, I don't really know. But it does make sense.
Manuel Lemos: Yeah.
Cesar Rodas: And he got some expected responses from people, like you could do it using reflection and query objects are just cheap to do that.
And the reason being is that from time to time, like from five years ago, people, they don't like functions in PHP. They prefer objects and methods. It's some sort of placebo that make them believe that's the proper way.
So, I don't see any downside. Like if that function is ever available, I would use it, without hesitation.
Manuel Lemos: Yes. Right. Well, but the question is, when would you use it? Do you have any case you would like to use it?
I think maybe, for instance, if you have a form that has some select fields. So you can pick some values for certain type of variable that takes certain constants for a class, maybe they want to pick it there automatically, I don't know.
Cesar Rodas: I don't know. I'm just thinking from the top of my head an easy example where you might want to have it useful.
Manuel Lemos: Yeah. It's practically...
Cesar Rodas: Probably, you are rendering a form and you want to render a select from a class. So you could just use that, like the possible values are these values.
And here's the machine name and here is the value that the people should see it. Because at the end, constants are just key values that cannot change at runtime.
So that is an example. Say, you have a class that has, I don't know, a class which is person or that might not be a good example. But probably types of things and that has like 20 constants. So you could just do like give me all the constant that I want to and render it into a form so people can actually choose one of those.
So suppose that then, you'll need to add a new constant. You'll go just to one place and you add it or... That might be handy.
Manuel Lemos: Well, I don't know. Well, maybe this can be useful for that case.
Function Naming Consistency in PHP 6 (18:14)
Manuel Lemos: Anyway, moving on with the podcast. Another proposal here is something more towards PHP 6, because this probably will require a greater effort, will not be done immediately for 5.6, which is the idea to make the function names in PHP more consistent.
I think this is related with how words are separated in function names. In PHP, some functions have multiple words and they are separated by underscore. In other cases, multiple words are tied to each other and they are not very consistent.
So I think the idea here is more to address that problem. I don't know if this is really, really necessary but somebody proposed it and there was discussion about it.
What do you think, Cesar? Do you think this is important or maybe not really that much?
Cesar Rodas: It could be important if this issue was addressed like 15 years ago.
Manuel Lemos: Yeah.
Cesar Rodas: I would think that now, it is just too late. There are over few thousand functions native that come bundled in PHP and duplicate one of them, it takes a very long time as it should. Because imagine if you just upgrade your PHP and suddenly nothing works because functions are just missing.
So, this could be useful from now on, but now the trends are about the extensions and things that are adding into the core.
They trend to be rather objects and classes and methods, no longer functions. Like the last function I remember that was added was the password functions. Those functions, they are really useful and you should use it, by the way, or everyone.
I don't remember the new functions had been added to the core. So, I don't see that this is useful now. It would have been useful 15 years ago.
Manuel Lemos: Well, I think the idea is more to bring some consistency so those usual PHP complainers, like fans of other languages, they stop having that excuse: "Oh, PHP is not consistent because some functions have underscores and others don't."
And the idea is not to rename the functions just like that. They would still provide aliases. So the original names would still be valid. So it would be an alias to the to the new name with underscore separating the words.
So, in that sense, I think it can be done. It's probably would be a tedious task but if they think it's important. Well, whatever think it's important should actually implement those aliases.
Cesar Rodas: Right.
Manuel Lemos: But for me, it doesn't really make a difference. But I understand that people that are concerned with this probably are concerned with complaints against PHP. So it's a start of eliminating a complaint, an excuse for not using PHP that some people provide.
Cesar Rodas: Yeah. The thing that bothers many people is that PHP is not and was not an academic project or product or program language.
Manuel Lemos: Yeah, never.
Cesar Rodas: And it became mainstream and has actually been used by many, many people. So haters are gonna to hate. So I believe this is a good thing. That as long as they don't break my old code, I will embrace it if it ever happens to happen.
Manuel Lemos: Right. I think whatever they do, they will not do it in a way that breaks backwards compatibility, so it will not cause problems and your current code will not break in the future PHP versions because of these renamed aliases.
Faster CGI with HHVM (23:08)
Manuel Lemos: Well, anyway, now moving on with the podcast, I now found out about this article here about the HipHop project. For those that are not still not familiar with it, Hiphop now, there's a virtual machine for providing dynamic compilation of PHP into native code.
It's a project that is sponsored by Facebook. I mean, they not only sponsor development but they also use it in their servers, because they have a great part of their code, I assume it's in PHP. So they developed this a HipHop Virtual Machine, HHVM.
And this article here is talking about that now they have added FastCGI support to HHVM. So if you are in an environment that use this HHVM, from now on you can use... I mean, an environment that use FastCGI, from now on you can use HHVM to compile, to run your PHP code.
Well, I'm not sure how good this news is. Personally, I'm not using HHVM yet in any of my projects. I think it is a very interesting project but I don't know yet about these details if they are really important.
Cesar, have you been using HHVM? Have you at least tried it? What do you think about this announcement?
Cesar Rodas: I remember that we compiled one of my virtual machines when it was brand new. That was probably two years ago, I don't remember. But that was the last time I actually used it.
The thing is that it is designed to be easily compiled if you use Ubuntu which I don't use. I happen to be using OpenSUSE now. So I tried, I couldn't, so I just stopped using it.
But I follow all the developments and what they are doing. I met last year one of their developers in Buenos Aires and they are doing just magnificent things. They are optimizing at such low level that they are optimizing at the assembly level. And right now, it just run faster than ever. So they are doing a really good job.
So, I don't have... Why I never used it if it is such a great thing? Well, the main thing why I'm not using it, because some of the extensions that I need are missing there.
Manuel Lemos: Yeah.
Cesar Rodas: So it is a completely a new thing written from the scratch. So, I cannot use a PECL extensions. I don't use many of them but I particularly used the one that come from Mongo, I just happen to use that a lot. And with this HHVM, you could use MySQL. So, that's why I'm not using it at the moment. But who knows in the near future if I would just use it.
And in terms of the FastCGI, I don't know if that is particularly useful. Why is that? Because HHVM, they implemented already a multi-threaded Web server.
So, if you want to have just one entry points to your cluster of servers, you could easily just implement a reverse proxy and having a FastCGI is not an advantage in terms of performance, probably. But it is always good that they are trying to make it mainstream. So, that's something that I like.
So I think it is something good.
Manuel Lemos: Yeah, well, regarding that problem of not having all the extensions in HHVM, I remember that, I think it was Sarah Golemon that mentioned sometime ago that they would be working on providing all the extensions, at least as many extensions as possible. So, there would not be excuses for not using HHVM at least in the future. But obviously, that will take time and probably they have limited resources to do it.
Cesar Rodas: Yeah, if I would do it myself, which I won't because I don't do C++. I would instead just provide them macros. So you can take the most basic extensions that do not do anything extraordinary, for instance, like Xdebug which is doing too many internal things, so that wouldn't work.
But say, you want to use one extension to just handle a hash or anything, when you see those macros, so you can take that C code and just add some middle-layer that could be a proxy between those two worlds. And the HHVM has to emulate as much as possible how the Zend Engine works for the extensions.
That's how I would do it because you work hard, but you work once. At least, that is in theory.
Is HHVM ready to replace Zend Engine for PHP 6? (29:40)
Manuel Lemos: Right. Also tied to this topic of HHVM, there is another thread discussed in the PHP Internals, developer with the name Zhifeng Hu, he asked about if it would be possible to introduce HHVM to the PHP kernel tree. I think he means like replacing Zend Engine with HHVM.
Well, we have actually talked about that in the past. If HHVM does everything that Zend Engine does, I think it would be a great a improvement for PHP. Because nowadays, Zend Engine does not do any dynamic compilation of PHP opcodes into native machine code. And I think it could gain a lot of performance. So this guy was asking when it would be possible.
There was a discussion about this. There are some complaints about things that are missing in HHVM. And well, at least, in the near future, that probably would not happen, but maybe in a few years. I don't know. What do you think, Cesar?
Cesar Rodas: If that ever happens to be true, if that is doable, that would take a very long time. Like I remember that when PHP 5, when it was released and when it was planned, plans for development and things like that, it took so long time that before that, I wasn't even developing.
So, if that ever happens to be true, that would take, I would guess what, five years or so. Which isn't that bad, like having two implementations is not something bad at all.
Manuel Lemos: Yeah.
Cesar Rodas: There are many program languages that have one C implementation and many others. They are in Java. There are JPython. There are IPython. There is the CPython.
Manuel Lemos: Yeah.
Cesar Rodas: And nobody wants to just merge those four projects into one. However, I don't know if that could be even feasible, because for starters, just too much of two issues that I've reading is the first is that the whole PHP ecosystem with the virtual machine, which is a Zend Engine, they're written in C. And the HHVM, it is written in C++. But that is not the end of the world. C++ compilers, they can compile C, so it's not the end of the world. But the other things is that...
Manuel Lemos: Yeah, I think replacing one by the other would mean like probably not reusing any code from Zend engine at all.
Cesar Rodas: Exactly. Yeah.
And the other thing is that HHVM seems to be GCC-dependent. So, you cannot compile with any other C++ compiler. There are many. Not many, but there is the one from Microsoft and there is I believe, I don't want to be mistaken, but there is the LLVM. So that seems to be mainstream now.
So those two reasons, they are going to prevent that from happening for some time, unfortunately.
Manuel Lemos: Right.
Cesar Rodas: But still, I don't believe that it is harmful for the community that we have two implementations.
And the other, the third thing that I didn't think through is that HHVM is Facebook-dependent, either for funding and for getting developers. What happens if Facebook just crashes from now to three or four years? Which could happen, nobody knows what's going to happen in two or three years.
Manuel Lemos: Yeah, that probably would be hard.
Cesar Rodas: So that's another thing.
Manuel Lemos: Yeah.
Cesar Rodas: Yeah. I like for that to happen.
Manuel Lemos: And the code being Open Source, I think the community would take it. Well, the same could have been said about Zend when Zend took over most of the core development of PHP and then nothing happened.
But I remember regarding... Sorry? OK. Go ahead.
Cesar Rodas: Yeah, I was about to say that the thing about being Open Source is not all, the most important thing is us that people outside from Facebook which aren't getting salaries that they contribute, because they are those who actually knows how the thing works.
So, it's not only that, "Hey, I am a C++ developer, I can help." No. It's a very complex machine. It's very complex. So how it works and all that.
So there should be a committee that could embrace it, in case that Facebook ever crashes, which is hardly unlikely, but it could happen.
Manuel Lemos: Yeah.
Cesar Rodas: But those are speculations. The main reasons are technical reasons. They were designed like two different cars with two different engines. But they look alike. But the whole internals are totally different.
Manuel Lemos: Right, it would be a big change. So I think my wild guess, would be that probably it would not happen in less than three years, I think. Because there are many things to change and many extensions to adapt. Well, even when it would be considered to be ready to take few years for everybody to jump on a new version.
Just like PHP 5, PHP 5 got a new engine, although it was still called Zend Engine. It was not exactly compatible with the past versions.
Anyway, the other thing I was going to mention was that I remember that Zend also had to make some concessions regarding the licensing of the code because some people were concerned about depending on Zend.
What if Zend is sold to another company that decides to cancel the rights they gave before? What if the Zend was bought by Microsoft or Oracle?
Cesar Rodas: Microsoft.
Manuel Lemos: And the same concern applies to Facebook. So I remember that they changed the Zend Engine license to something like BSD or what was exactly BSD to make those people that were concerned happier.
Well, in the end nothing like that happened and still continues to be an independent company. Well, they are funded but they are independent. They were bought by somebody else. At least, that I know.
And so, the conclusion to this is that I think it will eventually happen. That's just my opinion. But it probably would take a long time. There are many technical hurdles to deal with.
Using Composer to Install JavaScript, CSS and Images Under the Web Document Directory (38:07)
Manuel Lemos: OK, now moving to another topic. This time it is related with actually a feature that was implemented in the last month, which is the support that was added to Composer in PHP Classes and JS Classes. So, since last month, both sites can act as Composer repositories.
Composer is a PHP tool that can install packages and any other packages that they depend on. But this time, I actually wrote and published a new package that addresses an important problem that was sort of left out for the lack of time.
But I'm going to share here the actual article that talks about it, which is basically being able to install not only PHP packages but also what is called asset file like JavaScript and CSS and images, but under the Web document root.
Because, by default, Composer installs all package files in the directory named vendor/ inside your project directory. And for Web projects, usually, the Web document root is a separate directory that obviously is not inside the vendor directory and that poses a challenge.
If you want to install packages that contain asset files, so JavaScript, CSS and images, you would have to find a different solution for that problem.
So the solution that I found out, I have to do some research. That's why it took me some time because despite Composer's a nice project, there is the part that allows this feature, which is the support to plugins, is not yet totally documented as I hoped it would be. So it took me some time to develop a plugin that implemented this feature. But finally, I figured out what to do.
And basically, what it does is to actually copy any files that you define to a directory that you choose. So I wrote this article. I published this package. It was published just a few days ago. And that's why this hangout was delayed a bit, because I wanted to publish this package first and write an article to actually talk about it here in this hangout.
So, basically, here you see your typical composer.json file where you define all the properties of your project. You define here some packages that you need in your projects and as well definitions of some repositories.
So, what this plugin allows is that you define an assets package that is coming from, for instance, in this case the JS Classes repository. Below you define that you have a repository with the... Actually, you have several repositories defined here, including this one, JS Classes. So, this jsclasses/fast-content-loader is a package from that site.
And below, there is a section named "extra" on which you can define where your assets files go. Basically, you can define actions to apply to the packages, the assets packages, that you want to have their files installed.
In this case here, I have defined some default actions for all the packages. I have listed here the names of the packages that contains assets files. It could be any packages that you defined here in the require section. But those that contain assets files, we have to define them here.
So, what it does is basically to define a target for, in this case, JavaScript files. And I am saying here that all .js files be copied to the web/js directory.
And it is actually interesting that I have published this package in this article. Many people seem to be happy that a package that does something like this was published. Because it seems there were already some plugins that do something similar but I don't know, probably they do not make it simple as I meant it to be here. So, I think it was well-received.
Cesar, did you look into this package? I don't know if you have the opportunity to look into it and actually tell what you found out about it. Or what was your opinion?
Cesar Rodas: I haven't used it yet. However, it looks very nice. And how you design it, it looks so simple to actually use.
So, first, congratulations. Second, that you solved the problem that many people say that you could use Bower, or Bower, however it is pronounced. And you can use Grunt. Don't take me wrong, I do use Grunt because I find it very useful. But I use it because I want to.
Manuel Lemos: No, it's great.
Cesar Rodas: But Imagine if you are a PHP developer and you don't know about Node.js and you don't want that. So you want to add jQuery to one of your pet projects. So, OK, you could choose to but you need to install Node and NPM, Bower and then after downloading like 30 megabytes, now you can install your jQuery.
So it defeats all purpose. Unless you already have them installed and you do care about all those little details.
Manuel Lemos: Exactly.
Cesar Rodas: Like I do use Grunt, because when I push something to production, I do some treatment, like I concatenate lots of tiny JavaScript files because I'd like to have tiny files that they do one thing and they do just that. I don't like to have one gigantic file with JavaScript. So at production, I just concatenate them. I minimize them. I produce compressed versions and things like that.
So it's very useful, but if you don't care why, it's like killing a mosquito with a bazooka. It would get you the job done but if you don't need all that fire and power, that defeats all purpose.
Manuel Lemos: Right.
Cesar Rodas: So, I think that your solution, that's going to be popular and that's going to make mainstream like using Composer which is something that you already have for Web developments so you can also make it use your assets.
And that is a problem that many people have. Like I have a little experience with Laravel framework, which is a little nice framework which is new, which uses lots of Symfony packages.
And they have implemented like a console command so it would work through all your vendors and publish all their needed assets. But it's a separate project, it's separate thing which is not integrated with Composer. So, I think that what you've done, it's just great. I will be using it for my pet projects.
Manuel Lemos: Right. Several things, actually, what you said I also read. I actually saw some comments in Twitter. People say that they were sort of surprised. They would not expect that Composer could be used for that.
Well, the reason, my point of view is Why not? If you can install files with Composer, why did you have... Like you mentioned, some people were also, "Oh, I used Bower for installing packages." Well, that makes sense when you are installing packages from Node Package Management repositories, NPM repositories. And if you are working all, developing all in PHP, why would you be required to use Bower?
I have nothing against Bower. I think it's a great tool. It's somewhat similar to what other asset managers do and along with Grunt, it could be also a very, very good combination of packages that do several things as useful.
But if you are just a PHP developer and you don't want to get bothered to install... Sometimes, it's not even possible because you do not control your environment that much on the server. If you can do it all in PHP, so that is great.
My idea was that... Well, I have tried to use Node.js but I don't use it on a daily basis. And I think it was really necessary that somebody did it. Actually, it was me. There are other people that developed also some asset managers but they've worked differently because they would require that the package that they want to install with JavaScript, CSS, whatever, has some format.
And sometimes, you do not control it. For instance, if somebody wants to install a package from Composer repository in JS Classes site, you would not have control of the file structure that is in the package.
You could not add some composer.json to that package to define any metadata. And the way that I define is that you don't need to touch any asset packages that you want to install. If you want to install jQuery from whatever repository is there, you could. The idea is to not be dependent on anything else other PHP.
But well, my main motivation was exactly to make it easier for people that want to use packages from JS Classes. Because Composer's not yet a usual solution available on repositories of JavaScript packages. That is something that I introduced in JS Classes site. And that is the main idea.
Another aspect that I wanted to comment and let me get back to the actual article here, is that I added other features, not just being able to install, copy files from the vendor directory to the any Web assets directory.
I also made it possible that somebody else can create plugins for this actual package, this asset manager, to implement new types of actions. Currently, it only implements a simple action which is to copy files with a certain filename pattern like JS files ending in .js copied to a certain directory. That is the core function.
But you could want to do other things like I did. You could want to minify the JavaScript files while doing it. Or even, as you mentioned, concatenate lots of JavaScript files, so in the end, it's just one request and that makes your Web event more efficient.
So the way it is, you can use this package and create a simple Composer plugin that extends the actual installer class that is in this plugin that I've developed. And you can implement new actions to implement minification or concatenation or compression, for instance, of images.
You could create for instance, sprite images from a set of smaller images and you make it better for you environment and address more needs than it currently is used for.
I plan to have more actions to this plugin but if you want to use this plugin as it is now, and want to extend its capabilities, you do not rely on asking me to implement this feature. You do not rely on me accepting pull request to implement those other actions.
And that is one thing that I mentioned in this article. It explains here how to install new types of actions. It just gives some sample code, it just override one function to implement new actions.
And other than that, I also wanted to address a different need. And I bundled below another feature in this plugin which would allow to automatically login in private repositories, or otherwise, repositories that require username and the password to login.
This particular feature was inspired on one a pull request that was submitted by Stephan Hochdörfer. I'm not sure if I'm pronouncing his name right. He's a German that has been contributing to Composer.
And he actually submitted a pull request to Composer to support this feature which is to make it automatically login in repositories that require username and password. So if you need to access repository that requires authentication, it just reads the username and password from a file instead of asking the user every time to enter their username and password.
And so, this feature also addresses that need, except that it does not require to patch Composer which is what the pull request by Stephan Hochdörfer was submitting. And I don't know for some reason, he submitted this patch many months ago and for some reason, the Composer developers did not yet accept the pull request.
But well, at least I need to move on and I figure out how to implement it as a plugin. And it addresses this need and all is fine.
I also noticed that other people were happy also with this feature, because in their companies, they have their own private repositories with the user name and password. Because they have controlled set of packages and they do not want to rely on, for instance, public repositories like Packagist, PHP Classes or JS Classes. They would rather have it in a controlled environment.
So there was a Composer server software called Satis. And I noticed that several people were happy to use this plugin and without relying to patch on Composer. Because until that patch was accepted, I require that you apply the patch over and over again on every new release of Composer and that was not really a good solution.
So, well, great that it also addressed their need. I was more concerned about the need of users that want to pull packages from PHP Classes and JS Classes that require authentication. Not all packages require authentication.
And I would like to also mention that this particular plugin, despite it is available in PHP Classes, it does not require authentication. It would not make sense to require authentication precisely when it is meant to also provide a feature that makes it easy to authenticate.
So, if it require authentication before installing the plugin, users would still need to enter the username and password. So I made available for download, either from Composer or directly in the Web pages zip archive without authentication. So we don't need to even have an account in PHP Classes to use it. I think this makes it even more convenient.
Well, anyway, I think this was a great development. It was a feature that was in the plan that I announced when PHP Classes reached 14 years in June, if I'm not mistaken. And finally, I completed it.
I will still continue to develop this plugin further to make it support other types of installation actions like I mentioned, like minifying and compressing images and eventually creating sprites. I probably would not try to go further and do everything that Grunt does in JavaScript. But those basic actions that I actually need in my own projects, I think I will implement them.
I don't know, Cesar, if you have any other ideas regarding actions for installation of assets that you probably want to comment.
Cesar Rodas: As long as we could let people just... I think Grunt is popular not because it let you configure things. But instead, it let you write code for doing things. So if you make it easy to extend, as you said you did, that should be all.
You should provide basic examples. Say, this is how you concatenate different JavaScript files that follow them, even pattern using glob. So you could just use glob which is built in PHP and this is how you just create one file out of it, if you want to minify that. OK, this is how I would do it.
But if you let extend it, just defining functions or methods, that should be enough. Because if you go crazy and if you implement every single feature that people ask, you could just stop working at PHP Classes and just maintain that package and that's not going to happen.
Manuel Lemos: Right. Exactly.
Cesar Rodas: Yeah. So, I believe that this is really good. You are giving people an alternative. So you don't care about so many details. So you could use it, it's simple. It works with Composer. If you know what you are doing or if you are a Commando developer, OK, go use Grunt or whatever you want to actually use it.
But giving choices to people is something always good and I think this choice is going to be popular. I really like it. Not having to think, say, I want to deploy one project. Why do I need add my server? OK, I need Node.js just to build packages. And it doesn't make sense if what I'm doing is just PHP. So now, the PHP folks have alternative.
There are several projects that manage assets. The most popular is Assetic which...
Manuel Lemos: Yeah, I heard about that.
Cesar Rodas: Which is extensible. So, if you make it like functions, people, I'm sure that they would just jump in and they go on extension for Assetic. So that's the beauty of Open Source. People can just...
Manuel Lemos: One other thing that I wanted to mention is that basically I just followed that extensibility spirit that Composer already provides. Actually, I would like to congratulate Composer authors that made it extensible with plugins that can be developed by third parties and so you don't rely on others to actually extend it.
So, I just followed that spirit and I hope that will help other people to solve their own problems. Probably, they have weird situations, weird types of asset installations that they want to perform in their projects and this way, they can address their needs.
Well, anyway, as I was mentioning, this was just one step, one phase, one feature that I wanted to implement in PHP Classes and JS Classes. Basically, I ended up this cycle there.
I have great new developments ahead to implement in the PHP Classes and the JS Classes. I am happy that this is going quite well. And I cannot comment just yet. I am really dying to talk about something great that I'll be implementing the next days, to announce it soon like next week. But I hope to be back on that later.
Just to finalize regarding Composer, besides the Composer authors and also Stephan Hochdörfer that helped, gave a lot of insights regarding how to develop this plugin, also I want to mention Phil Sturgeon. He has been very enthusiastic about Composer since the beginning.
Actually, he gave some ideas to make this possible also in PHP Classes and JS Classes as well, of course. Namely, we talked a lot about this many months ago, but finally it was implemented. In particular, this feature of having a way to automatically login using a token.
This particular token is not the user name, password in the site for security reasons. Because it's not good to have your passwords around in some servers configured elsewhere. But the idea was implemented somehow like he suggested. So thanks to Phil for his suggestions.
And regarding this feature, we practically talked about all that mattered.
JavaScript Innovation Award Winners of October 2013 (1:06:12)
Manuel Lemos: So, we are now going to move on with another section of this hangout on which we comment about the Innovation Award winners. Well, they were nominated in October, then there was a vote in November, and in December the results come out.
First, we talk about the winners of JS Classes of October. Unfortunately, there were not many nominees. Actually, there was only one nominee in October, which was this object by Mark Plo from Romania that can be used to convert XML documents into JSON. So this is basically a component that takes an XML document and loads it so it can traverse its DOM structure and generate JSON from the XML structure.
This is interesting. There's really not much more to comment about this object. I just hope that in the future there would be much more innovative components to talk about, about JavaScript. Hopefully in the future, we'll also have as many as there are in the PHP Classes site.
PHP Innovation Award Winners of October 2013 (1:08:19)
Manuel Lemos: Moving on now, this time with the nominees of the Innovation Award that PHP also had in October. Cesar, which ones? There were six nominees. Which ones would you like to comment on?
Cesar Rodas: I picked two. OK, let me show if I can show my screen. If I cannot, I would just...
Manuel Lemos: You can make it. I think you muted yourself.
Cesar Rodas: I'm sorry, I'm just back in. Can you hear me?
Manuel Lemos: Yes, yes.
Cesar Rodas: I'm back. I'm sorry. I did something wrong here. So, I will pick the first class. It's the PHP ISO File.
Manuel Lemos: I think it stopped sharing your screen.
Cesar Rodas: OK, let me see if I can...
Manuel Lemos: When you minimize the browser window, it stops the screensharing.
Cesar Rodas: Yeah. Can you see it now?
Manuel Lemos: Yes.
Cesar Rodas: OK, I choose this particular class because when I was younger, I wanted to do this. I never actually did it probably because the format was so complex. I remember that I printed the whole specs so I could read it when I was at the bus going to my college every day, but I never did it.
I know that this is not easy. And it is very useful. Basically, an ISO File... I don't know how to pronounce it. Probably I should call it I S O File. It's the image of the disc and the DVD. So it looks like the DVD and CD in terms of bytes. So you can actually perform great operations like listing files or just getting their contents.
I looked how farther they implement it. It seems that they implemented it like now be getting through the directories and get at its file's contents which is enough. So this is a very useful class. I would definitely use it in the near future. And it was written by Schroetter Christian. I don't know how to pronounce, I don't speak French at all. And he's from France.
So, the second class is this one. Also, because I have a fetish with parsing things and doing something with that content. So I really like that. This class, it parses Microsoft Word documents but from the newer versions. And from the X, I would assume that they stopped using their proprietary format that was binary back then and they use XML.
So, it seems really useful and if, from the server side, you ever need to get info on any DOCX file, you should definitely use it. It was written by, I will pronounce the family name which is Ulum. The name I won't be able to pronounce it. And he's from Indonesia.
Manuel Lemos: Mif-ta-khul, I think.
Cesar Rodas: Yeah.
Manuel Lemos: Well, at least we try. We cannot do miracles of using proper accent to spell this name. I think that people would understand.
Cesar Rodas: Yeah.
Manuel Lemos: On my part, I would also like to comment about a couple of classes. The first one, let me pick here, Melody Validation, in this case, was developed by Marcelo Santos from Brazil.
And he defined basically a package that can validate values which is something that is very common, except that he can load the definition of the validations from PHP files or files in the YAML format.
And this is the innovative part of this thing. Because you can separate... For instance, you have an application that does many things, the part of validation, you can separate it into a definition file. So you don't have to look into your code work, where to remove new types of validation for whatever you are doing validation, forms or some other purpose.
So kudos to Marcelo for this idea. I hope he can continue to send great packages. It is just the first package that he sent and it was nominated right away.
And the other nominee that I would also like to comment has an interesting name, Saxophone, which is basically a PHP stream handler to search XML with XPATH.
Stream handlers for those that are not familiar are special classes that can be used to implement functionality to read from streams. Could be files, could be some other data source, read or write. In this case, it's just for reading XML documents.
And so, you can use for instance, the fopen function and then place of the file name, you start with the name sax: and then some values in front, which define an expression that performs a search that would be done as this virtual stream, this virtual file is opened.
And this is interesting because it provides a new approach for reading data from XML documents. There are several others stream handlers but there was none that was used for this purpose. So kudos to Juraj Puchk from the Czech Republic, because this is a ...
I personally I like stream handles a lot. There's a whole category in the PHP Classes site for stream handlers. And it was very interesting, very innovative. And again, I hope Juraj will continue to send more packages like this in the future, so we can enjoy them and also comment them here in the Lately in PHP Hangout.
Conclusion (1:16:12)
Manuel Lemos: So basically, with this, we have reached the end of this Hangout. I would like to thank you Cesar once again for coming. This time, Ernani almost made it to the Hangout but he had some professional commitments. He could not stay for the whole time so he missed it again. But we hope to have him in the future.
I don't know if you have any final remarks, Cesar?
Cesar Rodas: For my end? I don't know. Once again, thanks for the invitation. And I guess that I will become a regular co-host because Ernani seems....
[Laughter]
Manuel Lemos: You are right. Missing.
[Laughter]
Cesar Rodas: Yeah.
Manuel Lemos: He's been missing a few shows in a row. Maybe he can make it next time.
So, with this, we have ended this podcast. On my behalf, that is all for now. Bye.
Cesar Rodas: OK. Bye.
[Music]
You need to be a registered user or login to post a comment
1,616,380 PHP developers registered to the PHP Classes site.
Be One of Us!
Login Immediately with your account on:
Comments:
No comments were submitted yet.