Label: php
Friday 24th January 2014 Spotlight on Symfony
Next up in our framework review is the ever-popular Symfony, which is now well into its second stable version (2.4.1, released in early January of this year). Symfony2 captured a 10.62% share of the developers polled on Sitepoint at the end of 2013, making it the third-most popular framework among the responding PHP developers. It has achieved this placement with good reason, as it's widely used across the web, providing a mixture of robust community support and feature-rich libraries.
The brainchild of the same developers who founded the French web design and development agency SensioLabs even before beginning to develop Symfony, Symfony begins with an excellent base to expand upon. As we discussed in a recent post, SensioLabs has even gone so far as to acquire venture capital, with the main purpose of the funding being the expansion and support of Symfony for development projects around the world. The $7 million USD provided by CM-CIC Private Capital will go quite a long ways when it comes to setting up the resources required to support and encourage the adoption of Symfony, so expect this framework to be growing rapidly all around the world in the months and years to come - it seems to be the only PHP framework with corporate sponsorship.
This level of commitment has created an excellent community of active developers who are working with Symfony, further reinforcing its usability. Even major corporations have signed on to use Symfony for their development projects, including the search engine Yahoo! and web video giant Dailymotion, not to mention phpBB, the most widely-used PHP-based forum service on the web, and the open-source PHP CMS Drupal.
One of the major strengths of Symfony is the modular nature of the software, which allows for a greater degree of flexibility when it comes to development, as it is itself modular from the ground up. In short, it plays well with almost any other standard component of PHP that you're comfortable using in your development process. It's arguably the most feature-rich framework that we've looked at so far, but that comes with a bit of a downside when it comes to bloat. Even the developers who voted it up so high in the standings at Sitepoint were the first to admit that it lagged well behind others when it came to performance metrics, which should be a concern for many developers looking for a slightly more robust framework.
Wednesday 22nd January 2014 Added Security Help from PHP 5.5
Security should always be in the forefront of any PHP developer's mind. With data breaches becoming a daily occurrence, and the cost of such data breaches often reaching into the millions of dollars (not to mention the PR disaster), developers absolutely must follow strict best practices to ensure that their code is not the vector from which such breaches occur. While it seems almost impossible to secure any system entirely, there are some essential concepts that developers must wrap their heads around in order to ensure as best they can that their applications are secure.
It's sad, but almost axiomatic - the user is responsible for a large number of security breaches. Whether they're a malicious user intent on breaking into your system or a hapless end user who uses the same password for every single website they have an account with, the user simply cannot be trusted from a security point of view. With that in mind, any good developer would implement a password hashing system to help prevent a malicious user from causing some serious harm - but considering the number of services, typically mobile, that transmit passwords as plain text, it bears mentioning.
In previous versions of PHP, password hashing was fairly simply to do badly, but far more difficult to do well. Hashing via MD5 or SHA1 were better than nothing, but adding a salt (a piece of data that prevents hackers from simply looking up an output string in a massive table to find the corresponding plain text) was an extra step that many developers skipped - and even those who took the time to include one couldn't completely preclude the possibility of a crack.
Fortunately, in the latest release of PHP, the long-awaited version 5.5, the language developers have finally implemented a far more secure method of natively hashing passwords, in the refreshingly simple password_hash() function. Instead of generating a 32 character hash, the string has been extended to 60 characters, and includes a cryptographic salt by default. However it also includes a new factor known as 'cost', which manages to even further obfuscate the passwords - and all wrapped up in a neat little function that's simple to implement. With any luck, as more and more developers begin to upgrade to version 5.5, we'll see a marked reduction in this sort of security breach.
Friday 17th January 2014 PHP Book Review: The Joy of PHP by Alan Forbes
A while ago, we did a quick overview of a few books that every PHP developer should keep a copy of somewhere in their library, but since buying books can get quite expensive after a while, we thought it would be best if we zoomed in a little bit closer and started looking more in-depth at some of the best PHP titles. This post, we're going to look at one of the more beginner level books that's a great help for those of you who are just starting out on the journey to become a proper PHP developer, The Joy of PHP: A Beginner's Guide to Programming Interactive Web Applications with PHP and MySQL by Alan Forbes.
First of all, it's important to realise from the beginning that this isn't just another PHP reference book intended to act as the be-all and end-all of PHP development. It's targeted directly at the PHP novice, although it helps a great deal if you've already got some basic web programming experience - he covers the basics of HTML, but that's not the focus of the book. If you're already comfortable coding the front-end side of websites, this is the perfect book to help you get a taste of the basics of back-end coding so you can expand your skillset.
It takes you from the very initial setup of PHP and xAMPP on your home development environment, through basic PHP syntax and then starts giving you basic tasks that help you work towards making these initially abstract examples more concrete and relevant. The example he uses throughout the book isn't particularly exciting (a used car sales website), but it definitely does the job, and Forbes' engaging writing style also helps to keep things moving along. The focus tends to be more on working with databases specifically, but as most beginner-to-intermediate PHP developers are going to be focused on database-driven projects, this shouldn't be much of a problem.
There is a little bit of criticism in the developer community about the way that he handles his code examples in the book - the ever-present threat of SQL injection attacks is something that no developer can afford to ignore in this day and age. That being said, the author isn't attempting to turn the reader into a PHP master, the goal is simply to get people comfortable with the basics. Anyone who takes this knowledge out in the world and creates websites for clients is going to be in for a nasty surprise, as this book should just be used as a jumping off point - but it does that job very well, and provides a great introduction to PHP and MySQL - just be sure to read up on security vulnerabilities, and then take on a few more advanced books!
Tuesday 14th January 2014 The Cuddlier Side of PHP
If the title of this post made you do a double take, we don't blame you - PHP never struck us as particularly cuddly either. Sure, it's great and all, but cuddly just doesn't fit into the list of things you think about when you hear the word PHP. In order to combat this image problem, a number of PHP developers have banded together with an - to some at least - unexpected project. After all, other geek projects have mascots that work to reach out to emotional appeal - most famous, of course, is Tux, the loveable penguin who adorns the Linux masthead. Even Android has its adorable little robot, inexplicably known as 'BugDroid'. But some people may not be aware that PHP has its own little mascot, the ElePHPant!
The original mascot design was invented in the late 90s by French PHP developer Vincent Pontier (known in less formal settings as Elroubio), almost by accident, as he was doodling with the letters PHP to create a logo for a friend's website. Eventually, the idea took off around the net, and ten years after the initial design was completed and uploaded, Pontier took it upon himself to follow in the footsteps of Tux and the Linux community and create a plush version of the ElePHPant. Currently available in blue, pink and green, the folks over at php[architect], one of the oldest PHP development magazines (old enough to have started in print!), is hoping to celebrate its 11th year helping the PHP development community with a special orange edition of the ElePHPant, as orange is the predominant colour of the magazine itself. If you're looking for a cuddly coding companion, or just something to brighten up the office during your marathon coding sessions, be sure to swing over to the Kickstarter page and get in on the ground floor.
However, it's not all fun and games - as Pontier himself said of the original plush ElePHPants, "Don't kid yourself, this is not a toy! This is first and foremost a special partner for every PHP coder. Trouble with sessions? A bug in a class? A crashed method? Don't worry! Just tell your ElePHPant the problem, and he will give you the solution (and if the solution is not worth it, you may also throw him on the walls)." We've all been there!
Thursday 09th January 2014 Focus on Phalcon
According to the Sitepoint poll of PHP programmers we mentioned a few weeks ago, the second-most popular framework after Laravel was Phalcon. This is a fairly remarkable achievement, considering that the framework itself is only about 2 years ago, near the beginning of 2012. As the internet grows by leaps and bounds, and traffic grows right along with it, there's bound to be a greater and greater focus on performance issues, and this where Phalcon really distinguishes itself from more typical PHP frameworks: as its documentation says, "Phalcon is an effort to build the fastest framework for PHP."
So how does it manage this? It's primary advantage comes from the fact that it's entirely C-extension-based. Not a very common strategy among popular PHP frameworks, being coded in C gives Phalcon the majority of its performance advantages. The C extensions are loaded at the beginning of web server's process and then reside in RAM, allowing Phalcon to process over 2300 requests per second, nearly three times as many as CodeIgniter is able to manage. Other than this aspect, however, it operates more or less the same as any other modern MVC-framework for PHP, offering an array of features you've come to expect like object-relational mapping, a query language, a templating engine, and other such goodies. Add in a burgeoning community of other developers working with the language, and you begin to see why Phalcon has quickly risen from relative obscurity to become one of the most appealing frameworks for your upcoming large scale, performance intensive projects.
The success has driven development fairly quickly as well, and Phalcon 2.0 is in the works, with the first alpha version already released. There are a fair number of changes under the hood, which should ease the concerns of some developers who have resisted Phalcon and other C extension frameworks for the simple fact that they don't know C very well and aren't keen to learn. This made it very difficult to do any sort of bug fixing, in the unlikely event that something went wrong. The new version of Phalcon has the majority of its behind-the-scenes processes recoded in a language called Zephir, an open-source language that compiles and runs with a speed similar to C. If you're interested in helping test-drive the alpha version of 2.0, they're always looking for more assistance!
Tuesday 07th January 2014 PHP-Based CMS Comparisons
Not every development project we work on gets to be a brilliant portfolio piece that showcases our PHP mastery. Sometimes, we wind up accepting projects that require a fair amount of front-end development in addition to the more exciting programming aspects. Rather than completely re-inventing the wheel by coding an entire site from scratch complete with convenient access for clients to update and add new content themselves, sometimes it can be useful to employ a content management system (or CMS). This saves a great deal of time and work, and lets you focus on the more interesting development challenges without a whole lot of tedious mucking around on front-end work. Fortunately, there are several great PHP-based content management systems that can be easily installed and then customised to meet your needs.
Easily one of the most popular and easy to work with is Wordpress. While those of you without much experience with it may tend to think of it simply as a blogging platform, it's actually quite extensible thanks to a robust PHP-based plugin system that allows you to develop and implement additional functionality using the PHP language. In fact, there is an extremely large directory of plugins both free and paid that are available for download, and install with the click of a button which can then be edited to your needs. The entire CMS itself is also coded in PHP, which means it will take very little work to get up to speed even if you've never used it before.
Another very popular PHP CMS is Drupal, which is one of the oldest (if not the very oldest) PHP CMS' found on the web, having been launched way back in 2001. This extended lifespan shows in its capability and scalability, but compared to working with Wordpress, it's extremely difficult to get a handle on. Most plugins available for Drupal, known as 'modules', are not free, although there are a few good ones floating around. Definitely the choice of more seasoned developers, those less experienced should lean towards a Wordpress or Joomla implementation - to give you a sense of what it can do, the US government website whitehouse.gov is powered by Drupal.
Joomla is a sort of happy middle ground between the extreme flexibility of Drupal and the simple hand-holding of Wordpress. Powering a respectable set of sites that includes linux.com, Joomla is aimed more at an interim-level developer who needs more capability than Wordpress offers but doesn't require the same level of implacable stability that comes with the more rigid Drupal. However, its SEO-friendliness leaves something to be desired compared to Wordpress, although it does have a similarly expansive plugin directory that can save you a lot of development time.
Always choose the right CMS for the job!
Thursday 02nd January 2014 The Hidden Mysteries of PHP
Ah, the age old bane of programmers: documentation. Or, more specifically, the lack thereof, especially when it comes to working with someone else's code. However, the problem can sometimes be compounded a thousand-fold for the actual creators of a programming language, as they have a far more comprehensive and staggering task ahead of them. This is especially true for a language like PHP, which as you may or may not know, arose from a set of tools coded by one intrepid web developer in the early 1990s by the name of Rasmus Lerdorf. PHP, or Personal Home Page Tools as it was known originally, has since grown to become the most widely used programming language on the web, and the documentation that comes along with PHP has also been developed into a fairly robust and well put together guide to the language.
Many web developers learned the language without ever actually touching the manual, however, and may be slightly surprised by some of the amusing tidbits of information that are scattered throughout the official PHP documentation. In fact, as user-generated content in the documentation grew, a website sprang up dedicated to bringing these bits of hilarity to light, named 'PHP Manual Masterpieces', which is worth a visit if you have some time and you love (or are simply curious to learn more about) PHP.
One of the things that has perplexed PHP developers since the very beginning of the language was the structure of the function names. They're sort of all over the place, and PHP Manual Masterpieces highlighted this issue when they brought to light a hilarious revelation from Lerdorf in a forum exchange. Another developer asked Lerdorf what the rational was, to which he replied, "Back when PHP had less than 100 functions and the function hashing mechanism was strlen(). In order to get a nice hash distribution of function names across the various function name lengths names were picked specifically to make them fit into a specific length bucket. This was circa late 1994 when PHP was a tool just for my own personal use and I wasn't too worried about not being able to remember the few function names."
Yup, you read that right. PHP functions were renamed simply to make them fit a certain length, which explains why so many developers have torn out their hair trying to work with them. But hey, we still love you, PHP.
Monday 30th December 2013 A Look at Laravel
Frameworks, frameworks frameworks - like the old adage about real estate locations, frameworks tend to be on the tip of every PHP developers tongue these days. The relative merits of each one are up for debate, and many developers fiercely defend their chosen framework against any possible slight, real or imagined. While many contend that it's more important to choose the right framework based on the particulars of a given project, there are still wide disparities in the usage of the various options. As we saw in our look at the usage statistics that are the obligatory part of the 'end of year' type blog posts, a clear frontrunner has emerged from the PHP framework pack in 2013 and outpaced all the rest: Laravel.
Fully 25% of all PHP developers responding to a poll hosted by developer hub SitePoint said they use Laravel, which makes it easily the most popular framework around. This is by no means completely scientific, as this data was gathered by a single site, and there are plenty of ways the data could be distorted, but regardless, Laravel merits a closer look for those of you who are still unfamiliar with it.
Often touted as a spiritual successor to the now relatively defunct CodeIgniter framework, Laravel is famed for its simplicity of use and gentle learning curve, which is no doubt part of the reason it scores so highlight on the SitePoint poll. Already up to version 4 at the time of this writing, Laravel has developed quite a large community and so overcome some of the initial trepidation that developers had when it comes to adopting a new framework. It's even reached a point where the first Laravel conference will be held this year in May, Laracon 2014 in New York City.
Those who've embraced Laravel rave about its intuitive usage, easy routing and that it comes out of the download with Eloquent ORM, which plays nice with all manner of database formats. This is especially useful now that the latest version of PHP are starting to deprecate MySQL extensions in favour of MySQLi and, even better, PDO, which Laravel plays quite nicely with. The framework itself is built on a number of components from the well-known Symfony framework, which also lends weight to its stability, reliability and credibility.
So whether you're a new PHP developer looking for a framework to whet your appetite or a framework-weary old hand, you'll likely be able to find something to catch your interest in the Laravel framework.
Posted on December 30th 2013 at 08:32pm
0 Comments
Friday 27th December 2013 The PHP Zeitgeist Project
As another part of the annual end-of-year statistical roundups that are happening everywhere, at the end of December the PHP Zeitgeist project receives its yearly update. For those of you who haven't heard of the project before, it follows a similar model to the Google Zeitgeist project, which provides a summary of the most popular search topics for the preceding year - the difference being that the PHP Zeitgeist project has actually been going on since the year 2000, when PHP Classes, the site that operates the project, first published its website.
While the project only tracks searches made on the PHP Classes site itself, it's truly fascinating to see how the see how the priorities of PHP developers have evolved over the course of PHP's lifespan. Looking back at the results from the year 2000, all the searches are for extremely basic functions of PHP, largely concerned with relatively things like sending email and connecting to and querying MySQL databases, as developers were just beginning to get a handle on what PHP could really do.
Fast-forward to this year, and you'll see that in 2013 developers were concerned with far more complex matters. Chief among the searches was 'wordpress data import class', which highlights the dominance that Wordpress (and by extension PHP) has over the majority of the web, and is operating as the de facto blog publishing standard. File formats were another major concern of developers, as users are relying more and more on web-based applications for handling file transfers and conversions.
Interestingly, database query searches are still roughly as common as they were in 2000, but focus has moved away from MySQL and shifted in favour of newcomers MySQLi and PDO (PHP Data Objects). Thanks to the latest release of PHP 5.5, MySQL is going to be left by the wayside in favour of more robust options that have been more thoroughly developed recently.
Finally, one of the other most popular sets of searches were related to social media and social media integration. Twitter RSS feeds have become one of the most popular additions to websites, although the relative merits of them in terms of user functionality are being hotly discussed in many web design and user experience design circles. Facebook authorization was also found on the list, although it seems to be falling from grace compared to previous years when it captured multiple spots in the top 10 searches.
Posted on December 27th 2013 at 08:53pm
0 Comments
Tuesday 24th December 2013 PHP Frameworks: 2013 Roundup and Looking Ahead
As 2013 comes to a close and we reach the season of holidays, the new year, and year-end statistical roundups, many people are curious about the state of the PHP framework debate. As with many debates among programmers, the opinions are often loud and tenacious, and understandably so - it tends to irritate us when other people don't see the same advantages that we do (ah, the perpetual design versus development debate). With that in mind, one of the best ways to compare the relative metrics of the available PHP frameworks is to look at how many people are using each one over the course of the last year.
As you're no doubt aware, there are many, many frameworks to choose from, but most of them capture a relatively small percentage of the so-called market share. According to a recent poll conducted by the ever-popular developer website SitePoint, the six most popular frameworks account for almost 75% of the available market share, with the remaining twelve polled dividing up the remaining 25% between them. The most popular framework is Laravel, by a relatively wide margin, taking home over 25% of the votes all by its lonesome, followed by Phalcon in a distant second with nearly 17% of the votes. Symfony2 rounds out the top three with almost 11%, followed by a tie between CodeIgniter and Yii for fourth place at 7.6%, and then yet another tie between Aura and CakePHP at roughly 4% apiece.
Looking at these results, you'd probably be inclined towards experimenting with Laravel for your next project, as we all know that the larger the community a framework has, the better the support will be and the more robust the framework will be overall. However, as a new year is also a time for new resolutions, you might want to consider experimenting with more than one framework over the course of your upcoming projects. Obviously, you'll need a couple of projects to really put a framework through its paces, but matching the right framework with the right project can make a huge difference in performance and ease of development. Symfony2, upon which Laravel is based, is often praised for the huge number of features it provides, but is also decried as slow and clunky by its detractors for the same reason.
In order to choose the right framework, you need to know each one of them, and be familiar with the pros and cons of each one - so make 2014 a year of experimentation and expanding your horizons, and you'll soon see that blindly picking one framework and sticking with it can be a time-consuming mistake. Be flexible, and have a happy new year!
Posted on December 24th 2013 at 06:49pm
0 Comments
Friday 20th December 2013 Facebook Porting PHP VM to ARM Architecture 
Facebook is arguably one of the most well-known websites in the world. With over a billion active user accounts (despite some disagreements over how many of those are fake accounts), Facebook is also one of the largest PHP deployments in the world - if not the absolute largest. A custom written virtual machine dubbed the 'Hip Hop Virtual Machine' translates Facebook's PHP code into 64-bit x86 instructions for various kinds of heavy-duty server-side computation.
Naturally, though, they're interested in ensuring that they have the best possible setup on the back-end, and the up and coming ARM architecture has a number of advantages over x86 processors for massively scaled server setups like Facebook uses. Interestingly enough, Google, who uses a mixture of AJAX and Python for their heavy lifting as also interested in experimenting with the ARM processor architecture.
For Facebook, however, the primary concern is not being locked into a monoculture of processors as various implementations of the technology evolves. They're hoping to adjust the Hip Hop Virtual Machine to be as architecture independent as possible, although their most realistic timeframes don't see a complete switch for several years.
The ARM processor architecture is extremely attractive for any large web-based service, as it's far more power-efficient than a comparable x86 server farm setup. When you have a massive number of servers the way Facebook does - estimated in 2012 at just under 200,000 - power bills are one of your major concerns, and the ability to adopt newer, more power efficient architectures is extremely appealing.
While Facebook is remaining relatively quiet about the entire process, you can look at a far more technical explanation of their plans at their Hip Hop Virtual Machine blog
here. If you're a highly-skilled PHP developer who is also very familiar with the ARM server architecture, you might even consider applying for the job!
Posted on December 20th 2013 at 09:36pm
0 Comments
Tuesday 17th December 2013 PHP.net Breached With Potentially Unique Malware
In what is no doubt an embarrassing security breach, PHP.net, the official website of the PHP programming language, was compromised temporarily by hackers. Having a server compromised is not a particularly rare occurrence in the modern digital era, although as the flagship site of the PHP language, it must be particularly galling - as well as being a potent cautionary tale for PHP programmers everywhere. After all, if it can happen there, it can happen anywhere.
The attack, which compromised the site for nearly 3 days in October, was intended to force users who visited the site to download and execute some malicious code - also not particularly uncommon in this day and age. More recently, however, security researchers were analyzing the payload that was downloaded to user's machines, and found it to be a highly specific and potentially unique piece of malware dubbed DGA.Changer, which employs sophisticated techniques to evade detection and maintain links with command and control systems, for the purpose of downloading other pieces of malware to the infected machines which would otherwise be caught and removed.
Here's where things get curious, though: the machines infected by DGA.Changer from the PHP.net attack don't seem to be downloading other pieces of malware. There have been no reported cases of additional malware downloads in the wild, and security researches are concerned that something more complex is at work - the digital equivalent of the 'long con', perhaps. Aviv Raff, CTO and security researcher at Seculert writes, "Our analysis at this point is that 'no news is bad news.' Why would adversaries deploy a malware which downloads nothing, on a site used by software developers, and then engineer it so that it can receive commands from a C2 server to change the DGA seed? It makes no sense—and that [is] worrisome. Not all adversaries are geniuses, but they typically have an agenda."
The current running theory is that PHP.net was targeted because it has a very high probability of being visited by PHP programmers who are working on high-value projects that may not even be released yet, giving whoever holds the keys to DGA.Changer a very valuable pool of potential targets. While there seems to be no activity or damage caused as a result of the attack, the possibility that someone is specifically targeting PHP programmers rather than average users is a disturbing trend that should have every developer concerned - and ensuring their antivirus definitions are up-to-date and working properly.
Posted on December 17th 2013 at 09:46pm
0 Comments
Wednesday 11th December 2013 Coping With Legacy PHP Code
Developers, like any creative individuals, tend to like to work on their own projects from start to finish. There's nothing more satisfying than seeing a project go live that you've shepherded the whole way from conceptual planning to development and testing to that sweet, sweet final build. Sadly, the world doesn't always work that way. Whether you're working as part of a larger development team, you've been brought in to redirect a project that went off the rails or you're updating a project that's been around almost as long as PHP has, at some point in your career you're going to run into code that doesn't shine - and you're still going to have to work with it.
At first blush, it can seem pretty overwhelming to pick up a project that's got years of development behind it. As with most actively ongoing PHP projects, the entire codebase has evolved over time as the needs of the client, the user and the technology itself has adjusted over the project's lifespan. Even the language itself has changed dramatically since it was first implemented. Best practices that are commonplace now were barely heard of and rarely used when some projects began, and those that existed at the time were not well known. So what do you do?
The most important thing to do is to examine the codebase in its entirety and decide what's most sorely in need of updating. Prioritising your list of updates can make the job seem less like an impossible mountain to climb and actually more like something that might be completed within your lifetime. What sections of code are you going to be working with most directly? Which aspects are so antiquated that they can barely interface with any new code you write? Are there any gaping security holes? Answering these simple questions can provide you with a roadmap of smaller goals that can quickly be completed, giving you a sense of control over the project.
Don't get caught up in a perfectionist mindset. Is it really important for you to start with small-scale optimisation improvements? That can probably wait until some of the larger issues are sorted out. Above all, though - make sure that you follow current PHP best practices when you're implementing your changes, otherwise you - or another programmer a couple of years down the line - are just going to wind up in exactly the same situation as before.
Posted on December 11th 2013 at 08:11pm
0 Comments
Saturday 07th December 2013 Facebook PHP Virtual Machine Released
One of the holy grails of complex PHP application development is maximizing performance. Not only does better performance mean more manageable server loads, if you're scaling large enough, there can be a number of other dramatic gains in terms of power consumption and energy costs. Few companies are more familiar with this than the social networking giant Facebook, which is coded entirely in PHP and also just happens to be the largest social networking site on the planet. With over a billion active accounts, that's nearly 20% of the entire world's population - almost nobody else is as familiar with complex and robust PHP deployments as they are.
When it comes to web deployments of PHP applications, most developers initially choose to write the complicated code in PHP, but as the application scales and the usage levels increase, the more complex calculations are often re-coded using a faster server-based language such as C or C++. Facebook itself did this in the past, using a custom compiler named HipHop that translated the site's PHP code into C++ for faster execution. As in many large development environments, however, this eventually grew to create separate problems, which meant a new solution was called for.
Thus began the development of the HipHop Virtual Machine, or HHVM as it's more commonly known. Without getting too deep into the technical specifics, the HHVM translates PHP code into a custom bytecode known as HHBC (you guessed it, Hip Hop Byte Code) which is then processed by an x64 just-in-time compiler, along with a companion bytecode interpreter when absolutely necessary. This allows Facebook's entire staff of PHP developers to work on the entire codebase together, instead of dividing up the development process into PHP and C++, which can often lead to major headaches when it comes time to reconcile.
Joel Pobar, a developer at Facebook, cautioned that many developers hoping to gain performance improvements from implementing HHVM may not get the results they want, saying, "Chances are [your code is] spending too much time talking to the database or spending too time talking to the memcache caching layer." In other words, your performance bottleneck isn't likely to be execution speed, as there are other more typical culprits that can be identified by using benchmarking applications. The HHVM is strongly optimized towards very large PHP codebases with very heavy usage loads, but it may be worth investigating for your next project.
Posted on December 07th 2013 at 09:13pm
0 Comments
Wednesday 04th December 2013 The Importance of Keeping PHP Up to Date
PHP is a robust and flexible language, used almost everywhere on the web in one form or another - and, increasingly, it's being used in many non-standard environments. As we grow into the so-called Internet of Things - the holy grail of web connectivity where every device we own is integrated into a network - the places PHP can be found are often extremely surprising to the unexpecting user. Never before has this been more highlighted than by a new piece of malware that was identified in the last two weeks by security firm Symantec.
Capitalising on a by-now ancient PHP bug, the malware is a worm known as Linux.Darlloz has currently only been infected Intel x86-based systems, but security researchers warn that there are variants of the worms code that are designed for chip architectures that are most commonly found in consumer-grade routers, IP security cameras, and even television set-top boxes, which are not typically devices that are targeted by malware attacks. While there have been no recorded incidents of any devices being infected 'in the wild', the possibility exists that the current operational structure will change.
This serves to highlight the importance of working with up to date versions of PHP, and ensuring that if you or your company are responsible for working with devices that contain web interfaces, as most devices in the Internet of Things do for control and configuration purposes, it's absolutely crucial to roll out properly timed security updates. The particular flaw exploited by the Linux.Darlloz worm is only found in PHP versions 5.4.1 and earlier ; the patch for the flaw was implemented as far back as May 3rd of 2012.
It doesn't take much time to ensure that your current development environments are running the latest version of PHP - a quick version check and an update to your binaries is all it takes. It's possible that you may have to make some updates to any projects that are currently in the works, and if you've got any deployed projects they should be updated to patch any security flaws, but the benefits of the added stability and security far outweigh the hassles involved in staying updated. Even if you're not ready to adopt the latest bleeding edge version, at least try to stay with a version that was released in the current year.
Posted on December 04th 2013 at 02:29am
0 Comments
