Feed aggregator

PHP 5.5.10 released

Planet-PHP - do, 06/03/2014 - 02:00
The PHP development team announces the immediate availability of PHP 5.5.10. Several bugs were fixed in this release, including security issues related to CVEs. CVE-2014-1943, CVE-2014-2270 and CVE-2013-7327 have been addressed in this release. We recommand all PHP 5.5 users to upgrade to this version. For source downloads of PHP 5.5.10 please visit our downloads page, Windows binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.
Categorieën: Open Source, PHP Community

Thoughts on Composer’s Future Security

Planet-PHP - wo, 05/03/2014 - 21:58

Sign coconut

coconut (Photo credit: @Doug88888)

I’ve been spending a chunk of free time recently working on a few PRs for Composer related to security so this is my usual “let’s watch Paddy think aloud in a completely unstructured manner” blog post. But seriously, with all the issues and PRs going around, this is my detailed look at solving a “simple” problem: establishing trust in Composer’s source code and its operation thereafter.

The Composer issue, as initially reported by Kevin McArthur, was fairly simple. Since no download connection by Composer was properly secured using SSL/TLS then an attacker could, with the assistance of a Man-In-The-Middle (MITM) attack, substitute the package you wanted to download with a modified version that communicated with the attacker’s server. They could, for example, plant a line of code which sends the contents of $_POST to the attacker’s server.

The obvious solution is to implement TLS support…

To mitigate this risk, I updated Composer in a PR in the following ways:

  1. Peer verification is enabled by default. Disabling it nets you a continual warning message.
  2. It follows all recommended TLS options being introduced for PHP 5.6 (thanks to @rdlowrey).
  3. Since peer verification requires root CA certificates, Composer will attempt to locate a local system certificate bundle (thanks to @EvanDotPro).
  4. If all else fails, Composer bundles root CA certificates which it will fall back to.
  5. Users can override the default detected certificate bundle by manually setting a –cafile option for most commands.
  6. The Installer has also been updated for 1-5.

Composer should now operate with SSL/TLS protections out of the box. There may be edge cases since support for Subject Alternative Names (SANs) in SSL certs has not yet been added to PHP 5.4 or 5.5, but I’m hoping that future releases of these versions will see it added. This particular issue does not impact Packagist.

Mission accomplished?

There are other TLS related features that can be looked into for the future. Users may want to generate their own CA cert bundle file as a substitute, e.g. Evan Coury’s Sslurp, to avoid a single point of failure or trust. With the dawning realisation that government surveillance is commonplace, and that trusted CA’s may mistakenly issue, or allow to be issued, certificates for entities without that entity’s permission, public certificate pinning may also warrant future attention.

SSL/TLS should protect the TCP connections between the client and the server, but it doesn’t actually verify that the code being downloaded was published by a trusted maintainer – only that you downloaded it from a verified host. So, what if the server were compromised? What if the SSL/TLS connection were breached?

Throughout 2013/2014, TLS has been besieged by a number of problems:

  1. Weaknesses in the protocol: SSL/TLS is made up of SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2. Newer versions tend to be stronger, and SSL is overdue to be phased out of existence. Aside from obsolescence, the protocols are constantly under the microscope. On 4 March, researchers released details for the new “Triple Handshake Attack”. You’re probably already familiar with terms like CRIME and BEAST from 2013. Another part of the protocol is how encryption is implemented. TLS may use quite a number of cipher suites (named sets of authentication, encryption and MAC algos) in any particular order of preference. Reordering the preference to favour stronger ciphers which have Perfect Forward Secrecy (PFS) as an attribute is essential to mitigate against the loss of private keys (genuine loss, stolen, demanded by a court order or NSL). Without PFS, one could decrypt previously logged requests once they had the private key. PFS is not favoured by default in

Truncated by Planet PHP, read more at the original (another 10417 bytes)

Categorieën: Open Source, PHP Community

Coding the Architecture: Five things every developer should know about software architecture

PHPDeveloper.org - wo, 05/03/2014 - 19:57

While not specific to PHP, this new article on the Coding the Architecture blog gives some good insights on what developers should know about software architecture.

Now I may be biased, but a quick look at my calendar hints to me that there's a renewed and growing interest in software architecture. Although I really like much of the improvement the agile movement has provided to the software development industry, I still can't help feeling that there are a large number of teams out there who struggle with a lack of process.

[...] Put very simply, software architecture plays a pivotal role in the delivery of successful software yet it's frustratingly neglected by many teams. Whether performed by one person or shared amongst the team, the architecture role exists on even the most agile of teams yet the balance of up front and evolutionary thinking often reflects aspiration rather than reality. The big problem is that software architecture has fallen out of favour over the past decade or so. Here are five things that every software developer should know about it.

Each of the five things comes with a paragraph of explanation (and some links to additional resources):

  • Software architecture isn't about big design up front
  • Every software team needs to consider software architecture
  • The software architecture role is about coding, coaching and collaboration
  • You don't need to use UML
  • A good software architecture enables agility
Link: http://www.codingthearchitecture.com/2014/03/05/five_things_every_developer_should_know_about_software_architecture.html

Modernizing Legacy APIs

Planet-PHP - wo, 05/03/2014 - 19:38

My friend Keith Casey is working on a book about practical API design. However, if you have a legacy application, adding (or updating) an API can be troublesome. It would be a lot easier to deal with an API if you could modernize your legacy application first. As Keith says:

If you read the tech press, everyone knows they need an API but most aren’t really sure what it is. They treat it as another checkbox like “Web 2.0″ was a few years ago or a mobile app was most recently. In fact, there’s an entire “API-first” movement in development circles that most people don’t understand or even realize why. …

Of course, how do you get your application ready for an API?

In response to that scenario, we are happy to announce a Leanpub book bundle: “Modernizing Legacy PHP Apps with APIs.” When you buy both books together and you get a discount from their separate prices. The Leanpub 100% happiness guarantee applies: if you don’t like your purchase, you can get your money back up to 45 days later.

Do you have a legacy application that you want to modernize? Do you want to add an API, or redesign the existing one? Buy “Modernizing Legacy PHP Applications with APIs” today and get started on making your own life easier!

Categorieën: Open Source, PHP Community

Simple Captchas with PHP and GD

Planet-PHP - wo, 05/03/2014 - 19:00

By now, we’ve all encountered captcha images in online forms. Captchas are a necessary evil, and this article will teach you how they’re made.

Please note that while there are better, automatic third party solutions for captchas out there such as ReCaptcha, this tutorial aims merely to explain and demonstrate how such technology actually works. We won’t be explaining what captchas actually are, as it’s assumed to be common knowledge and already covered in greater detail elsewhere.

Drawing captchas

You must have the GD(Graphics Draw) library installed before proceeding. This library enables drawing of graphics and images through built-in PHP functions. To install it, run sudo apt-get install php5-gd or if on non-Ubuntu-based operating systems, follow instructions.

Captchas are usually made up of 3 things - shape, distortion, and the text.
We’ll follow the steps mentioned below:

  1. Display an empty image on the browser.
  2. Create a shape.
  3. Generate random lines.
  4. Generate random dots.
  5. Generate random text.

The procedural style used in this article is present only because this is a proof of concept, and to keep the final file as simple as possible. In a real project, you would go OOP.

Continue reading %Simple Captchas with PHP and GD%

Categorieën: Open Source, PHP Community

MakeUseOf: Create The Perfect PHP Development Environment In Android

PHPDeveloper.org - wo, 05/03/2014 - 18:39

On the MakeUseOf site there's a recent post showing how you can create the "perfect PHP development environment" on your Android-based device. Obviously, it's much more useful on a tablet, but in theory it could be used on a smartphone.

It turns out you can actually code on Android productively. For the longest time, it has been accepted that whilst computers are for productivity and creativity, Tablets exist purely to allow the passive consumption of content. I believed that as well. I'm a software developer by trade, and I use a 13" Macbook Pro to write all my code. I wouldn't have it any other way. OS X comes with everything I need to be productive as a developer, and I've built my workflow around that. Android on the other hand? I've never really thought about writing code on Android. [...] But then I bought a decent Bluetooth keyboard, and everything changed. I've now built a PHP development environment around my 2012 Nexus 7 tablet, and I love it.

He breaks it down and shows some of the tools he uses for his development including the use of VIM Touch for editing and the Palapa Web Server for local hosting of his applications. Screenshots of the setup and configuration are also included. Link: http://www.makeuseof.com/tag/create-perfect-php-development-environment-android/

Gonzalo Ayuso: Auto injecting dependencies in PHP objects

PHPDeveloper.org - wo, 05/03/2014 - 17:19

In his latest post Gonzalo Ayuso shows how you can automatically inject dependencies into your PHP objects with the help of Pimple, a simple dependency injection container.

I must admit I don't really know what's the correct title for this post. Finally I use "Auto injecting dependencies in PHP objects". I know it isn't very descriptive. Let me explain it a little bit. This time I want to automate the Hollywood Principle ("Don't call us, we'll call you"). [...] We need to use Reflection to create our instance and to call our action. Sometimes I need to work with custom frameworks and legacy PHP applications. I've done it in a couple of projects, but now I want to create a library to automate this operation.

He includes a simple example of a "Controller" class that is injected with a "Request" via constructor injection. He refactors this to create the dependency injection container with a "Builder" class) and shows how to fetch the instance of the "Bar" class from it. It's this Builder class he shares on GitHub.

Link: http://gonzalo123.com/2014/03/03/auto-injecting-dependencies-in-php-objects/

Community News: Packagist Latest Releases for 03.05.2014

PHPDeveloper.org - wo, 05/03/2014 - 16:08
Recent releases from the Packagist:

ServerGrove Blog: Symfony2 components overview: Validator

PHPDeveloper.org - di, 04/03/2014 - 20:55

The ServerGrove blog has posted their latest in-depth look at one of the many components that make up the Symfony2 framework. In this latest post they cover the Validator component, another well-used part of the framework.

In the first five posts of this series we have been talking about key components for any PHP framework from the point of view of their internals, such as HttpFoundation to abstract the HTTP protocol, HttpKernel to convert a Request into a Response, Routing to map requests to controllers, EventDispatcher to add reusability and extensibility, and Config to load and validate configuration values. This time we'll delve deeper in the user space to describe a component that is for specific apps rather than just for frameworks. Today's topic will be the Validator component.

They start off talking about a common problem in web applications, running validation on incoming data, and how the component can help. The article then gets into the architecture of the component and provides a simple example of it in use (validating an integer range). They talk about some of the built-in validations, the internationalization support and validation on objects, just just simple values. Finally, there's a look at creating custom validations, their example being a simple check on a given "programming language" string.

Link: http://blog.servergrove.com/2014/03/03/symfony2-components-overview-validator

SitePoint PHP Blog: Functional Testing in Symfony2

PHPDeveloper.org - di, 04/03/2014 - 19:16

Taylor Ren has written up a new tutorial for the SitePoint PHP blog today walking you through a method for functional testing a Symfony application with the help of Symfony's own "WebTestCase" functionality.

In my previous article, we demonstrated how to load sample data into our Symfony development environment. The test data may not be useful as it stands on its own. When coupled with Functional Testing, however, it becomes a life saver. [...] Functional Testing is different. We don't look at the "correctness" of a single function, which should be verified by a Unit Test, but look at the bigger picture. The question answered by Functional Testing is: Is our app performing well in the sense that it displays the right content, corresponds to a user's interaction, etc?

He shows how to create a simple WebTestCase-based test to fetch the main page of a site, locate a few pieces of information and click on a certain link. Once this test passes, he adds a bit more to the test, checking the data in the page following the click.

Link: http://www.sitepoint.com/functional-testing-symfony2/

HHVM Blog: Tracking Parity

PHPDeveloper.org - di, 04/03/2014 - 18:43

On the HHVM blog today there's a new post shows how far along they are with parity with the PHP language based on the tests from a sampling of several large PHP-based projects.

HHVM has a large suite of unit tests that must pass in several build configurations before a commit reaches master. Unfortunately, this test suite passing doesn't tell you if HHVM can be used for anything useful - so we periodically run the test suites for popular, open source frameworks. [...] The frameworks test page is now public, as is the JSON data backing it (which you're welcome to use).

They look briefly at what exactly is tested (latest stable version, with exceptions) and how it all works. The tests are run once an hour and are based on a completely clean build of HHVM in "csv" mode. The results of the tests are automatically pushed into the MySQL+Memcached system reporting system, accessible via the JSON API.

Link: http://www.hhvm.com/blog/3611/tracking-parity

Using MySQL Fabric from any programming language

Planet-PHP - di, 04/03/2014 - 18:12

MySQL Fabric is a framework for MySQL Replication high availability, automatic failover and sharding. Technically, a MySQL Fabric daemon monitors a set of MySQL servers and takes appropriate actions upon failure. Clients use Fabric aware drivers to learn about failed servers and shards to distribute queries accordingly. Simple to understand, simple to sell, simple to raise false expectations and simple to fail [, dear Sales]. With the usual blog posts telling only the story of the first three sentences, major parts of the story are covered in silence.

Development preview = announcement of a vision != ready

You first challenge will be to find the documentation for the MySQL Fabric development preview. From the documentation overview page it takes three clicks down to the server side documentation for Fabric:

  1. MySQL Workbench
  2. MySQL Utilities 1.4+ (not the older one!)
  3. MySQL Fabric

You better do not start your search in the MySQL Reference Manual under High Availability and Scalability. Fabric, a command line utility, is well hidden inside the documentation of a GUI tool. Eventually, you may find a download and attempt to install Fabric using an install prefix.

~/mysql-utilities-1.4.1/install/bin # ./mysqlfabric manage start
~/mysql-utilities-1.4.1/install/bin # Traceback (most recent call last):
  File "./mysqlfabric", line 23, in <module>
    from mysql.fabric.services import (
ImportError: No module named mysql.fabric.services
~/mysql-utilities-1.4.1/install/bin # export PYTHONPATH=/home/nixnutz/ftp/mysql-utilities-1.4.1/install/lib/python2.7/site-packages/

80% of the development community is out, true?

Pretty much all blogs and tutorials claim that Fabric aware drivers must be used. According to the manual, such drivers exist for Python and Java only. This covers an estimated 20% of the software development communities. Let’s cry for help:

~#47;mysql-utilities-1.4.1/install/bin # ./mysqlfabric help
Usage: %fabric <group> <cmd> [<option> ...] arg ...

mysqlfabric: error: Error (dispatch() takes exactly 3 arguments (1 given)).
Wrong number of parameters were provided for command (manage help).

~#47;mysql-utilities-1.4.1/install/bin # ./mysqlfabric help help help
Command (help, help) was not found.

Being among the 20% of priviledged Python or Java users you may not bother until you browse the etc/ directory for configuration files. Here you will find something seemingly related to PHP’s Doctrine

~/mysql-utilities-1.4.1/install/bin # ls -la ../etc/mysql/
insgesamt 32
drwxr-xr-x 2 nixnutz users  4096 11. Feb 16:34 .
drwxr-xr-x 3 nixnutz users  4096 11. Feb 16:33 ..
-rw-r----- 1 nixnutz users   119 11. Feb 16:34 default_plugins.cnf
-rw-r--r-- 1 nixnutz users   527 11. Feb 16:34 fabric.cfg
-rw-r--r-- 1 nixnutz users 13132 11. Feb 16:34 mysql-fabric-doctrine-1.4.0.zip

There is something for the PHP driver but it is not documented. Why there is something for a PHP application before the driver part is ‘done done’ may make some scratch their heads.

Putting expectations straight and low

Any project should state what is included and what is not. Fabrics’ vision should be clear and bright. Please, see the slides.

But, Fabric is available as a development preview release only. Core functionality exists. The examples from the manual work for me. But, no other scenarios do. For example, mysqlfabric group import_topology lacks documentation and mysqlfabric group promote blog_repl fails for me.

Truncated by Planet PHP, read more at the original (another 20153 bytes)

Categorieën: Open Source, PHP Community

Voices of the ElePHPant: Interview with Paul Jones

PHPDeveloper.org - di, 04/03/2014 - 17:23

The Voices of the ElePHPant podcast has released their latest episode in their community interview series. In this new episode Cal Evans talks with Paul Jones (lead developer on the Aura PHP framework).

They talk some about Aura project and the current status, including the work on the version 2 components and what's to come (recombining v2 packages back into the vs framework). They also talk about Paul's book Modernizing Legacy Applications.

You can listen to this latest episode either through the in-page player, by downloading the mp3 or subscribe to their feed.

Link: http://voicesoftheelephpant.com/2014/03/04/interview-with-paul-jones/

Community News: Packagist Latest Releases for 03.04.2014

PHPDeveloper.org - di, 04/03/2014 - 16:08
Recent releases from the Packagist:

Community News: Latest PECL Releases for 03.04.2014

PHPDeveloper.org - di, 04/03/2014 - 15:04
Latest PECL Releases:
  • solr 2.0.0b - Support Solr version 4.0+ - Added support for retreiving Solr Server system information through SolrClient SolrClient::system() - Support for softCommit - Suppport for expungeDeletes - maxSegments for commit is deprecated - Added escape character / as per Solr 4 it is reserved for REGEX - Disabled warnings for connection errors, SolrClientException is thrown - SolrClientException messages for connection errors are more meaningful indicating error messages and codes - API changes for: SolrClient::commit($maxSegments = 0, $softCommit = false, $waitSearcher = true, $expungeDeletes = false) SolrClient::optimize($maxSegments = 1, $softCommit = false, $waitSearcher = true) SolrClient::addDocument(SolrInputDocument &$doc, $overwrite = true, $commitWithin = 0) SolrClient::addDocuments(array &$docs, $overwrite = true, $commitWithin = 0) - Several Bug Fixes Warning: PECL Solr >= 2 is not compatible with Solr Server < 4.0

  • APCu 4.0.4 - Fix deadlocking due to destroyed locks - Fix various compatibility bugs

  • krb5 1.0.0 - [CLEANUP] Remove bundled kadmin headers, drop support for mit-krb5 <1.8 - [FEATURE] Support use of the krb5-config tool to determine library paths - [CLEANUP] Remove KRB5CCache->setConfig method as this is no longer supported by libraries - [BUG] Fix null-deref in isValid for uninitialized KRB5CCache

  • xdebug 2.2.4 Fri, Feb 28, 2014 - xdebug 2.2.4 = Fixed bugs: - Fixed bug #785: Profiler does not handle closures and call_user_func_array well. - Fixed bug #963: Xdebug waits too long for response from remote client - Fixed bug #976: XDebug crashes if current varibles scope contains COM object. - Fixed bug #978: Inspection of array with negative keys fails - Fixed bug #979: property_value -m 0 should mean all bytes, not 0 bytes - Fixed bug #987: Hidden property names not shown.

  • swoole 1.6.11 - Disable by default async_mysql - Disable by default sockets - Added event onWorkerError - Added event onWorkerStart for task_worker - swoole_server->task can assign worker_id - swoole_server->set() save params to swoole_server::$setting - swoole_client->send will check data length - swoole_server->connection_info for udp

  • mongo 1.5.0alpha1 ** Bug * [PHP-722] - Segfault when passing null value to MongoCollection::find() and unclear other conditions are met, inaccurate error message * [PHP-796] - Modifying MongoDate internal properties evilness * [PHP-813] - IS_SCALAR_*() doesn't account for resources * [PHP-815] - MongoCursor ctor doesn't validate the MongoClient object * [PHP-833] - Add the MongoClient::killCursor method to kill a cursor on the server on 64-bit platforms * [PHP-835] - Driver interprets 'err' property as MongoCursorException * [PHP-848] - Invalid read in master * [PHP-882] - mongo_connection_get_server_version memleaks * [PHP-883] - php_mongo_dbref_create() doesn't handle MongoId values * [PHP-888] - DBRef refactoring broke BC for $id parameter handling * [PHP-902] - Segfault when unregistering broken server * [PHP-949] - ensureIndex() creates wrong names * [PHP-955] - Switch the default mongo.native_long to 1 for 64bit platforms * [PHP-981] - Empty document should not throw exception ** Improvement * [PHP-578] - No need to call ismaster 2times * [PHP-705] - Throw exception when overflowing message size in OP_INSERT batches * [PHP-708] - WriteConcern failure exception should include the entire GLE document * [PHP-712] - findAndModify returns empty array when nothing is found * [PHP-774] - Deprecate the protected method MongoCollection::toIndexString * [PHP-807] - Rewrite to_index_string to use smart_str and a real C function * [PHP-812] - Remove unused MongoDBRef::$refKey and MongoDBRef::$idKey * [PHP-837] - Handle cursor IDs for return with MongoCursor::info on 32bit platforms * [PHP-851] - Add MONGO_HAVE_* constants and make sure MINFO contains this too * [PHP-880] - New write operation method for insert, update, remove * [PHP-886] - Add support for secondaryAcceptableLatencyMS * [PHP-903] - Improve the Stream Notification API * [PHP-941] - Throw MongoConnectionException on stream failures * [PHP-942] - Throw MongoDuplicateKeyException on duplicate key errors * [PHP-971] - Remove mongo.native_long for 32bit platforms * [PHP-990] - Implement Batch Write API ** New Feature * [PHP-819] - Add Mongo[DB|Collection]->[get|set]WriteConcern() * [PHP-831] - SASL Support (SASL Plain) * [PHP-832] - SASL Support (SASL Kerberos) * [PHP-861] - Add maxTimeMS() method to MongoCursor to configure the maximum time a query can take * [PHP-868] - Method to check if string is a valid ObjectId * [PHP-873] - Support the MONGODB-X509 authentication mechanism * [PHP-875] - Add support for cursor for aggregation * [PHP-876] - Make the driver check for the server version upon connection * [PHP-923] - Drivers should only talk to servers with overlapping wire versions * [PHP-944] - Support $out aggregation pipeline operator * [PHP-951] - Provide API for getting latest server version or isMaster response in driver * [PHP-962] - Create constants for additional binary data subtypes * [PHP-965] - Documentation for MongoId::isValid() ** Task * [PHP-657] - Add deprecation notice to MongoCursor::slaveOkay * [PHP-714] - Convenience macro for getting mongoclient* * [PHP-786] - Sort out includes * [PHP-809] - Deprecate use of "safe" all over collection.c * [PHP-844] - driver must authenticate before calling isMaster() * [PHP-845] - Ability to use different SPN on the driver for Kerberos Authentication * [PHP-983] - Change nUpdated to nMatched in bulk api results ** Sub-task * [PHP-763] - Create prototypes for MongoClient and Mongo classes * [PHP-794] - Remove 'fd' property of MongoCursorException * [PHP-797] - Deprecate public properties * [PHP-798] - Rename "timeout" to "socketTimeoutMS" in $options * [PHP-804] - Deprecate Mongo::connectUtil * [PHP-818] - Deprecate "Mongo" in favour of MongoClient. * [PHP-824] - Deprecate the "wtimeout" option in crud operations for wTimeoutMS

Walking the London LOOP - part 2

Derick Rethans - di, 04/03/2014 - 11:23
Walking the London LOOP - part 2

Back in October 2013, Morag and I started walking the London LOOP - with section 1. It took nearly four months before we embarked on the second section. The delay was mostly caused by the short days and the terrible weather we have had during the winter. But with the Sun returning and the days getting longer it was time to do part 2: Bexley to Jubilee County Park. We originally intended to do the walk on February 15th, but all the trains towards Kent were buggered due to lots of falling trees caused by the latest storm — hence our second attempt last Sunday. Why I thought it was a good idea to do this right after the PHP UK Conference is a bit of a mystery to me still.

Of course, the travel to the start of the walk was not as straightforwards as it could be. With lots of engineering work and bus replacement services. We ended up taking the train to Barnehurst and bussing it to Bexley—much better than the route that was suggested by National Rail Inquiries: train from Charing Cross to Plumstead, bus to Dartford, and then the train back to Bexley.


From Bexley startion we crossed under the railway and headed South. Just before getting to the river Cray, we walked through some woodland where a fair amount of trees had not survived the winter storms. Joining the river after a mile or so we noticed that it was still very high, and rather fast flowing. In fact, it was so high that many of the paths were either flooded—or very muddy. The muddy path opened up into the Stable and Footscray Meadows and a very lovely bridge, the Five Arches, crossing over the river Cray.

loop2-d36_4585.jpg loop2-d36_4589.jpg

I think there was a bit more water in the meadows than there usually was. Or perhaps the locals tried to create an extra lake. In any case, there was no dry way out of the meadows into the direction we had to be going. The photo to the right just points out how much water we had to wade through. I estimate it was about 3 inches deep.


Past the meadows and All Saints Church we stopped in Sidcup for lunch. Although the route goes past a pub, we decided to skip and instead just pick a cafe in Sidcup itself. But not before we encountered this friendly horse.

Sidcup itself seems like a little village with not much going on, but lunch at Urban Food was decent. After filling up we continued the walk by finding Sidcup Place and crossing the A20 into Scadbury Park.


Scadbury Park is rather large and a local nature reserve. It is also old and has a ruined moated manor in the middle, which was owned by the Scathebury family. The LOOP as mapped on OpenStreetMap had the route go past the manor, but I found that was incorrect as shown by the sign posts on the route.

loop2-d36_4616.jpg loop2-d36_4631.jpg

From Scadbury park we crossed into Petts Wood, or rather perhaps it should be called the Petts Mud Flats as there was nearly no space without mud — some times up to half a foot deep. An indication of the amount is visible in the image to the right. I don't think I've ever had this much mud on a walk actually.


This meant that we were a bit delayed and we would just miss the train home from Petts Wood station. When coming out of the woods we crossed multiple sets of train tracks. The section as shown on the left is just before the end point of second section in the Jubilee Country Park.

The weather was colder than the first section, but that was no surprise as it is February. At around 8°C there was a fair bit of wind, but we kept it dry.

For the full photo series of the LOOP, see my Flickr set.

Categorieën: Open Source, PHP Community

Simon Holywell: HHVM vs Zephir vs PHP: The showdown

PHPDeveloper.org - ma, 03/03/2014 - 20:38

Simon Holywell has posted what he calls a "showdown" between HHVM, Zephir and PHP comparing various benchmarks (based on a Mandelbrot Set fractal).

Since its inception the slow running speed of PHP has been widely publicised and over the years there have been a number of improvements. [...] It has become more interesting recently however with three projects looking for improvements in different ways. The core has adopted the Zend OPcache for future versions of PHP, Facebook has been working on a just in time compiler called HipHop VM and the team that brought us Phalcon framework have created Zephir.

All of these projects have chosen to tackle the issue of PHP's speed via different avenues. It has therefore left one simple question - who's making the biggest improvements? Who's the fastest?

He briefly introduces the "contenders" for those not familiar with them and gets right into the benchmarking process. He shares the link to the tests he used and a few notes about the HHVM setup that could account for lower numbers. He shares his results in a few graphs or you can grab the CSV data yourself and parse it. The entire setup is also over on GitHub if you'd like to just check that out.

Link: http://simonholywell.com/post/2014/02/hhvm-vs-zephir-vs-php-the-showdown.html

SitePoint PHP Blog: Installing PHP Extensions on Nitrous.io

PHPDeveloper.org - ma, 03/03/2014 - 19:45

On the SitePoint PHP blog Bruno Skvorc has posted a new tutorial showing you how to get PHP extensions installed on Nitrous.io, an online environment combining an IDE and PaaS hosting.

Inspired by a comment on my previous article, I realized Nitrous was still a bit too complicated to customize properly. In this tutorial, we'll glide through installing cURL and Phalcon on a Nitrous.io PHP box.

He continues on from his previous article and shows how to detect cURL support and how to build it from the PHP source into an extension. He helps you get the source for the older PHP version Nitrous.io has installed and the commands you'll need to build the extension. With it installed and enabled in the php.ini, he also installs the Phalcon extension.

Link: http://www.sitepoint.com/installing-php-extensions-nitrous-io
Inhoud syndiceren