Recent Blog Posts
Blogs » PHP
Dynamically Typed
: PHP BlogPHP Conference London 2007
It’s back! - just doing my bit to support the UK’s premiere PHP event. And hats off to them again for honest pricing - no inflation since last year if I remember right: £50 in advance or £75 on the day. Whether I’ll be able to get there is another story but I’d like to.
2007: The Year of OpenID (?)
A late but Happy New Year - recent silence related to starting new job at local.ch - more on that another time.
So let’s call this one the Year of OpenID - or at least the part up to March. OpenID is starting to gain traction as a solution to some (not all) online authentication problems.
While some good resources are starting to show up explaining how OpenID works, there’s a tendency towards either “here’s how to add to your blog - don’t ask difficult questions” or significant assumed knowledge. So it’s nice if you have someone around who can explain it directly, which is what happened last webtuesday, Cédric’s providing an OpenID Overview. As well as doing a great job of explaining key points of what OpenID is and is not, he also took a good stab at illustrating OpenID transactions in terms of the communication between the hosts involved, something that seems poorly documented online right now - images here.
One particular concern the talk raised regards the final redirect of an OpenID transaction, when a new account is being setup on the relying party (the site you want to …
Rise of the Robots
Quick factual / historical note regarding Anonymizing RFI Attacks Through Google which Stefan and Ilia both referenced today.
As far as I know the notion of “programming” legitimate 3rd-party web spiders to attack other sites was first raised back in 2001 by Michal Zalewski (also wikipedia) in Against the System: Rise of the Robots.
Not that I’m hunting hacker-cred - ran into it via his book Silence on the Wire (which is a great read BTW - ever thought about how those Javascript key press events uniquely identify you?).
Race Conditions, AJAX and Sessions
Via Jeff’s bookmarks, Race Conditions with Ajax and PHP Sessions by Andy “thwarted” Bakun is an outstanding anaylsis of a problem that’s come up before on this blog here.
In fact the title is almost misleading - the first half looks at “parallel processing” in Javascript with some valuable insight - i.e. you want to read this even if you’re not using PHP.
The second half explores building a custom PHP session handler (PHP’s default session handler does not suffer from race conditions but can become problematic the moment you start handling serious traffic), leading up to a very cunning strategy that allows you to lock a single session variable (rather than the entire session) via overloading the $_SESSION variable using SPL - effectively an alternative to using session_set_save_handler() - let’s hope this becomes recognised as a feature that needs supporting.
And it’s refresshing it is to see something like this in PHP-related content…
the built-in [PHP] session handler uses the flock(2) system call […] This can be verified by using strace to list all the system calls being made by a process. Here’s the important bit:
open("/var/lib/php/session/sess_XXXXXXXXXXXXXXXXXXXXXXXXXX", O_RDWR|O_CREAT, 0600) = 18
flock(18, LOCK_EX) …
Lessons from the LAMP generation - tilllate.com
Last night we were treated to Silvan and Stefans whirlwind history of tilllate.com, delivered to a packed webtuesday - thanks to search.ch for hosting and apologies to those that got stuck out in the corridor - a search for bigger meeting spaces is in progress.
The talk - described here translates (loosely) to “tilllate.com: From 0.1 to 30 Servers”;
With 100 million pageviews and 1 million visitors a month, tilllate.com is one of the biggest web platforms in Switzerland. The site currently comprises 60′000 lines of code and 430 database tables, served by a cluster of over 30 servers. Software and infrastructure is the responsibility of a team of 5 developers and engineers. Stefan (System Engineer) and [Silvan] (CTO) present their technical experiences in building tilllate from scratch.
It was both insightful and entertaining, backed with confessions and tales of past disasters. Something about the tilllate story probably rings true for most of the “LAMP generation”.
In redux: tilllate.com began is a “just for fun” project, while the founders were students. Self taught, starting from “View > Source” and graduating to PHP, the first version, released in Y2K was ~40 scripts on a shared host. You …
The next hot PHP app you install might be IBM’s
In case you hadn’t paid any attention to QEDWiki so far, check out this demo. The server-side is written in PHP using Zend’s framework - more detail here and most recent info seems to be here (it’s not released yet - some time soon)
The idea of application wikis and situational applications has a lot of potential IMO. If you consider Dokuwiki (tends to get mentioned round here) for example, its interesting that a number of users have employed it as an alternative to a CMS - it gives you more structure than most wiki’s thanks to things like namespaces but is far more flexible than your average CMS.
More interesting is examining some of the behavior syntax plugins such as the sql plugin;
===== A wiki page with a query =====
Here is the //products// list:
<sql db="mysql://user:pwd@localhost/shop"> select * from products; </sql>
Or the AJAX chat plugin which just needs you to add ~~CHAT~~ to any page.
There’s potential here. Dokuwiki has design limitations, such as it’s difficult to apply access control sections of a page and I doubt that’s easy to fix without a big re-write: that SQL plugin is really only for private wikis.
But …
The Case for Registering Multiple Domains
Via /. - Optimizing Page Load Time has some very interesting insight, in particular this point;
By default, IE allows only two outstanding connections per hostname when talking to HTTP/1.1 servers or eight-ish outstanding connections total. Firefox has similar limits. Using up to four hostnames instead of one will give you more connections. (IP addresses don’t matter; the hostnames can all point to the same IP.)
That’s actually an HTTP 1.1 recommendation (section 8.1.4);
Clients that use persistent connections SHOULD limit the number of
simultaneous connections that they maintain to a given server. A
single-user client SHOULD NOT maintain more than 2 connections with
any server or proxy. A proxy SHOULD use up to 2*N connections to
another server or proxy, where N is the number of simultaneously
active users. These guidelines are intended to improve HTTP response
times and avoid congestion.
More snippets of insight here and here. This is also something you should think about related to AJAX.
A minor nit: the approach recommended in “Optimizing Page Load Time” is;
Rather than loading all of your objects from http://static.example.com/, create four hostnames (e.g. static0.example.com, …
The Joy of Regular Expressions [4]
Having found some more joy, time to interrupt your Friday evening viewing, picking up the saga from where we left off last time.
Contents
You’ve already had your first taste of sub patterns here, where they where used to capture a word and wrap it in an HTML span tag via preg_replace_callback(). It’s time to explore sub patterns a little further…
You’ve got a string containing a date / time stamp like ‘20061028134534′ - that’s year (4 digits), month (2 digits), day of the month (2 digits), hour (2 digits, 24 hour clock), minutes and seconds (both 2 digits). You need to break it up into it’s constituent parts so you can use them for calculations.
Now you could use multiple calls to substr() but an alternative solution is a regular expression, for example;
<php
$date = ‘20061028134534′; # The input date string
preg_match(
‘/^(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})$/’,
…
It’s official: Javascript sucks harder than PHP
The surprise outcome of last nights webtuesday - Javascript sucks harder than PHP. I still can’t quite believe it.
Maarten took the PHP corner against me in the Javascript corner, both of us shamelessly advocating each language under various headings - 1 minute max per topic - no outright lies although often bordering on truthiness. Verdicts provided by the audience, based on who could shout loudest from a choice of “OK - 0 points”, “Annoys - 2 points”, “Sucks - 4 points”, “Sucks hard - 6 points” and “Blows - 8 points”, with help from the Suckometer (thanks to the Net-Policy team for QWizard).
Now this might not sound very scientific. For starters, how can you compare PHP (server-side) to Javascript (client-side) - apples to pears? But it’s not quite so black and white, as you’ll see from the slides - there is server-side Javascript just as there is client-side PHP. And if you ignore that distinction and focus more purely on their respective merits as programming languages, there’s plenty of room for comparison. Meanwhile you might argue that a secret ballot is essential for impartial rating …
Puzzling Forecasts
In the same vein as this, here’s a real world puzzle that might serve as a nice (or annoying) interview question - relates to something I had to deal with at work today.
There are a number of types of aviation weather bulletins, used worldwide and often critical to the operations of airlines etc. Many were designed prior to the dawn of XML and tend to have “interesting” formats - fun to understand, even more fun to parse. I imagine the designs were driven by system limitations - the days where a few bytes here or there really mattered - as well as the unique way the airline industry sees the world - something like RFC 3339 dates would be pure wasteful luxury.
For example METAR reports describe the current weather conditions at an airport while TAF is weather forecast for an airport.
Now a given TAF forecast will be valid for a maximum of 24 hours and a minimum of at least one hour (in practice, not normally less than six hours I believe). By “valid” in this context, I mean the time period for which the information contained in the forecast can be regarded as accurate.
You can …
Sponsored Links
Download sample chapters of any of our popular books.
