Mobile World Congress 2010 – Mark Dennehy
Mar 02, 2010
Berita pada kategori ‘Pemrograman’
Sneak Preview: Month of PHP Security 2010 – Stefan Esser
Feb 19, 2010
Three years ago the Hardened-PHP project organized the Month of PHP Bugs. During one month I disclosed more than 40 vulnerabilities in the PHP interpreter in order to improve the overall security of PHP. In the history of PHP this event has been one of a kind. But now, three years later, my company SektionEins GmbH will continue in the same spirit and organize the Month of PHP Security. Our preparations are not finished yet, but here is a sneak preview of what it will be. The Month of PHP Security will take place in May 2010 and will be very different from all the previews ?Month of Bugs? or ?Week of Bugs? events. You can think of the Month of PHP Security as a conference without a conference. This means around the 1st of March we will send out a call for papers in order to collect the best advisories, the best research and the best articles about PHP security. We invite everyone from the PHP and from the security community to take part in this event. The basic idea will be that during May we are planning to release (at least) one advisory or one research paper or one article about PHP security topics that were submitted to the public. And in the end of May our jury will select the best X submissions and give out prizes. We are still in the process of selecting good prizes and would be happy about more sponsors. Therefore: If you consider this event to be a good idea to improve the security of PHP and want to sponsor prizes, do not hesitate to contact us at info@sektioneins.de. The accepted topics will be: Of course we will accept multiple submissions by the same person/team and there will most probably also be articles/advisories by ourself. (But of course we cannot win the prizes) We at SektionEins are already very excited about the event and hope it will be a success and once again improve the security of the PHP ecosystem.
Symfony Live 2010 – Symfony2, speaking and stuff – Jordi Boggiano
Feb 18, 2010
Overall the conference was pretty interesting since I don’t have a lot of experience with symfony I learned quite a bunch of things about it’s usage. I also met a lot of nice people, and ended the trip yesterday evening at the github meetup, after going for food with a couple phpBB guys who are really much nicer than the forum software they stand for. They were also very open to us bashing phpBB and seem to be headed towards a brighter future for the next version, which I’m sure nobody will complain about. I also had my first session at a conference, accompanying Lukas though so I wasn’t really flying by myself yet but it was still a nice and interesting (and stressful) experience that I will try to renew. We didn’t get all that much feedback by the way so feel free to do so (also here if you are too lazy to register on joind.in), the organizers need it and obviously I wonder how the talk was received as well. As for Symfony 2 (which now comes with a capital S please), I kind of saw the flexibility coming since we already implemented the dependency injection container in our Okapi framework at Liip, but I was still impressed by the jump away from symfony (1) Fabien conceded, many people would have tried to keep more BC at the cost of going forward, and I’m really glad he didn’t, I think it will pay in the long run. The new version of the framework will basically be able to be totally ripped apart to fit your needs better if you have high performance requirements, which was the major pain point of symfony 1 as far as I’m concerned, and one of our reasons to keep working on Okapi which is pretty much a baseline micro-framework you can build upon. We will have to see if adopting Symfony in its place will make sense, but it sounds promising and it would offload some maintenance away from us which is always good. Obviously Symfony 2 isn’t going to be stable for a while, and there are some rough edges that still need to be discussed and improved, mostly in the way bundles are handled imo, but it looks very good already and I’ll definitely give it a try asap. I would also encourage everyone to do so, especially framework developers, because the dependency injection is a pretty awesome thing to have, both for the testability of code and flexibility of the development process. Although if it’s your only interest in it, checking out the Okapi 2 core (or the liip.to app ported to use it) is probably easier as there is less code to read, and we didn’t add any of the abstraction to the dependency injection layer that Symfony 2 has.
Javascript on the Desktop (well Linux Mostly) – Alan Knowles
Jan 19, 2010
Unfortunately my internet line died over the weekend, and I was left without a connection until Tuesday. I had a bit of offline time to have a look at some interesting new(ish) technology.
If you have paid any attention to Gnome development, there are mentions of gnome-shell, and something about making it easier to develop add-on/applets etc. using Javascript. I have not really had time to look at this much, however given the fact I had downloaded all the components prior to my loss of connectivity, I spent some time over the weekend and monday looking at this in more detail.
It looks like there are obviously things going on in IRC and mailing lists, so most of my impressions are from the websites, and code. There are basically 2 projects currently.
GJS – This is the mozilla Javascript engine bound to the gobject introspection system
Seed – This is the webkit Javascript engine bound to the gobject introspection system
Of the two, Seed apears to be a little more advanced and more time has gone into it, based on the fact there appear to be more core features in Seed (eg. I could not find anything like Seed.print() in GJS), and there are very few examples in GJS
Both of these use the GObject introspection method to bind to Gtk, and a large and growing number of other libraries. This is something I found very interesting having gone through a similar process with rooscript.
The fundimental issue of creating bindings to Gtk (and anything that uses the GObject system) is that historically, almost everyone (PHP, Python etc.) who did it used this method.
* Parse the html documentation, or the .h files (extracting the classes, enums, methods, arguments etc.)
* Generate Binding code for each library, which wraps these methods, loads the ‘.so’ libraries and links it all together.
* Compile a Module (or statically link it in some cases)
* Run… Test.. Fix bugs in wrapping code… Run … Test.
What GObject inspection introduces is an very thin layer that can be used to expose any of these methods without writing any binding code (other than to GObject inspection). The result is that to add more features (linking to another library) – you just have to generate a XML file describing the interface, compile it with g-ir-compile and put it in the right folder, and you have magically added support to a new Library, without generating an C code!
This also means that fixing the binding is considerably simpler (fix the XML file, re-compile etc.) and you have solved bugs in any language that is using it… (as I found with gtk_tree_store_set_column_types()
Playing with the languages.
GJS and Seed present the Gtk API very slightly differently, which at present appears to be a bit of a blocker for deciding which to use (or even to bother for some). The key differences are for authoring
* Javascript ‘let’ features in GJS – not available in Seed.. – This is rather a big blocker as code designed for GJS will fail in Seed totally.. (and visa-versa probably)
* Different call signatures to signalsÃ? Ã? Ã? SEED:OBJECT.signal.connect(method)Ã? vsÃ? GJS:OBJECT.connect(’signal’, method)Ã? – I think personally that GJS way is more true to the concept and cleaner, however as you can see below there are ways around this.
Seed has a git repo on gnome ’seed-examples’, which contains a large number of examples, although their depth is rather thin unfortunatly.. (code coverage is probably 1% at best)…
Both have pretty much Zero in the documentation stakes.. – A rather trivial task to create – which I’m tempted to have a go at….
Anyway back to my playing around..
I’ve been doing some serious shit in Javascript recently, GUI builders, Code generators, Hacking GTK bindings etc. so I’ve seen the good, bad and ugly as far as Javascript goes (Bad sometimes being my code).Ã? I’ve been slowly moving to what I regard as an effecient, productive use of Javascript, most of which can be seen in the xtype support in RooJS
After runing the first few examples in seed-examples, I decided to see if using an xtype / Roo structure could be done with Seed. After a bit of tweaking, and bugfixing of Seed, I finally got this code to work.
var win = XN.xnew({
xtype : Gtk.Window,
type: Gtk.WindowType.TOPLEVEL,
listeners : {
'delete-event' : function (widget, event) {
return false;
},
destroy : function (widget) {
Gtk.main_quit();
}
},
set : {
set_border_width : [ 10 ],
resize : [300, 300],
show_all : []
},
items : [
Truncated by Planet PHP, read more at the original (another 5487 bytes)
Three Ways to Make a POST Request from PHP – Lorna Mitchell
Jan 18, 2010
I’ve been doing a lot of work with services and working with them in various ways from PHP. There are a few different ways to do this, PHP has a curl extension which is useful, and if you can add PECL extensions then pecl_http is a better bet but there are a couple of different ways of using it. This post shows all these side-by-side.
POSTing from PHP Curl
This is pretty straightforward once you get your head around the way the PHP curl extension works, combining various flags with setopt() calls. In this example I’ve got a variable $xml which holds the XML I have prepared to send – I’m going to post the contents of that to flickr’s test method.
$url = ‘http://api.flickr.com/services/xmlrpc/’;
$ch = curl_init($url);
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
?
First we initialised the connection, then we set some options using setopt(). These tell PHP that we are making a post request, and that we are sending some data with it, supplying the data. The CURLOPT_RETURNTRANSFER flag tells curl to give us the output as the return value of curl_exec rather than outputting it. Then we make the call and close the connection – the result is in $response.
POSTing from Pecl_Http
Pecl_Http has two interfaces – one procedural and one object-oriented; we’ll start by looking at the former. This is even simpler than in curl, here’s the same script translated for pecl_http:
$url = ‘http://api.flickr.com/services/xmlrpc/’;
$response = http_post_data($url, $xml);
?
This extension has a method to expressly post a request, and it can optionally accept data to go with it, very simple and easy.
POSTing from Pecl_Http: the OO interface
Finally let’s see what the OO verison of the extension looks like. Exactly the same call as both the above examples, but using the alternative interface, means our code looks like this:
$url = ‘http://api.flickr.com/services/xmlrpc/’;
$request = new HTTPRequest($url, HTTP_METH_POST);
$request->setRawPostData($xml);
$request->send();
$response = $request->getResponseBody();
?
This example is quite a bit longer than the previous one, and you might think this indicates that this approach is more complicated. In some senses that is true and its probably overkill for our extremely trivial example. However it is worth mentioning that the pecl_http extension is extremely flexible and powerful, and can handle some cases that the curl extension can’t. So even if it looks more complicated here, it can still be an excellent choice to implement.
In Conclusion
That was a very fast round-up of three ways you could make an arbitrary web service call from PHP – hopefully these examples are clear and will help anyone just starting to implement something along these lines.
Gartner report on PHP – Danne Lundqvist
Jan 13, 2010
A new Gartner report about PHP – PHP: Past, present and Future is mentioned in the last Zend newsletter. Even though I remain somewhat sceptical towards similar reports it is good to see that even Gartner is catching up. What they say actually do have an impact. One particular advice is especially interesting for large companies. PHP is a fantastic tool for building rich web applications. It?s extensibility makes it versatile and extremely easy to integrate with modern integration solutions as Web Methods, legacy systems or just about any database technology. To me – this has always been where PHP really shines."PHP has been a cornerstone technology on the Web for more than a
decade. While its adoption among mainstream IT organizations has been
limited in the past, many corporate application development (AD)
projects are discovering the unique benefits of PHP."
"Consider PHP as a supporting technology in a broader portfolio of AD
technologies, where it can provide a specialized toolset for building
Web graphical user interface (GUI) front ends to service-oriented
architecture (SOA) back-end services."
Testing: Making Sure Code Works Before Shipping It – Brandon Savage
Jan 13, 2010
Shipping code that works is crucial to retaining the support of customers and high quality in your application. While it?s impossible to ship code without any bugs at all, it is possible to control for as many as possible, and fix as many known issues as there is time. These strategies are designed to ensure that code works when it is shipped to the end user. Employ testers. Hiring testers is a tough sell in many development teams, especially small ones. It is possible to have testers that have other functions ? that is, they might be in another department or moonlight as testers. But with teams larger than 5 developers, having a full time tester is a crucial component of good development practices. Write unit tests. Unit testing should be built into the process of code development from the beginning of a project. However, if you?re starting from someone else?s project and the project doesn?t have unit tests already, simply institute a process of fixing bugs after you?ve written a unit test that identifies the bug. Eventually you?ll have unit tests for most of the application. Write functional tests. There?s a subtle difference between these two concepts. Unit tests test a specific component of the code: a single method, function, or clause. Functional testing, on the other hand, tests expected behavior: does clicking that button actually result in a refreshed page? Does my controller actually invoke the action properly? More than one method might be acted upon with functional testing. A lot of this testing is done by the testers; however with applications like Selenium you can conduct some automated functional tests. On a small team that doesn?t have testers, or on a large team where there might be a challenged set of resources, automated functional tests can help reduce the testing burden. Work unit testing into your build process. Each time you make a build for release, you should know that all the unit tests pass. If they don?t, there?s a problem that should be addressed before the build is completed. Use continuous integration to know when tests began failing.
Developers have a tendency to test their code only with expected data. Testers, on the other hand, aren?t developers themselves; instead, they will use data that you don?t expect and find bugs that your users might otherwise experience.
Every developer makes mistakes at some point. Having unit tests in place will help find these mistakes by showing you where a class breaks. It makes refactoring easier as well, since you can refactor and know that if your unit tests pass, there?s a good chance that you did it properly.
Unit tests are great, but they?re not enough. Knowing that one function takes an array and creates an object is fine, but what happens with the next function, and the one after that? Introducing functional tests: testing against expected behavior.
We talked about integrating your build process with a continuous integration server. With build engines like Phing, it?s possible to automate the unit testing process (and even the functional testing process to some degree).
To hit on the same theme, a solid continuous integration server will automatically run your tests and alert you as soon as the first one fails. This helps prevent regression ? the introduction of bugs into code that worked in previous releases. The time to discover regression isn?t when the build is due and the team is ready to go, it?s right after a commit, and continuous integration will help with this.
python clutter example (clickable buttons)
Jan 05, 2010