skoop.dev

Dutch PHP Conference: A Great Event!

June 17, 2007

conferences, Dutch PHP Conference, php

So yesterday was the Dutch PHP Conference in the RAI in Amsterdam. Aside from doing a presentation on Symfony there, I had a clean plan on which sessions to attend. I ended up though to change my plans slightly. Instead of the PDO presentation, I wanted to check out the new ATK by attending Ivo’s presentation.

The event was very well organized. Even though comparing is a bit unfair, when I compare it to our own PHP Bootcamp of two weeks ago, it was a bit more impersonal. Of course, this was the result of a much bigger attendance, and even with the nearly 300 people there, iBuildings had to turn down another 100-150 people (or so I heard).

Cal Evans’ keynote on mashups was very interesting. Unfortunately, the live demo failed due to a failing wifi connection, but even without the live demo, the presentation was very cool.

Following Cal was Kevlin Henney, who experienced some technical trouble at the start of his presentation, but easily solved this with a great stand-up comedy act. After about ten minutes, finally the beamer worked again and so the presentation started. Kevlin talked about Object Oriented programming and how PHP differs from others. It was an interesting talk, mainly a funny one with much jokes. Unfortunately, I could not discover a very clear conclusion or direct point to make out in his presentation. It was interesting nonetheless.

After the break, Gaylord Aulke’s presentation on the Zend Framework was a bit of a let down, but this seemed to be mainly due to a shortage of time (or simply too much to tell). The main part of the presentation was now spent on presenting MVC and ZF’s implementation of this, which was nice but took a bit too long.

The ATK presentation by Ivo Jansch was very interesting. It’s very interesting to see how with so little code you can create full applications thanks to the ATK framework. I guess if I dive into it, I might start to like it, but the development which such a framework seemed a bit too abstract for me. I like to see some code and do some coding 😉

Finally, my own presentation on Symfony: I felt it was good. I was not as nervous as I had expected to be, but of course I missed a few things. The room was pretty filled, I guess somewhere around 70 people attending, and the questions I got afterwards were also “good” questions which led me to believe that the information I wanted to get across actually did get across. So yeah, I felt it was a success.

Last but not least, Derick Rethans did a presentation on Test Driven Development. Despite some throat problems he managed to get across a clear message about how Test Driven Development can enhance the quality of delivered code. And hell, if Microsoft is doing it, it must be good, right? 😉 Anyway, it was a very nice presentation. I’m not sure yet if I’m going to attempt it in one of projects, but the ideas are clear. One important conclusion to make after the presentation I guess is: You need 100% commitment to using TDD, or else it’s probably useless.

After this, we had some drinks at the RAI, and then some of the speakers including me went on to a restaurant just behind the RAI to have dinner. There I was able to talk a bit with Sander van de Graaf, Lukas Kahwe Smith, Derick Rethans and someone else who’s name I now forgot (darn! sorry for that). It was a very nice way to close a great day. Thanks everyone!

For those interested, my presentation (slides in dutch) is now available on Slideshare.
My plans for the Dutch PHP Conference

June 15, 2007

conferences, DPC, Dutch PHP Conference, php

Tomorrow is the Dutch PHP Conference in the RAI in Amsterdam. This is my plan for which sessions to attend:

* Welcome
* Keynote: My first Mash-up (English)
* Objects of Desire (English)
* Zend Framework (English)
* PHP Data Objects (English)
* Symfony framework (duh! I’m presenting!)
* Keynote: Test-driven Development (English)

It’s gonna be a very cool conference, I’m sure of that. I’m very much looking forward to meeting the other speakers and attending the sessions.
Issue tracking: Where business and technology clash

June 14, 2007

issue tracking, sugarcrm, technology, trac

Issue tracking: two words with a very wide definition. It’s tracking issues found by development: Those things that you still need to improve or those bugs that you found yourself and still need to fix. Or even your TODO list, depending on your way of working. Then there’s the issues that testing finds in your products. And last but not least: the issues that clients find in the software, either during the testing of one of your iteration results or even when the system is already in production.

And especially in that last category, we find the first clash. Development (and testing also in some companies) need a system where they can register issues, track them, close them, keep track of which version/build is the affected version and in which version/build the issue was fixed, and if possible with integration with the version management system of choice (Subversion in our case). This is vital information for development.

Then there’s the business. For the business, in particular account management and sales, it is very important to know what is happening for any given client. When a client calls, or when they go to visit a client, they need to have a clear view on what topics might come up or which topics really need to be discussed.

So, in a perfect world, there would be this central system that can do all these things. Unfortunately, especially in the open source world, there is no such things.

At my current employer, we use SugarCRM for customer relationship management. For most projects, the from a technical point of view completely inadequate bug report system of this CRM is used. For our biggest project, which is probably also the one we’re currently handling in the most professional way, we use trac including the Subversion hooks. This works perfectly for me as a developer, but is giving account management and sales headaches.

So again, clashes may occur. In a perfect world, there would be one integrated system. Due to our Open Source philosophy, we prefer to stay away from the big commercial packages. Does anyone know of a good solution, aside from developing our own SugarCRM plugin or writing a full custom piece of software to handle everything?
Another advantage of Symfony: Debugging

June 11, 2007

debugging, php, symfony

I’m not even talking about the unit testing and functional testing setup that Symfony has built in, as I haven’t even had the time to use it (I know, bad bad bad, but sometimes you just can’t do it when the needs for speedy delivery are high). I’m simply talking about the clarity of structure.

The application I’m dedicating most of my worktime on these days used to be built in Mambo, with components doing all the hard work. Not an ideal setup, because the underlying technology (Mambo) hardly offers a good guideline for the development. It also hardly offers any real utilities for writing clean code, such as the Symfony helpers, a clear MVC structure, or even a clear OO approach.

Over the past few work days, I’ve been focussing on debugging our first stable release. Where, with our previous (Mambo-based) version, when you had to debug something, you were spending more time searching for the bug in the code than fixing it. A LOT more time. Now, with this new Symfony version we have, because Symfony offers clear guidelines on project structure and code structure, because the MVC setup is so clear, and because code has it’s clearly identifiable place within your source tree, fixing bugs is a matter of opening the right file, and fixing the code. This way, it’s not a boring and annoying job anymore to do bugfixing. It’s a joy to do it, since it’s so darn easy to identify the offending code!
Question for the conscience

June 8, 2007

programmers

Who is the better developer?

a) The developer that can do anything by head, will be able to work with any given API and build an application around it
b) The developer who will always be able to find libraries to do what he wants, and “glues” them together into an application
c) both
d) neither
Symfony all around

June 7, 2007

conferences, php, symfony, technology

Last weekend was our PHP Bootcamp. It was a huge success! With about 30 people present, the whole room was filled with PHP enthousiasts. The three presentations by Thomas Weidner, Johan Janssens and Francois Zaninotto were awesome! All three deserve great respect for bringing these presentations. The panel discussion afterwards was a very cool thing as well, and brought many questions from the visitors of the event. All in all, a wonderful afternoon.

Afterwards, we had a BBQ which was also a big success. Everyone had nice conversations and discussions, and Johan even took out his laptop to show some stuff to people. All in all, a huge success and definitely something we’ll be repeating.

Now, for me, it’s time to finish my presentation for the Dutch PHP Conference. Quite exciting, as the conference is completely sold out so it will be crowded!
Security: Where business and technology clash

May 30, 2007

business, php, security, technology

One (but I’m sure far from the only) thing where business and technology clash is the topic of security. A lot of the projects that we do for clients are based on Joomla! (previously Mambo) technology. Aside from building the site or application, we also offer a SLA for managing the software and, for instance, installing security updates. Some clients choose to do this, others don’t. And so you’re left with insecure software on your servers.

Two weeks ago, we were hacked. Unfortunately, due to the logging policy of the company we rent our servers from, we could not check the access logs of the moment we got hacked to see how they got in, but we suspect they got in through a security vulnerability in one of those old components of a client that does not have a SLA. However, even clients with a SLA were affected. Why? Because every time you upload a file (something that in Joomla! is common even for component installation), the files are stored on the server with the owner ‘www-data’, the Apache user. And so if a hacker gets in through a vulnerable PHP script, which is executed by Apache, it can write to every single file writable for the Apache user.

As we found out about the hack, we immediately started to clean the mess and figure out what had happened. The latter turned out to be impossible, but the former was of course possible and one hell of a job. It turned out that the “hacker” was really a spammer, who was earning money by getting impression on a site called Free20, by adding his referral ID to a url in an iframe that he appended to all writable PHP, HTML, Javascript and other similar textfiles. Result: Most sites were giving errors and showing tons of iframes instead of the site it should be showing.

Luckily, as we found out, the spammer used only two or three different iframe strings, so pretty quickly we were able to write a script that grep-ed for the “free20” string, and then went through all affected files to replace the used strings by an empty string. All in all though, that was a pretty useless Sunday evening to spend of course.

But here we thread on dangerous territory. Of course, from a technical standpoint, every time a security patch comes out, this should be installed on all sites that are vulnerable that you manage. But this is where the business comes in. They of course want the client to pay for the time that we spend on this patching. And this is understandable: Time spent on installing security patches is time not spent on projects that are bringing in money. But by not installing it, two expensive senior developers spend their Sunday cleaning up things. And in this case, I immediately also set out to do a full week of assessing other dangers to the server integrity. So that’s expensive time that could’ve otherwise been spent on those paying projects as well. Also, even sites of clients with a SLA were affected. And it’s hard to sell to those clients that even though they have a SLA and their sites are kept secure, they got affected by a hack.

So at this moment, the server is clean and we have a clear view on what could be seen as a threat to our security. We are in the process of getting a different server setup and clear procedures on the deployment of sites. Yet still the problem remains: How to handle the SLA vs non-SLA clients. Our solution at this time is simply to have one server dedicated to SLA clients. All projects running on this server can be deemed secure, and the changes of hackers getting into this server are very slim, unless we have unknown vulnerabilities in our code. The other server will contain sites of clients that do not have a SLA. We clearly notify them of their risks, and that they will have to pay if ever the server gets hacked and they want us to clean it up. That way, the client will know of the risk and willingly take it, and in the case of a hack on this server, we will be able to get paid for cleaning it up.

If there is anyone here with similar experiences or with other solutions to this problem, I’d gladly hear of them.
All speakers now confirmed

May 22, 2007

conferences, php, phpbootcamp

It seems it is all I write about these days, but it’s one of the things that keeps me busy for a good time of my current days, aside of course from my regular work, but I just wanted to share this. We’ve now confirmed all three speakers for our PHP Bootcamp event! Earlier, I announced Francois Zaninotto of Symfony and Thomas Weidner of Zend Framework, two speakers that I am already very proud of to be presenting. Today, our third speaker has confirmed: Joomla! will be represented by it’s Lead Developer, Johan Janssens!

This confirmation is all I needed to be extremely proud of the line up we have here, with key speakers from each of the framework communities! Amazing! This is going to be a massively great day!

If you’re in the neighbourhood of Leusden on June 2nd, or you just feel like coming over, feel free to register through our site. There’s still a few spots available for interested PHP geeks!
Invitation

May 12, 2007

conferences, php, phpbootcamp

Everyone, I just want to pass on this invitation to everyone interested:

Dutch Open Projects is organizing it’s first PHP Bootcamp for all genuine PHP devotees. Herewith you are kindly invited to register and join the PHP Bootcamp. The PHP Bootcamp will be held on Saturday, June 2nd 2007.

Theme of this PHP Bootcamp is: PHP Frameworks. For the program we have invited a variety of guest speakers relating to the subject of the following PHP Frameworks: Symfony, Joomla! 1.5 and Zend Framework. After the presentations we offer the possibility to having a discussion with the guest speakers regarding the pro’s and con’s of frameworks.

Following the official program we offer a BBQ. Besides the foods and beverages you also have the opportunity to speaking with all guest speakers and attendees of the Bootcamp.

After all activities you can either go home or sleep over in our backyard. Tents will be provided but do bring your own sleeping bag, towel and toiletries. Before going home the next morning you can have a shower and a coffee and breakfast.

Subscribe now at http://www.phpcamp.nl. Attending is free of charge. Registrations will be closed on Monday, May 28th.

During the oncoming weeks you can find regular updated information regarding the PHP Bootcamp on our website, so please visit us regularly.

In case you have any queries please contact Guido Spee (++ 31 33 4 50 50 53 or guido@dop.nu)

We are looking forward to seeing you on Saturday June 2nd!

Best regards,

Dutch Open Projects
Zend Studio & Symfony

May 8, 2007

ide, php, symfony, zend studio
There is a little trick that Peter told me yesterday to get a better support for the code hinting/tooltips and code completion in Zend Studio when using Symfony with Propel:

In config/propel.ini, near the bottom of the file, you will find the setting:
```
propel.builder.addComments
```
This is set to false by default. What this basically means is that no phpDoc comments are added to your Base models. If you change this setting to true, and re-build your model, all of a sudden, when using for instance the retrieveByPK() method, the returned value all of a sudden also has all the code hinting/tooltips and code completion that is so great about Zend Studio.