Blog RSS Feed Subscribe

Jordi Boggiano

Jordi Boggiano Passionate web developer, specialized in web performance and php. Partner at Nelmio, information junkie and speaker.

Categories

Speaking at the IPC and WebTechCon

Next week the International PHP Conference and the WebTechCon will happen both in Mainz, Germany. I will speak at both events over the three days and the good news is that the combined 100 sessions are available for attendees of both conferences.

My only talk as part of the IPC is entitled Of knowledge sharing and the developer quality lifecycle, it's non-technical and will hopefully be more a seeded discussion than a plain presentation. We will talk about the ways to share knowledge within a company in the Gutenberg III room, monday at 11.45.

My second and third talks will be part of the WebTechCon schedule, but I think they are very good fits for PHP devs nonetheless. On tuesday at 10.15 as part of the JavaScript Day I will talk about JS Events and Scopes. Every web developer should understand those concepts so I would highly recommend you attend if you don't know how the this variable is bound in event listeners, or have never heard of variable hoisting.

The final talk will be part of the Web Security Day, and touching on the essentials of web security, the things you just can't afford to ignore. The talk is on wednesday at 9.00am however, so plan ahead and avoid getting too drunk if you want to attend :)

And finally, if anyone wants me to do some informal Symfony2 presentation, I got slides ready and would be very happy to do that, so just come and ask.

October 07, 2010 // PHP, Web, JavaScript // Post a comment

Symfony2 Presentation

Last weekend at the PHP Unconference in Hamburg I gave a talk showing an overview of the Symfony2 framework. The allowed 45min were way too short to say everything I wanted to say and I didn't really have time to prepare slides so it was a bit messy, apologies for that.

Yesterday I did an internal training at Liip for a team that will start a Symfony2 project soon, and spent some time building slides. This time I had two hours for the presentation so it went way better I think. And then in the afternoon everyone built a small ultra-basic blog application to get their hands dirty a bit.

So for those that attended the talk in Hamburg and want to see a bit more, or just anyone interested in the current state of Symfony2, I put the slides online (use the arrows to move). Note that they will most likely not be up to date anymore in a few weeks/months given that the framework is still ongoing heavy development.

September 29, 2010 // PHP // Post a comment

PHP Console in Your Browser

So-called interactive modes for scripting languages are commonly used in the command line, and they are great for quick tests, but most of the time when I try something it tends to grow and quickly becomes painful to handle in a CLI one-liner.

Since I spend most of my days programming PHP I tend to need that a lot and a few years back I wrote a small script that would let me type php code in my browser and execute it. Nothing fancy, but quite useful.

Over the years a few people got interest seeing me use it and asked for the sources, so instead of repackaging it every time, I thought I'd clean it up, polish a bit, add some features, and put it on github.

I can't really let you try it on my website for the obvious security implications, but you can look at the screenshot below or to get your hands on it more directly head to github (seldaek/php-console) or grab the zip archive.

Setup is easy, just put it somewhere, and run it in a browser. It only works from localhost, so it's as secure as your machine is, and I can't be held responsible for anything.

It fetches the execution result with javascript so you can even die() in the script with no problem, and expands tabs to spaces. Press ctrl-enter to submit from the textarea.

What do you think?

September 23, 2010 // PHP // Post a comment

Switching on my WLAN with my phone

It all started when my router began to crash every few days. All my connections would drop, and misery ensued. I disabled WLAN/Wi-Fi and it stopped crashing, so I was happy. But then my laptop's range became limited, and my phone sucked up my precious data plan, which wasn't ideal either.

Now the router I got is quite specific, it's remote controlled by the ISP and some settings are accessible only via their web interface, which means that enabling/disabling WLAN takes 3 minutes of waiting and is very annoying. I recently got fed up and decided to try and script the whole process.

I wrote a php script that does the job with curl, and now I can call it from my phone's browser to enable or disable the WLAN at any time, from anywhere.

So if you are interested, although it will only work as-is for Swisscom routers in Switzerland, I attached the full script I used below. You can read on for hints though since I guess it could be applicable to any other router configured via a web interface, and if it's only accessible from the local network you could have the script run on a home server that is accessible from the outside and would basically be a proxy.

A few parts are noteworthy though, the whole CURL configuration was a bit tricky, especially since I failed to RTFM correctly on the whole COOKIE stuff, until Elazar (you can buy his book on web scraping for more details on this whole topic) pointed me to the right setting, CURLOPT_COOKIEJAR.

An interesting thing is that you can pass 'php://memory' to the COOKIEJAR option, which is a php stream creating a virtual file somewhere in memory. It's good for throw-away stuff if you don't want to mess with the filesystem. Also CURLOPT_SSL_VERIFYPEER is a very good thing to have if you want to be lazy about SSL setup, it basically skips the entire certificate verification process.

And for people trying to implementing this kind of stuff with other routers, most of them use HTTP Authentication, so you most likely will need the CURLOPT_USERPWD option, providing it your user/pass couple as: "username:password".

<?php

$user = 'foo';
$pass = 'bar';
$state = isset($_GET['state']) ? $_GET['state'] : false;

if ($state !== 'on' && $state !== 'off') {
    die('Unknown or missing state '.$state);
}

function execRequest($ch)
{
    $res = curl_exec($ch);
    if (!$res) {
        var_dump(curl_error($ch));
        die('ABORTED');
    }
    return $res;
}

$ch = curl_init();
curl_setopt_array($ch, array(
    // base curl config
    CURLOPT_AUTOREFERER => true,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_SSL_VERIFYPEER => false,
    CURLOPT_UNRESTRICTED_AUTH => true,
    CURLOPT_COOKIEJAR => 'php://memory',
    // login request
    CURLOPT_URL => 'https://sam.sso.bluewin.ch/my/data/MyData?lang=en',
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => http_build_query(array('username' => $user, 'password' => $pass)),
));

execRequest($ch);

curl_setopt_array($ch, array(
    CURLOPT_URL => 'https://sam.sso.bluewin.ch/my/data/ModemMgmtService?lang=en&mode=overview',
    CURLOPT_POSTFIELDS => null,
    CURLOPT_HTTPGET => true,
));

execRequest($ch);
sleep(3);

curl_setopt($ch, CURLOPT_URL, 'https://sam.sso.bluewin.ch/my/data/ModemMgmtService?lang=en&mode=changewlanstatus&WLAN_STATE='.$state);

$res = execRequest($ch);

echo strstr($res, 'Confirmation: WLAN data have been changed.') ? 'Done ('.$state.')' : 'FAILED';

September 22, 2010 // PHP // Post a comment

Introducing Slippy - HTML Presentations

Slippy is a HTML Presentation library written with jQuery, it takes a html file in and plays it in any browser.

It is optimal for programming-related talks since it includes a syntax highlighter and is very easy to use since it's just standard html markup with a few classes to enable specific functions.

If you are making a talk about Javascript, it can even execute your code samples live and displays alert() boxes nicely instead of using the ugly browser dialog, which -I tried it today- works quite well to prove your point interactively.

You can find the sources on github, view the example slide deck which includes some documentation or view the slides for the small talk I gave today about Javascript Events on my Slippy slide repository.

Obviously feedback is very much welcome and even though it's not perfect yet, I hope it'll be useful to others. More docs and styling fixes (the dark grey background wasn't too visible on a projector, my bad) should come soon as I have more talks planned, and the slide repository page will receive some love as well when I have time.

June 03, 2010 // News, PHP, JavaScript // Post a comment

HTML5 my ads

First came Flash. Then came advertisers that thought it'd be great to abuse it. Then came Flashblocktm and friends. The geeks don't like Flash, it's evil.

Now the iPhone & iPad don't have Flash, but they're the shit. Advertisers want a part of the shit of course, and they can put shiny ads in native apps, but not in the open apps that are websites. Thank god there is HTML5, geeks love it, it's all great. So you've got solutions like SmokeScreen developing. It's Flash without Flash, everyone should be happy right?

Have you looked at their demos? Ads. Yes. I'm not saying they won't do more one day, but for now the target market seems to be advertisers, so that they can put out Flash-like ads in HTML5, reach the iDevices and to kill two birds with one stone, they'll reach the geeks that run Flashblock. And all that while interpreting Flash content so it'll most likely be more of a resource hog than Flash is.

What's the solution? CanvasBlock? Noscript? In the end people will find ways to abuse anything.

Of course Apple could come back to the table and implement Flash in the next iPhone OS, instead of having us suck up some half-working slow Flash ersatz on top of completely broken sites.

June 02, 2010 // Web, JavaScript // Post a comment

Unpredictable hashes for humans

It is not uncommon for web developers to have to generate random ids or hashes, for instance large scale project or frameworks may want to implement their own PHP session handlers either completely abstracted in their API, or overloading PHP's internal API using session_set_save_handler(). If you do so, unless you want to entrust PHP's core to do it, one thing you will have to take care of is generating unique session ids to send as a cookie to your users, allowing the session to persist. Other common use cases for such unique hashes is to generate CSRF tokens to insert in forms or URLs, and finally authentication tokens for email validation or such.

Proceed to the article to learn more about it in a -hopefully- easy to grasp way, this wasn't written for security experts but rather any PHP coder out there that is remotely interested in security, and you really should.

Continue reading...

May 10, 2010 // PHP // Post a comment

Project management in PHP with Arbit

I would like to attract everyone's attention on the 0.3-alpha release of Arbit.

For those that do not know Arbit yet, it is a project management and issue tracker build in PHP. It uses CouchDB as a storage backend by default but work to support RDBMS via PDO is in progress.

Interestingly, it also provides experimental support for continuous integration, also fully PHP-based, unlike other popular solutions. This is not enabled by default in this release since it isn't fully ready but feel free to stop by the irc channel (#arbit on freenode) to know more.

The full announcement contains details about what we fixed and implemented in the 0.3.

Get involved!

As all open source projects, Arbit needs your help, I joined the project early this year and we have had a few contributions from other people since then, but we can always use more help. Therefore if you are interested and wish to take part by developing new features, fixing bugs or at least reporting them, please don't hesitate and get in touch! And as Elizabeth Naramore's article recently pointed out most people are afraid to contribute, I would like to say that no matter how skilled you are, contributions are welcomed. We will provide assistance if needed.

April 05, 2010 // News, PHP // Post a comment

New design

In recent news, this site got a new design, I thought I could make the content more readable and accessible, so I killed my old templates and style sheets and started from scratch, without photoshop this time.

There is also mobile browser (android/iphone) support which is by the way achieved with this very interesting CSS media instruction:

<link rel="stylesheet" type="text/css" href="/mobile.css" media="only screen and (max-device-width: 800px)" />

This means any device with a monitor less than or exactly 800px wide will load the mobile.css file on top of the default one. Note that using media="handheld" is not working for recent smartphones that consider themselves greater than old school internet-enabled cellphones, so this is the only way to do it.

Any feedback, especially bad, is appreciated.

April 03, 2010 // News // Post a comment

Including open source in the hiring process

We were discussing the difficulty of the hiring process from a company point of view last week at the github meetup in Paris, and more specifically how hard it is to get quality people without relying on test assignments, which most agree are total bullshit, or on a couple of interviews, which can also be very misleading since it depends a lot on the person's social skills, or lack thereof.

One big thing that is overlooked in my opinion is participation in open source projects, be it a single patch or long term commitment. As an employer you can see that the guy has enough interest in programming in general that he has taken the extra step to contribute something, and also that his work was accepted by a peer as valid. It is obviously not the full story and we all know some open source projects' code is utter crap (disclaimer, this also applies to closed source software, you just don't get to see it), but I still believe it gives you a better metric than just some code the guy did (or didn't) code and is presenting to you during an interview.

You can use ohloh to track your open-source-CV of sorts, and I would very much like it if more companies would push the open source involvement forward in their job ads, probably not as a requirement but at least as a big plus. It would benefit both companies that are trying to hire good people, and good people to be recognized. Of course it would also benefit the open source community at large if the work you do there gets you more recognition, pushing more people to take the leap to contribute. It is definitely helping already, if only for the contacts you get, which are always good when looking for a job, but increasing the perceived benefit of contributing to the open source world would be great, so I would very much like if all you HR people would give it a thought, and other readers please mention it to HR in your company, or your friends looking for work, your little brother starting to study, anyone can contribute.

Any other ideas on how to find great developers? Is your company using open source as a criteria? Did it help?

February 22, 2010 // PHP // Post a comment

First page< Newer entries 1 2 3 [4] 5 6 Older entries > Last page