php|works day 2

Last modified date

Comments: 2

Today is the second and final day of the conference, and here’s what went down for me…

The day started with a keynote speech from Joe Stagner, who work work Microsoft. Now, initially, you may have the same kind of reaction that most people around here would have; “oh God, not Microsoft! What have they ever done for us?!” But the speech kind of gave me hope in a stable and interesting future for PHP on Windows-based platforms and architecture. Joe talked some about SilverLight, Microsoft’s equivalent to Adobe’s Flash technology, .Net platforms and getting PHP working within that, and also about running desktop applications written in PHP.

Some interesting resources that Joe mentioned, which I have yet to check out, are Win Binder – running PHP as a desktop app – and Phalanger – a PHP distribution built to run in .Net. Something else that Joe touched on with SilverLight is that because it’s managed code (as in .Net), it’s possible to not only write the back-end in PHP but also the client front-end! That holds a lot of possibilities, especially if you don’t want to learn another Actionscript type language from front-end development. Of course, you would need to use SilverLight, where you might already be invested in Flash, but the idea is a good one.

The next session was with Paul Reinheimer talking about SPL (the Standard Package Library). He really only talked in depth about two features in SPL, the Iterator and ArrayAccess, but also covered the difference between abstract classes and interfaces. SPL is one of those things that I think I should be using, but haven’t taken the time to make any code use it. But hearing about an example of using the ArrayAccess pattern to give access to rows from a database and then using it for writing those rows back to the db in a random way (given the array index if the primary key) really makes me want to try it out. And a beauty of SPL is that you can extend a lot of functionality, so if you used the DirectoryIterator, for example, you could extend it to automatically skip dot files, or only return certain file types.

Chris Shiflett was up next for me with his Security 2.0 talk. This covered CSRF, XSS, JavaScript Hijacking and more. Lots of information and a few demonstrations on how vulnerable some big sites are, or have been, such as Adobe, Digg and Amazon. This is also one of those talks that the notes would really help with. Very interesting, though.

At this point I was going to Jeff Moore’s talk about Exceptions, but on a whim I went to see Terry Chay talk about.. well, to be honest, I really don’t know what he talked about! It was, as he admitted, more of a rant than anything else, intermixed with a tiny little bit of swearing (only about 56 uses of the ‘f’ word). I have no idea what I really took away from that talk, other than: it was very, very entertaining and Terry really needs to take a few downers to bring him down to normal people speed. OK, I took a little more away than that, but really, it was just fun to watch him rant. It was probably one of those session that I will not really think of again but something will happen one day and I’ll go, ‘oh yes! Terry mentioned that…’

Chris Jones‘ talk about Oracle 11g… Doesn’t really apply to me as at work the ITS/BIS department handle all things Oracle. But I figured that I should get some kind of overview on Oracle and its interaction with PHP. In retrospect, perhaps Eli White’s talk on high-performance PHP would have been better for me to attend.

Then finally, other than the closing keynote speech, came Ed Finkler‘s talk on securing the PHP environment with PhpSecInfo. The PHP environment at work is something else that is out of our direct control, so going in to this I was unsure as to how much I could get out of it. However, I do run PHP on my own machine and have a couple freelance people who use PHP, so securing the environment as well as the code is an important thing.

Simple put, using PhpSecInfo is a Good Thing™. It’s only a couple lines to run it, will give you information on how insecure your environment is, and also provides a platform to extend the tests for custom environmental checking. Also, there is an enhanced version within the Zend Framework (though currently only in the incubator) which provides several output formats, more programmatic access to the tests, and so on.


2 Responses

  1. Thanks for the kind words about PHPSecInfo. I would love to know more about how you use it in the future.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.