Skip to content

Software Development News: .NET, Java, PHP, Ruby, Agile, Databases, SOA, JavaScript, Open Source

Methods & Tools

Subscribe to Methods & Tools
if you are not afraid to read more than one page to be a smarter software developer, software tester or project manager!

PHP

Happy Birthday PHPMagazine.net

PHP Community Magazine - Tue, 03/14/2017 - 08:04

I am thrilled to announce that PHPMagazine.net is turning 12 years old today! I would like to thank everyone who sent us messages yesterday. Thanks to all our readers and followers. Thanks to all our partners, sponsors, and friends who helped maintain this service alive during all these years. Thank you so much !

All the best,


Hatem
Editor, PHPMagazine.net

Categories: PHP

PHP for IoT and Embedded Systems

PHP Community Magazine - Thu, 03/09/2017 - 20:58

HHVM is now fully-functional on ARM hardware! Announced Max Wang in a blog post.The blog post which is¬†deeply¬†technical, explains in detail how HHVM ARM port¬†have been implemented. You should guess that it’s not only about PHP for embedded systems, as PHP build for arm already exists for many years, however HHVM the¬†HipHop Virtual Machine, just support it today.

HHVM was created as the successor of the HipHop for PHP (HPHPc) PHP execution engine, which is a PHP-to-C++ transpiler that has also been created by Facebook. The new support for ARM will open new opportunities to new applications.

HHVM may be up and running on AArch64, but there’s still plenty of work left to do. Some ideas for exploration to improve the performance of HHVM on ARM include:

  • Use 2MB pages for hot functions in .text, and try out larger page sizes for jitted code.
  • Leverage post-compile-time dynamic code relocation to shrink already-smashed jump sequences in jitted code.
  • Interleave main and cold code sections in the TC to avoid indirect jumps due to large offsets.
  • Align jump targets.
  • Implement more peephole passes to reduce jitted code size.

If you’d like to join in the work on the ARM port, or just stay up-to-date on our progress, feel free to subscribe to the mailing list for the ARM effort. You can also post on HHVM’s Facebook group, or contact the dev team on IRC in #hhvm-dev on Freenode.

Categories: PHP

Flickr Introduces Similarity Search: A Brand New Way to Search and Discover Photos

PHP Community Magazine - Wed, 03/08/2017 - 10:08

March 08, 2017 ‚Äď Yahoo today announced a new feature on Flickr ‚Äď ‚ÄėSimilarity Search‚Äô to make finding photos easier. With billions of photos on Flickr, finding the ones users want by searching based on tags and descriptions only gets them so far. The new search uses advanced technology to allow users to discover visually similar photos without much work on their end.

Here is how it works: after your initial search, whether you‚Äôre looking for your favorite succulent or the perfect image of a ‚Äė67 Mustang, just click the ‚Äú…‚ÄĚ in the upper right of the photo you are looking for. We‚Äôll surface similar images for you.

If you are looking for pictures of tabby cats. You can search for the keyword ‚Äúcat‚ÄĚ and filter by color, but you‚Äôll likely have to scroll through pages and pages of images before manually picking out the photos that match what you‚Äôre looking for.

Now with the Similarity Search feature, you can simply hover over an image of a cat and click the ‚Äú…‚ÄĚ menu. From there, Flickr will show you photos that look similar. No more guessing the search terms that would give you the most relevant results!

Do an image search and give this new similarity tool a try! 

About Yahoo

Yahoo is a guide to digital information discovery, focused on informing, connecting, and entertaining users through its search, communications, and digital content products. By creating highly personalized experiences, Yahoo helps users discover the information that matters most to them around the world — on mobile or desktop. Yahoo drives value for advertisers by helping them engage with consumers online through the combination of data, content and technology. Yahoo is headquartered in Sunnyvale, California, and has offices located throughout the Americas, Asia Pacific (APAC) and the Europe, Middle East and Africa (EMEA) regions. For more information, visit the pressroom (pressroom.yahoo.net) or the Company’s blog (yahoo.tumblr.com).

Yahoo and Yahoo Messenger is/are the trademarks and/or registered trademarks of Yahoo! Inc.

All other names are trademarks and/or registered trademarks of their respective owners.

Categories: PHP

Webinar : Protecting Web Apps with Secure Components

PHP Community Magazine - Mon, 03/06/2017 - 11:42

GlobalPlatform is hosting a free webinar to outline the privacy and security benefits that secure elements bring for the protection of web apps. This webinar will offer insight into its new Web API to access Secure Elements.

Simplicity, convenience, security and privacy are key considerations for users of digital services. Service providers and device manufacturers therefore need to ensure that devices offer adequate security. As the deployment of web applications grows, so does the need to protect them with use cases like online authentication, digital signatures, credential provisioning and secure payments.

In response to this, GlobalPlatform developed an interface to help developers improve the protection of web applications against attacks and fraud. The standardized interface, which can be implemented in browsers, gives applications access to secure components and secure operations.

In this webinar, GlobalPlatform will outline the benefits that secure elements bring for the protection of web services and offer insight into deployment and adoption of the interface. The session will conclude with a Q&A.

Thursday March 9

8am PST / 11am EST / 4pm GMT / 5pm CET

Register now

Categories: PHP

PHP ZipArchive Extension now Support Encryption

PHP Community Magazine - Mon, 03/06/2017 - 09:21

In a recent blog post, Remi Collet pointed to the latest development of the ZipArchive PHP extension which now support encryption. New features are still experimental and might change, so it’s not yet ready for production. The new feature implementation is based on libzip library new version 1.2.0, and will be shipped with Zip extension version 1.14.0 and most probably with PHP 7.2 as the code is already available in the php_master. You can install the new experimental features from remi’s test RPM or from sources in github :

$ phpize
$ ./configure --with-libzip
...
checking for libzip... from pkgconfig: version 1.2.0 found in /usr/lib64
checking for zip_open in -lzip... yes
checking for zip_file_set_encryption in -lzip... yes
...
$ make
...
Build complete.
Don't forget to run 'make test'.
$ make test
...
PASS ZipArchive::setEncryption*() functions [tests/oo_encryption.phpt]

Three methods are available to manage encryption :

ZipArchive::setEncryptionName($name, $method [, $password]);
ZipArchive::setEncryptionIndex($index, $method [, $password]);
ZipArchive::setPassword($password);

Encryption method being one of the new constants:  ZipArchive::EM_NONE, ZipArchive::EM_AES_128, ZipArchive::EM_AES_192 or ZipArchive::EM_AES_256. The new implementation support adding a per file password or using a default global password. To encrypt an archive you can write the following code :

$zip = new ZipArchive;
$zip->open(__DIR__ . '/encrypted.zip');
print_r($zip->statName($file));
$zip->setPassword('secret');
$text = $zip->getFromName('foo.php');
$zip->close();

This new feature seems really useful and will improve compatibility with other tools, such as WinZip for Windows or 7za for Linux.

Categories: PHP

PHP’s long standing security issue with OPCache leaking sensitive data Fixed

PHP Community Magazine - Sun, 03/05/2017 - 07:34

A very serious security issue that has been long standing with PHP have been quietly fixed without being noticed until it was submitted to the OSS security mailing list. The vulnerability is related to PHP with Zend OPCache code permission/sensitive data protection :

To briefly summarize, in PHP SAPI’s where PHP interpreters share a common parent process (eg. Apache mod_php and PHP-FPM), Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM descriptor, using it to cache and retrieve compiled script bytecode (“opcode” in PHP jargon). Cache keys vary depending on configuration, but filename is a central key component, and compiled opcode can generally be run if a script’s filename is known or can be guessed.

Many common shared hosting configurations change EUID in child processes to enforce privilege separation among hosted users. In these scenarios, default Zend OpCache behavior defeats script file permissions by sharing a single SHM cache among all child PHP processes.

PHP scripts often contain sensitive information: Think of CMS configurations where reading or running another user’s script usually means gaining privileges to the CMS database.

The issue have been first discovered two years ago here then here, but didn’t get fixed only recently. Original reporter in bug #67481 closed his bug report stating “It turns out this is not a bug, it is the behaviour that is expected when opcache.use_cwd is set to zero,” but the same behavior occurs when opcache.use_cwd is enabled unless scripts are invoked with relative paths. Absolute paths are typically used by web servers and web applications.

AFFECTED VERSIONS:
PHP7 < 7.0.14 and PHP5 < 5.6.29. Later versions are still vulnerable by default unless opcache.validate_permission=1 is enabled.

AFFECTED COMPONENT:
Zend OpCache

VULNERABILITY TYPE:
Code permission/sensitive information disclosure

IMPACT:
Cross-user compromise of PHP web applications in shared hosting
environments.

Categories: PHP

USQL, Universal Command-Line Interface for SQL Databases

PHP Community Magazine - Fri, 03/03/2017 - 09:10

USQL¬†is a universal command-line interface for working with SQL databases written in Go which support¬†PostgreSQL, MySQL, Oracle, SQLite, and Microsoft SQL Server.¬†The goal is to eventually have usql be a drop in replacement for PostgreSQL’s psql command, with all the bells/whistles, but with the added benefit of working with more than one database.

The screenshot below show¬†an example of connecting to xo’s booktest example Oracle database, performing a query, and then connecting to the PostgreSQL, MySQL, Microsoft SQL Server, and SQLite3 databases and executing various queries.

Install it in the usual Go way :

# install usql
$ go get -u github.com/knq/usql

# install with oracle support
$ go get -u -tags oracle github.com/knq/usql

Notice that the tool have some issues in its todos such as fixing¬†–command/-c execution, all the various \d* commands from psql, and supporting SQL completion. Released under an MIT license.

More information at https://github.com/knq/usql

Categories: PHP

Most Popular Programming Languages for 2017

PHP Community Magazine - Thu, 03/02/2017 - 08:35

AppDynamics in partnership with Ghergich have published a great infographics of most programming languages for 2017. Since we are still in the beginning, you might be curious to know which programming languages is going to be the most popular this year?

In the familiar faces category you will find as usual C++, C, C#,  and Java. They are battle tested, well understood, have active communities, and continue to evolve in response to new contenders, with features such as lambda expressions for Java 8 and coroutines for C++17.

In the Dynamic languages category : Python, PHP, and Ruby will continue to rank among the most popular programming languages. But in 2017, JavaScript will be the fact of life, while it started as a simple scripting language to add dynamics to web pages, it is used today to power server-side and even desktop applications. Go will rise rapidly, after it was open sourced in 2009 the language has found a strong, emerging following among all kinds of developers.

For mobile category, Swift will continue climbing the popularity charts, even if Objective C will ranks much higher. Finally the functional programming languages will enter the mainstream. Languages such as Scala, Clojure, and Haskell are quietly growing in popularity, as they offer expressive and concise syntax, exceptional compile-time error checking, and strong support for parallel operations.

More information at AppDynamics blog

Categories: PHP

Sylius, the First eCommerce framework that grows with your business

PHP Community Magazine - Sun, 02/26/2017 - 17:18

Sylius is the first decoupled eCommerce framework based on Symfony and Doctrine. The highest quality of code, strong testing culture, built-in Agile (BDD) workflow and exceptional flexibility make it the best solution for application tailored to your business requirements. A framework designed for dynamic Start-Up growth. Definitely, When all out-of-the-box solutions do not fit your innovative business model, Sylius comes to the rescue.

The first alpha on Sylius have been released on October 2016, and first beta on December 2016. The second beta should be ready soon in¬†February 2017, and first stable release should be ready later in April 2017. That’s very quick release schedule, but if you see that the project on github have 15 000+ commits, 370+ contributors, 600+ translations and 2800 stars, it’s clear that the project is getting very high visibility and interest in the eCommerce development community.

Sylius come with an administration panel that fully adapts to your workflows, constructed from reusable and easily configurable components.

Sylius Features include :

  • Multi channels sales
  • Multiple currencies
  • localization
  • Products catalog
  • Product options and attributes
  • Taxonomies
  • Customers & groups
  • Address book
  • Cart, Orders & invoices
  • Taxes
  • Shipping
  • Image cropping
  • Customizable checkout process
  • Promotions and discount coupons
  • ¬†Many payment methods
  • Social logins
  • and much more…

Sylius provides a powerful base for your API that can be used for your mobile applications and consumed by any device. The tools included in the platform allow for rapid API development but also for various customizations.

Best of all, Sylius is completely free and released under the MIT License. More information and download at the official website http://sylius.org/download

Categories: PHP

PHPUnit, Mocking the File System using vfsStream

PHP Community Magazine - Sat, 02/25/2017 - 20:18

Bryan Ashley, ‚ÄčFull Stack Software Engineer at Weebly, have written an interesting case study on mocking the file system using vfsStream. vfsStream is a PHP stream wrapper for a virtual file system that may be helpful in unit tests to mock the real file system. It can be used with any unit test framework, like PHPUnit or SimpleTest.

Testing classes having dependencies on the file system can be tricky, the reason why vfsStream can be very helpful in such cases :

it allows you to define a file system structure, and provides you a path that your tests will be able to read/write/manipulate files from. This makes testing code that uses the php native functions for file manipulation super easy!

Categories: PHP

Google Announces the end of SHA-1

PHP Community Magazine - Fri, 02/24/2017 - 18:44

The first SHA1 collision have just been announced in a blog post by a team from google and CWI Amsterdam. In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function designed by the United States National Security Agency and is a U.S. Federal Information Processing Standard published by the United States NIST. SHA-1 produces a 160-bit (20-byte) hash value known as a message digest.

SHA1 is longer considered as a secure since 2005, however it remain widely used in browser security, for managing code repositories, or even just detecting duplicate files in storage.

A website has been created for this discovery with a paper, an infographic, in addition to two PDFs that have identical SHA-1 hashes but different content. Shattered !

This practical attack against SHA-1 should finally convince the industry that it is urgent to move to safer alternatives such as SHA-256.

 

In PHP, Sha1 function is supported since PHP4 until PHP7. A note have been written on the PHP documentation comments seven years ago suggesting to avoid using MD5 and SHA1 for risk of collision. So if you are still somewhere using SHA1, make sure to switch your code to SHA256 or a better hashing algorithms.

More information at https://shattered.it/

Categories: PHP

New Getter injection in Symfony 3.3

PHP Community Magazine - Fri, 02/24/2017 - 18:10

Getter injection is one of the new experimental features in Symfony 3.3. It¬†adds up to the usual mechanisms used for dependency injection and doesn’t replace any of them. Instead, it provides an additional way that fits some specific use cases.

Getter injection allows the dependency injection container to leverage classes that provide inheritance-based extension points that matches the following requirements: public or protected methods with zero arguments and free of side-effects.

Nicolas Grekas have written an introductory blog to the new getter injection feature providing examples, pros and cons of the new features. Most notable is that this new feature is targeted at being used for framework-specific needs first. The target for now is to provide decoupled composable base controller trait(s).

Categories: PHP

PHP-ML, Machine Learning library for PHP

PHP Community Magazine - Fri, 02/24/2017 - 16:30

PHP-ML is a fresh approach to Machine Learning in PHP. Algorithms, Cross Validation, Preprocessing, Feature Extraction and much more in one library. The library support : Association rule learning, Classification, Regression, Clustering, Metric, Workflow, Neural Network, Cross validation, Preprocessing, Feature extraction, Models management and some Math functions. Datasets supported as Array, CSV and Files. Three predefined datasets are available to be used in the library which are Iris, Wine and Glass.

A simple example of classification:

use Phpml\Classification\KNearestNeighbors;

$samples = [[1, 3], [1, 4], [2, 4], [3, 1], [4, 1], [4, 2]];
$labels = ['a', 'a', 'a', 'b', 'b', 'b'];

$classifier = new KNearestNeighbors();
$classifier->train($samples, $labels);

$classifier->predict([3, 2]); 
// return 'b'

Currently the library is still under development, but You can install it with Composer:

composer require php-ai/php-ml

PHP-ML library requires PHP >= 7.0 and available under an MIT license. Example scripts are available in a separate repository php-ai/php-ml-examples. Documentation is available here.

Categories: PHP

Laravel Dusk, Intuitive and Easy Browser Testing for All!

PHP Community Magazine - Fri, 02/24/2017 - 08:39

Sitepoint have interesting introduction to the latest Laravel 5.4 testing library : Dusk. Dusk is meant for end to end browser testing of modern JavaScript applications, and you will see in this article how you can test Ajax based applications. Overall, the article covered the configuration options necessary to get started, and the examples provided should help you fill in the gaps and give an overview of some of the other configuration options available.

With the release of Dusk, Laravel hopes to give its users a common API for browser testing. It ships with the default ChromeDriver, and if we need support for other browsers, we can use Selenium. It will still have this common testing API to cater to our needs.

Categories: PHP

Archive streaming library for PSR-7

PHP Community Magazine - Thu, 02/23/2017 - 09:14

ArchiveStream Message Body provides a memory efficient package for streaming Zip files as PSR-7 message. The package require PHP >=5.6.0, gmp extension, and psr/http-message. The only limitation is that only the Zip64 (version 4.5 of the Zip specification) format is supported and files cannot be resumed if a download fails before finishing.

To use it in Symfony HttpFoundation :

use Symfony\Component\HttpFoundation\StreamedResponse;

$stream = new Psr7Stream(new ZipReader($archive));

$response = new StreamedResponse(function () use ($stream) {
    while ($stream->eof() === false) {
        echo $stream->read($blockSize = 1048576);
    }
}, 200, [
    'Content-type' => 'application/zip',
    'Content-Disposition' => 'attachment; filename="file.zip"',
    'Content-Transfer-Encoding' => 'binary',
]);

You can use composer to add the package archive-stream to your dependencies :

composer require genkgo/archive-stream

More information at github, released under an MIT License.

Categories: PHP

Language Detection Library for PHP

PHP Community Magazine - Wed, 02/22/2017 - 22:04

In a linguistic diversity on the internet report published by UNESCO in 2009 it is noticed a steady year-on-year decline in the percentage of webpages in English from 75% in 1998 to 45% in 2005. W3techs.com indicates today that there are 171 languages used on the web, 52% for English, 133 are used by less than 0.1% of the websites. However the distribution of language spoken in the world is completely different since English speakers represent only 5% !

Finding new businesses, new customers, new leads, require necessarily speaking new languages, or at least understanding the language that others are using. That’s why a library for language detection is very¬†important, and could open doors to bunch of new opportunities. A great implementation of a language detection algorithm in PHP is available today, and¬†comes with text samples used for training and detecting text in 106 languages.

A basic usage of the library :

use LanguageDetection\Language;

$ld = new Language;

$ld->detect('Mag het een onsje meer zijn?')->close();

Result will be :

Array
(
    "nl" => 0.66193548387097,
    "af" => 0.51338709677419,
    "br" => 0.49634408602151,
    "nb" => 0.48849462365591,
    "nn" => 0.48741935483871,
    "fy" => 0.47822580645161,
    "dk" => 0.47172043010753,
    "sv" => 0.46408602150538,
    "bi" => 0.46021505376344,
    "de" => 0.45903225806452,
    [...]
)

The library is trainable which means you can change, remove and add your own language files to it. If your language not supported, feel free to add your own language files.

More information and download on the github repository, released under an MIT license.

Categories: PHP

Practice Design Patterns in PHP

PHP Community Magazine - Wed, 02/22/2017 - 09:02

DesignPatternsPHP is a collection of known design patterns and some sample code how to implement them in PHP. Every pattern has a small list of examples (most of them from Zend Framework, Symfony2 or Doctrine2). The problem with patterns is that often people do know them but don’t know when to apply which. So using these samples you should get more familiar with using the right pattern at the right time.

The patterns are structured in three different categories : Creational, Structural, and Behavioral. The repository include so far samples of 36 design patterns. A great collection written by Dominik Liebler and contributors, and released under an MIT license.

Documentation of the DesignPatternsPHP are available, and could be downloaded as PDF/ePub.

Categories: PHP

PHPStan, PHP Static Analysis Tool

PHP Community Magazine - Tue, 02/21/2017 - 10:36

PHPStan is a PHP static analysis tool that focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code. It moves PHP closer to compiled languages in the sense that the correctness of each line of the code can be checked before you run the actual line.

Supported features actually includes :

  • Existence of classes and interfaces in instanceof, catch, typehints, other language constructs and even annotations. PHP does not do this and just stays silent instead.
  • Existence of variables while respecting scopes of branches and loops.
  • Existence and visibility of called methods and functions.
  • Existence and visibility of accessed properties and constants.
  • Correct types assigned to properties.
  • Correct number and types of parameters passed to constructors, methods and functions.
  • Correct types returned from methods and functions.
  • Correct number of parameters passed to sprintf/printf calls based on format strings.
  • Useless casts like (string) 'foo'.
  • Unused constructor parameters – they can either be deleted or the author forgot to use them in the class code.
  • That only objects are passed to the clone keyword.

PHPStan requires PHP >= 7.0 and could be extended using Doctrine, Nette and Dibi. You can get it using composer :
composer require --dev phpstan/phpstan

For more information https://github.com/phpstan/phpstan

Categories: PHP

Introducing the Fistlab PHP Components

PHP Community Magazine - Thu, 02/16/2017 - 19:58

Fistlab is a new initiative to create a set of components in various programming languages, which however works almost the same way. This way it will be easier for developers to go around and play with another programming language without having to find a whole new set of components and dig into how it works.

The project started with PHP, and include already three components : Container, Database and Repository, in addition to few others planned. According to Mark Topper, author of the project, it may support PHP and Javascript for its first edition which is planned for August 2017 Рand probably other languages later.

Current planned components include :

– Service Container
– Database Manager and Query Builder
– Router system
– Request and Response objects
– Filesystem
– Validator
– View System
– Controller System
– Model System

The initiative is not only new but very original, so it’s worth supporting. If you have any suggestion, or contribution, you can find more details in the contribution guide. Available under an MIT license.

Categories: PHP

Peachpie, The PHP Compiler and Runtime for .NET

PHP Community Magazine - Thu, 02/16/2017 - 13:10

Peachpie is a modern PHP compiler based on Roslyn by Microsoft and drawing from our popular Phalanger project. It allows PHP to be executed within the .NET framework, thereby opening the door for PHP developers into the world of .NET ‚Äď and vice versa.

The project is a work in progress, so be aware that is not yet intended to run full applications. You can find more details on the project’s plan and progress on the roadmap page. The project’s goals :

  • Increased performance: Peachpie’s extensive type analysis and the influence of Microsoft Roslyn should provide an improved performance of PHP applications and components.
  • Security: since programs run within the standardized and manageable .NET or .NET Core environment, the code is fully verifiable without any unsafe constructs.
  • Cross-platform development: the project compiles legacy PHP code into portable class libraries, enabling developers to build cross-platform apps and libraries for Microsoft platforms.
  • Full .NET compatibility: compiled programs run on the reimplemented Peachpie runtime, fully compatibly with the PHP runtime.
  • Both-way interoperability: the project allows for hybrid applications, where parts are written in C# and others in PHP. The parts will be entirely compatible and can communicate seamlessly, all within the .NET framework.

You can follow the getting started guide, and get the code from github. Released under an Apache license.

Categories: PHP