サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
体力トレーニング
blog.ircmaxell.com
It’s no secret that I’m into building toy compilers and programming languages. Today I’m introducing something that’s not a toy (I hope). Today, I’m introducing php-compiler (among many other projects). My hope is that these projects will grow from experimental status into fully production ready systems. JIT? AOT? VM? What The Heck?Since I’m going to be talking a lot about compilers and components
Today, a significant SQL-Injection vulnerability was fixed in WordPress 4.8.3. Before reading further, if you haven’t updated yet stop right now and update. The foundations of this vulnerability was reported via Hacker-One on September 20th, 2017. This post will detail the technical vulnerability as well as how to mitigate it. There is another post which deals with the background and time-lines. W
The other day, I was directed at an interesting question on StackOverflow asking if password_verify() was safe against DoS attacks using extremely long passwords. Many hashing algorithms depend on the amount of data fed into them, which affects their runtime. This can lead to a DoS attack where an attacker can provide an exceedingly long password and tie up computer resources. It’s a really good q
There’s currently a proposal that’s under vote to add Scalar Typing to PHP (it has since been withdrawn). It’s been a fairly controversial RFC, but at this point in time it’s currently passing with 67.8% of votes. If you want a simplified breakdown of the proposal, check out Pascal Martin’s excellent post about it. What I want to talk about is more of an opinion. Why I believe this is the correct
After yesterday’s post, I decided to do some math to see how many PHP installs had at least 1 known security vulnerability. So I went to grab statistics from W3Techs, and correlated that with known Linux Distribution supported numbers. I then whipped up a spreadsheet and got some interesting numbers out of it. So interesting, that I need to share… UPDATE:Wow, this post got traction pretty fast. I
If you’ve been following the news, you’ll have noticed that yesterday Composer got a bit of a speed boost. And by “bit of a speed boost”, we’re talking between 50% and 90% reduction in runtime depending on the complexity of the dependencies. But how did the fix work? And should you make the same sort of change to your projects? For those of you who want the TL/DR answer: the answer is no you shoul
There are a bunch of guides out there that claim to be a guide to MVC. It’s almost like writing your own framework in that it’s “one of those things” that everyone does. I realized that I never wrote my “beginners guide to MVC”. So I’ve decided to do exactly that. Here’s my “beginners guide to MVC for the web”: Lesson 1You don’t need “MVC”. There, I said it. The best advice I can give beginners (a
Dear PHP-FIG, Please stop trying to solve generic problems. Solve the 50% problem, not the 99% problem. Signed, Anthony PS: … Ok, so I wasn’t going to leave it at that. What am I talking about, and why does it matter…??? Solving The 100% ProblemYou can never build a generic solution that can scale to everyone’s needs. Never. It ain’t going to happen. You can try to bend any solution to fit all pro
As many of you likely know, I have a “thing” for password storage. I don’t know what it is about it, but it fascinates me. So I try to keep up as best as I can on the latest trends. In the past few years, we’ve seen the rise of a new algorithm called scrypt (it’s 5 years old actually). It’s gaining more and more adoption. But I don’t recommend its use in production systems for password storage. Le
There’s been a lot of buzz in the community lately around PHP and its future. The vast majority of this buzz has been distinctly positive, which is awesome to hear. There’s been a lot of talk about PHP6 and what that might look like. There’s been a lot of questions around HHVM and its role in the future of the language and community. Well, let me share with you some of my thoughts in this space… O
Many people teach design patterns as a fundamental step to Object Oriented Programming. They are so universally seen as important that almost every single conference that I have been to has had at least one talk about them. They are quite often used as interview questions to test a candidate’s OOP knowledge. However, just like inheritance, they are not needed for OOP. And just like inheritance, th
Lately I’ve been playing around with some functional languages and concepts. I have found that some of these concepts are directly applicable in the OOP code that I’ve been writing. One of those concepts that I think is worth talking about is the Monad. This is something that every functional developer tries to write a tutorial on, because it’s such a cool but hard to grasp concept. This post is n
In this day in age, it seems that the community trend is completely and unequivocally trending towards the use of web application frameworks. So much so that the defacto first comment to someone asking how to do something seems to be “Just use a framework, and it’ll solve the problem for you.” While I completely understand why this is the case, I can’t say that I agree with it. And while I do beli
Almost two years ago I had stumbled upon a pretty significant vulnerability in the StackExchange network. I say stumbled, because I wasn’t actually trying to attack the site. Circumstance just showed me a door. The actual attack is pretty interesting, and it holds a lesson for everybody who builds or maintains websites or server infrastructure. So here’s the story on how I hacked StackOverflow… Th
The other day I announced the release of my new password hashing library, PasswordLib. As I’ve come to expect, Reddit was full of interesting commentary on the topic. Some was good, some was bad and some surprised me. What surprised me was the insistence on a global salt (otherwise known as a “pepper”). So, I started thinking about it some more, and I figured I’d write a post on why I don’t use pe
Yesterday, I got in an interesting conversation on twitter about object scopes and what constitutes a global scope. The discussion started around a piece of code that I stumbled upon from Fuel 2.0. I am a firm believer that service containers are not a form of Dependency Injection, and are only slightly better than global variables. That led me to make a few comments that elicited a reply from two
The concept of generators was recently proposed for addition in PHP’s core (Possibly for 5.5.0). While I believe that this is a great tool, it appears that many PHP developers aren’t familiar with the concept of generators. So I thought I would take a little time and explain some of how it works, and how it can be used to greatly simplify code. The TheoryLet’s get one thing clear here first. Gener
This morning I was asked a question that took me by surprise: “Your examples for PasswordLib are in OOP style, how do I write it in procedural style”… This took me by surprise, because the examples actually are in a procedural style. So I felt that I should write a post about the real differences between OOP and Procedural coding styles. Hint: whether you use classes and objects or not has very li
There’s been a lot of traffic lately about what’s wrong with PHP, and counter posts about how good it is. I’ve even fallen into the fray in an earlier article trying to step up and defend the language. The problem with almost all of these posts is that they focus on the language itself and what’s wrong (or right) with it. This is not one of those posts. The True ProblemThe true problem with PHP li
Today, I’m proud to announce the immediate availability of a new password hashing library for PHP: PasswordLib. The project is a spin-off of another that I started about a year ago, CryptLib. I was unable to find a clean solution to a few problems in CryptLib, so dev work stalled for a while. I realized recently that the password hashing functionality was complete, so if I stripped out the incompl
I read a rather interesting post yesterday called PHP: a fractal of bad design. It’s been getting a lot of traffic among the PHP community lately because it’s rather inflammatory. But to be honest, it does make a lot of really good points. It also makes a lot of mistakes and misses a bigger picture. A Few MistakesThe post makes quite a few mistakes and odd apples to oranges comparisons. Let me poi
A common problem that developers face when building applications is how to allow the application to be “plug-able” at runtime. Meaning, to allow non-core code to modify the way an application is processed at runtime. There are a lot of different ways that this can be done, and lots of examples of it in real life. Over a year ago, I wrote a StackOverflow Answer on this topic. However, I think it de
このページを最初にブックマークしてみませんか?
『ircmaxell's Blog』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く