Friday 20th December 2013 Facebook Porting PHP VM to ARM Architecture
Facebook is arguably one of the most well-known websites in the world. With over a billion active user accounts (despite some disagreements over how many of those are fake accounts), Facebook is also one of the largest PHP deployments in the world - if not the absolute largest. A custom written virtual machine dubbed the 'Hip Hop Virtual Machine' translates Facebook's PHP code into 64-bit x86 instructions for various kinds of heavy-duty server-side computation.
Naturally, though, they're interested in ensuring that they have the best possible setup on the back-end, and the up and coming ARM architecture has a number of advantages over x86 processors for massively scaled server setups like Facebook uses. Interestingly enough, Google, who uses a mixture of AJAX and Python for their heavy lifting as also interested in experimenting with the ARM processor architecture.
For Facebook, however, the primary concern is not being locked into a monoculture of processors as various implementations of the technology evolves. They're hoping to adjust the Hip Hop Virtual Machine to be as architecture independant as possible, although their most realistic timeframes don't see a complete switch for several years.
The ARM processor architecture is extremely attractive for any large web-based service, as it's far more power-efficient than a comparable x86 server farm setup. When you have a massive number of servers the way Facebook does - estimated in 2012 at just under 200,000 - power bills are one of your major concerns, and the ability to adopt newer, more power efficient architectures is extremely appealing.
While Facebook is remaining relatively quiet about the entire process, you can look at a far more technical explanation of their plans at their Hip Hop Virtual Machine blog here
. If you're a highly-skilled PHP developer who is also very familiar with the ARM server architecture, you might even consider applying for the job!
Posted on December 20th 2013 at 10:36pm
Tuesday 17th December 2013 PHP.net Breached With Potentially Unique Malware
In what is no doubt an embarrassing security breach, PHP.net, the official website of the PHP programming language, was compromised temporarily by hackers. Having a server compromised is not a particularly rare occurrence in the modern digital era, although as the flagship site of the PHP language, it must be particularly galling - as well as being a potent cautionary tale for PHP programmers everywhere. After all, if it can happen there, it can happen anywhere.
The attack, which compromised the site for nearly 3 days in October, was intended to force users who visited the site to download and execute some malicious code - also not particularly uncommon in this day and age. More recently, however, security researchers were analyzing the payload that was downloaded to user's machines, and found it to be a highly specific and potentially unique piece of malware dubbed DGA.Changer, which employs sophisticated techniques to evade detection and maintain links with command and control systems, for the purpose of downloading other pieces of malware to the infected machines which would otherwise be caught and removed.
Here's where things get curious, though: the machines infected by DGA.Changer from the PHP.net attack don't seem to be downloading other pieces of malware. There have been no reported cases of additional malware downloads in the wild, and security researches are concerned that something more complex is at work - the digital equivalent of the 'long con', perhaps. Aviv Raff, CTO and security researcher at Seculert writes, "Our analysis at this point is that 'no news is bad news.' Why would adversaries deploy a malware which downloads nothing, on a site used by software developers, and then engineer it so that it can receive commands from a C2 server to change the DGA seed? It makes no sense—and that [is] worrisome. Not all adversaries are geniuses, but they typically have an agenda."
The current running theory is that PHP.net was targeted because it has a very high probability of being visited by PHP programmers who are working on high-value projects that may not even be released yet, giving whoever holds the keys to DGA.Changer a very valuable pool of potential targets. While there seems to be no activity or damage caused as a result of the attack, the possibility that someone is specifically targeting PHP programmers rather than average users is a disturbing trend that should have every developer concerned - and ensuring their antivirus definitions are up-to-date and working properly.
Posted on December 17th 2013 at 10:46pm
Saturday 14th December 2013 Symfony Gets Boost from SensioLabs Funding
Most PHP programmers are familiar with the value of using frameworks in their coding projects. As a result, there are now quite a number to choose from, but one of the most popular and widespread is the open source PHP framework Symfony. While the project is open source, it was originally developed way back in 2005 by a team led by Fabien Potencier that formed a startup in France last year, SensioLabs. This same firm recently completed a round of financing from venture capital firm CM-CIC Private Capital, to the tune of $7 million USD.
SensioLabs founders Fabien Potencier and Gregory Pascal have announced several upcoming projects, one of the most exciting of which is SensioLabsInsight, which hopes to measure the quality of PHP code within a given application. Originally launched as a beta in October of this year, and still only available to private beta testers, it no doubt helped to secure the round of funding they received. The main goal of the startup, however, is to provide support for developers and companies that implement the Symfony framework in their applications, with the intent of fostering more widespread adoption.
This is an ongoing challenge, of course, as despite the fact that PHP is the most common programming language on the Internet, there are a growing number of detractors who advocate the use of other competing languages such as Python and Ruby on Rails. However, thanks to the widespread success of Symfony, the community that's grown up behind the framework released a more recent updated version in 2011, Symfony2, to even more widespread acceptance.
This level of continued support for the framework should make it even more enticing to companies who are searching for a robust, well-established framework. Yahoo was one of the first major companies to embrace the original Symfony framework, and since then, TOEFL, Virgin Mobile, and the French government (among many others) have all implemented Symfony in some way, and no doubt many more big names will sign on as a result of these events.
Posted on December 14th 2013 at 09:13pm
Wednesday 11th December 2013 Coping With Legacy PHP Code
Developers, like any creative individuals, tend to like to work on their own projects from start to finish. There's nothing more satisfying than seeing a project go live that you've shepherded the whole way from conceptual planning to development and testing to that sweet, sweet final build. Sadly, the world doesn't always work that way. Whether you're working as part of a larger development team, you've been brought in to redirect a project that went off the rails or you're updating a project that's been around almost as long as PHP has, at some point in your career you're going to run into code that doesn't shine - and you're still going to have to work with it.
At first blush, it can seem pretty overwhelming to pick up a project that's got years of development behind it. As with most actively ongoing PHP projects, the entire codebase has evolved over time as the needs of the client, the user and the technology itself has adjusted over the project's lifespan. Even the language itself has changed dramatically since it was first implemented. Best practices that are commonplace now were barely heard of and rarely used when some projects began, and those that existed at the time were not well known. So what do you do?
The most important thing to do is to examine the codebase in its entirety and decide what's most sorely in need of updating. Prioritising your list of updates can make the job seem less like an impossible mountain to climb and actually more like something that might be completed within your lifetime. What sections of code are you going to be working with most directly? Which aspects are so antiquated that they can barely interface with any new code you write? Are there any gaping security holes? Answering these simple questions can provide you with a roadmap of smaller goals that can quickly be completed, giving you a sense of control over the project.
Don't get caught up in a perfectionist mindset. Is it really important for you to start with small-scale optimisation improvements? That can probably wait until some of the larger issues are sorted out. Above all, though - make sure that you follow current PHP best practices when you're implementing your changes, otherwise you - or another programmer a couple of years down the line - are just going to wind up in exactly the same situation as before.
Posted on December 11th 2013 at 09:11pm
Saturday 07th December 2013 Facebook PHP Virtual Machine Released
One of the holy grails of complex PHP application development is maximizing performance. Not only does better performance mean more manageable server loads, if you're scaling large enough, there can be a number of other dramatic gains in terms of power consumption and energy costs. Few companies are more familiar with this than the social networking giant Facebook, which is coded entirely in PHP and also just happens to be the largest social networking site on the planet. With over a billion active accounts, that's nearly 20% of the entire world's population - almost nobody else is as familiar with complex and robust PHP deployments as they are.
When it comes to web deployments of PHP applications, most developers initially choose to write the complicated code in PHP, but as the application scales and the usage levels increase, the more complex calculations are often re-coded using a faster server-based language such as C or C++. Facebook itself did this in the past, using a custom compiler named HipHop that translated the site's PHP code into C++ for faster execution. As in many large development environments, however, this eventually grew to create separate problems, which meant a new solution was called for.
Thus began the development of the HipHop Virtual Machine, or HHVM as it's more commonly known. Without getting too deep into the technical specifics, the HHVM translates PHP code into a custom bytecode known as HHBC (you guessed it, Hip Hop Byte Code) which is then processed by an x64 just-in-time compiler, along with a companion bytecode interpreter when absolutely necessary. This allows Facebook's entire staff of PHP developers to work on the entire codebase together, instead of dividing up the development process into PHP and C++, which can often lead to major headaches when it comes time to reconcile.
Joel Pobar, a developer at Facebook, cautioned that many developers hoping to gain performance improvements from implementing HHVM may not get the results they want, saying, "Chances are [your code is] spending too much time talking to the database or spending too time talking to the memcache caching layer." In other words, your performance bottleneck isn't likely to be execution speed, as there are other more typical culprits that can be identified by using benchmarking applications. The HHVM is strongly optimized towards very large PHP codebases with very heavy usage loads, but it may be worth investigating for your next project.
Posted on December 07th 2013 at 10:13pm
Wednesday 04th December 2013 The Importance of Keeping PHP Up to Date
PHP is a robust and flexible language, used almost everywhere on the web in one form or another - and, increasingly, it's being used in many non-standard environments. As we grow into the so-called Internet of Things - the holy grail of web connectivity where every device we own is integrated into a network - the places PHP can be found are often extremely surprising to the unexpecting user. Never before has this been more highlighted than by a new piece of malware that was identified in the last two weeks by security firm Symantec.
Capitalising on a by-now ancient PHP bug, the malware is a worm known as Linux.Darlloz has currently only been infected Intel x86-based systems, but security researchers warn that there are variants of the worms code that are designed for chip architectures that are most commonly found in consumer-grade routers, IP security cameras, and even television set-top boxes, which are not typically devices that are targeted by malware attacks. While there have been no recorded incidents of any of these devices being infected 'in the wild', the possibility exists that the current operational structure will change.
This serves to highlight the importance of working with up to date versions of PHP, and ensuring that if you or your company are responsible for working with devices that contain web interfaces, as most devices in the Internet of Things do for control and configuration purposes, it's absolutely crucial to roll out properly timed security updates. The particular flaw exploited by the Linux.Darlloz worm is only found in PHP versions 5.4.1 and earlier ; the patch for the flaw was implemented as far back as May 3rd of 2012.
It doesn't take much time to ensure that your current development environments are running the latest version of PHP - a quick version check and an update to your binaries is all it takes. It's possible that you may have to make some updates to any projects that are currently in the works, and if you've got any deployed projects they should be updated to patch any security flaws, but the benefits of the added stability and security far outweigh the hassles involved in staying updated. Even if you're not ready to adopt the latest bleeding edge version, at least try to stay with a version that was released in the current year.
Posted on December 04th 2013 at 03:29am
Saturday 30th November 2013 The History of PHP
Over the course of this blog, we've covered a pretty wide range of topics relating to PHP. Learning, security, frameworks, best practices for build and launch, and even good ways to keep your code clean and reuse well-written snippets. There's one point that we've neglected to mention, though: the history of PHP itself. Even the acronym itself was something of a mystery, so we decided to take a quick trip down memory lane and discover how PHP came to be the powerhouse of a language that it is today.
PHP was originally developed as part of another language, known as PHP/FI, by Rasmus Lerdorf all the way back in 1994 in the very earliest days of the World Wide Web (it was so long ago that people were still actually calling it by its full name). Lerdorf had published his resume online, and wanted to ensure that he could track how many visits the resume had received. He had written some CGI (common gateway interface) scripts in Perl to handle this, but thanks to performance considerations he rewrote the scripts in C, and for good measure, incorporated the ability to interact with databases and web forms. This was the rather clunkily named PHP/FI, which, when released to the public in 1995, extended out into the name (wait for it…. big reveal time!) Personal Homepage Tools version 1.0. Hopefully that build-up wasn't overdone, but it's sometimes good to remember that the language that powers some of our most incredible dynamic web apps originally started out as a product of one guy working on his website.
A couple of years passed, and two other programmers, Zeev Suraski and Andi Gutmans began collaborating on the beginnings of what would be PHP 3, rewriting the parser from the short-lived PHP 2 and launching it in 1998. Shortly thereafter, they created the Zend Engine by rewriting core aspects of PHP, and PHP's place in the web world was cemented for good in 2000 with the release of PHP 4. In 2004, the first iteration of PHP 5 was launched, and since then major updates have been scarce on the ground, as here we are almost 10 years later working with PHP 5.5 which was just released earlier in 2013.
Excitingly enough, PHP 6 is currently under development. This next major update was originally slated for a release in March 2010, but, as is often the case in massive development projects, the release date has been continually pushed back as various setbacks change the estimates of time investment.
Posted on November 30th 2013 at 12:44am
Tuesday 26th November 2013 Great PHP Books Every Developer Should Own
Becoming a developer is a never-ending process. No matter how long you work at it, there are always things to learn, always new iterations of PHP to keep up on, and always a more elegant solution to a particular problem. One of the best ways to hone your skills, of course, is to get your fingers dirty doing actual coding in the trenches, but it's not the only way to expand your capabilities. Sometimes the only way to move forwards is by picking up some new knowledge from a new source, so we've put together a list of books that every PHP developer should own.
First on the list is from the venerable and respected O'Reilly series. Unimaginatively titled 'PHP Cookbook: Solutions and Examples for PHP Programmers', the content itself is nevertheless extremely elegant and well-put together. Aimed at both novice developers and more advanced pros, there's something for everyone here. Organized from the perspective of problem solving instead of a more traditionally structured approach, even advanced developers may find more elegant solutions to common programming problems. Make sure you grab the edition that's been updated for PHP5!
Next on the list is the also unimaginatively titled (noticing a trend here yet?) 'PHP and MySQL Web Development (4th Ed.) by Luke Welling and Laura Thomson. This book offers a more traditionally structured approach, covering everything from the basics of how PHP and MySQL interact conceptually to more concrete examples on how to deal with session management, email, and even PDFs and images. Famed for its clarity of writing and down-to-earth style, the 5th edition is slated for release in Spring of 2014 complete with updates for PHP 5.5.
Finally, for those of you who are already quite familiar with PHP, we reach 'PHP Objects, Patterns and Practice' by Matt Zandstra. It covers some of the additions from PHP 5.3, but doesn't seem to have an updated version. Regardless, it teaches best PHP practices from project design to build and implementation solutions, making it far more useful for the large-scale enterprise developer.
The trend in unimaginative names probably stems from the logical nature of the typical programming mind, but there is a certain charm in something that 'does what it says on the tin', as the saying goes. If these books still seem to daunting to you, you can test the PHP programming waters with some of the online tutorials we mentioned in our previous post. Enjoy!
Posted on November 26th 2013 at 07:25am
Saturday 23rd November 2013 Great Sites for Learning PHP
Learning a new programming language can be tough - especially when you're trying to learn it in the abstract. Once you've got the essentials down, the best way to keep learning - and to keep the learning interesting - is by getting your hands dirty with some simple projects. As your projects grow more and more complex, sometimes you'll find yourself grasping at straws while trying to figure out a portion of your project. Enter the great tutorial website, always ready to help you out with some of the trickier aspects of project development. With that in mind, we've put together a list of great sites that offer some of the best tutorials online. It's by no means an exhaustive list, but they're all great starting places.
The grandfather of them all is the venerable W3Schools
site. You may remember it from the hazy bygone days of learning HTML and CSS, but it's got great resources for many languages, and PHP is right up there with the rest of them. While its tutorials aren't as indepth as most of the other sites we'll look at, it has some great tutorials and sandboxes for experimenting with different PHP functions, which makes it great for beginners.
One of the newer - and better designed - sites for learning PHP can be found at the Code Academy
. It offers a set of 11 unique courses to take you from the very beginnings of PHP with a very hands-on approach, similar to the sandboxes offered by W3Schools but far more advanced. They don't delve as deeply as some of the other sites, but they're great for the basics.
Once you've shaken off the fear of unfamiliar new code and you're ready for something more advanced and intriguing, swing by PHPAcademy
. Their tutorial collection is comprised entirely of free videos which are nicely put together. The only downside is that they're relatively new, and are still building up a large repository of content. Regardless, they're definitely worth visiting to start getting your feet wet with some more interesting PHP projects.
Finally, if you've got a bit of money to throw at the learning process, it's worth checking out the resources offered by the ubiquitous
. They've got literally thousands of tutorials under their belts, and while they only offer a few for PHP, they cover all the major aspects of what you need to know to get comfortable with PHP, from working with MySQL to building basic Facebook applications. Their experience with teaching is obvious in every tutorial they host, and once you get hooked you'll want to start learning even more!
Posted on November 23rd 2013 at 12:05am
Wednesday 20th November 2013 Top Tips for PHP Beginners
Learning a new programming language can be a huge undertaking, and learning PHP is no exception. Not only do you have to learn the actual syntax and structure, but there are a number of different subtleties unique to any language, and PHP has its fair share. There are some best practices that you should get in the habit of applying to your work, so you don't have to come back later and break yourself of any bad habits. This is by no means a complete list, but it's a good starting point for PHP beginners.
First and foremost, use the latest version of PHP. This might seem like a no-brainer to everyone, but it's surprising how many people are still using outdated versions of PHP. Just make sure that you check with your hosting provider that they're willing to support the version you use. While all hosts should be supporting PHP 5 by now, they may not be supporting the latest subversion (5.5 at the time of writing)
Next, familiarise yourself with the PHP manual. Another one that might seem like a no-brainer, but most programmers learn from a 'Teach Yourself' guide or similar online tutorial system, and some have never touched the PHP manual in their lives. Give it a shot, and you're almost guaranteed to learn something that was left out of your quick-start guide.
If you haven't already switched to one, try out an integrated development environment, or IDE for short. We recently posted about some of the most popular IDEs, but it's important to find one that feels comfortable to you, so test out some of the available options to find your personal favourite. The simplest improvements over a basic text editor can make you wonder how you ever coded without an IDE.
To save yourself a bunch of headaches while you're learning (and after), make sure you have enabled error reporting. It will save you a huge amount of time trying to sort through code that you're not really familiar with, and you'll be instantly thankful for it. Just make sure that you remember to turn it off before you launch, or your benign users will be confused and any malicious users may have a route into your system.
Finally, make sure you get into the habit of writing your PHP code as cleanly as possible from the beginning. Use naming conventions for your variables that actually mean something, because by the time you're finished your project you'll have lost track of the obscure names you gave to your incremental loops. Indent your code and use plenty of whitespace, which will make sorting through things infinitely simpler and faster, and will make it easier for other programmers to help you out if it turns out you need it.
Posted on November 20th 2013 at 08:53pm