Jos Poortvliet did an interview with me for dot KDE in this summer's aKademy and it has been online for a while now. In it we discuss things like Midgard as a storage engine for desktop applications, and Maemo's open QA process for Downloads applications. Some excepts:

At maemo.org we have an appstore for FOSS applications on the Maemo platform. This appstore is enabled by default on all Nokia N900s so we wanted to have some quality control. We had to create our own appstore approval process, compatible with the FOSS philosophy. Now any developer can submit an app, and anyone can test and vote. The whole process is completely transparent, auditable and visible. And it also provides a feedback channel from testers and users to the developers!

...

Midgard is a data storage service. Whether you write desktop or web applications, instead of coming up with your own file format, you just use Midgard. You can work more easily and object-based. Users have many different devices these days, so Midgard has strong replication features to synchronize between different systems. Midgard is built on top of GObject; we provide bindings to a bunch of different languages so developers can choose the tools they like - PHP, Python, Javascript. Currently (as in now, while we're talking) Qt bindings are being developed here at Akademy.

Read the whole interview.

Last week, while I was on vacation, the news broke that IDG's InfoWorld had announced its annual InfoWorld Bossie Award winners ("Bossie" stands for "Best of Open Source Software"), and that Zend Framework had won the " best open source application development software " award.

I’m excited to announce I’ll be speaking at PHPNW Conference, to be held October 9th, 2010 in Manchester, UK. I’ll be doing my talk, “Developing Easily Deployable PHP Applications“, which I also did in July at OSCON. I’m working on making the talk even better based upon feedback I received, and will talk more about the various tools we use and have developed to make building SugarCRM easier.

This is my first time to this conference, but judging from the lineup of talks it is not one to miss if you are in the area. The lineup has several exciting talks about PHP development from some of the biggest names in PHP. You can register now at the conference website; early bird registration ends on September 4th.

... on contribution

Who hasn't ever started writing his own Framework/CMS? It is considered best practice for learning purposes, but going through all the security stuff can be stressful and boring at the same time. That's where most devs start to contribute to big Open Source-projects like Typo3 or the Zend Framework, because they are already experienced working with it and yet evolving another system on the market or even getting people to contribute seems like an unachievable task. Instead of wasting his time on yet another ACL implementation, the developer is taking part in making a software become even better, no matter if he delivers new features, reports / fixes bugs or works on documentation (another, yet an often underestimated part of contribution). It is also worth noting that every single Blog-entry and every HowTo thats put on the web also is a great deal of contribution that helps the software spreading. Beginners articles are important to put on the web since every one of us had it's beginnings and these are the sort of articles where many people decide to either use the software for a certain project or not.

As you might see, this article is not only a guide on contributing bugfixes, but also I want to motivate you to just give it a try.

... on Zend Framework

Having spent almost a year at the IRC support channel, I can tell they're really fun guys to hang around with. Of course, the Framework itself developed into a great piece of software. I do not want to discuss the up or downsides of a use-at-will framework, neither I want to recommend it over {put your favourite software here}. But what I can talk about is a little summary of the support channel's chatlogs. The widely annouced channel (which is #zftalk on Freenode) includes all kinds of concerns. One kind of people finds bugs, the other do have really clever ideas on improvements, but when you ask them to contribute its all the same: they either think it takes years to get into it, the others think they might be "not good enough for this". We sure won't force or threaten people to contribute, but what I can do is taking the fear out of it and demystify the thing, so later you might see that its actually just a few minutes to spend. Let me just loose a few words to the latter ones before we get into it: You can't destroy anything, and every idea of yours can also lead to a great improvement either realted to your concern or in a completely different area. We're glad that you take your time, even if you are completely new to ZF. Some beginners concerns already caused developers to write guides and articles that are still around and are linked at times in #zftalk...

... on contributing to Zend Framework

Contributing any code to ZF requires signing the CLA, which is an agreement that both you have the right to share any code you supply, and that you will not patent that code. This is to ensure that the frameworks codebase remains business friendly, and free to use for everyone. In fact you have to actually sign a paper, having done this you can just scan and mail or fax it. This is an important step, and none of your code will be used in any official package unless you did this.

The next step will be reading the coding & subversion standards. If you already had a look at actual ZF components code you should be familiar with the standards. Once you took a short insight (you probably wont be able to just remember all of this at once), you can check out the official SVN repository. Notice, that you, even having signed the CLA and being confirmed, do not have commit rights. So you might now ask yourself how to contribute then? All magic is taking place in the bugtracker, ZF's official Jira. All bug tickets, additions and improvements are filed as tickets here. So if you find a bug, report it here, and soon there will be a discussion in the comments section of a ticket.

Mostly all of these people, being listed by their reallife names, are also to be found on different names in the support channel, so feel free to ask them any ticket-related stuff.

The code itself will be submitted as a patch file (svn diff > patchFile), and uploaded in the Jira-Ticket. This might also be done by people who do have commit rights, but one might not be sure how to fix a problem, or any question might be left. This method of code management then leaves it to the original package developer to decide whether a change should be made or it should be thought over again (might have side effects on other packages and so on).

The last yet very important point is unit tests. ZF makes heavy use of th

Truncated by Planet PHP, read more at the original (another 1916 bytes)

Article originally from rooJSolutions blog

The new 8-core Intel Xeon 7550 processors are extremely powerful and a good platform for virtualised applications. My company is setting up PHP application running on a Xen based virtualisation on two HP Proliant DL580 for a total of 64 cores in a high availability environment. .

Why Virtualise?

First let's investigate why virtualisation is attractive. The advantages are:

• Simplified maintenance, as all software is running on virtual machines (VMs). Easy to stop and start VMs from the VM server console.
• High availability is easier to achieve, as you can just restart the VM on a secondary server if the primary server fails, assuming that the VM is stored in shared storage accessible by all servers, using shared storage methods such as NFS, iSCSI or a SAN (Storage Area Network).
• Able to optimize server hardware utilisation globally as CPUs, memory, hard disk, network resources are all shared.

The disadvantages are strangely enough related to the advantages:

• The maintenance is simplified, but the initial setup is more complex as not merely do you need to setup the hardware and the operating systems, but you have to plan out the virtual environment, such as the virtual network, and make sure that everything is properly sized as you are buying a few big machines, instead of lots of smaller servers.
• High availability means you need to invest in high quality shared storage to store the shared VMs, typically a SAN, the SAN switches and the Fibre Channel HBA cards to connect to the SAN switches.
• Need to over-configure the hardware as there is some overhead in virtualisation, particularly in terms of network I/O and storage I/O. CPU overhead for virtualisation is normally not a concern with modern virtualisation technologies such as VMWare, Xen, or Hyper-V.

In this case, our customer was comfortable with virtualisation, as they are big users of IBM AIX Logical Partitions and VMWare. Secondly, they already operate several large Storage Area Networks, and merely had to upgrade the SAN to support us. Lastly they had the budget to pay for all of this :)

VM Technology

We are using Zend Server CE (PHP 5.2), Apache 2.2 and Oracle 11gR2 running on Red Hat Linux 5.5 and Oracle VM 2.2 (which uses the Xen Hypervisor).

In the VM world, there are 4 main technologies that are popular:

• VMWare - the market leader, this company has been doing virtualisation for over 10 years and they have good products.
• Xen Based products - Xen is an open source technology that arose from some research on Hypervisors (the bare metal OS that controls all the virtual machines) done in Cambridge University. Today, several companies offer products using Xen, including Red Hat, Citrix, and Oracle. Has good support for Linux and Windows.
• KVM - many kernel hackers were dissatisfied with Xen (because the Xen Hypervisor is not Linux-based internally), resulting in the development of KVM, which is fully Linux based. KVM is not as mature as Xen, but improving really fast. Support Linux and Windows.
• Hyper-V - Microsoft's virtualisation technology. Microsoft is committed to supporting Linux also.

We chose Oracle VM (Xen) because it has good performance with Linux and Oracle databases (naturally). Oracle VM is free with optional paid support available. There are also licensing advantages to using Oracle VM with Oracle databases. Oracle database licensing dictates that if you are using virtualisation technologies such as VMWare and are purchasing CPU licenses, you still have to pay database licenses for all the CPU cores of the server, even if the database VM is using only 1 core. However if you are using Oracle VM, then you only have to pay for the CPU cores you use using; this is known as "hard-partition" licensing in Oracle terminology.

I also have experience with VMWare, and can recommend it as an mature alternative. Apparently the Citrix Xen Server is a good product, but I don't have experience with it.

I will cover more technical details in part 2, which i will be writing in September after I complete this installation.

Truncated by Planet PHP, read more at the original (another 4743 bytes)

In my previous post, I discussed the Closure Compiler’s REST API. In this article, we’ll develop a small PHP program that shows how the API can be used to compress JavaScript code whenever you need it.

Why write your own system?

You’ll find that several free tools handle this task; one of the first PHP JavaScript compressors was written by Ed Eliot. Sometimes, however, they require technologies you don’t use — such as Java — or may not cater for internal workflow processes, including:

• distributing uncompressed JavaScript to developer PCs
• integration with source control systems
• automating your build, and so on

The HTML

Assume you normally include the following script tags at the bottom of your HTML:

<script src="script/file1.js"></script>
<script src="script/file2.js"></script>
<script src="script/file3.js"></script>

We’ll replace this block with a single script tag that references all three files.
The .js is removed and the file names are separated with an ampersand:

<script src="script/?file1&file2&file3">
</script>

The PHP

We now require an index.php file within our script folder. The first code block transforms the GET parameters into an array (file1, file2, file3) and initializes the variables:

<?php
// fetch JavaScript files to compress
$jsfiles = array_keys($_GET);

$js = '';               // code to compress
$jscomp = '';           // compressed JS
$err = '';              // error string

We now loop through the JS files, read the content, and append it to the $js string. If a file is unable to be found or read, its name is appended to the $err string:

// fetch JavaScript files
for ($i = 0, $j = count($jsfiles); $i < $j; $i++) 
{
  $fn = $jsfiles[$i] . '.js';
  $jscode = @file_get_contents($fn);
  if ($jscode !== false) {
    $js .= $jscode . "\n";
  }
  else {
    $err .= $fn . '; ';
  }
}

If any files are missing, we can generate a JavaScript alert to inform the developer:

if ($err != '') {
  // error: missing files
  $jscomp = "alert('The following JavaScript files 
could not be read:\\n$err');";
}

If there are no errors and we have some JavaScript code, we can proceed with the compression. The $apiArgs array contains a list of Closure Compiler API options — you can add, remove, or modify these as necessary. The arguments are encoded and appended to the $args string:

else if ($js != '') {
  // REST API arguments
  $apiArgs = array(
    'compilation_level'=>'ADVANCED_OPTIMIZATIONS',
    'output_format' => 'text',
    'output_info' => 'compiled_code'
   );
   $args = 'js_code=' . urlencode($js);
   foreach ($apiArgs as $key => $value) {
     $args .= '&' . $key .'='. urlencode($value);
   }

We can now call the Closure Compiler API using PHP’s cURL library. The compressed JavaScript is returned to the $jscomp string:

  // API call using cURL
  $call = curl_init();
  curl_setopt_array($call, array(
    CURLOPT_URL => 
'http://closure-compiler.appspot.com/compile',
    CURLOPT_POST => 1,
    CURLOPT_POSTFIELDS => $args,
    CURLOPT_RETURNTRANSFER => 1,
    CURLOPT_HEADER => 0,
    CURLOPT_FOLLOWLOCATION => 0
  ));
  $jscomp = curl_exec($call);
  curl_close($call);

Finally, we return our compressed code to the browser with the appropriate MIME type:

}
// output content 
header('Content-type: text/javascript'); 
echo $jscomp; 
?> 

Download the Code

Save yourself some typing and

Truncated by Planet PHP, read more at the original (another 3132 bytes)

About a week ago, I was doing some upgrades on my development machine and came across a rather nasty issue when it comes to how .php(s) files are associated with PHP in Apache. It seems that a number of distros including Gentoo (which is what I was using) are using the following configuration directive to make the PHP module parse PHP files:

<IfModule mod_mime.c>
AddHandler application/x-httpd-php .php
AddHandler application/x-httpd-php-source .phps
</IfModule>


The non-obvious problem with the above is that it will allow not only "file.php" to be treated as PHP scripts, but also "file.php.txt", which means that any file containing ".php" in its name, no matter where in the filename, would be treated as a PHP script. This of course creates a rather nasty security hole, since many upload file validation tools, only check the final extension. Consequently allowing the user to by-pass the validation, by simply prefixing another "harmless" extension like .txt, .pdf, etc... to the filename, but still get the code to execute.

To mitigate this problem you should instead use the following configuration, that would only pick-up of files ending with a .php extension.


<IfModule mod_mime.c>
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
</IfModule>


The difference between the two configurations being that the original uses AddHandler (bad) and the latter uses AddType (good).

Today I am releasing PHP Manager for IIS 7 – beta, which is an IIS extension for setting up and managing multiple PHP installations on IIS 7 servers. It can be used to:

• Register PHP with IIS;
• Run multiple PHP versions side by side;
• Check PHP runtime configuration and environment (output of phpinfo() function)
• Configure various PHP settings
• Enable or disable PHP extensions
• Remotely manage PHP configuration in php.ini fille

The PHP Manager installation packages can be downloaded from these locations:

• PHP Manager for IIS 7 – beta – x86
• PHP Manager for IIS 7 – beta – x64

The project’s home page and documentation are located at http://phpmanager.codeplex.com/. This blog post describes how the PHP Manager for IIS can be used.

Installation

From the Downloads page select the installation package that is appropriate for your target machine. Download and run the installer, which will install and register PHP Manager’s binaries with IIS. Note that only IIS versions 7.0 and above are supported. After installation is complete, launch the IIS Manager and find the “PHP Manager” feature:

When opened, the “PHP Manager” feature provides a configuration overview for the PHP installation that is registered with IIS and is currently active. If no PHP is registered with IIS, then the only action that can be performed is the registration of a new PHP version.

Registering PHP with IIS

To register a new PHP version with IIS, first you need to download the zip archive with PHP binaries from http://windows.php.net/ and then extract the files from it into a folder of your choice. Note that you can also install PHP by using Web Platform Installer or the Windows installer from http://windows.php.net/ – the PHP Manager can be used to manage those PHP installations as well.

Click on “Register new PHP version” task and then provide the full path to the location of the main php executable file: php-cgi.exe:

After clicking OK the new PHP version will be registered with IIS and will become active. This means that all the sites on this IIS server by default will use this PHP version.

Switching between PHP versions

After multiple PHP versions have been registered with IIS, you can use PHP Manager to easily switch between the versions on a server and site level. This means that you can configure some IIS sites to use one PHP version, while other sites use different version.

Checking phpinfo() output

phpinfo() function in PHP provides very detailed information about all aspects of PHP runtime configuration. To check the phpinfo() output from within PHP Manager use the “Check phpinfo()” task.

Configuring Error Reporting

You can use PHP Manager to configure error reporting level in PHP. If IIS is used on a development machine then you may want to use verbose error reporting in order to see all the errors, warnings and notices from your PHP application right away. If IIS is used as a production server, then error reporting level is less verbose and errors are logged in a log file, but never communicated to HTTP client.

Truncated by Planet PHP, read more at the original (another 2028 bytes)