Author Archives: Michael Budd, Fraser Hart, Lewis Cains, Edd Mann

144: Build, Provision and Deploy in the Cloud with Thijs Feryn

Posted on by

In this weeks episode we are joined by Thijs Feryn to discuss his upcoming PHP UK conference talk. We start of the show highlighting what drew him to a Tech. evangelist role, bridging the gap between code/infrastructure and the ideas behind ‘Infrastructure as Code’. From here we move on to discuss system and infrastructure provisioning automation tools such Ansible and Terraform. This leads on to adding Packer into the mix, moving towards immutable infrastructure, testing these automation tools and how history has a way of repeating itself. Finally, we touch upon the philosophy behind DevOps, focusing on empathy and its core values CAMS.

143: Symmetric and Asymmetric Encryption with Scott Arciszewski

Posted on by

In this weeks episode we are lucky to be joined again by Scott Arciszewski. We start off the show by discussing the difference between Symmetric and Asymmetric Encryption, what Authenticated Encryption is and how secret-keys are exchanged using Diffie-Hellman. From here, we move on to highlight how Elliptic-curve cryptography works, what DNSCrypt is and why prime numbers are so important in cryptography. Finally, we touch upon multi-factor authentication, how one time passwords work, SMS vulnerabilities and how to manage password recovery.

142: Domain Modeling Made Functional with Scott Wlaschin

Posted on by

In this weeks episode we chat to Scott Wlaschin about his new book ‘Domain Modeling Made Functional’. We start off the show discussing how the book came to be, the process of writing a book and melding the worlds of Domain Modeling/Functional Programing. This leads us on to highlight what Domain Driven Design is, the importance of communication and the difference between the solution/problem space to garner a shared model. Finally, we touch upon some of the common patterns that come out of modeling domains such as - how Entities and Value Objects provide identity, maintaing invariants using Aggregates, and communication between modals via Anti-Corruption Layers.

141: Web Application Security, Part 2 with Scott Arciszewski

Posted on by

In this weeks episode we continue our discussion with Scott Arciszewski about all things Security and Cryptography. We start off the show by highlighting what a SQL injection attack is and the differences between (emulated) prepared statements. This leads us on to look into how to securely handle file uploads, what a reverse shell is and how to defend yourself against XSS/CSRF attacks. From here we touch upon the recent inclusion of libsodium into PHP, why mcrypt should be avoided, and the side-channel vulnerabilities that brought way to Meltdown and Spectre. Finally, we mention how computers generate seemingly random numbers, what a Web Application Firewall (WAF) is, and how WARD goes about protecting your systems.

140: Web Application Security, Part 1 with Scott Arciszewski

Posted on by

In this weeks episode we chat with Scott Arciszewski about all things Security and Cryptography. We start off the show by explaining how he got interested in this field of work, correcting PHP security related answers on Stack Overflow and why he focuses on PHP security. From here, we move on to highlight what the OWASP Top Ten is, how you can distill many security principles into data/code seperation and what is involved in a software audit. This leads us on to discuss what HTTPS actually is, touching on TLS, PKI’s, Ciphersuites, and reported attacks against TLS and ECB. Finally, we highlight some important browser security features that can be used, pushing new software releases in a secure manor, thoughts on Cryptocurrencies and how everyone wants to solve their problem with a blockchain at this time.

139: Mobile Internet isn’t Cheap! with Joe Watkins

Posted on by

In this episode we catch up with Joe Watkins to discuss all things PHP. We start off discussion with his recent move to Spain, the pain of getting a good Internet connection and PHP TestFest. This leads us on to highlight some recent work he is doing with adding PHP bindings to Bicoin’s Secp256k1 library and a Generic Traits idea. From here we touch upon the additions that made it into PHP 7.2 and some that have already been accepted for 7.3. Finally, we get Joe’s opinion on a couple of RFC’s (Call-site pass-by-reference and Operator functions).

138: Everything Serverless with Andy Raines

Posted on by

In this weeks episode we chat to Andy Raines about all things Serverless. We start off by discussing what Serverless actually means, advantages of using such a model, design constraints it employs and how it scales. From here we touch upon the history of how we got to the compute/infrastructure we use today: from on-premise servers, IaaS, PaaS and FaaS/BaaS. This leads us on to highlight the 12-factor app methodology, how immutability has vast benefits in many contexts and how FaaS platforms work under-the-hood. Finally, we mention the Serverless PHP project Andy is working on, the motivations behind it and future development he would like to see take place.

137: Putting all your Fish in one Basket

Posted on by

In this weeks episode Mick and Edd first touch upon the many new services/features that have been released at AWS re:Invent. We then move on to discuss Serverless architecture, Server architectural patterns, Amazon Cognito and security/encryption that is available within Amazon Web Services. This leads us on to highlight the impact of relying on a single company for all your compute/infrastructure needs and ‘putting all your fish in one basket’. Finally, Mick tells us what Santa might be bringing him for Christmas.

136: Delving into Cryptocurrencies with Jay Smith

Posted on by

In this episode we are lucky to have cryptocurrency proponent and trader Jay Smith on the show. We start off by talking about how he got introduced to cryptocurrencies and trading, highlighting what trading actually is, and the two different schools of thought (fundamental vs. technical analysis). From here we move on to chat about how innovations such as Bitcoin are changing the way we view money/bank, the underlying technologies that make it possible (Blockchain), and the game-theory/incentives behind it for each participant to continue ‘playing the game’. Conversation then moves on to touch upon alternative cryptocurrencies (alt-coins) and the different use-cases/advancements they are making in the space. Finally, we highlight Bitcoins scaling dilemma, how all routes seem to effect decentralisation in some shape or form, and how he stores his private keys.

135: Let’s AWS Everything!

Posted on by

In this week’s episode Edd and Mick catch-up after another long hiatus (sorry about that). We start off by discussing principles mentioned in the Clean Coder book, gaining confidence in code by way of tests, and Elon Musk’s dream of putting a person on Mars. Leading on from this, Edd talks about his continued venture into the internals of Bitcoin, Hardware wallets, ASIC mining USB sticks and Merkle Trees. We then highlight MyBuilder’s recent switch from dedicated servers to the AWS stack, highlighting the pros n’ cons of both approaches and some gotcha’s encountered along the way. Finally, we mention some security audit and monitoring tools that have proven useful for keeping an eye on the (ever increasing) servers present in a typical setup.