140: Web Application Security, Part 1 with Scott Arciszewski

In this weeks episode we chat with Scott Arciszewski about all things Security and Cryptography. We start off the show by explaining how he got interested in this field of work, correcting PHP security related answers on Stack Overflow and why he focuses on PHP security. From here, we move on to highlight what the OWASP Top Ten is, how you can distill many security principles into data/code seperation and what is involved in a software audit. This leads us on to discuss what HTTPS actually is, touching on TLS, PKI’s, Ciphersuites, and reported attacks against TLS and ECB. Finally, we highlight some important browser security features that can be used, pushing new software releases in a secure manor, thoughts on Cryptocurrencies and how everyone wants to solve their problem with a blockchain at this time.


139: Mobile Internet isn’t Cheap! with Joe Watkins

In this episode we catch up with Joe Watkins to discuss all things PHP. We start off discussion with his recent move to Spain, the pain of getting a good Internet connection and PHP TestFest. This leads us on to highlight some recent work he is doing with adding PHP bindings to Bicoin’s Secp256k1 library and a Generic Traits idea. From here we touch upon the additions that made it into PHP 7.2 and some that have already been accepted for 7.3. Finally, we get Joe’s opinion on a couple of RFC’s (Call-site pass-by-reference and Operator functions).


138: Everything Serverless with Andy Raines

In this weeks episode we chat to Andy Raines about all things Serverless. We start off by discussing what Serverless actually means, advantages of using such a model, design constraints it employs and how it scales. From here we touch upon the history of how we got to the compute/infrastructure we use today: from on-premise servers, IaaS, PaaS and FaaS/BaaS. This leads us on to highlight the 12-factor app methodology, how immutability has vast benefits in many contexts and how FaaS platforms work under-the-hood. Finally, we mention the Serverless PHP project Andy is working on, the motivations behind it and future development he would like to see take place.


137: Putting all your Fish in one Basket

In this weeks episode Mick and Edd first touch upon the many new services/features that have been released at AWS re:Invent. We then move on to discuss Serverless architecture, Server architectural patterns, Amazon Cognito and security/encryption that is available within Amazon Web Services. This leads us on to highlight the impact of relying on a single company for all your compute/infrastructure needs and ‘putting all your fish in one basket’. Finally, Mick tells us what Santa might be bringing him for Christmas.


136: Delving into Cryptocurrencies with Jay Smith

In this episode we are lucky to have cryptocurrency proponent and trader Jay Smith on the show. We start off by talking about how he got introduced to cryptocurrencies and trading, highlighting what trading actually is, and the two different schools of thought (fundamental vs. technical analysis). From here we move on to chat about how innovations such as Bitcoin are changing the way we view money/bank, the underlying technologies that make it possible (Blockchain), and the game-theory/incentives behind it for each participant to continue ‘playing the game’. Conversation then moves on to touch upon alternative cryptocurrencies (alt-coins) and the different use-cases/advancements they are making in the space. Finally, we highlight Bitcoins scaling dilemma, how all routes seem to effect decentralisation in some shape or form, and how he stores his private keys.


135: Let’s AWS Everything!

In this week’s episode Edd and Mick catch-up after another long hiatus (sorry about that). We start off by discussing principles mentioned in the Clean Coder book, gaining confidence in code by way of tests, and Elon Musk’s dream of putting a person on Mars. Leading on from this, Edd talks about his continued venture into the internals of Bitcoin, Hardware wallets, ASIC mining USB sticks and Merkle Trees. We then highlight MyBuilder’s recent switch from dedicated servers to the AWS stack, highlighting the pros n’ cons of both approaches and some gotcha’s encountered along the way. Finally, we mention some security audit and monitoring tools that have proven useful for keeping an eye on the (ever increasing) servers present in a typical setup.


134: The Agile Approach to Bitcoin

After a month ‘off the airwaves’, Mick and Edd are back to delve into several topics that have been keeping them interested. We start off by going down the Cryptocurrency rabbit-hole, highlighting the internal technologies that make up Bitcoin and its practical use-cases. Edd’s ramblings touch upon Satoshi, Cypherpunks, Merkle trees, Consensus algorithms, Hard forks, Segregated witness, Mining, Peta-hashes and much more… Once Edd (finally) lets Mick talk, we move on to chat about a book Mick is reading on Scrum, and question some different Agile practises. Finally, we ask the burning question ‘What is the Internet, Anyway?’.


133: RFC Showdown, Round 2 with Joe Watkins

In this weeks episode we catch up with Joe Watkins discussing all things PHP. We start off the discussion with how his role as release-manager is going for PHP 7.1, highlighting how Security bugs are defined and handled within internals. Following this we chat about several RFC’s that are under-discussion (Retry Keyword, UUID) and accepted (Libsodium, Object Typehint) for the next release. Finally, we mention a recent small extension Joe has been working on to provide user verified types within the language.


132: Caching using Varnish with Mattias Geniar

In this weeks episode we discuss the Varnish ‘HTTP accelerator’ with Mattias Geniar. We start off the show with the problem Varnish is trying to solve, how it decides to cache content and the power within its’ request/response life-cycle. We then move on to highlight testing strategies, tools to gain insight into your Varnish instance and cache invalidation options (Purging vs. Banning). Finally, we touch upon Edge Side Includes, Mattias’s own podcast and his new DNS Spy product.


131: Servers, Upgrades and a little Cryptocurrency

In this weeks episode we start off by discussing Edd’s recent Server build, touching upon the hardware specifications, OS/ZFS-pool choices and monitoring configuration. We then move on to highlight the value in splitting up computational intensive tasks into queued jobs, defensive programming in JavaScript and handling querying ever increasing data-sets. Finally, we talk about keeping on-top of Software/Dependency upgrades, moving over to platforms such as AWS and Ethereum.