The Art of Data

This month, we dive into Libsodium, discuss gatekeeping, learn more about data access, and why even something that might be considered a “small bug” can cause massive damage.

I’m not sure how many people read these Editorials. It’s even been explained to me that this isn’t an “Editorial.” Ha, the joke’s on them; I’m not an editor, sooooo yeah. I always enjoyed reading what Oscar had to say about the articles in the month’s issues and seeing what little nuggets of knowledge he shared.

I am not sure if I have any actual words of wisdom to share, but that’s never stopped me from talking before, so I don’t see why that would change now. We’ve been talking a lot about change lately, but the reality is, “change” is what our industry is about. Sure there are personal changes. People change jobs, leave projects, organizers of User Groups move away, but our industry also changes. What we consider “good security practices” today can be viewed as a horrible implementation tomorrow. Anyone who has worked on a legacy codebase for enough time knows the feeling of looking at code and thinking, “why was it done like this? This is terrible”, then checking the commit logs and realizing they did the coding and remember, “Oh right, that is how we did this five years ago.”

In this issue, Vinícius Campitelli returns to follow up his article from last month with more cryptography talk. This month he talks specifically about *Cryptography with Libsodium*, what it is, why you should be using it, and how you should be using it. In *Exploring the Active Record Pattern,* Alexandros Gougousis discusses the popular Active Record Pattern and some of the benefits of using this pattern to handle persisting data to the backend database.

In Security Corner this month, Eric Mann takes us on a personal journey with a bug report for a package he was maintaining in his article *No Bug Too Small,* and as you can probably guess from the title, the “small bug” was a big problem. Moving on to Joe Ferguson’s *The Workshop* article *Intro to Craft CMS*, Joe talks about one of the PHP powerhouses in the CMS market, CraftCMS. Built on the Yii framework, Joe takes you from install to asset management and gets your CMS up and running in a matter of a couple of pages. *Education Station’s* Chris Tankersley returns us to our data access discussion with *Handling Data Access* and jumps into different ways to handle data access, including raw access to abstraction layers and back to data access layers. This month, Oscar Merida continues to toy with our minds and emotions in his PHP Puzzles column about *Compounding Interest.* He then challenges us with another economic puzzle to finish out the year. Also, this month, I had the pleasure to speak with Wasseem Khayratte, aka 7PHP, in this month’s *Community Corner*. I learned more about what got him involved with the PHP community and his new role as the voice behind Voices of the elePHPant. In this month’s *Here Be Dragons: Problem Space*, Edward touches on a couple of topics most of us had been through at some point in our careers, Burn Out and Gatekeeping. And in finally{} Beth Tucker Long discusses her *Roll With It* philosophy and the idea of embracing change. Thanks for being a reader and I hope you enjoy this issue.

The post The Art of Data appeared first on php[architect].


Interview with Vinícius Campitelli

Eric Van Johnson and John Congdon interview feature contributor Vinícius Campitelli about his article Cryptography with Libsodium.

According to the just-released 2021 version of OWASP Top 10 (a curated list of the most critical web application security risks out there), “Cryptographic Failures” are the 2nd most important of the many security concerns we should have as web developers. These concerns include a lot of misuses of cryptographic systems, like choosing weak algorithms, poor randomness sources, or usage of deprecated methods. That is why this is also the second article covering the main topics for cryptography: on our last issue, we covered the main theory, which sometimes is the cause of those errors mentioned above, and right now we will see how to use libsodium, a modern library with the most recommended algorithms already built-in and no weak settings available per default. It is a cross-platform tool, available to use on Windows, Mac, and Linux, and has been included in PHP’s core since 7.2. It also has bindings for Java, NodeJS, Python, Go, and several other languages. So we are safe to say it runs pretty much everywhere. The official website is libsodium.org, and you can find the full documentation there instead of the PHP.net manual as it is sometimes not complete. There is also a Quick Reference and a “Using Libsodium in PHP Projects” article.

The post Interview with Vinícius Campitelli appeared first on php[architect].


About PHP’s Compromised Git Commit

PHP internals contributor Sara Golemon answers questions from a panel of php[architect] and PHP Ugly contributors about the recent git compromise that affected the PHP project and what they’re doing about it. You can also watch a video of the roundtable with Sara.

More on This

The post About PHP’s Compromised Git Commit appeared first on php[architect].


Interview with Eric Mann, Security Corner contributor

In this Episode

Eric van Johnson and John Congdon talk to Security Corner contributor Eric Mann about keeping your website secure.

  • How a breach sparked his interest in security.
  • The value of tokens and nonces.
  • What area of security needs more attention.
  • How to use end-to-end encryption for communication.
  • Using Linux as your daily driver i.e Operating System.
  • What frameworks he prefers to work with.
  • WordPress security.
  • PHP’s core security.
  • Tips for working securely at home.

The post Interview with Eric Mann, Security Corner contributor appeared first on php[architect].


Elasticsearch, Defensive Coding, and Maura Teal

In Episode 22

Eric, John, and Oscar talk about the July 2019 issue and this year’s php[world].

Topics

  • John’s talks at php[world] in the fall and a few tips for preparing and rehearsing new talks.
  • Getting started with Elasticsearch and working with specialized search solutions.
  • Defensive coding practices and defending against insider threats.
  • Maura Teal about her upcoming talk on WordPress Under Pressure: Tales of Sites at Scale, learning to program from her parents, WordPress’ reputation, and scaling large multi-site installs.
  • Local development environments with Docker, Devilbox, as well as Amazon Linux.
  • Preventing burn out with advice from Community Corner.
  • WordPress, PHP, and semantic versioning.

The post Elasticsearch, Defensive Coding, and Maura Teal appeared first on php[architect].


MageTalk Episode 124 – #roadtoimagine Series Part 3: Magento Security Council (w/ Eric Hileman of MageMojo)

Get ready for Imagine in style by making MageTalk your soundtrack! This is part 3 of 4 of the series – Bob Schwartz’s interview Part 2 lands tomorrow, finishing up the #roadtoimagine series!


You can subscribe to our podcast on iTunes and access the RSS feed here.

Sponsors

MageMojo

We know that you have a lot of options when choosing a Magento host – but we want you to give MageMojo a try. Not only does MageMojo have the fastest SLA in the entire industry – a mere 15 minutes! – but they’ll even pay up to 3 months of your hosting bill to get you back on your old host if you’re not satisfied.

Switch over to MageMojo today by visiting this special URL at http://magemojo.com/magetalk. Read over 300 MageMojo reviews on shopperapproved.com.

MageMail

MageMail is the triggered email app for Magento. Triggered email can increase your revenue by 8% to 12% – MageMail is easy and risk-free to try out, and comes with a free concierge onboarding service, so all you have to do is sit back and watch the orders roll in. Start your free trial today!

Gene Commerce

Apple Pay for the web transforms mobile conversion rates for IOS devices. Give your customers a frictionless payment experience on your Magento site. Gene Commerce, the development team behind BlueFootCMS brings you Apple Pay for Magento 1 and Magento 2 powered by Braintree Payments. Convert more mobile users with this game-changing payment option. Get 20% off Gene’s Apple Pay plugin today at gene.co.uk/magetalk.

Hosts

Guest

Show Notes

Links/Mentions


MageTalk Episode 108 – “Hit Him up Four Minutes Ago” (w/ Ali Ahmed)

In episode 108, we discuss the Florida meetup and recent security hacks with Ali Ahmed of Imagination Media in South Florida.  Ali is a good friend of ours with some great and hilarious insights on the Magento community, and has been supplying 30% of the MageTalk content on the DL for months now.

Thanks for listening! Please leave us feedback in the comments below.

You can subscribe to our podcast on iTunes and access the RSS feed here.

Sponsors

MageMojo

We know that you have a lot of options when choosing a Magento host – but we want you to give MageMojo a try. Not only does MageMojo have the fastest SLA in the entire industry – a mere 15 minutes! – but they’ll even pay up to 3 months of your hosting bill to get you back on your old host if you’re not satisfied.

Switch over to MageMojo today by visiting this special URL at http://magemojo.com/magetalk.  Read over 300 MageMojo reviews on shopperapproved.com.

MageMail

MageMail is the triggered email app for Magento. Triggered email can increase your revenue by 8% to 12% – MageMail is easy and risk-free to try out, and comes with a free concierge onboarding service, so all you have to do is sit back and watch the orders roll in. Start your free trial today!

Hosts

Guest

Show Notes

Links/Mentions


MageTalk Episode 105 – SUPEEGEDDON *or* The Fourth Horseman of the SUPEEPOCALYPSE (w/ Ben Marks)

Thanks for listening! Please leave us feedback in the comments below.

You can subscribe to our podcast on iTunes and access the RSS feed here.

Sponsors

MageMojo

We know that you have a lot of options when choosing a Magento host – but we want you to give MageMojo a try. Not only does MageMojo have the fastest SLA in the entire industry – a mere 15 minutes! – but they’ll even pay up to 3 months of your hosting bill to get you back on your old host if you’re not satisfied.

Switch over to MageMojo today by visiting this special URL at http://magemojo.com/magetalk.  Read over 300 MageMojo reviews on shopperapproved.com.

MageMail

MageMail is the triggered email app for Magento. Triggered email can increase your revenue by 8% to 12% – MageMail is easy and risk-free to try out, and comes with a free concierge onboarding service, so all you have to do is sit back and watch the orders roll in. Start your free trial today!

Puppet

Puppet of Honor

Show Notes

Links/Mentions


MageTalk Episode 94 – “At 2AM You Can Find that Winkle Anytime” (feat. Talesh Seeparsan)

Show Notes

The guys sit down with the preeminent Youtuber, Talesh Seeparsan, to talk security, PCI, and more.

Hosts

Guest

Contests

Subscribe to our email at the bottom of the site at MageTalk.com and be entered to win amazing prizes:

Thanks to our sponsors for their continued support!!