Tag Archives: security

World Backup Day

Posted on by

Scott Keck-Warren has a contribution in honor of this month’s World Backup Date, Backups For Beginners. Follow along for some inspiration in making sure you have a complete backup system. Ken Marks continues his series, How to Hack Your Home with a Raspberry Pi, with an article showing how to actually hook up your accelerometer to your Pi and start storing the data into a database on the Raspberry Pi.

Our columnists also drive home the point of strengthening our weaknesses. In Understanding Supply Chain Security, Eric Mann will have you realizing that even our code has a supply chain and that its security is crucial to our success. Joe Ferguson’s, Queues With Horizon will help us make our application more robust by offloading some processing to give our application the appearance of higher performance. Chris Tankersly brings us into the Education Station with Software History is Licensing. Oscar Merida helps us strengthen our abilities while testing out a fun PHP Puzzle, Finding Prime Factors. Edward Barnard continues in the DDD Alley with Better Late Than Never, where he talks about his own theories around testing. Our newest column by Frank Wallen, PSR Pickup, will start to teach us about the PHP PSR’s starting with PSR 0 and 1. And finally{}, brought to you by Beth Tucker Long is a great piece on burnout titled I Just Can’t.

The post World Backup Day appeared first on php[architect].

Parallelize Your Code

Posted on by

This month’s release touches on some examples that keep PHP and its community strong, relevant, and a fun language to code.

Ken Marks continues his series on using PHP and a Rasberry Pi in a real-world example with Raspberry Pi Part 2 – Installing the LAMP Stack on your Pi. As developers, we live a life where we are constantly learning, and Derek Binkley helps with this by contributing an article called Teaching Through Code Review. We have a bonus third feature article this month in which Gabriel Zerbib introduces us to a documentation concept with his contribution Introduction to Diagram-as-Code.

In Eric Mann’s Security Corner, he talks about how to expand your knowledge with Getting Started with Cybersecurity. Joe Ferguson takes time out of his busy schedule to show us some benefits to using PHP-FPM, such as running multiple versions of PHP in his The Workshop section article Configuring PHP-FPM and Apache. In Community Corner, Eric Van Johnson sits down and gets to know our second rookie release manager in his Interview with PHP 8.1 Release Manager Ben Ramsey. Edward Barnard continues his new DDD Alley series with this month’s installment of When You Know the Pattern. Oscar Merida helps us exercise our learning muscle with this month’s PHP Puzzles, Finding Integer Factors. In this month’s Education Station, Chris Tankersly gives his take on the elusive async development with PHP in his article Async is a Lie. Wrapping up this month’s release is Beth Tucker Long finally{}, Everything Which Way But Loose.

The post Parallelize Your Code appeared first on php[architect].

The Art of Data

Posted on by

This month, we dive into Libsodium, discuss gatekeeping, learn more about data access, and why even something that might be considered a “small bug” can cause massive damage.

I’m not sure how many people read these Editorials. It’s even been explained to me that this isn’t an “Editorial.” Ha, the joke’s on them; I’m not an editor, sooooo yeah. I always enjoyed reading what Oscar had to say about the articles in the month’s issues and seeing what little nuggets of knowledge he shared.

I am not sure if I have any actual words of wisdom to share, but that’s never stopped me from talking before, so I don’t see why that would change now. We’ve been talking a lot about change lately, but the reality is, “change” is what our industry is about. Sure there are personal changes. People change jobs, leave projects, organizers of User Groups move away, but our industry also changes. What we consider “good security practices” today can be viewed as a horrible implementation tomorrow. Anyone who has worked on a legacy codebase for enough time knows the feeling of looking at code and thinking, “why was it done like this? This is terrible”, then checking the commit logs and realizing they did the coding and remember, “Oh right, that is how we did this five years ago.”

In this issue, Vinícius Campitelli returns to follow up his article from last month with more cryptography talk. This month he talks specifically about *Cryptography with Libsodium*, what it is, why you should be using it, and how you should be using it. In *Exploring the Active Record Pattern,* Alexandros Gougousis discusses the popular Active Record Pattern and some of the benefits of using this pattern to handle persisting data to the backend database.

In Security Corner this month, Eric Mann takes us on a personal journey with a bug report for a package he was maintaining in his article *No Bug Too Small,* and as you can probably guess from the title, the “small bug” was a big problem. Moving on to Joe Ferguson’s *The Workshop* article *Intro to Craft CMS*, Joe talks about one of the PHP powerhouses in the CMS market, CraftCMS. Built on the Yii framework, Joe takes you from install to asset management and gets your CMS up and running in a matter of a couple of pages. *Education Station’s* Chris Tankersley returns us to our data access discussion with *Handling Data Access* and jumps into different ways to handle data access, including raw access to abstraction layers and back to data access layers. This month, Oscar Merida continues to toy with our minds and emotions in his PHP Puzzles column about *Compounding Interest.* He then challenges us with another economic puzzle to finish out the year. Also, this month, I had the pleasure to speak with Wasseem Khayratte, aka 7PHP, in this month’s *Community Corner*. I learned more about what got him involved with the PHP community and his new role as the voice behind Voices of the elePHPant. In this month’s *Here Be Dragons: Problem Space*, Edward touches on a couple of topics most of us had been through at some point in our careers, Burn Out and Gatekeeping. And in finally{} Beth Tucker Long discusses her *Roll With It* philosophy and the idea of embracing change. Thanks for being a reader and I hope you enjoy this issue.

The post The Art of Data appeared first on php[architect].

Interview with Vinícius Campitelli

Posted on by

Eric Van Johnson and John Congdon interview feature contributor Vinícius Campitelli about his article Cryptography with Libsodium.

According to the just-released 2021 version of OWASP Top 10 (a curated list of the most critical web application security risks out there), “Cryptographic Failures” are the 2nd most important of the many security concerns we should have as web developers. These concerns include a lot of misuses of cryptographic systems, like choosing weak algorithms, poor randomness sources, or usage of deprecated methods. That is why this is also the second article covering the main topics for cryptography: on our last issue, we covered the main theory, which sometimes is the cause of those errors mentioned above, and right now we will see how to use libsodium, a modern library with the most recommended algorithms already built-in and no weak settings available per default. It is a cross-platform tool, available to use on Windows, Mac, and Linux, and has been included in PHP’s core since 7.2. It also has bindings for Java, NodeJS, Python, Go, and several other languages. So we are safe to say it runs pretty much everywhere. The official website is libsodium.org, and you can find the full documentation there instead of the PHP.net manual as it is sometimes not complete. There is also a Quick Reference and a “Using Libsodium in PHP Projects” article.

The post Interview with Vinícius Campitelli appeared first on php[architect].

About PHP’s Compromised Git Commit

Posted on by

PHP internals contributor Sara Golemon answers questions from a panel of php[architect] and PHP Ugly contributors about the recent git compromise that affected the PHP project and what they’re doing about it. You can also watch a video of the roundtable with Sara.

More on This

The post About PHP’s Compromised Git Commit appeared first on php[architect].

Interview with Eric Mann, Security Corner contributor

Posted on by

In this Episode

Eric van Johnson and John Congdon talk to Security Corner contributor Eric Mann about keeping your website secure.

  • How a breach sparked his interest in security.
  • The value of tokens and nonces.
  • What area of security needs more attention.
  • How to use end-to-end encryption for communication.
  • Using Linux as your daily driver i.e Operating System.
  • What frameworks he prefers to work with.
  • WordPress security.
  • PHP’s core security.
  • Tips for working securely at home.

The post Interview with Eric Mann, Security Corner contributor appeared first on php[architect].

Elasticsearch, Defensive Coding, and Maura Teal

Posted on by

In Episode 22

Eric, John, and Oscar talk about the July 2019 issue and this year’s php[world].

Topics

  • John’s talks at php[world] in the fall and a few tips for preparing and rehearsing new talks.
  • Getting started with Elasticsearch and working with specialized search solutions.
  • Defensive coding practices and defending against insider threats.
  • Maura Teal about her upcoming talk on WordPress Under Pressure: Tales of Sites at Scale, learning to program from her parents, WordPress’ reputation, and scaling large multi-site installs.
  • Local development environments with Docker, Devilbox, as well as Amazon Linux.
  • Preventing burn out with advice from Community Corner.
  • WordPress, PHP, and semantic versioning.

The post Elasticsearch, Defensive Coding, and Maura Teal appeared first on php[architect].

MageTalk Episode 124 – #roadtoimagine Series Part 3: Magento Security Council (w/ Eric Hileman of MageMojo)

Posted on by

Get ready for Imagine in style by making MageTalk your soundtrack! This is part 3 of 4 of the series – Bob Schwartz’s interview Part 2 lands tomorrow, finishing up the #roadtoimagine series!

You can subscribe to our podcast on iTunes and access the RSS feed here.

Sponsors

MageMojo

We know that you have a lot of options when choosing a Magento host – but we want you to give MageMojo a try. Not only does MageMojo have the fastest SLA in the entire industry – a mere 15 minutes! – but they’ll even pay up to 3 months of your hosting bill to get you back on your old host if you’re not satisfied.

Switch over to MageMojo today by visiting this special URL at http://magemojo.com/magetalk. Read over 300 MageMojo reviews on shopperapproved.com.

MageMail

MageMail is the triggered email app for Magento. Triggered email can increase your revenue by 8% to 12% – MageMail is easy and risk-free to try out, and comes with a free concierge onboarding service, so all you have to do is sit back and watch the orders roll in. Start your free trial today!

Gene Commerce

Apple Pay for the web transforms mobile conversion rates for IOS devices. Give your customers a frictionless payment experience on your Magento site. Gene Commerce, the development team behind BlueFootCMS brings you Apple Pay for Magento 1 and Magento 2 powered by Braintree Payments. Convert more mobile users with this game-changing payment option. Get 20% off Gene’s Apple Pay plugin today at gene.co.uk/magetalk.

Hosts

Guest

Show Notes

Links/Mentions

MageTalk Episode 108 – “Hit Him up Four Minutes Ago” (w/ Ali Ahmed)

Posted on by

In episode 108, we discuss the Florida meetup and recent security hacks with Ali Ahmed of Imagination Media in South Florida.  Ali is a good friend of ours with some great and hilarious insights on the Magento community, and has been supplying 30% of the MageTalk content on the DL for months now.

Thanks for listening! Please leave us feedback in the comments below.

You can subscribe to our podcast on iTunes and access the RSS feed here.

Sponsors

MageMojo

We know that you have a lot of options when choosing a Magento host – but we want you to give MageMojo a try. Not only does MageMojo have the fastest SLA in the entire industry – a mere 15 minutes! – but they’ll even pay up to 3 months of your hosting bill to get you back on your old host if you’re not satisfied.

Switch over to MageMojo today by visiting this special URL at http://magemojo.com/magetalk.  Read over 300 MageMojo reviews on shopperapproved.com.

MageMail

MageMail is the triggered email app for Magento. Triggered email can increase your revenue by 8% to 12% – MageMail is easy and risk-free to try out, and comes with a free concierge onboarding service, so all you have to do is sit back and watch the orders roll in. Start your free trial today!

Hosts

Guest

Show Notes

Links/Mentions

MageTalk Episode 105 – SUPEEGEDDON *or* The Fourth Horseman of the SUPEEPOCALYPSE (w/ Ben Marks)

Posted on by

Thanks for listening! Please leave us feedback in the comments below.

You can subscribe to our podcast on iTunes and access the RSS feed here.

Sponsors

MageMojo

We know that you have a lot of options when choosing a Magento host – but we want you to give MageMojo a try. Not only does MageMojo have the fastest SLA in the entire industry – a mere 15 minutes! – but they’ll even pay up to 3 months of your hosting bill to get you back on your old host if you’re not satisfied.

Switch over to MageMojo today by visiting this special URL at http://magemojo.com/magetalk.  Read over 300 MageMojo reviews on shopperapproved.com.

MageMail

MageMail is the triggered email app for Magento. Triggered email can increase your revenue by 8% to 12% – MageMail is easy and risk-free to try out, and comes with a free concierge onboarding service, so all you have to do is sit back and watch the orders roll in. Start your free trial today!

Puppet

Puppet of Honor

Show Notes

Links/Mentions