archive-com.com » COM » S » STUARTHERBERT.COM

Total: 477

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Stuart on PHP -
    the extra memory used by the suexec method and the extra memory and CPU and process context switches required to transfer output from PHP CGI to Apache to send back to the website s user the final cost of using suexec PHP CGI will be substantially higher Other Considerations Performance isn t the only thing to think about when evaluating suexec PHP CGI suexec PHP CGI does solve the security challenge without requiring your application to support safe mode HTTP authentication is only supported by mod php not PHP CGI If your application relies on this then suexec PHP CGI is not for you Conclusions Apache s suexec mechanism does secure a shared hosting server from attack from within However this is achieved at a heavy performance cost which inevitably will translate into needing lots of extra servers which is expensive So if Apache itself doesn t come with a solution that s worth a damn maybe there are third party solutions out there that can do a better job The next article in the series will take a look at what others have done to try and plug this gap This article is part of The Web Platform an on going series of blog posts about the environment that you need to create and nurture to run your web based application in If you have any topics that you d like to see covered in future articles please leave them in the comments on this page 19 comments Quick Tip Get Set and Query in One Method Posted by Stuart Herbert on December 10th 2007 in 2 Intermediate I m still working on the next article in my series looking at PHP on servers so in the mean time check out this simple way to emulate Ruby s nice way of handling separate getter setter and state query methods in PHP code lang php class Example private canCache false private cacheXml null function canCache newState null check if we are querying or changing state if newState null we are querying return this canCache if we get here we are a traditional getter setter method if newState this canCache true this cacheXml this toXml return true else this canCache false unset this cacheXml return false exObj new Example exObj canCache true if exObj canCache do something here code It isn t as elegant as Ruby but it does the job and it means that your classes don t have to be full of seperate canDoSomething and isSomethingAllowed type methods I think it makes the code that uses the object a little easier to read and a little more intuitive YMMV 13 comments Anyone Using Textmate To Work With PHP Posted by Stuart Herbert on November 30th 2007 in Toolbox My editor of choice for PHP for the last year or two has been phpEclipse It s the best compromise so far between IDE like features especially being able to search the entire code base being able to have multiple projects open at once and the absolute best class function inspector in any PHP editor I ve used so far I can t live without these features and a text editor with acceptable performance which is where Zend Studio has always lost out can t abide an editor that can t keep up with my typing syntax highlighting and code layout Unfortunately phpEclipse doesn t get released all that often the last official release was 18 months ago now although there are nightly CVS builds for folks who can afford to risk a broken PHP dev environment and unfortunately I can t afford that in my day job That s a long time to go without bug fixes and useful new features It also suffers from that annoying Eclipse ism of being unable to do anything for 10 minutes or so when you first open a project whilst the workspace is rebuilt So I m currently auditioning Textmate to see whether it can replace phpEclipse as my environment of choice First impressions are pretty favourable it supports projects its fast and the syntax highlighting is close enough but it seems to lack a few useful features that phpEclipse has like a class inspector grrr and being able to use phpdoc to provide context sensitive help and the performance seems to suck something awful when working on remote filesystems over 100mbit ethernet I was wondering if anyone else who reads Planet PHP has switched to Textmate and if you ve got any tips you can share on how to make Textmate a great PHP editing environment If you do please leave a comment below 25 comments PHP s Built In Solutions For Shared Hosting Posted by Stuart Herbert on November 27th 2007 in The Web Platform In my last article I covered the fundamental security problem that exists when you have multiple websites owned by different people on the same box The challenge is to secure the box not just from outside attack something you have to do anyway and which I ll cover later in this series but also to make sure that code running on one website can t steal confidential data like MySQL passwords from any of the other websites This isn t a problem caused by or unique to PHP It has been a problem with websites ever since the original NCSA httpd was released back in the early nineties with the ability to run Perl scripts via the CGI interface Over fifteen years later NCSA httpd has given way to Apache and Perl has given way to mod php but the problem is still the same On Windows the problem is a little different because Windows handles process permissions differently I ll look at that in a later article PHP 4 5 ship with two features which were designed to tackle this issue safe mode and open basedir Introducing safe mode Safe mode is an optional PHP feature aimed at restricting which files any PHP script can access It works like this When your PHP script is executed PHP makes a note of which user owns your PHP script On a shared hosting server this will be your user account the account you log into to FTP files up to the server Whilst your PHP script is running if your script wants to access any other files PHP checks to see who owns those files first If the file isn t owned by the same user who owns the running script PHP refuses to open the file Sounds like a great solution to the problem Your PHP script can open your files which is what you want but it cannot open the files of any of the other customers on the box So how do we switch it on Configuring safe mode To switch on safe mode set safe mode 1 in your php ini file and restart Apache Then test your website and make sure it still works If you have PEAR or a n other PHP libraries installed in a central location on your server and listed in the include dir setting you should also add this location to safe mode include dir as well This tells PHP to skip the owning user test when accessing the PEAR libraries There are also other things you can configure right down to enabling disabling specific PHP functions and classes Full details as always are in the excellent PHP Manual I won t be going into them in any detail in this article The Problems With safe mode Alas if it sounds too good to be true then all too often it is Any moderately complicated PHP application will create files on the server The obvious example is uploaded images to a blog but it s just as likely to be cache files for RSS feeds or to reduce database overhead or a friendly web based installer like the one that comes with WordPress When your script creates these files the files on disk will be owned by Apache not by your user account Remember Apache doesn t run with your user account s privileges it runs as its own user With safe mode enabled PHP can t read any of the files created by Apache To use safe mode your PHP script can never ever write brand new files to disk It can write out existing files that you own You ll have to store all of your data in the database which isn t always convenient or the fastest solution It s also theoretically possible to get around safe mode safe mode is a PHP feature not a security policy enforced by the underlying operating system A PHP extension one written in C not in PHP could ignore safe mode and just open any files that it chooses and that Apache can see The PHP developers audit the official PHP extensions to make sure none of them can be abused like this but when it comes to third party extensions you re on your own Sadly PHP is just the wrong place architecturally to solve this security problem and as a result safe mode will not be part of PHP 6 If you currently rely on safe mode to secure your servers it s time to start looking at other ways to secure your shared hosts I hope you ll find my next article or two about alternatives both useful and timely Restricting Access With open basedir The second PHP feature that helps is open basedir Although it s documented as part of the safe mode section of the PHP Manual to all intents and purposes it is a separate feature that can be switched on and off without requiring safe mode safe mode doesn t care where a file on disk is all it cares about is who owns the file open basedir is the orthogonal feature It doesn t care who owns a file only where the file exists on disk You tell PHP which directory it is allowed to open files from and PHP makes sure that all attempts to access files outside that directory will fail The idea is to setup each website so that PHP is only allowed to open PHP files installed for that website Switching On open basedir The open basedir setting can be edited in php ini but to be honest that makes little sense on a shared hosting server You re much better off putting this configuration into the httpd conf entry for each individual website VirtualHost 80 ServerName www example com DocumentRoot home customer1 public html www example com php admin flag open basedir home customer1 public html www example com VirtualHost There s one gotcha with open basedir that you need to pay close attention to Despite the name PHP doesn t expect open basedir to be the name of a directory it treats it as a prefix The check PHP uses is something like this code lang php function check open basedir file resolve any symlink file realpath file open basedir ini get open basedir check to ensure file is inside open basedir if substr file 0 strlen open basedir open basedir return false return true code To make sure that PHP treats open basedir as a real directory always put a slash at the end of the value for open basedir open basedir and PHP 6 For the moment at least open basedir will continue to be supported in PHP 6 There s a slight change to how it is configured with PHP 5 you can set open basedir in htaccess files with PHP 6 you have to put it in httpd conf or php ini but the actual functionality stays the same open basedir is vulnerable to the same theoretical circumvention as safe mode so be careful when installing third party PHP extensions onto a shared server Where Do We Go From Here I ve looked at two solutions implemented by PHP 4 5 to help make a shared hosting server more secure safe mode stops you opening up files owned by other customers but it has the side effect that your web application cannot create files of its own This feature has been removed from PHP 6 open basedir stops you opening up files outside the specified directory on disk This feature is still in PHP 6 but can now only be configured from phi ini and Apache s httpd conf Both features rely on third party extensions supporting them It s perfectly possible for a third party extension to choose to bypass both features thus re creating the security hole we re trying to close In terms of our challenge both features come close to solving it but neither is 100 guaranteed to do so Data security isn t just a legal obligation it s also a moral one and you can t meet your moral obligation using these features alone Fundamentally PHP is the wrong place to solve this problem PHP is trying to overcome a security weakness that it has inherited from Apache and all other web servers this isn t a problem specific to Apache and in turn they are constrained by the security model implemented by UNIX systems themselves Moving up the stack if the problem can t be fixed in PHP maybe Apache can offer some help I ll take a look at that in the next article This article is part of The Web Platform an on going series of blog posts about the environment that you need to create and nurture to run your web based application in If you have any topics that you d like to see covered in future articles please leave them in the comments on this page 8 comments The Challenge With Securing Shared Hosting Posted by Stuart Herbert on November 21st 2007 in The Web Platform Many thanks to everyone for their feedback on my first post in this series Most of us started out hosting our code on shared hosting whether it was on a box provided by an ISP something we rented ourselves or something we built so that we had somewhere to host the websites we built for our customers Love it or loathe it shared hosting has some unique security challenges and understanding those challenges is a good way to learn the fundamentals of how your web server actually works This article is looking squarely at Linux systems running Apache which is by far the most common shared hosting platform but the principles involved apply to Lighttpd or any other Apache alternative running on Linux What Is A Shared Server For many web developers their first experience of hosting code on the Internet comes on a shared server Shared servers offer cheap hosting but that s because there are many different people sharing the same server and therefore sharing the costs A shared server is a single server that hosts more than one website Each website may be owned by a different company group or person Typically each customer on the box has a user account which they log into to upload new files for the website Each file that the customer uploads is owned by the customer s user account ls lh thecube public html drw r r thecube public 4K images rw r r thecube public 1 2K index php Apache Needs Access To Your Files On your classic shared hosting server there s one copy of the Apache web server running and PHP is installed either as mod php or as a CGI executable That one copy of Apache handles all the incoming HTTP requests for all the websites that are sharing the server When Apache is running in this way it runs as a specific user normally www or apache or nobody on badly configured systems In order to serve up your website Apache needs to be able to read your HTML files CSS files images PHP scripts and so on Some web applications blogs content management systems and so on also need write access to your website s directories Read and write access is normally granted by setting the group permissions on a file or directory Each customer s user account and Apache are members of the same group By default the FTP daemon will be set up to ensure that the group has read access to all of the files that are uploaded so that Apache can serve the website Apache Has Access To Everyone s Files There is one copy of Apache and it runs as a single user no matter which website is being served This single user has read access to every single website on the shared hosting server and it probably has write access to most if not all of the websites too An attacker from the outside only needs to break into one website on the server and that will give him access to every other website hosted on the same box But here is the rub The attacker doesn t need to break into the box He can just as easily become a customer get a legitimate account on the box and then just upload PHP scripts to access the other websites hosted on the box Provided he s careful and doesn t change anything he can steal whatever data he wants and no one will even notice Why does that work It s possible because the PHP code is executed by Apache and Apache has access to all of the files from all the websites on the box That includes all the PHP scripts that contain the usernames and passwords for all the MySQL databases This is the worse case scenario but it s also the default scenario Slap Apache mod php on a box start putting websites on it and these security problems will exist unless you as the server administrator take additional steps to prevent them The Challenge

    Original URL path: http://blog.stuartherbert.com/php/page/17/ (2016-05-02)
    Open archived version from archive

  • Stuart on PHP -
    avoiding infections of malware and viruses from the net is to avoid using IE on your servers at all It s a consequence of putting a desktop environment on a server you d never find a good Linux sysadmin putting a desktop environment onto a Linux server and a legacy of that environment being Windows But for a development environment it s reasonable to switch this feature off so I did And then promptly downloaded Firefox Apart from seeking an escape from the annoyances of IE there are two very good reasons for ditching IE for Firefox Firebug and FirePHP I intend to use both as part of this competition With Firefox installed I re enabled IE ESC and then promptly forgot about it and IE Forever When will Microsoft learn that a good UI can make someone an advocate and a bad UI like the one around IE ESC can make someone a detractor Choosing A PHP To Install php net provides two different bundles of PHP for Windows for download You can download a ZIP file and install the binaries yourself or you can download a nice Windows installer and let it do all the work for you When I used to do this sort of thing on a regular basis I used to build PHP on Windows from source so I thought it would be interesting to look at the Windows installer first And it s quite nice I have to say It provides the option to configure IIS with FastCGI for you which sounds like it ll save a lot of hassle will that be famous last words On the down side it doesn t support installing multiple copies at once how are you supposed to test your code against new releases of PHP if you can t install multiple copies on the same dev box and by default it has every PHP extension marked to not be installed which might trip up quite a few folks It also doesn t ask you which website s you want configured to use PHP FastCGI This is a common problem with anything on Windows that tries to automate configuration of IIS This doesn t matter for development where you ll just publish the one website an IIS website is roughly equivalent to an Apache virtual host but on production servers publishing multiple websites this quickly becomes a problem It would be nice to see Microsoft sponsor someone to create a first rate installer for PHP for Windows Creating The Phpinfo File With IIS automatically configured by the PHP for Windows installer all we should need to do to satisfy my test case is to use Notepad to create a suitable PHP script and drop it into the right place right After all I m deliberately using a user with Administrator privileges because this is a dev box and I don t want to waste time working around security that this dev box just doesn t need Sigh Think again Notepad tells me that I don t have permission to save into the wwroot folder c inetpubwwwroot if you re not sure where it is Hrm What s behind this hold up Do members of the Administrators group have permission to create files in this folder Yes Am I a member of the Administrators group You ll find that in Server Manager under Configuration Local Users and Groups Yes Can I save files to the wwwroot folder No Sigh In the end I worked around this by explicitly giving my user full control over the wwwroot folder I m not happy about having to do this but I ve already lost enough time to dealing with Windows security features tonight Testing the Phpinfo File Although I don t have a complete PHP dev environment yet I should now have enough to be able to see the phpinfo page in Firefox right Point browser at http localhost phpinfo php Drum roll please Oh dear 500 internal server error and a crash dump automatically uploaded to Microsoft PHP 5 crashed according to the event logs Oh ffs Next Steps Well the good news is that so far running Windows Server 2008 in a VM isn t particularly painful performance wise I ve been able to multitask just fine whilst waiting for downloads and updates and reboots and so on This is mostly down to the Samsung SSD as my machine certainly doesn t have enough RAM to do this when paging out to a traditional hard drive It will be interesting to see how well it continues to cope with Netbeans and Visual Studio open at the same time when I actually get to write some code The bad news is that three and a half hours after starting the task I don t have PHP FastCGI up and running on Windows Server Close but no cigar I m going to call it a night and take another look at this on Wednesday Andi Gutmans from Zend has kindly tweeted me a download URL for Zend Server for Windows That s downloading now and I ll be switching over to that on Wednesday In the meantime good luck to everyone else in the European WinPHP Challenge I hope you have more success with your dev environment than I ve had tonight Be the first to leave a comment Participating in the European WinPHP Challenge 2009 Posted by Stuart Herbert on April 20th 2009 in European WinPHP Challenge 2009 I had word today that my entry into the European WinPHP Challenge 2009 competition had been accepted As I haven t seen anyone else blog about it yet I m starting to wonder how many participants there are Someone should setup a Planet WinPHP Challenge site or something Seriously the competition is a good idea During my four and a bit years working on a proprietary PHP CMS for Box UK 2003 2008 about half of the customer base chose Windows Server as their server platform Generally folks choose to deploy web based applications on Windows Server because they already have Windows Server Selling them something that will only work on Linux is a tough sell so a competition like this that seeks to show off how well PHP works on Windows should be another small step forward for all those small ISVs like Box UK who want to sell products written in PHP provided Microsoft actually do something marketing wise with the results The tag line for the competition is To help show how well PHP runs on Windows we are holding the European WinPHP Challenge to showcase the FAST in FastCGI their emphasis So I figure an interesting showcase would be to build an app that combines PHP and NET into a web services gateway And it would actually be useful PHP s SOAP client falls somewhere between being a toy and a joke depending on how much your job depends on it working against real enterprise services Because these services are built in NET or Java for other NET programmers to use they exploit the full expressiveness of SOAP well the automated wizard that builds the service does but you get the idea without any thought of toning things down to remain interoperable with PHP It s a source of great frustration at work So my competition entry is called Give It A REST and the idea is to create a SOAP REST gateway using PHP and NET running under IIS7 before the end of May My primary test case is being able to interface with the SOAP APIs published by Netsuite and Daptiv from PHP via a RESTful interface The PHP client will be remote it will not be running on the same box as Give It A REST And the PHP client won t be using SOAP at all Should make for an interesting six weeks or so Be the first to leave a comment Some Thoughts On Netbeans Posted by Stuart Herbert on March 26th 2009 in Opinion Toolbox When it comes to IDEs for working on PHP projects I ve been a relatively happy user of phpEclipse for several years Tried Zend Studio but never managed to convince Zeev about how much it sucks But when the guys in the office started switching over to Netbeans I thought it would be interesting to take a look for myself I ve been using several of the nightly builds on both Linux and OS X for about a month now after reading on Planet PHP about the UI improvements vs Netbeans 6 5 Apart from one bizarre problem in general the nightly builds have performed well I haven t come across any major bugs in the builds I don t care about integrated source control deployment or Apache management What I care about is a solid IDE that saves me time and helps me quickly work with larger PHP projects where I m not yet intimately familiar with the code Positives Performs well enough keeps up with my typing Code completion works more often than not Doesn t have the annoying lockups that Eclipse based editors suffer when they decide to rebuild the project Code refactoring BIG time saver worked every time I tried it Drawbacks A real memory hog my copy is using half a gig of RAM with just 4 editor tabs open Ignore the memory usage that displayed inside Netbeans itself which currently claims 99MB being used it s either selective in what it monitors or is just plain fubar Doesn t use any native controls on OS X looks fugly and doesn t mimic standard OS X dialog boxes or behaviour Too many dialog boxes UI could be simplified with in place editing or just skipping the dialog box completely a la phpEclipse No shortage of time wasting UI design such as not auto populating the Find in Projects search field No context sensitive help on F1 No bundled documentation for PHP itself xdebug support no use to me I was unable to debug a CLI script and I was unable to debug a website unless I went through the website s homepage first phpUnit support no use to me either To use phpUnit from inside Netbeans it requires all the tests to be in a separate folder tree I choose to keep my tests in the same folder as the code under test I did find one bizarre problem with it I was editing code stored on a networked drive whilst on the train and I went through a blackspot which caused the networked drive to become disconnected Netbeans did the sensible thing of marking all the open files as read only but once I had re attached the networked drive I couldn t then save these files at all Fair enough I thought I ll just open the file again in another tab and copy and paste my changes across Sadly Netbeans wouldn t actually copy the content of the read only files into the clipboard at all Overall I feel that Netbeans is a good editor and I m still using it every day on Linux but not on OS X The IDE features that relate directly to code all appear solid enough The issues with phpUnit aren t a big deal for me but it would be nice to see the xdebug support overhauled and made useful one day Just a shame they can t do anything about the fact it uses Java Be the first to leave a comment Finding Ada Posted by Stuart Herbert on March 24th 2009 in Opinion PHP In Business If you re a regular reader of Planet PHP and if you re not you should be you ll know by now that today March 24th is Ada Lovelace day The idea is to throw a spotlight on female role models in tech in order to encourage more women to get involved in technology work and roles in the future The need to do this was made very clear when I sat down to put this post together I m sad to say that I simply don t work with any women in technology atm and I m struggling to think of any female programmers that I ve worked with over the last 18 years I ve sent Sara a patch or two for runkit but I don t think that counts as having worked with someone I ve worked with female product managers project managers and marketing consultants but with only one notable exception I wouldn t say they worked in technology but around the male dominated teams who did The research that has inspired Ada Lovelace day talks about women having a stronger need for suitable role models than men do But the question that s been praying on my mind today is this what else do we need to do to make working in technology more appealing to women Leaving aside the behavioural problems in male dominated environments for a moment are there changes to technical tools and practices we could make that would play more to the psychological strengths of women Be the first to leave a comment Living With Frameworks Slides Now Available Posted by Stuart Herbert on March 6th 2009 in Conferences Tagged with phpuk2009 Thank you to everyone who came to my talk about Gradwell s experience of Living With Frameworks at the PHP UK conference last Friday It was very humbling to have such a large audience especially as I was one of the least known folks on such a strong list of speakers and I really enjoyed meeting everyone who came up to me afterwards to share their own experiences If you were one of the 40 or so folks who had to be turned away from the talk the slides are now available and I m sure the video of the talk will be online soon We re also trying to sort something out so that I can come and present a shorter version of the talk at one of the monthly PHP London meetings later in the year A big thank you to everyone involved in organising and sponsoring such a great conference I ve run a couple of small conferences in the past so I know what it s like and just how stressful it can be I thought you did a great job and I m already looking forward to an even better conference in 2010 Oh and if you ever get the chance to see Aral Balkan talk do so His opening keynote at the conference was hugely entertaining and imho spot on too and he gave everyone such a lift for the rest of the day 1 comment PHP UK Conference Tomorrow Posted by Stuart Herbert on February 26th 2009 in Conferences PHP In Business Recommendations The PHP UK conference is tomorrow at the Olympia Conference Centre in London and there are still a few tickets left Why not come along tomorrow and join us for what will be a great and informative schedule of talks Be the first to leave a comment Successful Talk At IBM Hursley Posted by Stuart Herbert on January 29th 2009 in Conferences PHP In Business Toolbox Zoe invited me to go down to IBM Hursley yesterday to deliver my talk about building Twittex from PHPNW and to also meet the Project Zero team I had a great time and the folks from IBM made for a very engaging and collaborative audience It was particularly nice to meet Ant in person he s currently one of the better bloggers about PHP imho and as a community we sure could use more folks writing to his standard If you haven t heard of it before Project Zero is a new implementation of PHP running on top of J2SE It gives you the ability to run PHP in an environment that eventually should out perform the Zend Engine which will be very welcome here plus the ability to pull in and make use of many excellent Java libraries that have no equivalent in the PHP world like for example a SOAP client that isn t a toy Higher performance is important to ISVs in particular because as you get away from non trivial apps and get your caching strategy mature the bottleneck moves from the database back into the amount of CPU available for the web server Over here in the UK servers are expensive and hosting them even more so There is real money to be saved by not requiring extra servers But my personal interest with Project Zero is evaluating it as a platform for API integration and development Many of the products I need to integrate with are NET based and their APIs make a fairly rich use of SOAP So the first thing I m going to try with Project Zero is a little app to merge data between our ERP platform and our project management platform two platforms that PHP s SOAP client struggles with at best I ll let you know how I get on Be the first to leave a comment Making IIS Practical In Production For PHP Posted by Stuart Herbert on December 17th 2008 in 3 Advanced I was just reading Derick s post about the recent get together with Microsoft and it occurred to me that so far I haven t seen anyone mention anything about the single most important problem with running PHP in production on IIS After a bit of digging it looks like the problem has been sorted since the initial IIS 7 release presumably if you re still running Windows Server 2003 you re still screwed on this one but I d love to hear from folks who have definitely done this in production Let me explain the background first When you run PHP apps using IIS you re much better off using

    Original URL path: http://blog.stuartherbert.com/php/page/14/ (2016-05-02)
    Open archived version from archive

  • Stuart on PHP -
    the future to get to the bottom of this problem if no one gets there first As a result I can t recommend using PHP FastCGI suexec at this time My current recommendation is mpm itk which has successfully served millions of page hits for me in production over the last few months References This article was made possible by information already on the internet http interworx com forums showthread php p 8327 http ckdake com projects documentation php security This article is part of The Web Platform an on going series of blog posts about the environment that you need to create and nurture to run your web based application in If you have any topics that you d like to see covered in future articles please leave them in the comments on this page 14 comments Tea Leaves Posted by Stuart Herbert on October 3rd 2008 in Opinion Sigh don t you just hate it when folks steal your work by re posting it as if it is theirs Be the first to leave a comment Speaking at PHPNW 08 Posted by Stuart Herbert on September 26th 2008 in Conferences News I m really pleased to be speaking at the PHPNW 08 conference in Manchester on 22nd November I m going to be giving a behind the scenes look at how we built twittex com in just 7 days from idea to live service at Gradwell dot com warts and all and show you what really worked for us and what we should have done to deliver the service even quicker I ll be covering technology project management and marketing too The last time I spoke at a conference was on Marco s first php cruise back in 2004 where we enjoyed a great view from the bar There wasn t really a UK PHP scene back then so I m looking forward to seeing how that s changed in the last four years We built twittex in house but we also outsource PHP development and I m very interested in meeting up with folks offering PHP and symfony development who are interested in VoIP we re the UK s third largest VoIP provider and social apps and also with anyone interested in integrating VoIP into their apps too See you in Manchester in November Be the first to leave a comment twittex com Launches Posted by Stuart Herbert on August 20th 2008 in Uncategorized Last Thursday twitter was forced to withdraw its free SMS alerts service to UK users This was a big blow to us at Gradwell dot com because we d just started using twitter to push out service alerts to our customers Six days later thanks to the power of symfony PHP mysql and q4m we ve built and launched a replacement service called twittex com This is a very simple to use prepay service that allows you to follow the friends of your choice on the mobile phone of your choice via SMS and it s now live Be the first to leave a comment Where Are The Benchmarks For Phar Posted by Stuart Herbert on June 29th 2008 in Toolbox Derick recently blogged that phar is cool Cool is great but it doesn t answer important questions how does loading your application from a phar file affect overall performance and scalability How well does it work with leading bytecode caches Where are the benchmarks for phar Be the first to leave a comment 40 Firefox Extensions Every Web Developer Should Check Out Posted by Stuart Herbert on June 16th 2008 in 1 Beginner 2 Intermediate 3 Advanced Toolbox as recommended by readers of Planet PHP Most Recommendations There were six Firefox extensions that folks repeatedly recommended ColorZilla advanced eyedropper color picker page zoomer and other colorful goodies FireBug live DOM CSS inspector The single greatest web developer add on for Firefox Live HTTP Headers view HTTP headers of a page and whilst browsing Web Developer Toolbar adds a menu and a toolbar with various web developer tools YSlow Yahoo s tool for analysing web pages and telling you why they are slow Requires Firebug Zend Studio Toolbar debugging assistance for Zend Studio 5 5 and earlier Isn t mentioned on the Zend Studio 6 pages so does that mean it is now obsolete and after that there was a lot of variety amongst the other extensions that were recommended Also Recommended Cache Status easy cache status management from the status bar ChatZilla IRC client for Firefox Duplicate Tab clone a tab along with its history Edit Cookies edit your cookies right in Firefox Fasterfox performance and network tweaks for Firefox Firefox Accessibility Extension test your web pages for functional accessibility features based on the iCITA HTML Best Practices FirePHP print to your Firebug console using a simple PHP function call FireShot take screenshots of web pages and a whole lot more Google Toolbar Google s famous in browser search toolbar GreaseMonkey customise the way a web page displays using your own Javascript add ons See also Lifehacker s Top 10 Greasemonkey User Scripts and their Better GMail and Better Flickr add ons to get an idea of just what can be done with Greasemonkey as a Firefox extension tool HTML Validator add HTML validation to your browser IE Tab Windows only open Firefox tabs using IE s rendering engine See also the popular IE View alternative LocationBar2 adds additional features to Firefox s address bar Lorem Ipsum content generator Generate Lorem Ipsum dummy text for when you need to fill a page with content for testing purposes MeasureIt draw out a ruler to get the pixel width and height of any element on the web page NagiosChecker see the status of your services and servers in Firefox s status bar You do monitor your servers right PrefBar power user toolbar for Firefox Regular Expressions Tester testing tool for regular expressions with colour highlighting RefSpoof easy spoofing of the HTTP referrer header ReloadEvery

    Original URL path: http://blog.stuartherbert.com/php/page/15/ (2016-05-02)
    Open archived version from archive

  • Stuart on PHP -
    sesse net apache2 2 mpm itk 20080105 00 patch tar zxf httpd 2 2 8 tar gz cd httpd 2 2 8 patch p1 apache2 2 mpm itk 20080105 00 patch autoconf Then configure the Apache source code to build with mpm itk as the chosen MPM Make sure that you run configure with any other configuration switches that you need configure with mpm itk After that compile and install Apache make make install Configuring Apache mpm itk is very easy to configure For each of your virtual hosts simply add the AssignUserId entry VirtualHost 80 ServerName www example com IfModule mpm itk module AssignUserId stuart stuart IfModule VirtualHost AssignUserId takes two parameters The first parameter is the user ID to run Apache under for this website The second parameter is the group ID to run Apache under for this website Remember to restart Apache after adding AssignUserId and you should be all set Some Benchmarks To benchmark mpm itk I used Apache s ab benchmark to load a simple phpinfo page 1 000 times I ran the benchmark five times and averaged the results mpm itk average of 37 01 seconds mpm prefork average of 6 21 seconds mpm itk benchmarks much better than suexec and suphp but is still quite a bit slower than mpm peruser Other Considerations It isn t just about performance Both suexec and suphp bring limitations to your PHP applications but mpm itk does not Because mpm itk puts the job of switching users in the right place at the heart of Apache it allows your code to run under mod php As a result your code is free to take advantage of any Apache features that aren t available to PHP CGI such as HTTP authentication support Another consideration is the impact on RAM and CPU Whilst you can definitely use mpm peruser to provide a faster solution it does involve a lot of effort in tuning the size of the process pools for each of the websites on a shared server On a shared hosting server you can t necessarily find one tuned configuration that always suits demand and it may not be worth your time to put the effort in anyway Although mpm itk is slower it doesn t need tuning for each individual website It s more of a fire and forget solution that might appeal to hosting providers who don t know and don t really need to care what your customers websites are Conclusions Although it needs to be compiled from source mpm itk provides the security of suexec and suphp with much greater performance than either of these solutions Although it performs worse than mpm peruser mpm itk doesn t require as much effort to configure and tune for best performance and its greater simplicity probably makes it better suited to shared hosting servers running a random collection of websites mpm itk is an option that you should seriously consider when designing your shared hosting server solution This article is part of The Web Platform an on going series of blog posts about the environment that you need to create and nurture to run your web based application in If you have any topics that you d like to see covered in future articles please leave them in the comments on this page Be the first to leave a comment Any PHP User Groups In The Bath Area Posted by Stuart Herbert on April 5th 2008 in News Tagged with apple bath linux meetup os x php user group I start my new job with Gradwell com on Monday and I m interested in hooking up with any PHP Linux or Mac user groups in the Bath area If you know of any interesting groups in the vacinity I d love to hear from you And if there isn t anything in the area atm and you re interested in helping with a monthly meetup I d love to hear from you too Be the first to leave a comment Disable TinyMCE Editor When Upgrading To WordPress 2 5 Posted by Stuart Herbert on March 30th 2008 in News Toolbox Tagged with beware joy tinymce upgrades wordpress If you re using the Advanced TinyMCE Editor plugin in WordPress to replace WordPress s less than stellar WYSIWYG editor make sure you disable it before upgrading to WordPress 2 5 It isn t compatible with the latest version of WordPress atm and you might not need it WordPress 2 5 includes a revamped WYSIWYG editor that so far seems to do a great job It even avoids screwing things up in Safari at last Be the first to leave a comment A Book On Git Posted by Stuart Herbert on March 25th 2008 in Toolbox Tagged with books git subversion travis version control woohoo Travis has just announced that he s working on a book about Git the version control system created for the Linux kernel by Linus Torvalds This is great news as there currently isn t anything else out there in dead tree form to help folks get up and running with this incredibly powerful distributed version control system It s predicted that workplaces will change over the next ten years with more and more people telecommuting rather than working in the office Distributed people mean distributed teams something that the open source world is already very used to Git was specifically designed to solve the version control problems that distributed teams maintaining multiple branches face and it s slowly but surely gaining popularity amongst folks who ve found Subversion s branching and merging too painful to do Be the first to leave a comment Using mpm peruser To Secure A Shared Server Posted by Stuart Herbert on March 20th 2008 in The Web Platform Tagged with advice apache architecture hosting performance php security servers web The challenge with securing a shared hosting server is how to secure the website from attack both from the outside and

    Original URL path: http://blog.stuartherbert.com/php/page/16/ (2016-05-02)
    Open archived version from archive

  • Stuart on PHP - » Conferences
    for the first time in between attending plenty of great talks These are my best shots of the speakers from Track 1 there were three tracks in total in the main auditorium I ll post my last shots from the conference tomorrow I ve also posted my thoughts on being a first time conference photographer over on my photography blog Copyright c Stuart Herbert Blog Twitter Facebook Photography Merthyr Road Daily Desktop Wallpaper 25 9 Twitter Be the first to leave a comment PHPNW10 Jeremy Coates Posted by Stuart Herbert on October 19th 2010 in phpnw Conferences Another year another great PHP North West conference organised by Jeremy Coates and his team at Magma Digital and the PHP North West User Group This year I went along with my camera to try my hand at conference photography for the first time in between attending plenty of great talks These are my best shots of Jeremy Coates who led the organising effort for the conference There ll be more shots from the conference tomorrow I ve also posted my thoughts on being a first time conference photographer over on my photography blog Copyright c Stuart Herbert Blog Twitter Facebook Photography Merthyr Road Daily Desktop Wallpaper 25 9 Twitter Be the first to leave a comment PHPNW10 Friday Social Posted by Stuart Herbert on October 18th 2010 in phpnw Conferences Another year another great PHP North West conference organised by Jeremy Coates and his team at Magma Digital and the PHP North West User Group This year I went along with my camera to try my hand at conference photography for the first time in between attending plenty of great talks These are the best of my shots from the pre conference socials on the Friday night before the conference There ll be more shots from the conference tomorrow I ve also posted my thoughts on being a first time conference photographer over on my photography blog Copyright c Stuart Herbert Blog Twitter Facebook Photography Merthyr Road Daily Desktop Wallpaper 25 9 Twitter Be the first to leave a comment PHP 5 3 Adoption Some Numbers Posted by Stuart Herbert on January 30th 2010 in Conferences Toolbox Last year I ran a series of polls via Twitter to try and learn a bit more about your plans to move to PHP 5 3 and whether or not you actually followed through A huge thank you to everyone who voted I m not talking at any conferences this year so I ve published the planned PHP 5 3 adoption talk online for anyone who s interested in what the PHP user community told us via these polls As well as the raw data I ve included an analysis of what the data might mean and some talking points about what the PHP Group might want to do differently when PHP 6 or PHP 5 4 if there is one is released You can find the talk online at Slideshare along with all of

    Original URL path: http://blog.stuartherbert.com/php/category/conferences/page/2/ (2016-05-02)
    Open archived version from archive

  • Stuart on PHP - » Conferences
    Derick s keynote starts at 10am There are still tickets available according to the conference website As well as being there to talk about how we built Twittex in 7 days I m very interested in meeting up with folks in the UK who are freelance web developers I want to know more about what you want from a web hosting solution especially what you d like to see but can t find anywhere in the UK atm If that sounds interesting to you drop me a line before the conference and we ll arrange to meet up during the Friday or Saturday evening socials And I m also interested in talking to anyone who s going to PHPNW08 who s interested in building apps for VoIP too Be the first to leave a comment Advice To A Conference Virgin Posted by Stuart Herbert on October 24th 2008 in 1 Beginner Conferences I m speaking at the PHPNW 08 conference in November and I ve just been contacted for advice by someone understandably excited at going to her very first conference Thing is I ve never been a conference newbie I ve always been either speaking or running a conference so I m not the best person to offer advice on this What would you add to this list Arrange with on line friends to meet up either the night before or before the presentations start on the day Look for social groups e g PHP Women you can join before the conference to see if anyone like minded is going If the conference has more than one presentation going on at once multiple tracks work out in advance which presentations you d like to go and see You can always change your mind afterwards Bring a laptop a lot of the conversation at the conference happens online such as on Twitter Bring a mobile broadband card with you too do you have mobile broadband outside the UK as conference wireless systems can be incredibly unreliable Be yourself but don t bullshit the folks you re trying to impress could be prospective customers work colleagues or employers Stay for the after conference drinks food where you can socialise and network Be the first to leave a comment Speaking at PHPNW 08 Posted by Stuart Herbert on September 26th 2008 in Conferences News I m really pleased to be speaking at the PHPNW 08 conference in Manchester on 22nd November I m going to be giving a behind the scenes look at how we built twittex com in just 7 days from idea to live service at Gradwell dot com warts and all and show you what really worked for us and what we should have done to deliver the service even quicker I ll be covering technology project management and marketing too The last time I spoke at a conference was on Marco s first php cruise back in 2004 where we enjoyed a great view from the bar There

    Original URL path: http://blog.stuartherbert.com/php/category/conferences/page/3/ (2016-05-02)
    Open archived version from archive

  • Stuart on PHP - » Can HipHop Help The Planet?
    in terms of CPU cycles consumed Every single PHP script has to run on a CPU and has to get to the point where it s sat waiting for the database If HipHop means that each PHP script uses less CPU to get to the same point that has to be a step in the right direction Until we can play with HipHop ourselves it s impossible to say whether it saves enough CPU cycles to allow us to use less CPUs and therefore less servers Remember you ve still got the overhead of your operating system and web server to factor into the equation And then there s the energy cost of compiling your code in the first place during development for seldom visited websites HipHop may increase overall energy requirements But it sure is nice to hope isn t it About The Author Stuart has been writing PHP applications since 2003 and has been contributing to open source software since 1994 He was an early writer for php architect a co author of the Official Zend Certification Study Guide for PHP 4 and a regular speaker at conferences and user groups since 2004 When he s not designing software Stuart loves to explore the world through a camera lens spend time with his beloved guitars and continue his study to T ai Chi Chu an Taijiquan No Comments pcdinh says February 3rd 2010 at 6 22 pm I know the answer will be that PHP apps are not CPU bound that they spend much of their time waiting for results from the database Something is misleading here I run several high traffic sites in PHP several millions requests per 4 core box day and found that PHP Apache was CPU bound It is different than IO bound which indicates iowait I replaced Apache with nginx and reduced CPU consumption a lot but still struggled to manage about 1000 concurrent PHP FastCGI processes pcdinh says February 3rd 2010 at 6 22 pm I know the answer will be that PHP apps are not CPU bound that they spend much of their time waiting for results from the database Something is misleading here I run several high traffic sites in PHP several millions requests per 4 core box day and found that PHP Apache was CPU bound It is different than IO bound which indicates iowait I replaced Apache with nginx and reduced CPU consumption a lot but still struggled to manage about 1000 concurrent PHP FastCGI processes Opiniones sobre HipHop de Facebook Sentido Web says February 5th 2010 at 3 51 pm Philip Olson Ilia Alshanetsky Marco Tabini Chris Jones Oracle Terry Chay Sebastian Bergmann Stuart Herbert Vid Luther Stefan Koopmanschap Rasmus Lerdorf gracias Opiniones sobre HipHop de Facebook Sentido Web says February 5th 2010 at 3 51 pm Philip Olson Ilia Alshanetsky Marco Tabini Chris Jones Oracle Terry Chay Sebastian Bergmann Stuart Herbert Vid Luther Stefan Koopmanschap Rasmus Lerdorf gracias Karpacz says April 11th 2010 at 9 18

    Original URL path: http://blog.stuartherbert.com/php/2010/02/03/can-hiphop-help-the-planet/ (2016-05-02)
    Open archived version from archive

  • Stuart on PHP - » Looking At PHP On Windows Adoption
    happy with PHP on Windows but it don t see the benefit of investing in it license costs training compared to Linux for our main hosting I didn t answer your poll though either Regards Rob Stuart Herbert s Blog Looking At PHP On Windows Adoption Webs Developer says September 14th 2009 at 9 01 pm adoption rates for Windows use on PHP and in response to comments made in this article he s shares some of his own stats on Windows adoption at least in the European market Remi was expressing his surprise at how Stuart Herbert s Blog Looking At PHP On Windows Adoption Webs Developer says September 14th 2009 at 9 01 pm adoption rates for Windows use on PHP and in response to comments made in this article he s shares some of his own stats on Windows adoption at least in the European market Remi was expressing his surprise at how Pierre says September 15th 2009 at 11 14 am About memcache vs memcached See http code google com p memcached wiki PHPClientComparison Martin F I did not want to have that page in the 1st place as it does not show the fact pecl4win will not come back What we err I are working on is to have releases based binaries available at pecl php net just like any other downloads If one needs a DLL for a given ext feel free to drop me a request http wiki php net internals windows or via the mailing list internals win or pecl dev As long as the underlying libraries support windows there is generally no problem to provide the ext not the case for libmemcached for example Pierre says September 15th 2009 at 11 14 am About memcache vs memcached See http code google com p memcached wiki PHPClientComparison Martin F I did not want to have that page in the 1st place as it does not show the fact pecl4win will not come back What we err I are working on is to have releases based binaries available at pecl php net just like any other downloads If one needs a DLL for a given ext feel free to drop me a request http wiki php net internals windows or via the mailing list internals win or pecl dev As long as the underlying libraries support windows there is generally no problem to provide the ext not the case for libmemcached for example Pádraic Brady says September 15th 2009 at 12 10 pm I use PHP on both Linux and Windows Actually I was Windows only up to 2001 since I had limited hardware and dual booting was difficult I think the problem with any competition focusing on PHP on Windows is obvious PHP is the same on any operating system It s not a surprise there were so few entries Then again would a Linux competition do any better Coding competitions are notorious for their low uptake regardless There is also the

    Original URL path: http://blog.stuartherbert.com/php/2009/09/11/looking-at-php-on-windows-adoption/ (2016-05-02)
    Open archived version from archive



  •