Author Archives: lornajane

07 May
2009

Looking Forward to php|tek

This year I’m excited to be heading to the php|tek conference in Chicago (May 19th to 22nd), and even more excited to be going there as a speaker. Over the course of the conference I will present or co-present three sessions; one tutorial and two talks.

The tutorial session is a half-day on Tuesday afternoon – I’m co-presenting with Matthew Weier O’Phinney of Zend and our session is “Practical SVN for PHP Developers”. We’ll be walking through the concepts of source control, adminstering subversion, repository structure strategies and also showing some hands-on use of subversion. We’ll talk about the issues around introducing subversion into a team and looking at how this tool fits in as part of the development process. If you’re a subversion user looking to learn to get more fromthe tool, an architect looking to include it in new or existing setups, or a development team leader or manager looking for information about setting up and managing subversion, then come along!

The next talk I’ll give is on Wednesday when I’ll be presenting “Linux-Fu for PHP Developers”. If you’re already a linux wizard then feel free to drop by and heckle – but if you’re either a beginner or a competent user looking to raise your game then this session is for you. Its a tour of the commands I use day-to-day; an opportunity to metaphorically look over my shoulder and take a peek at the tools I use and how I use them. There are code samples and although there is a lot to take in, I hope it will make command-line linux usevery approachable for everyone – if I can do it, anyone can :)

Finally I get to co-present with my friend and Ibuildings colleague Stefan Koopmanschap a session entitled “A Guide to Using and Understanding the Community”. This session is an overview of what happens in the community outside of people’s nine-to-five jobs, how to access the community and what you might find there if you do. A lot of the value of open source software is in the community but knowing what information and interactions you can find there and how to find them is a mystery to many. For business in particular, free software with no guarantees can be slightly daunting! Stefan and I have lots of community involvement and will give a tour of what’s happening, how you or your employees can gain fromthe community, and how you can give back.

I’m really looking forward to the conference, to meeting old friends, virtual friends, and friends I haven’t made yet – if you will be there let me know and make sure to come and say “hi”!

06 May
2009

Screen-Profiles – Improved Screen in Ubuntu Jaunty

I recently upgraded my kubuntu installation to 9.04 “Jaunty Jackalope”. It turns out that they have added some very cool features to screen in this version. If you don’t use screen its its worth finding out more, certainly its a tool I now can’t live without.

The first thing to say is that if you have an existing .screenrc file, you don’t get any notification or prompt about the new features of screen, I was lucky and fell over the information. To get to the features:

  • if you have a .screenrc, rename it for a moment
  • aptitude install screen-profiles screen-profiles-extras
  • run screen

EDIT: From Karmic Koala (9.10) and later these packages are now byobu and byobu-extras – they work as outlined here however, just the package names changed.

The first thing you’ll notice is that there’s a whole lot more stuff going on at the bottom of the screen. I have had a custom .screenrc file which gave me tabs for a while, but now they’re part of the standard setup.

If you look in the bottom right corner you’ll see there’s an “F9 Menu” – yep, screen responds to a whole bunch of function keys! I’ll keep my traditional ctrl+a mapping I think, but you can reconfigure this to your hearts content. And look at the menu itself:

You can change the colour themes (more on that another day, I’m still playing with the settings) and you can also turn on and off a load of different widgets, basically lots of different system information. I’ve got most of it turned off on my laptop (since I already have a battery meter etc) but for a server this could be really useful. Examples:

I’m really happy to see Canonical improving this particular tool, and I wanted to mention it purely because existing users of screen won’t see the new functionality by default which seems like a bit of an oversight. If you’re a screen user, upgrade to Jaunty, try it out, and leave a comment on how it works out for you.

04 May
2009

Testing PHP

I’m organising the PHP Test Fest that is happening in Manchester next weekend, and in preparation I decided it was high time to sit down and figure out what testing PHP is all about. People kept telling me it was easy but I had no clear picture of how all the pieces went together – there are different ways of doing the same thing and although I have been keen to get involved with testing for some time, I haven’t been able to get started until now.

I’m a linux user, so this whole post relates to how this works for me, on my ubuntu system.

First of all I grabbed a copy of PHP from http://snaps.php.net. The TestFest focuses on writing tests for PHP 5.3 so I took the most recent copy of that version.

I unzipped the code, changed into that directory and compiled the code and ran all the tests:

./configure  --enable-gcov
make
make test

At this point I was prompted to send the report of the tests off to the PHP QA team – I always make sure to do this when I compile PHP, it helps them a lot to collect the data and it is no bother for me. I will say that due to the huge increase in the number of tests in PHP 5.3, it takes a bit longer than it used to, but I don’t mind.

One thing which I keep seeing when I see people talk about tests is the lcov test coverage graphs, the ones that look something like this:

“Just pick something to test from there”, people said. I just didn’t understand at all how to pick which bit of PHP I would need to write test code for. It turns out that if you click on an extension, you get a list of files, and these too have coverage numbers.

Then if you click on an individual file, you see the C code of PHP itself there, with highlights to show which lines are executed in tests and which are not. So now you can start to get an idea of what needs testing (although you have to read C to do it which is fine since I’ve studied it, and PHP is pretty similar, but it does get confusing in places).

It is pretty easy to run a subset of tests, despite some quite long-winded documentation on the subject. There is a script inside the PHP directory called run-tests.php which takes an argument of either a single test or a directory of tests you’d like to run. Just call this with CLI PHP and specify which tests you want – I specify the path to the PHP since I want to use PHP 5.3 and not the existing PHP which I already use on my system

export TEST_PHP_EXECUTABLE=/sapi/cli/php
$TEST_PHP_EXECUTABLE /run-tests.php tests/ext/spl/

The “make test” command also takes a TESTS= argument, and this is also an option. Its just a wrapper for run-tests though so either works fine. I built my php inside the directory with the source in it, just for convenience, but you don’t have to – and if you don’t then you need to adjust the paths above accordingly.

Then its time to read the phpt documentation and start writing tests. There are groups all over the world taking part in the testfest, so check the list and find your nearest. For me that’s Manchester, 9th May 2009 – and I’m looking forward to it!

02 May
2009

Kubuntu Freezing on Splash Screen after Jaunty Upgrade

Today I upgraded a bunch of machines to the latest Kubuntu offering, version 9.04, or “Jaunty Jackalope”. Well, it was all going a bit too well and when I came to upgrade my main work machine, a thinkpad T400, I ran into problems. There are a couple more kinks but I had one particular error which I wanted to blog about. When I upgraded and then restarted Kubuntu, it froze on the splash screen after showing three icons (up to the globe).

The problem was that the files in the ~/.ICEauthority directory were owned by root so couldn’t be written to by my user. I followed the instructions I found on this post where someone had exactly the same problem, and just chowning the whole directory to my user fixed the problem and allowed me to boot Kubuntu.

Hopefully if anyone else has this problem they’ll find either this post or the other one and also find the easy fix! If this works for you, leave a comment.

01 May
2009

Auth Mechanisms for Web Services

Having been involved in quite a few service-related activities in the last year or so, I’ve been having a few thoughts about what I’ve learned from this and what decisions I make when designing a service. Hopefully there will be a few of these posts – but to start with, I’m considering the options for authorising users.

Quite a lot of services don’t require any authentication at all, similar to quite a lot of the web. In either setting, the information is there for users to consume when they want. However the difference comes when services start doing more than making data available. If changes can be effected by the service, then we need to identify who is requesting the change.

Traditional websites use a username and password, and we can do exactly the same thing here. Services work on a series of discrete requests and its common to require that the username and password be supplied with every request. However for high-load services or where a particularly fast response time is needed, we can use something similar to sessions, where the user first has to authenticate and is given a token. On subsequent requests they supply the token and we wave them through without requiring their credentials again.

There are a number of considerations involved in deciding whether this setup can work for a particular application:

  • Does it take time to authenticate? For example is there an external system to wait for or lots of user information to retrieve?
  • How guessable is the token? Any kind of reasonable length hashing will help you here. I tend to use salted md5 tokens*.
  • How long will the token be valid for? If interaction with the service is likely to be a burst of related requests, you might allow validity for 30 minutes for example.
  • Will you require other identifying information as well as the token? For example you might require that the user also supply their username, which would have to match the token. I’ve also seen systems which only accept tokens from the same user ip address as the user’s original authentication call came from.

Also think about storing these tokens. They can go in their own table along with the information you want to use frequently – this is the same idea as storing information about a user in a session, for example. So user id, maybe display name plus the token itself, some information about when it was created or when it expires, and anything else that will be needed to check the token’s validity. With this information being independent and just used to verify the user, there is also the option of storing this in an alternative, faster, mechanism such as memcache.

This isn’t by any means everything there is to think of, but just some ideas of things to consider when designing a service.

* I blogged about salting md5s in PHP recently, if you are interested

26 Apr
2009

Replacement Love-Knot Wrap

A few years ago, when my little sister turned 21, I made her a crochet love-knot wrap. She’s used it (as a warm scarf) since then but recently lost it moving between multiple different places in the French Alps while working as a nanny for a hotel chain. So I made her a new one:
Caitlin Modelling her Scarf
Its the same design as before, using a “love knot” or “Solomon’s knot” stitch to create an airy web of a wrap that can be worn either over the shoulders or bundled into a scarf as shown. I used a cotton tape yarn since she’s just about to leave again to go and work in Portugal so woolly wouldn’t be a good choice, this yarn used to be a cardigan I bought but it had daft sleeves so I unravelled them but never did anything better.

The scarf laid out and a closeup of the beads:
Scarf Scarf Closeup
Here’s hoping she hangs onto this one at least as long as she managed for the last – safe travels, little one!

21 Apr
2009

Quiet Diff

I recently saw a problem that we were having difficulty replicating, despite assurances that both the code base we were replicating on and the one that exhibited the error were identical. They are large codebases and when I got copies of them both I tried to check for differences:

diff -ur dirA dirB

The result was large and messy and included a lot of .svn files (long story). So to get an idea of how many files had differences I ran diff with -q for Quiet. This just outputs one line per changed file and also a line for if a file only exists in one or other directory. I then used grep to ignore any lines with .svn in them, and finally passed the whole lot to wc (for Word Count) to tell me how many lines there are.

diff -urq dirA dirB | grep -v .svn | wc -l

If you get a number greater than zero, your codebases are not identical and you have discovered why your fault is “intermittent”.

18 Apr
2009

Curious Combination of Craft and Code

I’m a software developer, so I like to make things. The fact that some of these things involve yarn, fabric, or wood rather than code doesn’t make any difference to how I feel about building things. For the most part my programmer friends think I’m strange for making woollen things, and my craft friends think I’m strange for working with computers!

Since spending more time online and getting to “meet” (in a virtual sense) more people, both crafters and coders, its becoming clear that I’m not alone on this one. First I saw a this thread about crafts on the phpwomen forum and then I also noticed that on ravelry (a social network for knitters. Yes, really) there’s a group for PHP knitters.

Are you a geek who also makes non-code things? Let me know :)

14 Apr
2009

How To Use Salts and md5 in PHP

The MD5 hashing algorithm gets bad press because “its insecure”. This post is not about that; MD5 is a hashing algorithm and is a good way of generating a representation of something, without actually needing the thing itself. I was asked about its use the other day so I thought I’d blog it.

One problem with MD5 is that a given input always generates the same output. Therefore, it is possible to generate a table of all (likely) values and their resulting MD5s, then be able to use it as a lookup to find out what makes that result – these are “rainbow tables”. A bit like choosing a password, having a commonly available piece of data (like an integer) means that there is probably a rainbow table with it in. Salting makes it less likely that a decode is available, and in PHP you would do something like this:

$salt = 'myrandomstring';
$hashed_value = md5($salt.$value);
10 Apr
2009

Speaking at phpGG

Next week I’m passing through the Ibuildings office in Utrecht on business. During the 36 hours or so that I’ll be there, the Dutch PHP User Group, phpGG have kindly extended an invitation to speak at a one-off user group meeting they are arranging. Well, I have a talk that needs some work and it seems like too good an opportunity to miss out on catching up with some Dutch friends that I usually can only virtually “meet”, so I delightedly accepted!

So, I’ll be in Utrecht on Thursday 16th April giving my talk “Linux-Fu for PHP Developers” at Ibuildings’ Utrecht office – let me know if you can be there :)