TAG | review
This post is my rant on how to make QCon a better conference or any developer conference for that matter. I’ve attended it for my first time in 2012 and was expecting a great deal since it’s probably the best there is with opening keynotes from people like Martin Fowler.
Quality Over Quantity
In my eyes it’s much better to have 1 day worth of talks with exclusive speakers than three days with lots of very average content with average presenters. QCon had 3 days, 7 parallel lanes and 6 presentations in each one of them. That’s 18 presentations in total for one visitor to see. Or over a hundred presentations in total. However it seems to me from following twitter that only ~10 of them were very well accepted. Some were so good that there was not even a spot to stand.
This leads me to suggest that the conference should be more strict who can attend these massive conferences. I would suggest that it only accepts speakers who have spoken in smaller conferences at least 5 times. There could be selective early bird invites to review the talks before they get accepted. Maybe you could get a discount if you agree to do so. The author would obviously have to make a recording of his talk.
Talk Titles Descriptions
So many times I have felt fooled and lured by a catchy title just to try to stay awake during the talk. I guess there’s nothing wrong to have a catchy title. However I would suggest that each accepted speaker has an introductory video on who he is and what he’s going to speak about. That way you can get a feel of a person before you go see him. Also if the above suggestions have been followed then links to his previous speeches in video should be included so viewers could review how good the speaker is.
Another great addition would be to mark how advanced the talk is. Just add a simple tag: introduction, advanced, expert. However I would argue that QCon should not have any introductions to topics like NoSQL.
Hack Fest Anyone?
My colleague suggested a somewhat crazy idea. To organize a hackfest so that people could do some coding together, solve some challenges, get to know each other, compete, get EXCITED. Have you seen the movie Social Network where devs were competing for a job at facebook and had to hack a linux box while drinking vodka shots during the challenge. Something in that direction maybe?
A conference for everyone
This is an experimental thought also suggested by my colleague. There’s a pattern that developers love talks which talk about organizational changes. It’s weird but they applaud more the talks on how to have a great team, great processes rather than a new tool. However when they go back to their organization it’s very difficult to apply these ideas at your workplace because most of the time you’ll be met with outright scepticism and denial. What if your product managers, your QA’s, your sysadmins and maybe even your CEO would find it worthwhile to go to such a conference. How awesome would it have been if all these different roles could haven seen the Github talk together with you? Or would you be interested to hear from CEO’s who were developers once and how they became who they are and what they’ve learned along the way.
Always organise giveaways at the end of the conference in one big go rather than at random times during the conference. This will keep people from going home and staying in the main hall, getting a few beers, maybe meeting someone and it will also make it more convenient for the visitors.
Don’t kill the messenger
This whole rant might make me sound like an ungrateful bastard but it’s not like that. I do appreciate people trying and doing what they do. The QCon that is right now is still infinitely better than no QCon at all. However as everything else it can be even greater.
I’ve finished reading Expert Python Programming written by Tarek Ziade. This book is written for Python developers who wish to go further in mastering Python. Expert Python Programming covers a range of topics such as generators, meta programming, naming standards, packaging, continuous integration, writing documentation, test driven development, optimizations and design patterns. Even non Python developers will find this book useful since it covers best practices which are well suited to other programming languages.
There’s a sample chapter available which covers the topic of documentation. We all know how frustrating it is to write documentation. It’s boring, often it feels pointless and it tends to get out of date. The 7 rules of technical writing presented in the book changed my mind. It’s actually one of my personal favourite chapters in the book.
The first chapter of the book is very friendly and covers installation of many Python flavours, packaging tools such as EasyInstall and setuptools, prompt customization and choices of editors.
While the first chapter is very easy going the second chapters dives deep into syntactic intricacies of Python with it’s iterators, generators, decorators and context providers. If the second chapter won’t make your head spin then the third one on class level Python best practices certainly will. Author of the book does a great job at explaining the pitfalls of multiple inheritance, inconsistent super usage, Python’s method resolution order and finally meta programming which allows to change classes’ and objects’ definitions on the fly.
The rest of the book is a lot less confusing but nonetheless rewarding. Chapter four gives some very good advice on naming standards, building API’s and tools that ease might help along the way. Chapter five explains how to create python packages, distribute and deploy them.
What I really like in every book is examples. One example can explain more than a thousand words could. The examples in the second and third chapters are very valuable and help greatly to understand the concepts explained. The book goes even further and provides a complete example of a small application called Atomisator. This example is implemented following the best practices of previous five chapters.
Chapters eight and nine will be very interesting to team leads which explain distributed version control systems such as Mercurial, continuous integration and managing software in an iterative way.
Another very important topic on Test Driven Development or TDD is presented in chapter eleven. I cannot emphasize enough how valuable test driven development is. Though even today it’s not a widely adopted practice and not a well understood one either. This book will try to convince you why you should be doing TDD and if you’re already convinced it will present you with tools that you can use to do TDD. I was very interested to find out about the available unit testing framework alternatives. Further an interesting idea on doc testing is described which while seems a little exotic may be a very efficient way to keep your documentation up to date.
Reading further there’s a great chapter on optimization which describes general principles of optimization and various profiling techniques. Measuring performance may prove difficult on different hardware such as local development machines and stage servers. I was very intrigued to find out about pystones and the general concept behind it which helps to deal with the problem described.
Together with optimization techniques, various profiler tools which you never knew of, the book describes some generic optimization solutions available. Some are well known such as the Big-O notation, some are less known such as Cyclomatic Complexity. I think this book explains the concepts behind multi threading, multi processing and caching very well. Making an informed decision whether to use threads or multi processes for your Python application may as well mean if it’s going to be successful or not.
And finally the last chapter talks of design patterns. While it’s not the most mind blowing chapter of the book it provides some very interesting details why Python doesn’t have interfaces or how certain GoF patterns can be implemented in a Python specific way.
Should you read this book? My answer is yes. Especially if Python earns your bread and butter. Not only you will know the syntactic intricacies of python it will introduce you to many must know concepts of software development. Even if you’re not a day to day Python developer but you do write an occasional Python script or application by all means read the book and read the first six chapters. I will go even further and recommend this book to non Python developers. Simply because it explains concepts that every developer should understand. And as an extra it is always interesting to learn new ideas and to see how things can be done differently.
I’ve always been interested in Python. Python is a dynamic programming language with a very clear and readable syntax, strong introspection, intuitive object orientation and so on. It’s been used in many successful projects such as Trac, Django, Mercurial, YUM. It’s used in companies such as Google or Yahoo. Python has a vast standard library allowing to solve almost any domain problem. From the early beginning Python had a design philosophy behind it which is probably one of the reasons why Python is such a successful programming language now days.
All these and other reasons make Python an interesting and valuable language to learn. I’ve chosen to review Expert Python Programming as my next book. Having used Python for personal projects such as PyDumpy or work related tasks such as continuous integration with BuildBot I hope it will be an interesting read that will help me to improve my understanding of Python.
For those interested Packt Publishing offers a sample chapter of the book.
Just recently I’ve finished reading Spring Persistence with Hibernate. It’s a book about two major Java technologies Hibernate and Spring. Hibernate is a powerful object/relational persistence framework and Spring is a Java application platform that includes an MVC framework. The book is primarily meant for Spring and Hibernate developers but it may also be useful to developers who are interested in object relational mapping and advanced MVC frameworks. The topics covered in the book include object relational mapping, aspect oriented programming, inversion of control, MVC. Even though these topics are advanced the book does not require the reader to understand them beforehand. All examples are written in Java and should be understandable to anyone with a solid development background.
The book is quite lengthy consisting of more than 400 pages in total. First half of the book introduces the reader to the Hibernate persistence framework. It explains how Hibernate works in general and how it is configured. The most important chapters on Hibernate cover mapping to entities and entity collections, describe the life cycle of persistent objects, cascading operations, querying and lazy loading. The other half of the book focuses on topics such as inversion of control, aspect oriented programming also known as AOP, transaction management, Spring MVC framework and testing.
Before reading the book I didn’t have any enterprise experience with Java or it’s technologies. Working as a PHP developer I appreciate the Java community and technologies made available by it. Through many years of being exposed to enterprise application development Java community has developed powerful tools which are a great resource to developers with different development backgrounds such as me. I’ve found the book to be an excellent insight into the object relational mapping world. I’ve enjoyed reading about Spring’s AOP framework which opened my eyes in a few ways how AOP could compliment OOP. Spring IoC container which is used by Spring itself is an amazing piece of software setting new standards for other dependency injection containers out in the wild.
Even though I believe the book is a worthwhile read it can seem to be too detailed at times. For example describing all available bean factories and all other lists of available bells and whistles can seem to be dull or hardly memorable. Maybe it would be better to introduce to the idea that there are multiple factories, describe few most important ones and provide directions as to where it is possible to learn about other types of factories. The book provides many examples which is a great way to grasp the concepts quickly. Provided examples are individual pieces explaining a certain concept. It may have been better to provide examples by trying to build a real life application throughout the entire book. I believe it is a fun way to learn allowing to see how real life development issues can be solved.
I believe it’s every developer’s duty to be familiar with the latest development technologies and to know when to use them. Too many applications are written using improper tools. Object relational mapping technologies are discussed frequently and not everyone is a fan of them. The fact that Hibernate is commonly used by Java developers and .NET developers proves that persistence frameworks have their place and are worthwhile to familiarize with.
It seems that I will continue reviewing books for Packt publishing. Spring Persistence with Hibernate is a book about a different development world. Spring web development framework and Hibernate persistence framework are both well known Java technologies. Even though I have little to do with Java I believe it has a great world wide community of software development experts. Not surprisingly lot’s of innovation comes from the Java world. I believe it is because Java developers know a lot more about proper design principles and coding practices than an average developer of let’s say PHP or .NET.
This book should cover such topics as getting a grip with hibernate, integrating hibernate with spring, spring IoC, spring AOP, transaction management, unit testing. I believe it will be a worthwhile read with high hopes that it will give me new ideas what I could implement or use in the PHP world.
As I mentioned earlier guys from Packt publishing asked me to review a recently published book Zend Framework 1.8 Web Application Development. The title says it all – it’s a book about designing and developing PHP web applications using Zend framework.
This book doesn’t require the reader to be familiar with zend framework and explains all concepts in proper detail, though it will be easier to read the book if the reader is familiar with the framework and/or has experience with MVC and OOP in general. This book should be interesting to all developers who design and develop day to day web applications using MVC frameworks or not yet familiar with them as it may improve their insights towards web applications modelling, testing , optimizations and more.
Even though I am fairly familiar with the framework I found the book to be an interesting, easy read, plentiful of examples explaining the intricacies of the framework.
The first though a very important chapter teaches the concept of bootstrapping using Zend_Application and shows how to write and run a simple hello world program using controllers and views. As well it introduces the use of controller utility methods such as _getParam(), _forward(), _redirect(), action helpers, view helpers which are very valuable and a lot of developers miss them entirely. This chapter also shows the proper use of the response object which also tends to get forgotten.
The second chapter dives straight into the Front Controller pattern explaining how the framework routes, dispatches requests and responds to the client. I have never been bothered to understand the whole thing and was quite surprised to see how simple it all is. It is worth mentioning that this chapter explains in great detail how the router and various routes work and how elegantly it integrates with Zend_Config. Last the chapter covers the request object and it’s external API which provides lot’s of valuable functionality.
From the third chapter author Keith Pope starts building the main application of the entire book, the Storefront. It’s a relatively simple “real life” application that serves the purpose of being an online products catalog. This chapter shows how such an application is structured on a file system and bootstrapped and configured. Even more the chapter covers the creation of Zend_Log and various logging writers and database profiling. Extremely valuable features that not many developers know of. If every zend framework application would start as the chapter describes I believe a lot more developers would be eager to start their IDE’s 9:00 AM straight.
Another chapter worth mentioning is regarding optimizations. I was surprised to learn about such things like plugin loader cache, table gateway metadata or various Zend_Cache frontends which I have never bothered to look up. Not to mention widely known tricks using APC, stripping zend framework of all requires and setting up an optimized include path.
And last but not least again one of my favorite topics – testing. I strongly agree with Misko Hevery that test driven development is a skill. It’s definitely not easy to start or learn. One would fool himself to think otherwise. This topic deserves many books of it’s own. I can only share from my own experience – once I started unit testing applications that I work with, I have never looked back. This chapter explains different types of testing, shows how to setup PHPUnit and provides examples of controller testing using Zend_Test. I believe this chapter deserves more attention on how to do testing with a database in mind, debugging failing controllers, avoiding complicated mocks, implementing continuous integration. But again it is worth to keep in mind that the book is about Zend Framework and not testing in general.
All in all I enjoyed reading this book. I would and will recommend it to my colleagues and friends. I hope that this hopefully not too boring review convinced you to buy the book and learn something new. Once again – big thanks to Packt Publishing for a free book. Happy reading. Over and out.
I was recently asked by Packt Publishing to review a copy of one of their books called Zend Framework 1.8 Web Application Development book. This book is about designing, developing and deploying feature-rich PHP MVC based web applications using Zend framework. Guys from Packt Publishing were generous to send me a hard copy of the book. I owe them a thanks.
Even though I feel fairly familiar with Zend Framework I believe this book will be a great opportunity to dwell into the darker corners of the framework. The fact the Zend Framework is now at version 1.9.5 and version 2.0 is on the horizon is a bit worrying but having had a quick glimpse at the table of contents I see that some topics of particular interest to me like chapters about model design, optimizations and testing are not the ones that change at the same pace as the framework does which makes this book even more worthwhile to read.
I believe I will have a great time reading and reviewing this book.
Again. A few months late. Happy to see the magazine is going through some new exciting changes.
ATK - A Business Framework
I’m lost in the development world about what a framework is these days. But ATK seems more like a CMS to me. Or atleast you can build one in minutes. ATK itself is quite interesting. It wants developers to write as little code as possible. And you don’t call ATK, it calls you! Meaning that you create something unique to your application like a data node description file and ATK will know when to use it. It’s very easy to create various entities and describe their relationships with ATK so it’s bassically a web application bakery. The article does not say much about the performance or extendability of ATK itself. I was sceptical at first but then I changed my mind that this software project sounds like a worthy tool.
Messaging The Web
It’s an interesting idea to use email as middle communication layer between your phone and your PHP applications. Was nice to find out that you can feed emails using sendmail directly to php scripts instead of using crons. Though I wouldn’t use it for server control like in the article itself. Most phones have email support today and can send emails themselves. I think this is more of a poor man’s solution anyway. But I still believe it is a nice idea and could be useful for something.
Working with the Zend Platform
A great article. Never checked what Zend Platform has to offer and I was suprised. Too bad it can’t work together with Xdebug and APC but Zend offers some replacements. The Zend Platform is great for a web developer using windows to quickly setup a dev environment. All you need is Zend Core and Zend Platform which are free for development purposes. Zend Platform itself is like a web application that allows you to do a lot of neat things. I think that the most valuable thing is the events logger. It logs php errors, execution times and other things, agregates it and presents it in a very nice interface and allows you to find and investigate problems quickly. The cache feature in the Zend Platform is also nice for some quick caching solutions. It has never been easier to cache a page. Just provide the URLs you want to cache and it’s done. Zend sessions clustering is also a nice thing. I think it would be great to have it as a free extension. It’s easy to setup shared sessions when you can’t afford storage servers or sticky sessions and must have high availability.
This article explains how to create an application that connects to a socket. Using telnet you can write messages which popup in a web browser which is constantly buffering messages from a socket using php and ajax. I like the main idea to use this for monitoring. For example you could stream your web server cluster error logs into a single browser page and try to investigate potential problems.
Creating Web Interfaces with Stickleback
Yet another framework named stickleback and developed by Yahoo. Stickleback is a general purpose plug-in framework. I missed the reason behind this framework. What are it’s strengths and weaknesses compared to other frameworks. It says it’s extremely extensible. Anything else? Article shows how to create an application that displays a few headers and a table and show some of the framework components. Looks like a “Hello World” program. Would have loved to understand why this framework stands out from all the other frameworks.
One of my most favorite columns. I sympathize with the idea that to show something using a programming language and choosing a hello world program to do it is not the most effective way to do it.
“Essential PHP Security” is an introduction to the PHP applications security written by Chris Shiflett. Though you could say that it suits any other language too. Well atleast to some point it does. It is a really short easy read. Developing PHP applications for quite a few years I have never tried to take a look at all the security issues in one place to see if I’m up to date. To say the truth I expected something more but that is why the book name includes a word “essential”. Let’s take a closer look at the book.
Chapter I – Intro
Basically it tells you to avoid the deprecated register globals (that are going down in PHP6), turning on the error_reporting(E_ALL | STRICT), “Defense in Depth”or otherwise adding additional “safeguards” where possible to make it harder for the attacker, “Least Privillege” or otherwise giving only required permissions, writing simple, elegant code to easier spot security issues.
Chapter II – Forms and URLs
Basic, basic, basic .. Don’t do things like firstname.lastname@example.org, use is_file_uploaded() and move_uploaded_file() for uploads, prevent XSS using htmlentities with ENT_QUOTES and the encoding that you specified in the HTTP response of your application, the CRSF topic is quite old now but quite not taken seriously and a few thoughts not to take HTTP_REFERER too seriously.
Chapter III – Databases and SQL
Keep your db credentials outside of document root or atleast not visible from outside, better yet in server environment variables, avoid SQL injections using database specific escape functions, prepared statements or addslashes() and encrypt stuff like SSN or credit card numbers.
Chapther IV – Sessions and Cookies
Things get more interesting here. Cookie theft or it’s just a subtopic of XSS, session fixation is a topic like CRSF – known for a long time and not taken seriously. For those of you that don’t know session fixation is about regenerating your session id every time a user in your application gets higher permissions like logging in. Also an old trick to check whether user’s USER_AGENT suddenly changed on every page load to make it harder for the attacker.
Chapter V – Includes
This chapter explains to keep as much as possible of your application outside of document root, filtering every user given variable that you use for includes with basename, realpath, pathinfo or any other tools. Also disabling allow_url_fopen though I prefer disabling allow_url_include more.
Chapter VI – Files and Commands
Almost the same as Chapter V. Except that you learn new functions like escapeshellcmd() and escapeshellarg().
Chapter VII – Authentication and Authorization
A nice idea to use 15 second login timeouts to make it harder for the attackers while keeping the legitimate users safe. Use SSL. Try to avoid persistent logins. And if you can’t don’t store sensitive information in the cookies like usernames or passwords. A really nice idea to generate one-time-use tokens that you save in cookies with a timeout for persistent logins and regenerate them every login.
Chapter VIII – Shared Hosting
It’s best to avoid PHP shared hosting. The book was written in 2005 when PHP had a lot more security issues. Most good hostings have virtual machines or have open_basedir, safe_mode enabled with lots of stuff disabled. Safe mode will be removed in PHP 6 but it has a really nice feature like allowing to run executables from a certain directory.
Not too interesting. Configuration directives. Disable allow_url_fopen, use disable_functions, turn display_errors off, disable enable_dl, set error_reporting E_ALL | E_STRICT, log errors, turn off magic_quotes_gpc, set memory limit 8mb if you can, use open_basedir, turn of register_globals, use safe mode.
Avoid eval, avoid functions that allows to execute commands on the server, use includes carefuly, be careful when using preg_replace modifier /e.
Nice idea to use salt when generating password hashes to make rainbow tables ineffective.
All in all it’s a very good book to get started. Maybe not as detailed as the latests Steffan Essers recent findings but if only every site on the web would do the things described in the various book chapters… Projects like Google Hacking Database show how secure the web really is. And for the last words .. It’s not the PHP that is not secure .. Enormous amount of effort was put into PHP to make PHP more secure. Just to give you an idea listen to “The state of PHP security” or read about what Steffan Esser is doing. Yes there still are security bugs in PHP .. But honestly like Steve Balmer would say it’s all about: Developers, developers, developers. PHP deserves a better name.
I have bought my first copy of php|architect magazine. The PDF version only costs $5. The quality of the first two articles I have read so far is great.
The first article was about the SimpleTest framework. A really nice and interesting approach compared to the default way of unit testing. It’s easy to test badly written code that may be harder to hook into using traditional unit tests. Sometimes the article goes into too much detail making the article sound more like a documentation page.
The second article was about internationalization (i18n) in PHP. It definitely was interesting. The intl extension based on ICU takes care of string comparison (collating), number formatting (currency included), message formatting, unicode string normalization, locales handling (parsing, lookups) and date formatting. Internationalization has never been easier.
I like the php|architect slogan ”It won’t make you smarter but it will make you a better PHP developer”. I hope it will.