Programmer, Property Tycoon, Media Mogul
I wrote an article on Installing PHP 5.3 in order to look at the newest features that have been back-ported from PHP 6. The result of this is my What’s new in PHP 5.3 article that was published by SitePoint yesterday.
I won’t go in to the nitty-gritty here, but suffice it to say the the new features will solve a number of problems. Read the full article to find out more about namespaces, late static binding, a new MySQL native driver and the other features of PHP 5.3.
I recently installed PHP 5.3 in order to play with some of the new features and thought I’d share the steps I took with you. While it’s based on a clean installation of Ubuntu 7.10 Server, you might find this useful on existing systems too.
As ever, this guide is for educational purposes only. I offer no warranty of suitability or accuracuracy. Use at your own risk, and if it goes wrong head over to the forums for help…
Read my full article at the Melbourne PHP Users Group web site.
The new year typically spawns lots of “Best of …” and “What happened in …” articles and blog posts. It’s a time of year to reflect on the past 12 months. It’s time to look at the highlights, sometimes the lowlights, and hopefully lock a few of those nuggets away for future use.
What I wasn’t expecting while rapidly devouring the 1000+ items in my RSS reader was one post that contained my name accrediting the initiation of a number of Australian BarCamps to me.
Now before you accuse me of blowing my own trumpet, I write this not because I want you to bow before me, rather because I wanted to share how that made me feel. It was great! By simply including that one paragraph in her post, Janet spurred me to get of my Christmas pudding and get BarCamp Melbourne 2008 back on track.
The truth is 2007 was a busy year for me. Most years are - I’m the type of person that can’t say no. After having co-authored a book, organised BarCamp Melbourne 1.0, bought and moved in to a new house, changed jobs* and possibly more that I can’t remember (now you can accuse me of blowing my own trumpet!), I was seriously considering postponing, or get someone to take over the organisation for, BarCampMelbourne 2.0.
* Truth be told, the job change was more of a relief than a burden. It’s great to leave a company that wants you to feel lucky for working in a chaotic environment under bad management with an internal IT department that has an agenda so huge you could swear it’s trying to bring the company down from the inside - a sad end to what once was, debatably, one of the best places in Melbourne to score a job!
So, the good news is that my flame has been relit. In order to make my life at least that little bit easier, BarCampMelbourne 2.0 will be a one day event so I have more venues to choose from. It has also tentatively been brought forward one week.
Thanks Janet! Apologies for the post title…
Web developers today are increasingly aware of the number of ways that attackers can abuse their site. Not only do we have to worry about someone stealing data directly through our site or from our database, cross site scripting (XSS) attacks provide a mechanism for someone to run arbitrary code on another web site.
During his OSDC 2007 keynote, Rasmus Lerdorf mentioned the scanmus, a cross site scripting scanning tool he’d written. It looks at a page’s source code and identifies potential entry points. In the case where it finds a form, it will submit data in a way to detect a number of XSS vulnerabilities, and report those to the user. Unfortunately, while he plans to make this available to the community, this won’t happen just yet.
Ben Cornwell and I got to chatting during the break and when I suggested we write our own, he didn’t hesitate. I don’t think he quite realised at the time that there wouldn’t be any PHP work involved though.
You see, there’s this tradition at conferences (at least the ones that I’ve attended), that when a discussion or talk at the conference gives you an idea for a product, script or technology, you start on it right away and present it at a lightening talk during the same conference. So we couldn’t just have some lame PHP script parse the resultant HTML and spew it to the browser. That would be too easy. That would be just what they’d be expecting us to do! And you know you can’t take over the world by being predictable.
So we wrote it in HTML and JavaScript. Even the logo! It’s one HTML file.
Now this will work perfectly if the HTML script is placed in the document root of the site you want to test. If you want to test remote web sites though, as we did during the lightening talk, you’ll have an issue with cross domain xmlhttprequests. So for the demo we had a simple proxy helper that would load the remote site. The JavaScript class could then load the remote site’s contents through a local call.
So without further ado, you might all be wondering where you can download this awesome tool. Well, it’s still extremely pre-alpha. It itself has XSS vulnerabilities! It needs to be worked on. But you can still grab the HTML and PHP files if you like.
I’ve already had a fair amount of interest from people who want to help, so if you’d like commit privileges, please let me know. You can check out the trunk in the meanwhile.
BarCamp Melbourne 2.0 planning is now well under way, and the event is slated to run on the 1st and 2nd of March 2008. The first BarCamp Melbourne had 10 participants, which isn’t bad considering the venue was over 2 hours from Melbourne! This time, we’re looking for a venue in, or very close to, the centre of Melbourne, and hope to get 50 to 100 participants.
Described as “an intense event with discussions, demos and interaction from attendees”, anyone is welcome to come along for free. Everyone is asked to participate by giving a presentation or leading a discussion, essentially forcing the sharing of ideas and knowledge. You might like to check out the BarCamp web site for more general information. Wikipedia’s entry on BarCamp might also be of interest.
I’ll post more updates as things progress, but in the meanwhile, sign up as a participant if you’d like to come along, spread the word about BarCamp Melbourne 2.0, and if you want to, or know someone that wants to sponsor this event, please check out or point them to the sponsorship page.