The PHP Security Consortium (PHPSC) received its first Slashdot post today. Chris was worried about whether the server could handle heavy traffic. I guess this will be its first true traffic test. If it can handle this, it can handle just about anything. 
4 Comments »
Permalink
Tags:
Leading PHP Experts Join Forces to Establish the PHP Security Consortium
NEW YORK, NY – January 31, 2005 – An international group of PHP experts today announced the official launch of the PHP Security Consortium (PHPSC), a group whose mission is to promote secure programming practices within the PHP community through education and exposition while maintaining high ethical standards.
“As PHP has transitioned from personal projects to enterprise application development, the need to educate the community about secure programming practices has risen,” said Chris Shiflett, the group’s founder.
The PHPSC web site (http://phpsec.org/) provides a variety of security resources for PHP developers, including the group’s flagship project, the PHP Security Guide.
“PHP application security is a topic of growing importance,” said Andi Gutmans, one of the group’s charter members. “The launch of the PHP Security Consortium is a landmark event for the PHP community, and because most web development technologies face similar security concerns, we believe that developers using other solutions can also benefit from our efforts.”
About the PHP Security Consortium
Founded in January 2005, the PHP Security Consortium (PHPSC) is an international group of PHP experts dedicated to promoting secure programming practices within the PHP community. Members of the PHPSC seek to educate PHP developers about security through a variety of resources, including documentation, tools, and standards.
In addition to their educational efforts, the PHPSC engages in exploratory and experimental research in order to develop and promote standards of best practice for PHP application development.
No Comments
Permalink
Tags:
I found it interesting, after clicking a link to his blog on the Go Daddy home page, that Go Daddy founder and president Bob Parsons uses PHP-powered Serendipity.
While I am a strong supporter of WordPress over Serendipity—and please don’t ask me for particulars at this point, but I’ve tried them both and I like WordPress best—I admire Serendipity because its development team consists of some of the more well-known names in the PHP community: Sterling Hughes, George Schlossnagle, Wez Furlong, and Sebastian Bergmann to name a few.
Parsons could’ve elected to use any number of popular blogging software out there, software that executives and celebrities tend to pick such as Movable Type, TypePad, Blosxom, and Blogger. Instead, he chose a PHP application, and the PHP community is all the better for it.
Way to go, Bob Parsons! Way to go.
6 Comments »
Permalink
Tags:
Yesterday, I was informed that several of my proposals have been accepted, and I will be presenting at the International PHP Conference 2005 – Spring Edition in Amsterdam in May.
The topics I will be presenting are:
Web Security – Part II
No week passes without a new security vulnerability. However, more often it is not a browser, server, or OS that is affected, but a web site. Most often, the same mistakes are made, paired with lazy programmers. This talk seeks to change this and covers securing a PHP-enabled website.
Part II examines security from the server-side and explores best practices for configuring PHP on the server.
( Christian Wenz will present Part I. )
PHP in a Whole New World: Desktop Applications Built in PHP-GTK
For several years, PHP has dominated on the Web, becoming the leading Web scripting language. However, PHP is not only for Web use; it is a general-purpose language that can be used to create desktop applications using GTK extensions. This talk examines some of the more popular applications created using PHP-GTK, as well as providing resources for more information on creating PHP-GTK applications.
Framing the Frameworks: What Are They and Do I Need One?
PHP-based frameworks proliferate on the Web. Everyone’s created one in some form or another, and many have slapped an OSS license on their’s and are offering it for mass consumption. This talk will discuss frameworks, what they are, and how they can be utilized for rapid application development to save time and money. In addition, several PHP frameworks will be explored and evaluated.
No Comments
Permalink
Tags:
What can I say? This post is really a blatant attempt to help the search-engine page rank of the portrait studio my wife works for. I’m shameless.
On the other hand, it is a site that I developed (along with my wife’s design skills), and, coming during a time when I’ve not been able to do a lot of experimentation with my programming, this was a welcome project. Let me explain a little bit about the workings underneath the hood, so to speak.
First of all, I took this opportunity to learn and explore Apache’s mod_rewrite. I wanted to use mod_rewrite for several reasons, one of which was to create search-engine-friendly URLs to help boost their page rank. Another was because I wanted all data files to reside outside the Web root as include (.inc) files. The PHP logic behind the site calls the specified file; mod_rewrite allows this to appear as though there’s a logical directory structure, which there isn’t—all the data files reside in one directory.
For example, take this URL:
http://www.carneystudio.com/babys-first-year/maternity/
It’s really being rewritten for the application to:
http://www.carneystudio.com/index.php?cat= babys-first-year&subcat=maternity
Anyone who already knows mod_rewrite is probably saying, “Gee, Ben, this is all so elementary.” I agree, but it’s not something I’ve had the luxury of playing with for a while.
Another reason I chose this particular structure (with the data files residing in a directory of their own and outside of the Web root) was to allow for a flexible, template-driven site that is easy to update and even add pages—without some sort of CMS.
I was also able to employ some Javascript and Dynamic HTML techniques I had not previously used (opacity levels used to create a fading effect and scrolling layers), and I created an entirely XHTML 1.1-compliant site.
In all, creating the Carney Studio Web site was an enjoyable experience; I had a lot of fun with it—and I don’t mind promoting it one bit, even it is to help improve its page rank.
2 Comments »
Permalink
Tags:
I read this on Jeremy Zawodny’s blog, and it made me want to rant, too. The question raised here is really: to what level of “free speech” do I have when it concerns talking about my job on my blog?
To that, I have to say this: when you become employed, there is a certain degree of right-waiving that you agree to, whether verbal, signatory, or just plain understood. One of those rights is the right to disclose company trade secrets. Another is the right to libel. When you agree to a period of employment with a company, you also agree to waive these rights as they pertain to your employer. If you don’t like this, you can always quit and find another job—you are not guaranteed the right to work for your employer; it is a privilege, and if you screw it up, then they do reserve the right to fire you.
Companies don’t need a blogging policy. If you sign an NDA, then you know you’re not supposed to talk about certain things in your company. If you don’t sign an NDA, then these things are (usually) left as “understood.” Simply agreeing to work for said company means you agree not to reveal their secrets. If you spread bad press about your company on your blog, then you do so at your own risk.
In other words: you should know better! The company shouldn’t have to tell you you could get fired for giving out trade secrets on your blog. They’re going to fire you for doing that whether you blog it or tell your friends. The only difference is that they’re more likely to read it on your blog than to hear it from your friends.
So, just be mindful what you say about your company, and if possible, don’t mention them at all in your blog—unless they pay you to blog about them as a PR tactic.
No Comments
Permalink
Tags:
Via Donna Wentworth of Copyfight: IBM announced today that they will be granting open access to 500 of its patents to developers of open-source software. This does not mean that IBM is no longer interested in the patents or will no longer hold them. On the contrary, IBM plans to maintain ownership of the patents while providing royalty-free access to open-source developers. This move will likely spur open-source development of technologies recently restricted. Specifically, Linux is poised to benefit greatly.
From the New York Times:
“This is much broader than the contributions we’ve made in the past,” said Jim Stallings, vice president for standards and intellectual property at I.B.M. “These patents are for technologies that are deeply embedded in many industry uses, and they will be available to anyone working on open-source projects including small companies and individual entrepreneurs.”
I.B.M. executives said they hoped the company’s initial contribution of 500 patents would be the beginning of a “patent commons,” which other companies would join. I.B.M. has not yet approached other companies, Mr. Stallings said.
This is a novel idea: responsible patent holder giants stepping forward and allowing the open-source community royalty-free access to develop innovative technologies. Here’s to hoping this sets a precedent and a wave of the future.
No Comments
Permalink
Tags: ibm, linux, opensource, patents
I rarely use this blog to discuss something that’s not related to technology, but someone sent me a link to these satellite before and after pictures of the devastation caused by the massive ocean wave. What this wave did is incredibly awesome with all the meaning that this word used to embody.
Also equally awe-inspiring is what this massive earthquake and displacement of water did to the Earth’s rotation: it caused it to spin 3 microseconds faster!
More horrifying is that the death toll is, at present, nearly 156,000. Relief efforts are staggering as people worldwide have responded well beyond imagination to help those in need.
13 Comments »
Permalink
Tags:
I’ve upgraded my blog to Wordpress 1.5 beta 1 (the latest nightly snapshot). Thus, things look a bit different around here, in case you haven’t noticed.
I’ll be cleaning things up and returning the site to a semblance of normalcy in the upcoming days.
For now, I need to figure out why my rewrite rules work perfectly on my staging site and not at all here, which is why the URL contains that awkward index.php directory.
UPDATE: I’m not sure what the difference was, but I copied over the .htaccess file from the staging site again, and this time it works. I apparently didn’t copy something correctly the first time. So, all old links are now available from their proper locations.
8 Comments »
Permalink
Tags:
Since I like to copy Chris Shiflett as much as possible, I decided to create my own list of 2004 highlights. My list is relatively short, though it’s a start, and I’m quite proud of my personal achievements. I began 2004 as a no-name in PHP-dom; now, at least five people know who I am.
This year was a year of firsts for me. In the next year, I plan to roll out a few more articles and attend several conferences, creating some more firsts and many more experiences for my enjoyment. Happy 2005!
3 Comments »
Permalink
Tags: