Blog Archive
Advanced user switching
Date: 24 Feb 2015Tags: [ PHP ] [ security ] [ switch user ] [ symfony2 ]
A really neat trick in the Symfony Security component is the fact that you can impersonate or “switch” users. This allows you to login as another user, without supplying their password. Suppose a client of your application has a problem at a certain page which you want to investigate. Sometimes this is not possible under your own account, as you don’t have the same data as the user, so the issue might not even occur in your account. Instead of asking the password from the user itself, which is cumbersome, and not a very safe thing to begin with, you can use the switch-user feature.
Debugging Symfony components
Date: 31 Dec 2014Tags: [ cache ] [ symfony ] [ xdebug ]
Don’t you hate it when you are stepping through your debugger during a Symfony application debug
session, and all of a sudden it cannot find files anymore as Symfony uses code located in the
bootstrap.php.cache instead of the actual Symfony component. Symfony creates these cache-classes
in order to speed up execution, but it makes that xdebug cannot find the correct code to step
through anymore.
vagrant-share issues
Date: 10 Dec 2014Tags: [ vagrant ]
As a reminder (mostly for myself, but any googlers out there):
After updating Leopard to OSX Mavericks (yes, I know it’s 2014!), i had to reinstall vagrant again. Using the latest version (1.7.0) gave me the following error while running:
/opt/vagrant/embedded/gems/gems/vagrant-share-1.1.2/lib/vagrant-share/activate.rb:8:in 'rescue in <encoded>': vagrant-share can't be installed without vagrant-login (RuntimeError)
Deepdive into the symfony2 security component: part 1
Date: 19 Oct 2014Tags: [ deepdive ] [ PHP ] [ security ] [ symfony2 ]
Once in a while I like diving into code and see how things work under the hood. And as the symfony2 framework consists of many different components, bundles and bridges, there is a lot to discover. But ultimately, the code itself mostly isn’t really as complex as it might seem from the outside world: just like a good magic trick, once unraveled, it all seems very simple and makes sense.
However, this is not true for one of those components: the security component. This black box full of dark magic doesn’t like to give up its secrets, and after some (miserably) failed attempts, I am trying to unravel it once more in a few blog posts. Either we achieve complete victory, or fail yet again.. At this point, I will give both fair odds.
Note that this blogpost are in the first place written for me personally. There may (and probably will) other blogposts be out there detailing the component, but I’d rather discover and share the experiences myself. Assumptions I make, may or may not be valid and might not even make sense, but then again, these posts should be considered as a learning process, not a hard truth (which I will never pretend I will have on anything).
Symfony2: logging out
Date: 06 Oct 2014Tags: [ PHP ] [ security ] [ symfony2 ]
One of the “golden rules” of symfony2 is to never hardcode urls or paths inside your code or templates. And letting symfony deal with the generation of your urls and paths makes your life a lot easier as a developer. But one of the things I see regularly is that people are still hardcoding their logout urls like using “/logout”. But logging out is actually a bit more complex than it might seem, and using a simple /logout might work for most cases, but there are better ways to deal with this.
Conditional app permissions
Date: 06 Aug 2014Tags: [ Android ] [ permissions ]
I know: free software comes with a price. Most likely this price is your privacy. I’m not talking about 3-letter agencies snooping in on each and every call or email, but the “normal” companies, setting up user profiles based on your addres sbook, phone calls, emails and whatnot. And nobody seems to care: we don’t mind selling ourselves if it means we can enjoy the next 5 minutes on flappy bird, sending 2-letter messages to others, or by sending poor-quality pictures to each other.
Internal PHP function usage: revisited
Date: 05 Aug 2014Tags: [ PHP ]
A small update on the blogpost about PHP’s internal function usages: https://www.adayinthelifeof.nl/2014/07/25/internal-php-function-usage/
Shuffling elements in Gatling
Date: 31 Jul 2014Tags: [ gatling ] [ performance ] [ scala ] [ testing ]
On a project where I worked alongside @basdenooijer, we needed to do a quick performance-test on a server. Since our shared hatred against (too) complex gui’s, Bas found an awesome cli-tool called gatling. Basically, like ApacheBench but smarter, and like jMeter, only less complex. With the help of simple scala scripts (yes, that’s a first), you can easily program your tests which in our case is a bit more complex than just clicking links on a page.
Internal PHP function usage
Date: 25 Jul 2014Tags:
How many internal PHP functions (things like count(), strpos(), array_merge() etc), does PHP have? Depending on which version you use, and how many extensions you have loaded, somewhere between 1000 and 2000 would be a good guess. But how many of these internal functions are you REALLY using? I don’t hear many people talking about iconv_strlen(), is_soap_fault() or mb_http_output(), yet these functions do exists. And how many times are people actually calling these functions?
A toolbox for less than $100 / month
Date: 01 Jul 2014Tags: [ github ] [ hipchat ] [ jira ] [ servergrove ] [ tools ] [ zapier ]
There are a lot of tools out there which can help you as a developer / self-employed contractor. And even though most of these tools are free (as in beer), I don’t mind spending a certain amount of money on tools that help me do my business. So with all the tools out there, all the paid plans, the freemiums and the trial periods, what can a crispy 100 dollar bill every month buy?
The first few milliseconds of HTTPS
Date: 12 Jun 2014Tags:
PHPMagazin.de has published my presentation about the first few milliseconds of HTTPS. This presentation has been presented by me at the International PHP Conference in Berlin last month.
Throttle your API calls: RateLimitBundle
Date: 28 May 2014Tags: [ api ] [ bundle ] [ http ] [ PHP ] [ ratelimit ] [ symfony2 ]
A web application is not complete without an API nowadays. APIs allow third parties - or just end users - to use the data from the platform for whatever they want. But by allowing applications to make automated calls to your API can result quickly in our systems overloading. Too many times third party applications will be polling your API when they don’t really need too, and maybe you can lighten the load a bit with some heavy-duty caching, but in essence you want that every API call made matters.
Dynamic form modification in Symfony2
Date: 19 Mar 2014Tags: [ dynamic ] [ events ] [ form ] [ PHP ] [ symfony2 ]
Sometimes (or actually, a lot of the time), handling forms will go beyond the basics. And even though Symfony2 gives you out-of-the-box a really clean way of creating forms, it sometimes just isn’t enough.
Fortunately, you are not alone in writing forms, and many posts exists with information on how to handle complex forms. In this post, I will try and demonstrate how to create a dynamic form where you can select a city based on the chosen province.
Bitwise mask emulation with Solr
Date: 28 Feb 2014Tags: [ bit manipulation ] [ solr ]
Solr is great for searching through a massive data collection in lots of different ways. But one thing Solr lacks is the possibility to search bitwise. And this by itself makes sense: Solr uses inverted indexing and doing bitwise operations on it’s indexes might result in a loss of performance. There are, however, some plugins that will allow you to use bitwise operations, but there might even be a more native way:
SPL Deepdive: RegexIterator
Date: 12 Feb 2014Tags: [ regexiterator ] [ spl ]
If everything goes according to plan (which never is the case), I’ll try and highlight some of the fascinating stuff that can be found inside the SPL. I do a lot of presentations about the SPL, and one of the things I like to tell people is that even though the SPL, - iterators particularly - is a magnificent piece of code that is often underused and misunderstood, it does come with some quirks and glitches that aren’t documented properly.
Email Subaddressing
Date: 04 Feb 2014Tags: [ email ] [ exim ] [ mail ] [ subaddressing ]
Sometimes you are looking so hard for a solution, that you won’t even see them even if they punched you in the face. Email Subaddressing is one of those issues I couldn’t get fixed.
Symfony2 app/console bash completion
Date: 02 Feb 2014Tags: [ bash ] [ completion ] [ symfony2 ] [ zsh ]
If you do command line work under Linux, you probably are aware that when pressing <TAB> automatically completes your
command, or give you options for it that are currently available. For instance, when entering cd l en pressing <TAB>,
bash gives you a list of all directories starting with an l, which you can select instead of type. If there is only
one available directory that starts with an l, it will automatically fill this in for you.
A great way to speed up your CLI development work, and an even better way to get acquainted with all options that are available to you for certain applications.
Realtime PHPUnit
Date: 02 Feb 2014Tags: [ continuous tests ] [ phpunit ]
Not all IDEs (actually, i haven’t seen even one IDE that does this), can run your unit-tests as soon as something changes.
Decoding TLS with PHP.
Date: 30 Dec 2013Tags: [ encryption ] [ rc4 ] [ ssl ] [ tls ]
As a proof of concept I wanted to see in how far I could decode some TLS data on the client side. Obviously, this is very complex matter, and even though TLS looks deceptively simple, it isn’t. To make matters worse, PHP isn’t quite helping us making things easy neither.
External code coverage with travis / scrutinizer
Date: 20 Nov 2013Tags: [ CI ] [ clover ] [ scrutinizer ] [ travis ]
I really love the travis-ci and scrutinizer-ci combo. Between them there are not many things missing like you would find in more complex systems like Jenkins for instance. Both travis and scrutinizer are really easy to setup (just click on which github repository you want to test), setup your yaml config files and off you go: instant CI.