Blog Archive

Github gists: revisioned code snippets for free

Date: 26 Dec 2010
Tags: [ gists ]  [ github

If you maintain a tecnhnical programmers blog, you occasionaly need to post code snippets. I use a syntax highlighter plugin on my blog to make those snippets look nice and highlighted. It works and it’s easy enough to implement and maintain. But Github might come with a even better solution: gists…

Enrise: Appending the appenditerator

Date: 26 Dec 2010
Tags: [ spl ]  [ iterator

I’ve posted a blog at the @enrise techblog about enhancing SPL’s appenditerator. This lovely iterator can be useful from time to time but it does not always do what you need. Here’s how you can easily create your own iterator:

InnoDB isolation levels

Date: 20 Dec 2010
Tags: [ innodb ]  [ MySQL ]  [ transaction

When asking what THE advantage of InnoDB over other MySQL engines like MyISAM is, then 9 out of 10 times the answer will be that InnoDB supports transactions. And it’s true. But there is more about transactions than meets the eye. Let’s explore one of the most difficult area’s: isolation levels.

The first few milliseconds of https

Date: 19 Dec 2010
Tags: [ tls ]  [ ssl

I was on the verge of creating a post about the TSL/SSL handshaking, when I discovered a blogpost about the very same subject. Since I don’t think it’s of much use to blog about exactly the same thing, and I can really recommend Jeff Moser’s page so please read and understand it.

Tutorial: how to manage developers

Date: 18 Dec 2010

This post is not so much for developers as it is for the managers and bosses from those developers. As you probably know by now, managing software engineers (or programmers) is not an easy task. They just don’t like to play by the rules you always took for granted. Why is that? Why are those pesky programmers too hard to handle? Why is it so hard to sit down, write code and shut up??

Composite key autoincrements

Date: 17 Dec 2010
Tags: [ autoincrement ]  [ MySQL

Autoincrement is sometimes called a “poor-man-sequence”. Sequences in other DB systems are counters that can be used for automatically number fields when inserting data, just like autoincrement in MySQL does, but they can be much more complex. However, in MySQL you do not always you want or need increments of 1. Sometimes you need something a little more complex than that and MySQL leaves you pretty much in the cold.  There is a neat little trick that can solve some “autoincrement” problems…

OAuth timestamps and nonces

Date: 16 Dec 2010
Tags: [ nonces ]  [ oauth ]  [ replay-attack ]  [ timestamps

Oauth is a very popular authentication mechanism used for a lot of web applications. And not without good reasons. It is relatively easy to implement, has different flavours (2-legged, 3-legged system) so you can use almost anywhere that requires authentication and authorization. This post is not about how to implement oauth. That can be found in much greater detail than I can explain here, but about two tiny details that can make or break your oauth security: the oauth nonce and timestamp.

What kind of day has it been

Date: 14 Dec 2010

For the readers who get the Aaron Sorkin reference in the title, do not be alarmed: this will NOT be my final blog post, just the last of the season. One year ago I’ve decided to do some (active) blogging about all tech related things I encounter in both my professional as my private life which I find interesting enough to share with the world (or at least with google). So, after blogging one year, was it worth it?

PHP srand problems with suhosin

Date: 13 Dec 2010
Tags: [ PHP ]  [ rand ]  [ suhosin

Today I stumbled across an odd problem which took me about an hour to figure out what was going on. It had to do with mt_srand(), where it looked like it didn’t work properly. I needed a repeatable sequence of random numbers (which is EXACTLY what the Mersenne Twister produces) so I used mt_srand() with a fixed number (for testing purposes) and tried to see if the same sequence of random values were generated by mt_rand()..  It didn’t…

SSL and Virtualhosting

Date: 12 Dec 2010
Tags: [ apache ]  [ sni ]  [ ssl ]  [ tls ]  [ virtualhosting

SSL and virtualhosting on 1 IP address? I can’t be done! Well, this might have been the case a few years ago but times has changed. Let’s explore the possibilites to have multiple hosts running on the same IP address AND all of them have their own separate SSL domain and certificates. It’s possible, but with a few catches..

Sed & awk examples

Date: 11 Dec 2010
Tags: [ awk ]  [ sed

Did you know you can write a webserver in awk or that sed supports conditional jumps? Probably not… These tool (languages, actually) are much more powerful than most people know. The sed & awk combination gives you massive power IF used correctly. Although most people use it for simple tasks like search/replacing or displaying certain columns of a file, the potential is much higher. I will discuss a few real-life examples I use from time to time…

Encryption operating modes: ECB vs CBC

Date: 08 Dec 2010
Tags: [ encryption

Today I overheard two colleagues discussing one of my favorite subjects: encryption. The discussion was about that encrypting data (with a normal block cipher) was working perfectly in ECB mode, but not in CBC mode. So, this all leads up to the question: what is ECB and CBC? And when should you use them? Although this post has some PHP code in it, it is applicable for every other language.

Sed: simple pattern address usage

Date: 06 Dec 2010
Tags: [ pattern ]  [ regex ]  [ sed

Most people I know use sed for simple and fast translation of some keyword in files. For instance, changing ports and tags inside configuration files during deployment to production servers. This results in sometimes clumsy scripts to make sure that sed changes a keword on line 4, but not on line 40. Most people I know have no idea that the way you can actually limit the range in which sed has to operate. Let’s explore…

Public key cryptography 101

Date: 05 Dec 2010
Tags: [ cryptography ]  [ rsa

I’ve just uploaded the new slides for my Public Key Cryptography 101 presentation. It consists of 84 (!) slides about the basics of encryption, public key cryptography and implementations. How does it work, what are it’s advantages, disadvantages and practical uses. Off course, this presentation should be accompanied with the talk itself and I’ve submitted it to a few (php) conferences in 2011. Let’s hope organizers out there are willing to give “the more advanced” topics a chance instead of sticking with the safe and common topics (the so-called Pinkpop effect) and see you somewhere in 2011!

About using UTF-8 fields in MySQL

Date: 04 Dec 2010
Tags: [ MySQL ]  [ performance ]  [ utf8

I sometimes hear: “make everything utf-8 in your database, and all will be fine”. This so-called advice could not be further from the truth. Indeed, it will take care of internationalization and code-page problems when you use UTF-8, but it comes with a price, which may be too high for you to pay, especially if you have never realized it’s there..

Top-5 certifications for every PHP programmer

Date: 03 Dec 2010
Tags: [ certifications ]  [ PHP ]  [ top5

Today I’ve passed the Zend Framework Certification exam and with that I can finally close my new years resolution for 2010: doing 12 (tech related) exams in 2010. So I’ve seen a lot of exams, good ones and bad ones and I want to share with you my experience by creating a top-5 of must-have certifications for PHP programmers…

Back to basics: two's complement

Date: 26 Nov 2010
Tags: [ b2b

I occasionally get into discussions where I find that other lack some basic understanding of the elementary systems which he or she has to work with everyday. Today was such a day: we went into a discussion about that it would be so much nicer to have unsigned tinyint (in mysql) range from -127..128 instead of -128..127. Although it COULD be changed, it would go against almost all rudimentary principles of numeric systems used inside computers, but this not always known to PHP-programmers.

So today I introduce the “back-to-basics” posts, which talks about all kind of rudimentary principles in computer technology. These principles found the basics of that what you use each and every day, and even though you probably not aware of them, they still are there..

The first b2b post is about the two’s complement signing system… let’s take a look:

10 advanced linux command line tools

Date: 24 Nov 2010
Tags: [ linux tools

Most developers who are working at the command line on a Linux system know the “basic” commands: ls, cd, cat, tail, head, sort, grep, find and others. More “advanced” users will know how to deal with the ‘sed’ and ‘awk’ beasts, or even prefer perl-oneliners. Have the knowledge of bash (scripting) and you find yourself inside a Valhalla where only your imagination is the limit. Well, not really, but at least you get my point, hopefully.

But like everything you do in life, you don’t know about the things that lies after the horizon until you actually explore them. This “yet another top ten list” will dive into some interesting (standard) tools that can make your life much easier when dealing with Linux systems from a programmers perspective.

Centralising your tools in a custom repository - Part 1

Date: 22 Nov 2010
Tags: [ package ]  [ repository ]  [ rpm ]  [ tutorial

At almost every software company I’ve been involved in, used custom-made tools for various tasks. These tools range from simple shell-scripts for search&replacing data to large deployment-script or even programs that take care of administrative tasks like monitoring, log aggregation and so on. At the good companies, these tools are maintained inside a software repository system SVN or GIT. But tools like these need to be deployed to a lot of different server and development environments, both in internal and external networks. Creating SVN checkouts is a possibility, but what about things like dependencies or easy up- or downgrades. And do you want external systems give access to your source code repository? And how do you make sure everybody uses the latest release with the newest features and bug fixes?

One of the best answers is something almost every Linux user is already familiar with: package managers. They are easy to use, it’s fast and can do so much more work for you than simple repository checkouts ever can do. Using Linux packages managers as the preferred way of deployment for software is not yet discovered by the php-community. Strange actually, since package managers are capable of handling issues that most deployment-tools are struggling with like dependencies, upgrades, downgrades and multi-environment setups.

Since this subject is pretty large to handle in a single blog post, it is setup in 3 different chapters. First, we begin by creating a package from scratch. In the next chapter, we show how to collect and maintain these packages inside your customer repository and in the last chapter we will talk about connecting your software repository to your package manager and how to deal with multiple repository-formats.

Centralising your tools in a custom repository – Part 2

Date: 22 Nov 2010
Tags: [ package ]  [ repository ]  [ rpm ]  [ tutorial

During this blog post I will talk about creating your own custom package repository. However, before you can setup a repository, you need packages. This previous post talks about setting up your custom packages.