A Day In The Life Of...

CipherSmith: a browser-based crypto toolkit

Wed, 06 May 2026 00:00:00 +0000

For years I had a small private page on my machine with a bunch of hacky tools for day-to-day crypto work. Hashing a string, base64 encoding something, generating a random key. Nothing fancy. Just stuff I got tired of copy-pasting terminal commands for every single time.

The problem with most online tools is that they want you to paste sensitive data into some random form on some random server. Which is a terrible idea when the thing you’re pasting is a private key or an API token. And tools like CyberChef are great, but it’s a lot of UI to navigate when you just want to quickly hash a string.

So a few weeks ago I cleaned things up and turned my private page into something actually usable: ciphersmith.io.

Verifying your age in a privacy preserving manner

Mon, 27 Apr 2026 00:00:00 +0000

There is a lot going on in the world regarding age verification. Why does every website or operating system (and possibly later: smart appliances like your fridge??) need to know your age?

While I don’t agree with a generic “think of the children” excuse, I do understand that there are certain sites you want to restrict for younger ages, like adult and gambling sites. But are we really willing to scan our ID cards and post them to those sites? Or, possibly worse, have a provider with a centralized database containing all these ID cards? Privacy AND security hell.

Posting on the internet freightens me

Thu, 16 Apr 2026 00:00:00 +0000

First of all, please understand that I’m someone who has a clear way of visualizing my thoughts, but struggles to communicate them verbally or through written text like posts. Being Dutch already brings a certain directness or bluntness into the mix, so when I try to be concise, it can sometimes come across as me being an a-hole. Sometimes that’s probably true, but most of the time, it’s not meant that way. It’s something I’ve been struggling with for about 48 trips around the sun. So I’m not trying to paint people in a bad light in this post.

Endless - A dive into a C64 game

Fri, 07 Mar 2025 00:00:00 +0000

Almost 40 years ago, in 1985, a game was released for the Commodore 64 called “Eindeloos” (“Endless”, in dutch). In this game you needed to find your way around a labyrinth while avoiding all kind of enemies and obstacles. The map was so huge, that it was almost impossible to finish the game. It truly was endless for most players.

I'm still fed up and a browser is coming along fine

Sat, 16 Dec 2023 00:00:00 +0000

Three months ago, I wrote a small story about being fed up with things and trying to do something about it. Three months in, we’ve got a small community sharing the same goal: let’s try writing a browser.

I'm fed up with it, so I'm writing a browser

Fri, 22 Sep 2023 00:00:00 +0000

This blogpost starts with me switching of my car radio, and ends with me writing a browser. There is some stuff in between as well.

A list of 100 opinions I hold

Mon, 05 Sep 2022 00:00:00 +0000

“That’s just like, your opinion, man” - the dude

Here’s a list of 100 opinions I hold. These are opinions, not hard facts or truths. There will be many people disagreeing with some of them, maybe even most of them, and there will be very few that will agree with all of them.

A comprehensive list of failed projects

Mon, 27 Dec 2021 00:00:00 +0000

I’m full of ideas. Most of them are stupid, though. But sometimes, some of these ideas get stuck in my head like an itch I must scratch, and voila: a new side-project is born.

I don’t start projects with a direct goal. Sometimes it’s just to figure out: “how hard could it be” (hint: always), or sometimes: I could get rich with this (hint: never).

Even though I’m making a good amount of money as a freelance consultant, I would love to have a project that I love to work on, which generates money even when I’m not working on it directly. As a freelancer, I can only bill for the hours I make, and typing twice as fast doesn’t reflect in getting paid twice as much.

Because I make good money, I also have the opportunity to take a few months off in a year and focus full time on my side projects. For me, this is also a perfect way to wind down after hectic months of working against deadlines, so it helps me destress, feeds my curiosity, allows me to use new untapped technologies, and maybe make a bit of money.

If we talk about the first few reasons: all my projects succeed, whether I finish them, get bored with them, or find they are not feasible to keep alive. However, making money is much harder to achieve, yet
it is becoming the main reason I want to start a new project.

Let's talk about your privates

Sun, 07 Nov 2021 00:00:00 +0000

In the software development world, there are a lot of debates going on: tabs vs. spaces, vim vs. emacs, Linux vs. mac, and so on. In most, if not all, these debates, there is no clear winner: both sides are equally right (or wrong), and most likely, there is no majority on one side. I, however, am part of a debate on the “losing” side in such that I’m part of the minority. And even though strong opinions are weakly held, after I guess since the launch of PHP 5, my opinion still holds, and I’m talking about your privates…

My first attempts with Unity

Wed, 01 Sep 2021 00:00:00 +0000

For a while now, I’m thinking about doing something with Unity to see how it works. And what a better way to figure things out is to try and develop a game with it.

Go maps vs switches

Thu, 04 Mar 2021 00:00:00 +0000

Sometimes, things aren’t faster because you think it is,.. but because you benchmarked them. One of Go’s nice things is that it makes it easy to benchmark things to see if your hunches are correct quickly. And sometimes, they turn out not.

From Mac to Windows

Wed, 12 Aug 2020 00:00:00 +0000

I’ve moved from a Macbook Pro to a Dell PS running Windows 10. I decided against MacBook after their annoucement to move to ARM. Even though the macbook 16" was the only system i actually was thinking of buying, i’ve decided against it and give windows a new try. I’ve heared more and more good stories about windows, and more and more bad stored about mac over the last few years. Let’s switch!

Introducting BitMaelum - A new mail concept

Fri, 12 Jun 2020 00:00:00 +0000

What if you can design an email system with a clean sheet. You don’t need to care about existing email clients or servers or anything at all. Even the concept of an email address can be touched. What would such a system look like? This is my attempt,..

Amazon Web Services

Wed, 20 May 2020 00:00:00 +0000

More often than not, I’m using Amazon Web Services (AWS) as my “cloud”. Not only for my own projects, but almost all customers I’m working for use Amazon for hosting their applications. So over time you build up a lot of experience on AWS service: you know how to (correctly) setup VPC’s, know when to you ECS, EC2 or lambda to host code and even services like S3, SNS and SQS pose no challenges anymore.

But there are a lot of AWS services available. And I do mean: a LOT. Currently, there are 163 (!) different services that are available from the Amazon Dashboard, each with their own way of working, difficulties, catches and best practises.

Symfony's autowiring

Tue, 19 Sep 2017 00:00:00 +0000

When asking people if they use Symfony’s autowiring functionality, an often heard excuse why people don’t use it is because of all the magic that is happening during autowiring. But just like most impressive magic tricks, once explained, it all boils down to a few simple principles and Symfony’s autowiring is nothing different in that perspective. In this blogpost I will explain the new autowiring and autoconfiguration features, and why you should love them.

Write your own GitHub clone

Sun, 28 Feb 2016 00:00:00 +0000

Shower thought: What would it take to write your own GitHub clone? Answer: not that much! I’ve spend a few hours on tinkering with some of the basic concepts, and it turns out it’s actually quite easy to set something up from scratch. And before you all go and write comments that it not feature-complete: yes, I know. But most of them are fairly trivial to implement though, and my goal was to actually see if we can get the foundations up and running. Implementing things like an issue-tracker and webhooks isn’t part of that.

My guide to commenting on joind.in

Thu, 17 Dec 2015 00:00:00 +0000

If you are visiting pretty much any (random) PHP conference these days, you will hear a lot of talk about “rating talks on joind.in”. For those not familiar with this site: it’s a site where you can find additional information about the talk (like slides), and where you can leave a rating and/or comment about the talks and conferences that you have attended.

It’s a great way to prepare for an upcoming conference: check out the talks you want to see, and see if the presenter has already given the presentation at another conference and view the rating / comments. This way, you have a good picture (although never the complete picture), of the presentation you are about to see. Also, often presenters will add their slidedeck to talks, so you can actually see what the presentation will look like.

Moving to Jekyll

Fri, 11 Dec 2015 00:00:00 +0000

As you might notice, i’ve switched my blogging engine from Wordpress to Jekyll. There are actually a few reasons for this:

Benford's law in frameworks

Wed, 09 Dec 2015 00:00:00 +0000

In a new talk I’m currently presenting at conferences and meetups, I talk - amongst other things - about Benford’s law. This law states that in natural occurring numbers, the first digit of those numbers will most often start with a 1 (around 30% of the time), and logarithmically drops down to the number 9, which occurs only 5% of the time. This might sound strange: why would a number that starts with 1, (like 1, 16, 152 or even 152533), be more common than 2,25, 266, or even the lesser common 6, 63, 6474 etc? And although there are some explanations, a definitive one still isn’t there.

Symfony, XDebug and the maximum nesting level

Sun, 15 Nov 2015 00:00:00 +0000

Here you are, developing your code based on the Symfony2 framework. Creating a form here, add a Twig template there, until suddenly, boom! Your site doesn’t work anymore, and all the info you can find in your PHP logs is:

PHP Fatal error: Maximum function nesting level of '100' reached, aborting! in Unknown on line 0

What just happened? Did I create some kind of recursive function I wasn’t aware of, did somebody commit code that I accidentally pulled? Did Jupiter align with Mars and somehow this is causing issues in my code. Who knows? Fortunately for us developers, there is a quick way to deal with this: google it..

Incrementing values in PHP

Tue, 13 Oct 2015 00:00:00 +0000

Take a variable, increment it with 1. That sounds like a simple enough job right? Well.. from a PHP developer point of view that might seem the case, but is it really? There are bound to be some catches to it (otherwise we wouldn’t write a blogpost about it). So, there are a few different ways to increment a value, and they MIGHT seem similar, they work and behave differently under the hood of PHP, which can lead to - let’s say - interesting results.

Understanding Symfony2 Forms

Fri, 11 Sep 2015 00:00:00 +0000

To actually use Symfony2 forms, all you need to do is read some documentation, a few blog posts and you’ll be up and running in a couple of minutes. Understanding Symfony2 forms however, is a whole different ballgame. In order to understand a seemingly simple process of “adding fields to a form”, we must understand a lot of the basic foundation of the Symfony2 Form component. In these blog posts, I’ll try and give some more insights on this foundation.

The PHP Elephant stampede

Wed, 03 Jun 2015 00:00:00 +0000

Do you have a toy PHP elephant? A blue one, or an exotic other color, maybe even a jumbo version? Maybe even more than one? Good, put it or them down on the floor, step away from it for a about 5 meters or so, and look back.

You bought this with your hard owned money. You’ve earned it. It’s yours. But think about this for a while: what if the literally thousands of dollars we as a community spent on stuffed animals, what if we would spend that same amount of money on PHP itself?

The secret success of PHPNL

Fri, 17 Apr 2015 00:00:00 +0000

Jelrik and I wanted to share something (I forgot what it was) during the PHPBenelux conference. Probably too lazy to send it through email (tarring, getting it into the email client, sending.. blergh.. tired already) and most likely because the dislike of Skype, we turned to Slack, where both of us were already in (too) many teams already. Strangely enough, we didn’t had a common team where we both were member of.

Advanced user switching

Tue, 24 Feb 2015 00:00:00 +0000

A really neat trick in the Symfony Security component is the fact that you can impersonate or “switch” users. This allows you to login as another user, without supplying their password. Suppose a client of your application has a problem at a certain page which you want to investigate. Sometimes this is not possible under your own account, as you don’t have the same data as the user, so the issue might not even occur in your account. Instead of asking the password from the user itself, which is cumbersome, and not a very safe thing to begin with, you can use the switch-user feature.

Debugging Symfony components

Wed, 31 Dec 2014 00:00:00 +0000

Don’t you hate it when you are stepping through your debugger during a Symfony application debug session, and all of a sudden it cannot find files anymore as Symfony uses code located in the bootstrap.php.cache instead of the actual Symfony component. Symfony creates these cache-classes in order to speed up execution, but it makes that xdebug cannot find the correct code to step through anymore.

vagrant-share issues

Wed, 10 Dec 2014 00:00:00 +0000

As a reminder (mostly for myself, but any googlers out there):

After updating Leopard to OSX Mavericks (yes, I know it’s 2014!), i had to reinstall vagrant again. Using the latest version (1.7.0) gave me the following error while running:

/opt/vagrant/embedded/gems/gems/vagrant-share-1.1.2/lib/vagrant-share/activate.rb:8:in 'rescue in <encoded>': vagrant-share can't be installed without vagrant-login (RuntimeError)

Deepdive into the symfony2 security component: part 1

Sun, 19 Oct 2014 00:00:00 +0000

Once in a while I like diving into code and see how things work under the hood. And as the symfony2 framework consists of many different components, bundles and bridges, there is a lot to discover. But ultimately, the code itself mostly isn’t really as complex as it might seem from the outside world: just like a good magic trick, once unraveled, it all seems very simple and makes sense.

However, this is not true for one of those components: the security component. This black box full of dark magic doesn’t like to give up its secrets, and after some (miserably) failed attempts, I am trying to unravel it once more in a few blog posts. Either we achieve complete victory, or fail yet again.. At this point, I will give both fair odds.

Note that this blogpost are in the first place written for me personally. There may (and probably will) other blogposts be out there detailing the component, but I’d rather discover and share the experiences myself. Assumptions I make, may or may not be valid and might not even make sense, but then again, these posts should be considered as a learning process, not a hard truth (which I will never pretend I will have on anything).

Symfony2: logging out

Mon, 06 Oct 2014 00:00:00 +0000

One of the “golden rules” of symfony2 is to never hardcode urls or paths inside your code or templates. And letting symfony deal with the generation of your urls and paths makes your life a lot easier as a developer. But one of the things I see regularly is that people are still hardcoding their logout urls like using “/logout”. But logging out is actually a bit more complex than it might seem, and using a simple /logout might work for most cases, but there are better ways to deal with this.

Conditional app permissions

Wed, 06 Aug 2014 00:00:00 +0000

I know: free software comes with a price. Most likely this price is your privacy. I’m not talking about 3-letter agencies snooping in on each and every call or email, but the “normal” companies, setting up user profiles based on your addres sbook, phone calls, emails and whatnot. And nobody seems to care: we don’t mind selling ourselves if it means we can enjoy the next 5 minutes on flappy bird, sending 2-letter messages to others, or by sending poor-quality pictures to each other.

Internal PHP function usage: revisited

Tue, 05 Aug 2014 00:00:00 +0000

A small update on the blogpost about PHP’s internal function usages: https://www.adayinthelifeof.nl/2014/07/25/internal-php-function-usage/

Shuffling elements in Gatling

Thu, 31 Jul 2014 00:00:00 +0000

On a project where I worked alongside @basdenooijer, we needed to do a quick performance-test on a server. Since our shared hatred against (too) complex gui’s, Bas found an awesome cli-tool called gatling. Basically, like ApacheBench but smarter, and like jMeter, only less complex. With the help of simple scala scripts (yes, that’s a first), you can easily program your tests which in our case is a bit more complex than just clicking links on a page.

Internal PHP function usage

Fri, 25 Jul 2014 00:00:00 +0000

How many internal PHP functions (things like count(), strpos(), array_merge() etc), does PHP have? Depending on which version you use, and how many extensions you have loaded, somewhere between 1000 and 2000 would be a good guess. But how many of these internal functions are you REALLY using? I don’t hear many people talking about iconv_strlen(), is_soap_fault() or mb_http_output(), yet these functions do exists. And how many times are people actually calling these functions?

A toolbox for less than $100 / month

Tue, 01 Jul 2014 00:00:00 +0000

There are a lot of tools out there which can help you as a developer / self-employed contractor. And even though most of these tools are free (as in beer), I don’t mind spending a certain amount of money on tools that help me do my business. So with all the tools out there, all the paid plans, the freemiums and the trial periods, what can a crispy 100 dollar bill every month buy?

The first few milliseconds of HTTPS

Thu, 12 Jun 2014 00:00:00 +0000

PHPMagazin.de has published my presentation about the first few milliseconds of HTTPS. This presentation has been presented by me at the International PHP Conference in Berlin last month.

Throttle your API calls: RateLimitBundle

Wed, 28 May 2014 00:00:00 +0000

A web application is not complete without an API nowadays. APIs allow third parties - or just end users - to use the data from the platform for whatever they want. But by allowing applications to make automated calls to your API can result quickly in our systems overloading. Too many times third party applications will be polling your API when they don’t really need too, and maybe you can lighten the load a bit with some heavy-duty caching, but in essence you want that every API call made matters.

Dynamic form modification in Symfony2

Wed, 19 Mar 2014 00:00:00 +0000

Sometimes (or actually, a lot of the time), handling forms will go beyond the basics. And even though Symfony2 gives you out-of-the-box a really clean way of creating forms, it sometimes just isn’t enough.

Fortunately, you are not alone in writing forms, and many posts exists with information on how to handle complex forms. In this post, I will try and demonstrate how to create a dynamic form where you can select a city based on the chosen province.

Bitwise mask emulation with Solr

Fri, 28 Feb 2014 00:00:00 +0000

Solr is great for searching through a massive data collection in lots of different ways. But one thing Solr lacks is the possibility to search bitwise. And this by itself makes sense: Solr uses inverted indexing and doing bitwise operations on it’s indexes might result in a loss of performance. There are, however, some plugins that will allow you to use bitwise operations, but there might even be a more native way:

SPL Deepdive: RegexIterator

Wed, 12 Feb 2014 00:00:00 +0000

If everything goes according to plan (which never is the case), I’ll try and highlight some of the fascinating stuff that can be found inside the SPL. I do a lot of presentations about the SPL, and one of the things I like to tell people is that even though the SPL, - iterators particularly - is a magnificent piece of code that is often underused and misunderstood, it does come with some quirks and glitches that aren’t documented properly.

Email Subaddressing

Tue, 04 Feb 2014 00:00:00 +0000

Sometimes you are looking so hard for a solution, that you won’t even see them even if they punched you in the face. Email Subaddressing is one of those issues I couldn’t get fixed.

Realtime PHPUnit

Sun, 02 Feb 2014 00:00:00 +0000

Not all IDEs (actually, i haven’t seen even one IDE that does this), can run your unit-tests as soon as something changes.

Symfony2 app/console bash completion

Sun, 02 Feb 2014 00:00:00 +0000

If you do command line work under Linux, you probably are aware that when pressing <TAB> automatically completes your command, or give you options for it that are currently available. For instance, when entering cd l en pressing <TAB>, bash gives you a list of all directories starting with an l, which you can select instead of type. If there is only one available directory that starts with an l, it will automatically fill this in for you.

A great way to speed up your CLI development work, and an even better way to get acquainted with all options that are available to you for certain applications.

Decoding TLS with PHP.

Mon, 30 Dec 2013 00:00:00 +0000

As a proof of concept I wanted to see in how far I could decode some TLS data on the client side. Obviously, this is very complex matter, and even though TLS looks deceptively simple, it isn’t. To make matters worse, PHP isn’t quite helping us making things easy neither.

External code coverage with travis / scrutinizer

Wed, 20 Nov 2013 00:00:00 +0000

I really love the travis-ci and scrutinizer-ci combo. Between them there are not many things missing like you would find in more complex systems like Jenkins for instance. Both travis and scrutinizer are really easy to setup (just click on which github repository you want to test), setup your yaml config files and off you go: instant CI.

TeleHash: an encrypted p2p network for your apps

Tue, 12 Nov 2013 00:00:00 +0000

In the current day and age, using a plain HTTPS connection might not be the most secure way to communicate anymore. Sure, for your purposes and goals we can assume that this communication is safe enough, but cracks are appearing in the security, and we might need to move to better, more secure ways in maybe a shorter period than anyone expected. But how do we do this? We are not crypto-experts, and you probably have no idea how HTTPS works to begin with. Should we find ourselves a secure way to encrypt our data? Should we “invent” new methods that look safe, just because it’s too complex to explain what’s going on?

Yearly mail routine

Tue, 22 Oct 2013 00:00:00 +0000

**January 1, **

This year will be different. I will sort all my mail directly into different mailboxes. I will make sure my inbox will be 0 at all times. Yes! This is going to be an awesome worry-free mail year!

FullSpectrumLaser aka: why you should think twice on buying from them

Sun, 21 Jul 2013 00:00:00 +0000

After buying a secondhand generic Rabbit laser cutter, I immediately fell in love with laser cutting and engraving. It really rocks, you can make really neat things and we even use it for promotion for my company. Awesome stuff, but our laser cutter wasn’t good enough: it’s a pretty cheap chinese manufacturing, with buggy software that only can communicate through a LPT port (remember those, me neither). So we decided to take a look around to see if we could find a better cutter, and we came out at Full Spectrum Laser. We decided to buy a laser cutter from them: - worst - decision - ever..

PHP's Resources and garbage collection

Wed, 10 Jul 2013 00:00:00 +0000

Today, I’ve found a nice bug/feature/whatsmathing in PHP. I was playing around with writing a daemon and if you have any experience writing daemons (in any language), there are a few rules you have to live by. For instance, setting your effective uid and gid to a non-privileged user (in case you needed to do some privileged initialization, like opening a socket on a tcp port < 1024), setting the process as a group leader with posix_setsid(), and redirecting stdio file descriptions. And here something went wrong which took a while to find and fix..

Twitter Customer Support: the best thing that happened for customers and companies

Sun, 07 Jul 2013 00:00:00 +0000

I’m not a social media 2.0 hipster kinda guy. I use Twitter a lot on personal account, I do not have Facebook. But i do some LinkedIn. There’s lots of power in (ab)using social media, I understand this, and I understand I do not use their full potential (nor I want to do so). However, there is one case I like to use social media with Twitter in particular: complaining to companies. Why? It works.. and almost at a 100% satisfaction rate.

Saffire update may 2013: coalesce

Mon, 22 Apr 2013 00:00:00 +0000

One of the things that happens over and over again is that you need to check a value, and if it’s not set, it should set a default value. Normally, these variables could be initially set by properties, but sometimes you don’t have any control on initialization. For instance, when these values come from users.

Scrum issues: being agile isn't easy..

Mon, 01 Apr 2013 00:00:00 +0000

I do a lot of consulting work and because of this I see lots of different development processes at many companies. Some of them are good, but most of them are not. And this problem isn’t caused by lack of trying, but of lack of expertise. Most - if not all - software development departments I visit try to be “agile” by implementing scrum. But unlike what many people think, implementing scrum in an efficient way isn’t that easy. It takes time and effort on ALL levels of a company. If your clients, or IT department aren’t ready to do scrum, then you won’t succeed either. You could of course, implement some of the facets of scrum, but scrum - it is not.

How Saffire doesn't do things different

Thu, 21 Feb 2013 00:00:00 +0000

The question I get asked a lot, is what makes Saffire different? The most honest answer: nothing. There is absolutely nothing that makes Saffire different from other language, because Saffire doesn’t do things different. And there is a good reason for this: after many decades of developing languages by many and much smarter people than yours truly, I do not pretend to have found the correct way on how to do things different - and better.

PHP5.5: Try/Catch/Finally

Tue, 12 Feb 2013 00:00:00 +0000

Exception handling is available in PHP since version 5. It allows you to have a more fine-grained control over code when things go wrong ie, when exceptions occur. But since PHP 5.5, exception handling has finally evolved into what it should have been from the beginning: the finally part has been implemented.

Custom symfony2 config loader

Wed, 30 Jan 2013 00:00:00 +0000

It happens more and more: large projects where your symfony2 site is just a small part in the big picture. Lots of additional components might even play a bigger part, especially when you are dealing with asynchronous components which are connected through message queues for instance. So the question is: we want to make sure that all your components are using the same settings, be it your symfony2 project, your bash-scripts, 3rd python application and whatnot. How do we keep this all in sync?

Saffire january 2013 update

Sat, 26 Jan 2013 00:00:00 +0000

Most development languages will have some kind of printf() functionality. It takes a string, and can have optional arguments, depending on the placeholders you have set inside your string.

Debugging remote CLI with phpstorm

Thu, 20 Dec 2012 00:00:00 +0000

Even in these days, with full-featured PHP IDEs around, I still see PHP developers using var_dump() and die() to debug their code. Not only is this a very bad way of “debugging”, it has other dangers as well, like side-effects on calling (non-idempotent) methods multiple times, not removing debug statements and possible even committing this to the VCS repository, which gets send onto your production environment. We’ve probably all been there,.. But we don’t have to. Debugging your code properly through an IDE is quite easy, but one of the major problems is debugging CLI code. Since many frameworks like Zend, Symfony and micro-frameworks like Cilex can be used to create command-line apps, cronjobs and even daemons, so how do we easily debug this kind of code?

Saffire - Programming the web since 2013

Thu, 20 Dec 2012 00:00:00 +0000

So, Saffire started as a way to “learn” a bit about flex/bison. I’ve dealt with these systems before a long time ago (pre-2K), and i forgot lots about them. So it was about time for a refreshal. Unfortunally, looking on the internet for tutorials, almost all of them are about how to write a calculator (bison’s version of “hello world”, most probably). Very soon, I decided to try and parse my own language, with some idea’s I collected over time on how *my* favorite language should look like. Two hours later: Saffire was born.

Introducing the REST cookbook

Wed, 12 Dec 2012 00:00:00 +0000

One of the many things I do, on pretty much a weekly basis, is answering questions about REST and HTTP. Is this status code correct for X, should I use POST or PUT, is this hateoas enough, how do i handle logins in a RESTful API etc, etc… This is why I decided to setup a simple website, that pretty much tries to answer any question about REST. It’s not completed yet.. Actually, it hasn’t got many posts to begin with :), but a start has been made and we will fill it with questions and answers about REST and HTTP issues.

Saffire: december 2012 update

Mon, 10 Dec 2012 00:00:00 +0000

A few months ago I started with a new programming language called Saffire, and it’s time for an update. Since then, we have merged over 100 pull requests, and the number of contributors is steadily increasing. This post is explains of the functionality we already implemented (or want to implement).

Installing composer: russian roulette.

Mon, 15 Oct 2012 00:00:00 +0000

I love working with composer. I think it’s a really neat way of dealing with dependencies in (PHP) projects and it’s not for nothing that big frameworks like symfony2 are using composer as their primary way of handling bundles and other components. But this blogpost is not about problems with composer (well, not really anyway). It’s about installing composer. It is fundamentally wrong, and it sets a very, very bad precedent for both experienced and inexperienced (php) developers.

Writing a language

Fri, 17 Aug 2012 00:00:00 +0000

In the last blogpost I was talking about a new language in the making. Unfortunately, writing a complete new language - from scratch - isn’t as easy and takes a fair bit of time. During this development process, I will try and blog a bit on the things we are developing, the problems we are facing and the solutions we are implementing. The current Saffire status: we are able to generate AST tree’s from Saffire source programs. If you have no clue what I’m talking about, no worries: this blogpost will try and explain it all.

MultiParamConverter for Symfony2

Sat, 04 Aug 2012 00:00:00 +0000

If you know Symfony2, you probably are using (or at least, have heard of) the @paramConverter annotation from the SensioFrameworkExtraBundle. This is a really simple way to convert slugs into entities. But lots of times I find myself having multiple slugs inside my routes, and this is something the @paramConverter annotation cannot do. So that’s why I’ve created the multiParamConverter.

Saffire: A dive into a new language

Sat, 04 Aug 2012 00:00:00 +0000

Confused by Perl? Bored by Python? Ruby too 2011? What’s the alternative? PHP? Come on! Well, seek no further since here is the next language for at least the coming decade: Saffire!

Using varnish to offload (and cache) your OAuth requests

Fri, 06 Jul 2012 00:00:00 +0000

For a current project both me and a colleague are working on a big API system that authenticates through an OAuth system. Normally, such an API does all the necessary OAuth checking, handling of tokens etc, but we wanted to have a system that actually offloads our authentication just the same way one could offload HTTPS traffic for keeping the API simple, extendible and even performant.

Symfony2: Implementing ACL rules in your Data Fixtures

Wed, 04 Jul 2012 00:00:00 +0000

Doctrine’s DataFixtures are a great way to add test data to your application. It’s fairly easy to get this going: Create a fixureLoader that extends Doctrine\Common\DataFixtures\AbstractFixture, had a load() method and off you go. However, sometimes you want your data also to be protected by Symfony 2’s ACL layer. Since there isn’t a common way to do this, here is one way on how I implemented this

Using vagrant and puppet to setup your symfony2 environment

Fri, 29 Jun 2012 00:00:00 +0000

As you may now by now, I’m a big fan of using Puppet for configuration management. Since the rise of virtualization, these applications are becoming one of the more dominant tools in a developers tool chain. Together with other tools, setting up a complete development environment with just a single command is not only reality, but it’s becoming for a lot of developers a daily practice. But even for open source projects like <joind.in> and <protalk.me> are seeing the benefits of having “development environment on the fly”. New contributors don’t have to spend a lot of time setting up their environment, but it’s automatically generated: the code setup, the database server together with a filled set of data, any additional components like varnish, memcache, reddis etc. This blog post gives an overview on how to setup a symfony2 project with the help of vagrant and puppet.

DPC speaker's dummy guide into arduino

Sat, 23 Jun 2012 00:00:00 +0000

This year the DPC (and DMC) bought all speakers one of the coolest gifts I’ve ever got (or seen) for speakers: an Arduino. During the speaker dinner, a lot of people were a bit confused on how it was and works. So this post is for all of those, plus everybody else who wants to get involved in Arduino, programming and some electronics. It really is fun!

Using augeas (in PHP)

Mon, 04 Jun 2012 00:00:00 +0000

Even though I really like using sed and awk, sometimes its hard to change or add parameters in configuration files. Big sed statements that may or may not work, double checking if everything has been done correctly etc. Augeas is a really cool tool that lets you view / add / modify and delete all kind of data from configuration files. If you are using Puppet, you are probably aware of this tool, but I notice that a lot of PHP developers have never heard of it.. Let’s explore..

301 vs 303

Wed, 02 May 2012 00:00:00 +0000

During a presentation I gave yesterday about REST, there was a discussion about redirection (more detailed, a redirection from a queue to the actual resource during asynchronous operations). During this presentation (and blog-post), I’m using a 303 HTTP status code to indicate that the operation has been completed and that the created resource can be found at another URI. So in essence, it makes sense to use a 303. At least to me, and quite possibly the rest of the world too.. But this triggered a side-discussion on which HTTP status code to use, and the more I think about it, the more complex it believe this problem actually is.

Conference retrospect

Wed, 25 Apr 2012 00:00:00 +0000

So even in the middle of conference season, I’d like to update you with some of the awesome things I’ve seen and experienced over the last few weeks.

Bloom filters

Mon, 09 Apr 2012 00:00:00 +0000

In a span of two months or so, I’ve noticed a peak in implementation of bloom filters. Maybe the “if you got a hammer, everything looks like a nail” applies here, but statistically I’m doing a larger number of bloom filter implementation as usual. Yet, most of my co-workers never really heard of bloom filters, and I’m continuously need to explain what they are, what their purpose is and why it’s a better solution than other ones. So let’s do an introduction on bloom filters.

PHPShout : a shoutcast streamer in PHP: Part 1

Sat, 24 Mar 2012 00:00:00 +0000

To continue our journey in pointless, but nevertheless fun things to create, I’ve created a simple PHP extension that allows you stream music data to an IceCast server in pure PHP. For this I’m using the libshout3 library which can stream both MP3 or OGG/Vorbis data to multiple stream servers (including IceCast, ShoutCast etc). In this blog-post I will try to explain how I’ve created this extension, and off course, how you can use it.

PHPShout : a shoutcast streamer in PHP: Part 2

Sat, 24 Mar 2012 00:00:00 +0000

In the [last post][1], we created a template extension for our shout class. Next up, we need to do the actual implementation.

PHPShout : a shoutcast streamer in PHP: Part 3

Sat, 24 Mar 2012 00:00:00 +0000

In the last post, we started with the implementation of the constructor and one method. Next up, let’s do a bunch more.

PHPShout : a shoutcast streamer in PHP: Part 4

Sat, 24 Mar 2012 00:00:00 +0000

In the last post, we created a template extension for our shout class. Next up, we need to do the actual implementation.

PHP has moved to git!

Mon, 19 Mar 2012 00:00:00 +0000

Good news everybody! PHP has (finally) moved their version control from subversion to git and placed their repository on github. Meaning it just got easier to maintain PHP but also it makes it easier for external contributors (without any write-access) to create patches and for contributors to merge them. Hopefully this will mean the end of waiting weeks or months before somebody gets around looking at your patch.

Ideas of march

Thu, 15 Mar 2012 00:00:00 +0000

Yes, I’m a lemming. If a see a group of people jumping off a cliff, I will follow blindly. If somebody calls for more blogposts in the world, I happily write a blogpost for it. But, being the subordinate lemming I like to pretend I am, I don’t completely see myself in the situation that Chris is in. Basically what he says is that due to the many social media outlets available to us, blogging is taking a backseat when it comes to spreading information. And even though this might be the case for many out there, I don’t think I’m falling in this category.

Why putting SSH on another port than 22 is bad idea

Mon, 12 Mar 2012 00:00:00 +0000

Hi there! This is probably one of the most visited pages of my blog, most likely because this post is very controversial. It's also an old post, and got much feedback on the post (both negative and positive, both constructive and not-so-much). I've decided to rewrite some of the post but left most of the arguments in tact. However, please note that on some of these arguments i've been convinced by others that they are not good arguments, and on some I am still not. Please read with care, but don't consider it as an absolute truth.
The basic argument I've tried to make: don't do security-through-obscurity. You may use it, but don't solely use it. Use other - better - defences to increase your security (like pubkey authentication for instance).

I see a lot of companies and users moving their SSH port to a non-privileged port like 2222 or even 36797. People like to move this port away in order to lower the number of attacks on the SSH port.

Freelancing: episode 1

Sun, 04 Mar 2012 00:00:00 +0000

A few months ago, I decided to quit my current job and start with freelancing. Or actually, only the “quit my job” part I knew for sure, on the freelancing part I was still wondering if I should make that step. However, a few month later, I decided to share with Google^WInternet on how I’m currently doing, what things you might face and how I do things. Hopefully, I can convince one or two readers that are still not sure to go for the freelancing gig as well :)

Setting up a development environment

Sat, 04 Feb 2012 00:00:00 +0000

Doing development on multiple projects can be a burden from time to time. One project would be running on PHP 5.3, while another still needs 5.1. Sometimes you need a MySQL server, while on other occasions, you need a NoSQL solution like couchDB or MongoDB together with all kind of gearman functionality. This article shows you how I’ve setup such a development platform that allows you to quickly create new projects, and still maintain flexibility when you need it.

Pragmatic investment plan 2011-2012 : The update

Thu, 02 Feb 2012 00:00:00 +0000

A little bit less than one year ago (actually, 9 months ago), I’ve created a blogpost about creating a Pragmatic Investment Plan. Even though the year is not finished for me yet, I still like to share my experiences with such a plan and what actually has come from it.

LaTeX: also useful for writing your documentation

Sun, 22 Jan 2012 00:00:00 +0000

Sometimes you hear about programs but you never really know how awesome they are until you actually use them. Unfortunately, at this point in life I wished I’ve discovered LaTeX around 15 years ago, when I first heard of it. That would have made the way I would have written documentation the last years massively different. So hopefully I will get you hooked on LaTeX with this post.

Apache's fallbackresource: your new .htaccess command

Sat, 21 Jan 2012 00:00:00 +0000

So probably you are aware I’m currently exploring the deeps on the Apache source internals. One of the discoveries I’ve made was a (for me unknown) command in mod_dir that will make your life a little bit easier: fallbackresource.

Why I don't accept PayPal anymore for payments

Thu, 05 Jan 2012 00:00:00 +0000

I think everyone has heard at least 5 five horror-stories when it comes to PayPal. And every time people will be upset, will tweet about it but then go on with their lives. I get it, I do the same thing. But just a few days ago I came acros the gazillionth message about PayPal. Short story: guy sells violin for 2500$, buyer says it’s fake, PayPal orders buyer to destroy the violin in order to get money back. In the end: seller looses violin AND 2500$, without ever being able to defend his claim. As LeoMcGarry could have said: The last straw has just been placed on the camel’s back.. and then PayPal drove over it with a tank..

Android: PuzzleChess game

Thu, 29 Dec 2011 00:00:00 +0000

I like to play with unfamiliar stuff. Not that I’ve never written an Android or java application, but this one is a bit different. It’s a simple game I’ve made while I was looking at (real life) puzzle game where you have to switch knights from a chess-game from one position to another. Not really hard, but not very simple either. I knew there are plenty of puzzle games like this out there, so I decided to create a simple game-engine that allows to create those games easily. The result: a 90% finished game called PuzzleChess. This blog-post is trying to find the last 10% of the game :)

Facter: ZendServer

Wed, 28 Dec 2011 00:00:00 +0000

When you are dealing with Zend Server on a puppetized machine you can run into trouble: Zend Server uses it’s own packages for maintaining things like PHP etc so when you are installing PHP, you might end up with the PHP version of your distribution instead of the ZendServer. We actually run into trouble once where we have 3(!) different PHP versions installed on the same server. What could possible go wrong!

php 5.4 + htrouter: Your personal Apache 2.2 compatible server

Thu, 22 Dec 2011 00:00:00 +0000

Version 5.4 is soon to be launched as the next new stable release of PHP. Granted, there will not be major changes like we saw in version 5.3, but it will still have some nifty new features. Two of the most important ones: traits and the internal web server. This post is about the latter one. The new web-server makes it possible to run your PHP code through your browser even when you don’t have your own web-server like Apache or nginx installed. It has got some advantages, but this of course has raised some serious discussions: should PHP even be distributed with a web-server and if so, how can we make sure that it won’t be misused as a production server? Well, we really can’t forbid people to (mis)use this, but we hope most of us will use common sense.. The project in this blog-post however, can be considered as “The Enabler”. It can be a powerful tool for developers, but makes it easier for people to misuse the web-server. Time of course, will tell if this will be the case, but I think I’ve created a (simple) tool that will create the new Dr Jeckyl web-server into a Mr Hyde… What could possibly go wrong? :-)

New company website is online

Tue, 13 Dec 2011 00:00:00 +0000

Ok, so it’s not he most beautiful website you will ever see. Nor will it be the one with the most content. But it’s my company website, and I’m proud of it. Even if it was only a matter of installing WordPress, finding a theme, do a little bit of tweaking and adding some content. However, I’m happy to say that at least I have a point where (future) customers can find information about me and the things I can do for them on a freelance base.

Book review: Confessions of a public speaker

Mon, 12 Dec 2011 00:00:00 +0000

I’m not exactly sure where I got the link to this book. It was probably a tweet or IRC-posting from somebody, but it actually was because of Amazon’s take-a-look-inside that made me buy the book. The few parts of the chapters I read where not only funny, but had lots of interesting tips & tricks for me as a (wannabe) speaker.

SPL: Using the iteratorAggregate interface

Sun, 04 Dec 2011 00:00:00 +0000

The SPL is one of hardest things to grasp for most PHP developers. But why is this? The lack of documentation inside the manual, the fact that there are not many real-life examples, or maybe it’s just too hard? In this post I will try to explain a bit more about the “iteratorAggregate” interface. Together with its more famous brother Iterator, they are currently the two only implementations of the Traversable interface, which is needed for objects so they can be used within a standard foreach() loop. But why and when should we use the iteratorAggregate?

Compatible code: starting with symfony2

Thu, 01 Dec 2011 00:00:00 +0000

Because learning new stuff is just one of those things I need to do on regular basis, I’ve decided to dive into another framework than the ones I’m used to. Having dealt with mostly Zend Framework 1 on a daily basis, and CodeIgniter which is the one I deal with a lot inside the Joind.In project I’d like to contribute to, I’ve decided to give another framework a chance. A framework that is on the shortlist for a long time now: Symfony 2. The tl;dr: winning!

Goodbye Enrise, Hello world

Mon, 07 Nov 2011 00:00:00 +0000

You close one door, you open another. And though it makes me sad to part with a company, the people and all the stuff they do, I never have regretted a single career-move I’ve made in the past. The Enrise door is about to be closed and I’m ready on opening another door. Excited and sad times truly run in parallel.

Don't make your database a slave to your ORM

Sat, 29 Oct 2011 00:00:00 +0000

ORM’s, or object-relational mappers, are a great way to convert (mostly) relational databases to classes in a object oriented language. It takes care of SO many things you do over and over again: fetch records from a table, populate an object, implement getters and setters, update or add records when needed etc. A lot of this work can be abstracted away by using patterns like ActiveRecord, table gateways and/or data mappers. An ORM will even abstract away this further as a whole and let you only deal with the resulting (domain) models. There is no immediate need to interact with any data storage of any kind. Who would not want this!?

Netiquette gone wild: how not to use social media and email

Fri, 28 Oct 2011 00:00:00 +0000

Oh man.. The amount of stuff you can see and that cannot be unseen on twitter and email is just massive. And even though it looks like total anarchy out there, some (social) rules should be taken into account. After all: you are dealing with others who do or do not share your point of view. Netiquette was something that was considered a good thing back in the days. The amount of emails I currently see that responded to somebody “not following netiquette” these days are pretty much decreased to zero, while years ago, people not obeying were reprimanded. Especially now with all the media outlets we have at the tip of our fingers: shouldn’t we go back to those basics again? Pinkies up!

LAMP-stack? Forget it! It's a LAMPGMVNMCSTRAH-stack now...

Wed, 26 Oct 2011 00:00:00 +0000

Back in the good old days - and in internet-time, this actually means just a few years ago - people were quite happy with their LAMP stack: Linux, Apache, MySQL and PHP. With this quartet, or a variation on it like PostgreSQL instead of MySQL, we could do everything: create a blog-site, setup an e-commerce web shop, making a guestbook, you name it and it was there..

But times have changed… radically. More and more information is available and must be processed quicker and in more difficult manners than before. Do you accept a web shop where you cannot even do faceting search? Not really. But those systems can be more complex than they appear and lot of components must be used in order to get things working and working fast. In fact, there are so many components that we cannot speak of a LAMP stack anymore. A better name would probably be a LAMPGMVNMCSTRAH stack..

ZendCon 2011 retrospective

Wed, 26 Oct 2011 00:00:00 +0000

If there is a top-3 of conferences, ZendCon will be present in that list. It’s probably *THE* conference to be when it comes to PHP development, so how awesome is it when not only you can visit ZendCon, but are invited to speak about one of your favorite subjects? Answer: VERY awesome :)

Creating partitioned virtual disk images

Tue, 11 Oct 2011 00:00:00 +0000

Using a disk image is very easy: download the file, mount it through a so-called “loopback” device and your OS will see the image as it was an real harddisk, CDR or DVD. When I needed to test the IDE-drivers, the partitioning-functionality, the ext2 drivers etc, I wanted to use just such an image so I can quickly make modifications and check how the actual structure looked like, just by reading the disk image file. This is a great help when it comes to debugging.

Creating MCollective clients in PHP - The hard way

Sat, 01 Oct 2011 00:00:00 +0000

If you haven’t heard of MCollective, think of.. The Borg.. Except without the laser-eye, or the spaceship-cube, or the scary voices. Come to think of it,.. it doesn’t really have anything to do with the Borg, except they are both a collective, and you are in charge.. just like the Borg-queen. And everything else is futile..

Book review: Pro Puppet

Thu, 22 Sep 2011 00:00:00 +0000

If you have read the book “Pulling strings with puppet”, a lot of this book might sound familiar to you already. Not really a strange thing since it’s from the same author. But because the book was written in 2007, a new update was in order and the new Pro Puppet book they’ve release so much more than an update: it’s a complete reference for beginning to the most expert puppeteers.

Book review: The geek atlas

Mon, 29 Aug 2011 00:00:00 +0000

I got this book as a present from last year’s PFZ workshop day (thanks again guys), and is filled with 128 (get it?) places around the world interesting for geeks. I have to admit that even though a lot of places were unfamiliar for me, so it gave some nice new items for my todo list.

Book review: Simly Einstein: Relativity demystified

Sat, 27 Aug 2011 00:00:00 +0000

If repetition is the key to learning, you will learn a lot from this book. It keeps on repeating the most important aspects which in a way is good, since you will not forget them. The book itself gives a global view on Einstein’s special and general relativity theorems in a very simple and comprehensible way. There is little math involved, except for the last appendix of the book and still that is high school math that makes sense to everybody. So can a book about relativity do without math?

Book review: VMWare vSphere 4.1: HA and DRS technical deepdive

Sat, 27 Aug 2011 00:00:00 +0000

I bought this book even before I’ve ever installed vSphere, and still it’s comprehensible. Let’s pretend it’s because of the book, which is very easy to read and not only tell you how to setup certain parts of vSphere, but also WHY.

These are busy times...

Fri, 15 Jul 2011 00:00:00 +0000

Not a lot of updates lately, but by no means I’m sitting still. The last few weeks lot of stuff has happened, and even more is to come. First of all, my second article has reached the PHP|Architect magazine. This time about the deflate-algorithm. Not an article that comes in handy in your daily work probably, but definately worth reading to find out how things work from the inside.. It’s kind of a how-stuff-works for computer-geeks.

Asynchronous operations in REST

Thu, 02 Jun 2011 00:00:00 +0000

REST is hot! But doing REST right is more difficult than most people think. Idempotent methods, hateoas, RMM levels… All terms that a REST developer should know and master. But from a learning (as I do too, by the way) developer perspective, it looks pretty simple: use HTTP methods like get, post, put and delete, map them onto resources, call the underlying database models and you’re done: a fully RESTful API in just 5 minutes. But off course, when you actually have created a RESTful API, you find out very quickly that nothing could be more difficult. One of the more common problems when dealing with REST might be asynchronous operations. Let’s find out how to deal with those…

Top 10 Apache Top Level Projects

Sun, 22 May 2011 00:00:00 +0000

When saying Apache, most developers immediately think of a web server. And this of course is true, Apache httpd web server is the most used web server today and the number of users keep on growing every day. What not everybody knows, is that Apache is a foundation that hosts many other open source (web) projects. A short introduction on a (my) top 10 of interesting projects for the (PHP) programmer.

How cool is my job?

Mon, 25 Apr 2011 00:00:00 +0000

How cool is my job? A description of a normal days work…

The GNU Build tools, part 1

Sun, 24 Apr 2011 00:00:00 +0000

So there you are, you want to install some tool or application that didn’t come in a package, or you want to use the latest version. You download the tarball (*.tar.gz file), untar it, do a ./configure && make && make install and all is well.. But what exactly is it that you are doing? Why must unix users compile everything by themselves? Wouldn’t life be much easier if we all could download a binary and run it, just like on close source OS’es? Are binaries that evil that we must compile everything ourselves manually so we know what we are installing. Well, yes and no…

Pragmatic Investment Plan - may 2011-2012

Thu, 21 Apr 2011 00:00:00 +0000

During some reading up on Dean Wilson’s blog, I stumbled upon his Pragmatic Investment Plans. Even though we have something similar in our company (called a POP “Persoonlijk Ontwikkel Plan”, which is more or less the same thing), I want to separate a “business” and “personal” plan. My personal plan is not only about my development in my daily work, but as a all-round developer and system administrator in general. But this post is not only about my plan, but also about the things that have happened last year to me personally.

Varnish in non-compiler environments

Mon, 18 Apr 2011 00:00:00 +0000

Last weekend I’ve visited the Loadays conference where I sat in the presentation of Thijs Feryn’s “Varnish in action”. Even though most of the talk was pretty familiar for me personally, a real interesting question was raised from the audience: is it possible to run varnish in an environment where there is no compiler available. It looks that I’ve just found the answer..

binomial coefficients

Sun, 10 Apr 2011 00:00:00 +0000

Question: how can a simple question asked by a colleague turn into a blog post? Answer: when he asked: how many different queries can I build when I have 270 fields? The answer to solve this problem: binomial coefficients.

Now I do enjoy math. I’m definitely no guru in math but I (hopefully) know a thing or two. Just like with programming and everything computer related: if you know something vaguely, at least you know enough to look up the actual application for it. Our first instinct on the answer to my colleague was 270! (factorial of 270, which is 1x2x3x4x…x267x270, which is a VERY large number) but I knew something was not right. Turns out: it wasn’t right. The problem was mixing up combinations and permutations, which I knew there was a big difference, but I didn’t knew the math involved anymore..

Back to basics: virtual memory

Sat, 09 Apr 2011 00:00:00 +0000

Memory is something (almost) no computer can do without. In todays world the saying goes: the more memory the better. But the way computers uses memory is very different than they did only a few decades ago and “more memory” does not always equals better performance. A small introduction and history in memory usage.

Dwarf fortress: crossing vi with the Matrix

Thu, 24 Mar 2011 00:00:00 +0000

What do you get when you cross the vi editor with Keanu Reeve’s “The Matrix”? A cool game called dwarf fortress. A game that is awesome in many MANY ways. I’m not much of a gamer. As a matter of fact, lot of programmers aren’t and are more interested in actually creating games than playing them. However, dwarf fortress is an exception to that rule but beware: it’s not your average game. Everything but…

Speaking at Loadays and PhpBenelux Meetup

Thu, 17 Mar 2011 00:00:00 +0000

It’s going to be a few busy weeks for me concerning speaking at conferences and meetups. Not only will I be speaking at the March edition of the phpBenelux meetup, hosted at our Enrise office, but also at the Linux Open Administrator days in Antwerp, Belgium. Here I will be hosting 2 different talks:

Speaking on the 4developers conference in Poland

Tue, 08 Mar 2011 00:00:00 +0000

More good news: I’ve been invited to speak at the 4developers conference on april 4th in warschau, Poland. This time, my talk will be about the joind.in android application I’ve written, the connectivity to 3rd party API’s and creating android applications in general. A lot of stuff to cover in a short period of time but it will be an exciting talk so if you are around, come and join the android fun.

Public key encryption on php|architect

Tue, 01 Mar 2011 00:00:00 +0000

Yesterday the February edition of php|architect came out. I always look forward upon the new release every month, but even more so this month since it features an article about “Public Key Encryption” I’ve written for php|a. It’s more or less a written version of my public key authentication 101 talk and consists of not only the theory behind it, but also some php examples on using public key authentication in your own projects. As always, comments on either my blog or php|architect’s are welcome.

Back to basics: TCP

Sun, 20 Feb 2011 00:00:00 +0000

TCP is one of the core protocols for the TCP/IP suite. It provides a reliable data connection without you needing to worry about errors, congestion and other communication problems that haunt the internet. But how does TCP work? It’s another edition of the back-to-basics series.

Having fun with Arduino

Wed, 09 Feb 2011 00:00:00 +0000

So yesterday I’ve finally received my Arduino Mega. If you know me, you know I’m not even capable (or allowed) to handle a screwdriver, let alone something even more complicated things like transistors, resistors etc.. However, with the help of some friends over on the #pfz channel on freenode to create the schematics, I’ve made - and programmed - a very simple lcd-counter consisting of 3 times a 4-digit 7-segment lcd’s.

memcache internals

Sun, 06 Feb 2011 00:00:00 +0000

Memcache is a pretty well-known system inside the web-community and for a good reason. It’s fast, flexible, lightweight and it looks like installing memcache on your servers automatically increases your website speed tenfold or more. Ok, so that’s a bit over the top, but still: having a good caching-strategy in place can help your website/application. If you want to know how to implement memcache in your website you’re out of luck. This post isn’t about starting with memcache. We are going to pop the trunk and see what’s under the hood.. What exactly makes memcache so magical??

Password hashing and salting

Wed, 02 Feb 2011 00:00:00 +0000

The thing everybody (should) know is that when you want to secure passwords in - let’s say - a database, you have to hash to them. It’s kind of a golden rule but is it safe enough? Ask a more experienced user and they probably tell you to add some salt. Ask the reason why and they will probably say “it’s because it makes the password longer and more secure”. Even though it is true in effect that using a salt increases the overall security of your hashes BUT it’s not only because your passwords are longer. There is a another (maybe even more important) factor that comes into play, namely the fact they are more secure against rainbow table attacks, but that depends on HOW you season your hashes. Season it incorrectly, and you gain nothing in security even though you think you did….

Make me a sandwich. Ok!

Tue, 01 Feb 2011 00:00:00 +0000

I have to admit it: grew up with unix “the wrong way”. Instead of having decent user-accounts for every employee, all our work was done under the root-account. The main reason for this is that our software deployment system didn’t really worked the way it should and I guess nobody really cared. It worked.. login as root on our (private) systems and call the compile+install script… Furthermore, there were about 14 different unix-flavours available, and only 2 or 3 persons with access to them. Again, all internal systems just for compiling and testing. A good thing.. yes and no.. It feels like I started learning to ride a bike on a ATB instead of a tricycle I guess..

Talking at the PHP Benelux 2011

Sun, 23 Jan 2011 00:00:00 +0000

As you might know, the PHPBenelux Conference 2011 is right around the corner. Happy to inform you that not only will I attend, but also will be speaking at this event. My talk will be about the awesome things you can do with Sed & Awk. Not necessarily a talk you would expect on a PHP congress, but on the other hand, maybe it’s just precisely a talk you might expect. Not only will I talk about WHAT you can do with sed & awk, but also why and when you should - or shouldn’t - use it. It will be a fast-paced, information-loaded, things-you-probably-never-knew talk so make sure you keep your seat-belts on and remain seated until the vehicle has come to a complete stop.

Conferences like these are an awesome way to gain knowledge about everything related to PHP, web development and above. Even though my personal interests lies with web-development in general, I really like to show other developers the broader perspective in which you are just a small part: your application runs on a database which needs to be setup and maintained, you run on an infrastructure that needs to be setup and maintained, you might talk with 3rd party applications and so on… I hope to see you around during my session and try to discover some sweet tools that, even if you not going to use them on daily basis, at least you know they’re there, ready to do all your complex stuff developers always like to automate…

Using syslog for your php applications

Wed, 12 Jan 2011 00:00:00 +0000

Linux, and other unices have an excellent system to centralize log events. This is done through syslog. This system removes the need for every application to maintain their own log files and let the syslog server handle all the events. Depending on the type of event that is logged, it can take additional action like alerting you through email or even text-messaging if a critical event occurs. No system administrator can live without syslog and is normally the first place to look for signs of trouble on a system. So instead of writing our own log system for your application, why not use an existing one?

PHP 5.4: RegexIterator::getRegex()

Thu, 06 Jan 2011 00:00:00 +0000

Recently, my colleague Jeroen van Dijk needed to extend (or better yet: override) the accept()* method for the RegexIterator. Turns out this wasn’t as easy as it might sound in practice. So after extending and overriding multiple methods he found an acceptable solution. But there is room for improvement. And starting from PHP 5.4, this improvement is available through regexiterator::getregex() method.

12 tips for securing your linux systems

Wed, 05 Jan 2011 00:00:00 +0000

From time to time I get amazed how people can setup their production servers. At the smallish development companies there is no real system administrator available to setup the systems and to keep them up to date. Now I’ve seen systems that have been setup ranging from “somebody with sufficient knowledge” to “this-was-setup-by-the-janitor” and everything in between. So, if you are a “programmer who knows a bit about Linux because you’re using Ubuntu”, but you have no real idea on how to SECURELY setup a system, here are some tips.

Enrise: Appending the appenditerator

Sun, 26 Dec 2010 00:00:00 +0000

I’ve posted a blog at the @enrise techblog about enhancing SPL’s appenditerator. This lovely iterator can be useful from time to time but it does not always do what you need. Here’s how you can easily create your own iterator:

Github gists: revisioned code snippets for free

Sun, 26 Dec 2010 00:00:00 +0000

If you maintain a tecnhnical programmers blog, you occasionaly need to post code snippets. I use a syntax highlighter plugin on my blog to make those snippets look nice and highlighted. It works and it’s easy enough to implement and maintain. But Github might come with a even better solution: gists…

InnoDB isolation levels

Mon, 20 Dec 2010 00:00:00 +0000

When asking what THE advantage of InnoDB over other MySQL engines like MyISAM is, then 9 out of 10 times the answer will be that InnoDB supports transactions. And it’s true. But there is more about transactions than meets the eye. Let’s explore one of the most difficult area’s: isolation levels.

The first few milliseconds of https

Sun, 19 Dec 2010 00:00:00 +0000

I was on the verge of creating a post about the TSL/SSL handshaking, when I discovered a blogpost about the very same subject. Since I don’t think it’s of much use to blog about exactly the same thing, and I can really recommend Jeff Moser’s page so please read and understand it.

Tutorial: how to manage developers

Sat, 18 Dec 2010 00:00:00 +0000

This post is not so much for developers as it is for the managers and bosses from those developers. As you probably know by now, managing software engineers (or programmers) is not an easy task. They just don’t like to play by the rules you always took for granted. Why is that? Why are those pesky programmers too hard to handle? Why is it so hard to sit down, write code and shut up??

Composite key autoincrements

Fri, 17 Dec 2010 00:00:00 +0000

Autoincrement is sometimes called a “poor-man-sequence”. Sequences in other DB systems are counters that can be used for automatically number fields when inserting data, just like autoincrement in MySQL does, but they can be much more complex. However, in MySQL you do not always you want or need increments of 1. Sometimes you need something a little more complex than that and MySQL leaves you pretty much in the cold. There is a neat little trick that can solve some “autoincrement” problems…

OAuth timestamps and nonces

Thu, 16 Dec 2010 00:00:00 +0000

Oauth is a very popular authentication mechanism used for a lot of web applications. And not without good reasons. It is relatively easy to implement, has different flavours (2-legged, 3-legged system) so you can use almost anywhere that requires authentication and authorization. This post is not about how to implement oauth. That can be found in much greater detail than I can explain here, but about two tiny details that can make or break your oauth security: the oauth nonce and timestamp.

What kind of day has it been

Tue, 14 Dec 2010 00:00:00 +0000

For the readers who get the Aaron Sorkin reference in the title, do not be alarmed: this will NOT be my final blog post, just the last of the season. One year ago I’ve decided to do some (active) blogging about all tech related things I encounter in both my professional as my private life which I find interesting enough to share with the world (or at least with google). So, after blogging one year, was it worth it?

PHP srand problems with suhosin

Mon, 13 Dec 2010 00:00:00 +0000

Today I stumbled across an odd problem which took me about an hour to figure out what was going on. It had to do with mt_srand(), where it looked like it didn’t work properly. I needed a repeatable sequence of random numbers (which is EXACTLY what the Mersenne Twister produces) so I used mt_srand() with a fixed number (for testing purposes) and tried to see if the same sequence of random values were generated by mt_rand().. It didn’t…

SSL and Virtualhosting

Sun, 12 Dec 2010 00:00:00 +0000

SSL and virtualhosting on 1 IP address? I can’t be done! Well, this might have been the case a few years ago but times has changed. Let’s explore the possibilites to have multiple hosts running on the same IP address AND all of them have their own separate SSL domain and certificates. It’s possible, but with a few catches..

Sed & awk examples

Sat, 11 Dec 2010 00:00:00 +0000

Did you know you can write a webserver in awk or that sed supports conditional jumps? Probably not… These tool (languages, actually) are much more powerful than most people know. The sed & awk combination gives you massive power IF used correctly. Although most people use it for simple tasks like search/replacing or displaying certain columns of a file, the potential is much higher. I will discuss a few real-life examples I use from time to time…

Encryption operating modes: ECB vs CBC

Wed, 08 Dec 2010 00:00:00 +0000

Today I overheard two colleagues discussing one of my favorite subjects: encryption. The discussion was about that encrypting data (with a normal block cipher) was working perfectly in ECB mode, but not in CBC mode. So, this all leads up to the question: what is ECB and CBC? And when should you use them? Although this post has some PHP code in it, it is applicable for every other language.

Sed: simple pattern address usage

Mon, 06 Dec 2010 00:00:00 +0000

Most people I know use sed for simple and fast translation of some keyword in files. For instance, changing ports and tags inside configuration files during deployment to production servers. This results in sometimes clumsy scripts to make sure that sed changes a keword on line 4, but not on line 40. Most people I know have no idea that the way you can actually limit the range in which sed has to operate. Let’s explore…

Public key cryptography 101

Sun, 05 Dec 2010 00:00:00 +0000

I’ve just uploaded the new slides for my Public Key Cryptography 101 presentation. It consists of 84 (!) slides about the basics of encryption, public key cryptography and implementations. How does it work, what are it’s advantages, disadvantages and practical uses. Off course, this presentation should be accompanied with the talk itself and I’ve submitted it to a few (php) conferences in 2011. Let’s hope organizers out there are willing to give “the more advanced” topics a chance instead of sticking with the safe and common topics (the so-called Pinkpop effect) and see you somewhere in 2011!

About using UTF-8 fields in MySQL

Sat, 04 Dec 2010 00:00:00 +0000

I sometimes hear: “make everything utf-8 in your database, and all will be fine”. This so-called advice could not be further from the truth. Indeed, it will take care of internationalization and code-page problems when you use UTF-8, but it comes with a price, which may be too high for you to pay, especially if you have never realized it’s there..

Top-5 certifications for every PHP programmer

Fri, 03 Dec 2010 00:00:00 +0000

Today I’ve passed the Zend Framework Certification exam and with that I can finally close my new years resolution for 2010: doing 12 (tech related) exams in 2010. So I’ve seen a lot of exams, good ones and bad ones and I want to share with you my experience by creating a top-5 of must-have certifications for PHP programmers…

Back to basics: two's complement

Fri, 26 Nov 2010 00:00:00 +0000

I occasionally get into discussions where I find that other lack some basic understanding of the elementary systems which he or she has to work with everyday. Today was such a day: we went into a discussion about that it would be so much nicer to have unsigned tinyint (in mysql) range from -127..128 instead of -128..127. Although it COULD be changed, it would go against almost all rudimentary principles of numeric systems used inside computers, but this not always known to PHP-programmers.

So today I introduce the “back-to-basics” posts, which talks about all kind of rudimentary principles in computer technology. These principles found the basics of that what you use each and every day, and even though you probably not aware of them, they still are there..

The first b2b post is about the two’s complement signing system… let’s take a look:

10 advanced linux command line tools

Wed, 24 Nov 2010 00:00:00 +0000

Most developers who are working at the command line on a Linux system know the “basic” commands: ls, cd, cat, tail, head, sort, grep, find and others. More “advanced” users will know how to deal with the ‘sed’ and ‘awk’ beasts, or even prefer perl-oneliners. Have the knowledge of bash (scripting) and you find yourself inside a Valhalla where only your imagination is the limit. Well, not really, but at least you get my point, hopefully.

But like everything you do in life, you don’t know about the things that lies after the horizon until you actually explore them. This “yet another top ten list” will dive into some interesting (standard) tools that can make your life much easier when dealing with Linux systems from a programmers perspective.

Centralising your tools in a custom repository - Part 1

Mon, 22 Nov 2010 00:00:00 +0000

At almost every software company I’ve been involved in, used custom-made tools for various tasks. These tools range from simple shell-scripts for search&replacing data to large deployment-script or even programs that take care of administrative tasks like monitoring, log aggregation and so on. At the good companies, these tools are maintained inside a software repository system SVN or GIT. But tools like these need to be deployed to a lot of different server and development environments, both in internal and external networks. Creating SVN checkouts is a possibility, but what about things like dependencies or easy up- or downgrades. And do you want external systems give access to your source code repository? And how do you make sure everybody uses the latest release with the newest features and bug fixes?

One of the best answers is something almost every Linux user is already familiar with: package managers. They are easy to use, it’s fast and can do so much more work for you than simple repository checkouts ever can do. Using Linux packages managers as the preferred way of deployment for software is not yet discovered by the php-community. Strange actually, since package managers are capable of handling issues that most deployment-tools are struggling with like dependencies, upgrades, downgrades and multi-environment setups.

Since this subject is pretty large to handle in a single blog post, it is setup in 3 different chapters. First, we begin by creating a package from scratch. In the next chapter, we show how to collect and maintain these packages inside your customer repository and in the last chapter we will talk about connecting your software repository to your package manager and how to deal with multiple repository-formats.

Centralising your tools in a custom repository – Part 2

Mon, 22 Nov 2010 00:00:00 +0000

During this blog post I will talk about creating your own custom package repository. However, before you can setup a repository, you need packages. This previous post talks about setting up your custom packages.

Joind.in Android App v1.6

Sat, 09 Oct 2010 00:00:00 +0000

Today I have pushed the v1.6 release of the Joind.in Android app to the market. A lot of things has changed, so it probably would have been more suited to rename it to v2.0. Here is a list of changes, plus a simple manual on usage.

Testing encoders for PHP

Sat, 14 Aug 2010 00:00:00 +0000

A friend of mine posted a tweet about problems with Zend Guard just the other day. My friendly advise was: try using another encoder. Which he kindly ignored :) Which on my turn again made me wonder: how many encoders are out there, and more important how easy are they to work with?

Creating a traceroute program in PHP

Fri, 30 Jul 2010 00:00:00 +0000

Today i was reading upon this wonderful article about writing a trace-route program in Python in 40 lines. Even though trace-route is one of the many tools i use on day to day basis, i never really got into writing a version myself (something I like to do just to gain knowledge how things works). So when I was reading this post, i thought, Python is nice, but is it possible to do it in PHP as well? The answer to that: yes and no..

Minimizing cache stampedes

Thu, 29 Jul 2010 00:00:00 +0000

Caching is THE magic solution when it comes to optimizing your web applications. There are a lot of caching strategies and applications outthere. Some prefer MySQL query caching, others use memcache to cache either queries, objects, html or other data. However, one of the biggest problems that a lot of people tend to ignore with memcache or other caching daemons is dealing with stampedes. This phenomenon occurs when for instance the caching server is unavailable (because the instance is down, or due to network issues) or, most of the time, when the time to live of an object expires.When that occurs, all your processes will ask the cache for data, find that it’s not present and will try to generate it for you.

Moving from windows to mac

Sat, 24 Jul 2010 00:00:00 +0000

Even though most of my work is done on Linux systems, my laptop and home-systems are installed with Microsoft’s Windows. Even though I don’t want that OS anywhere even remotely near my servers, I think it still is the best system for day to day use. All the software I need is on there, I’m used to the interface and when maintained properly (ie: remove all unneeded services and programs, clean it up etc on a weekly basis), it’s stable enough to say I can leave my systems running for weeks without any problems. Suffice to say, i’m happy enough.. at least, I though i was.. until 2 weeks ago…

Passing the LPI-1 and LPI-2 exams

Wed, 30 Jun 2010 00:00:00 +0000

I’ve just finished my LPI-201 and LPI-202 exams, which you both need in order to receive your LPIC-2 certification. Even though I’ve used Linux professionally since before 1998, I still wasn’t as easy I though it would be (but then again, you shouldn’t take them right after each other). I was kinda hoping that my experience would roll me through the program, and guess what, with some help of some test exams, it did :)

Bit manipulation in PHP

Wed, 02 Jun 2010 00:00:00 +0000

Although you probably never need it as much as a C-programmer would, it’s not a bad idea to know how bit manipulation works. This post will tell you a bit about what bit manipulation is, why you could use it and how you are using it already (with or without knowing)

Deflating the universe

Wed, 02 Jun 2010 00:00:00 +0000

Compression is used all around us every single day. You (or your girlfriend/wife most likely) folds your clothes nicely so they all fit in your closet. When recycling, you flatten the cardboard milkboxes so they take up less space and you probably even text your friends with messages like: “hi, how r u? w r u? cya, xxx”. Stuff like that.

In the computer world, compression probably plays even a more important factor. When compressing data, it take less space and thus less time to send it over to somebody else through internet. Years ago, you bought a 100MB harddrive and use special software to increase the capacity to (up to) 200MB (doublespace, stackspace for those who can remember). It all uses compression one way or the other.

Some compression methods can compress and decompress in such a way that the decoded output is exactly the same as the original. For instance, gzip and deflate. It’s called lossless compression since no data is lost during the compression/decompression. Other compression methods don’t. For instance, JPEG or MP3 compression creates smaller copies of the original but they can never be decompressed back to the original format. Colors that are very similar (but not quite the same) are converted into 1 single color during JPEG compression. Or inaudible sounds are removed from an audio file when compressing to an MP3. With JPEG or MP3’s, for most people this is not an issue. The images are perfect enough for normal usage, and the audio quality of mp3’s are also good enough for the average use (although I know a few persons who want to kill me for saying this :)).

In this article I will talk a bit about the deflate compression method. A compression method used throughout the whole internet and probably the most used compression algorithm today.

Suits v. Techies.. the neverending battle..

Mon, 19 Apr 2010 00:00:00 +0000

Developers are proud of their work. The best way to get unhappy developers is to force them to create and deploy some crappy software. Sales however, does not care about crap software.. it just needs to work, it needs to be created quickly and cheap so they can sell even more…

Both departments have conflicting interests that 9 out of 10 times the developer will loose.. After all: at the end of the month, it’s the customer who pays the developer salary (and sales’ big bonuses). So, 2 departments, 2 different interests. Normally, the project manager is the person that sits between sales (or management) and development. It’s his job to make sure projects are constructed according the specs of the client, on time and on budget. Not an easy task when the two sides you are working with are in constant state of war.

As said, the sales department never really looses a battle since they generate money, while development generates code. How well written this code is, is never really an issue for a customer. But what if it actually is?

Joind.in Android Mobile App

Sun, 11 Apr 2010 00:00:00 +0000

When you visit PHP conferences nowadays, you’ll notice a lot of talk about the Joind.in website (http://joind.in). It’s basically a site where you can register a conference, all the lectures and as a visitor of those conferences, let the speakers know about what you think off the lecture. It’s a very good way for speakers to learn and perfect their presentations. It’s also a pretty awesome site (who’s code is available on github!) and new features are added around the clock.

CybOS - Part 1 : In the beginning, there was 0x7C00

Thu, 11 Feb 2010 00:00:00 +0000

Welcome to the first part of CybOS. We talk a bit about the bootsector. From part 2 on, everything is “kernel based”, which means we have setup the system and jumped to our main kernel. From there, things get really interesting so I jump a bit fast to the boot code. However, in the end of this post, the source code for the bootsector (and second stage loader) can be found so you can see what’s going on.

CybOS - A tutorial OS

Wed, 10 Feb 2010 00:00:00 +0000

Somewhere in 1998 or even earlier, I started my own little project in creating a - functional - Operating System from scratch. Not a linux clone and not a MS-DOS wannabe. Just a simple OS that is functional in such that some tools, games etc could actually work, not caring about Posix compliance, fancy graphics or all hardware support you can think of..

So, today, 12 years later, where are we?

Cardinality & Selectivity

Sun, 07 Feb 2010 00:00:00 +0000

Cardinality and selectivity are two keywords that are very important when dealing with optimization in MySQL queries and indexes. This article will go a bit in depth on both terms and tries to let you understand their usefulness…

Handling binary data in PHP with pack() and unpack()

Thu, 14 Jan 2010 00:00:00 +0000

Nowadays most lowlevel functionality like reading or writing graphics are taken care of 3rd party libraries and that’s ok. It’s way to complicated to do things right and you probably want to focus on outputting or sending a PNG instead of construction one from scratch. While reading and writing these kind of binary data was normally done in languages like C or even assembler, most higher level languages still have these capabilities and yes, even PHP… Meet pack() and unpack().

Your email address is invalid. Please enter a valid address.

Mon, 28 Dec 2009 00:00:00 +0000

Error: Your email address is invalid.

Every time I see those or similar words when I fill out a registration form I start to cry a little. It’s not my email address that is invalid, it’s the websites email validation functionality and it’s a great and effective way to loose visitors and/or customers quickly.

TinyMCE Keyword plugin

Sun, 27 Dec 2009 00:00:00 +0000

TinyMCE is truly a remarkable editor. It’s the one I’m typing in now.. it’s the one we use for letting our e-commerce customers use for editing pages and it’s the one we use in our SiteManager5 CMS. You receive a fully down-gradable wysiwyg javascript editor which for non-technical users is very intuitive and thus easy to use and the best part: it’s completely customizable through their plugin-system.

Covering indices

Tue, 22 Dec 2009 00:00:00 +0000

It’s almost to easy to use a SELECT * FROM query in your code. First of all, you instantly get all the fields from your database so you don’t have to worry about changing your queries when you decide to use other fields (in case you don’t use a DAL). However, there are some drawbacks on a SELECT * method,.. the most famous one: it takes more time to retrieve all fields instead of the fields you actually use.. but that’s NOT the most important reason why you should not SELECT * FROM queries..

The main reason? Covering indices…

Big O notation

Mon, 21 Dec 2009 00:00:00 +0000

Normally you would develop against a test-database. It probably contains about 10 people so you can do your programming and testing.. Once it’s done and QA’d, it will go live and people start to visit the site. After a year or so,.. the site is too slow. Adding more db servers is of no use, your system administrator is spending his holiday inside the my.cnf’s and after dumping a gazzilion GB’s of extra memory to the systems doesn’t help at all… Sounds like it’s the code that’s falling behind.. it cannot cope sorting or handling user lists of 40.000 people, or arrays with more than a million items and even simple validation functions are way to slow.. why? what just happened?

Welcome

Mon, 21 Dec 2009 00:00:00 +0000

A lot of people are telling me to write some posts because I apparently have interesting stuff to say once in a while. This is the place I have picked out to do so. Since I don’t have a single area of expertise (or one could say, I’m an expert in ALL area’s :)), this will probably be a place of a lot of stuff you will find interesting, and a lot of things you don’t. Don’t worry, you are not alone :)

404 - Not found