Open Standards - The Better Way

There has been a lot of traction lately on the topic of the PSR "PHP Framework Interoperability Group". They are introducing two new proposed standards: PSR-1and PSR-2, both dealing with code formatting standards. Actually, calling them proposed is a bit of a short-fall, since they both already have enough votes to be approved. I have read both, and actually agree and think they are quite good.

However, there's a deeper problem. Open Standards is something that the internet was built upon. From HTTP, E-Mail and HTML to ECMA Script (JavaScript), OAuth and JSON, open standards are everywhere. The problem with the entire PSR process is that it is not designed to produce open standards. 

Don't Be Stupid, Grasp Solid - Slides

Here are the slides from my presentation at NYPHP on STUPID vs SOLID development. Click through to see the slides.

Talk - Don't Be Stupid, Grasp Solid - NYPHP

Time for some more shameless self-promotion...  I'll be doing a talk at the New York PHP group on Tuesday May 22, 2012. I'll be discussing some Object Oriented design principles and how to apply them to your projects. We'll specifically discuss the STUPID and SOLID principles. Here's the full abstract:

When it comes to Object Oriented Programming, there is no shortage of guidelines and principles for how to properly design an OO system. There is also no shortage of acronyms to describe these principles: DRY, SRP, LSP, LoD, ISP, OCP, etc. However, there are two acronyms that really shine through to describe how to, and how not to do OOP well. The two acronyms are SOLID and STUPID (respectively). We'll discuss some of the underlying principles of Object Oriented Programming, and how we can learn from the principles identified by each of these two acronyms. Additionally, we'll explore some additional anti-patterns of Object Oriented Design and how they can be avoided. Finally, we'll talk about how all of this applies to our every day development tasks, and the real-world benefit these design principles provide...

If you plan on attending, be sure to RSVP first! If not, the talk will be streamed via ustream.

Properly Salting Passwords, The Case Against Pepper

The other day I announced the release of my new password hashing library, PasswordLib. As I've come to expect, Reddit was full of interesting commentary on the topic. Some was good, some was bad and some surprised me. What surprised me was the insistence on a global salt (otherwise known as a "pepper"). So, I started thinking about it some more, and I figured I'd write a post on why I don't use peppers in my hashing algorithms (and why you may want to rethink it too).

Introducing: PasswordLib

Today, I'm proud to announce the immediate availability of a new password hashing library for PHP: PasswordLib. The project is a spin-off of another that I started about a year ago, CryptLib. I was unable to find a clean solution to a few problems in CryptLib, so dev work stalled for a while. I realized recently that the password hashing functionality was complete, so if I stripped out the incomplete parts, it would still be a very useful library. And so PasswordLib was born.

PHP Sucks! But I Like It!

I read a rather interesting post yesterday called PHP: a fractal of bad design. It's been getting a lot of traffic among the PHP community lately because it's rather inflammatory. But to be honest, it does make a lot of really good points. It also makes a lot of mistakes and misses a bigger picture.

PHP's Source Code For PHP Developers - Part 4 - Arrays

Part 4 of the PHP's Source Code for PHP Developers series is up over on Nikic's Blog.  In it, he discusses how arrays are handled in PHP internals.  He talks a lot about hash tables and symbol tables, and how they work together to make PHP a working language.  Part 5 will be back over here, and we'll talk about objects and classes!  Enjoy!