Tuesday, December 31, 2013

2013 - Year In Review

It's that time of the year again. A time to look back on all that was accomplished in the previous year, and a time to look forward to all that can be accomplished next year. Once again, let's look at what I was able to do this year:

Wednesday, December 11, 2013

Looking For A New Opportunity

So, I am at a cross-roads in my career. Due to some recent circumstances, I will be looking for a new employer effective February 1st, 2014 (my last day with my current employer will be Jan 31). So I will be available for hire in the near future!

Monday, November 25, 2013

Beyond Clean Code

This is the fourth post in my "Beyond" series. The previous three posts focused on re-imagining OOP and questioning some of the core beliefs that we have come to take for granted. This one is going to be slightly different, in that I want to talk about another angle of writing code: the process itself. We always talk about how code should be clean, but how do you write clean code?

Monday, November 11, 2013

Beyond Object Oriented Programming

In the last post Beyond Inheritance, we talked about looking past "types" and reasoning about objects differently. The conclusion was that inheritance wasn't necessary for OOP, and often results in more problems than it solves. Well, let's go beyond that and explore more of what will come from treating objects as containers of behavior. Let's look at what this means for various kinds of classes:

Monday, November 4, 2013

Beyond Inheritance

In my last post, I talked about revisiting the concept of Design Patterns and questioned how useful it is to "learn" them. The conclusion that I came to was that you are better served by focusing on how objects communicate rather than traditional patterns. Well, that's not the only "traditional concept" that I think we should move beyond. So, let's talk about inheritance...

Wednesday, September 18, 2013

Beyond Design Patterns

Many people teach design patterns as a fundamental step to Object Oriented Programming. They are so universally seen as important that almost every single conference that I have been to has had at least one talk about them. They are quite often used as interview questions to test a candidate's OOP knowledge. However, just like inheritance, they are not needed for OOP. And just like inheritance, they are a distraction rather than a foundation. Instead of focusing on patterns, I suggest focusing on learning about abstraction and communication. Why? Let's talk it out...

Friday, September 6, 2013

Rambling On Internals

This is a post that I didn't want to write. Actually, it's a post that I still don't want to write. But I find myself in a situation where I feel that I have to say something. So I'm going to just open up here. I'm going to put it all out on the table, and see what happens from there.

Thursday, August 15, 2013

Preparing Tech Presentations

Yesterday I was asked a rather interesting question about presenting technical presentations. While I don't think my method will work for everyone, I feel it's a good thing to talk about. So here's my method, and some advice that I would give first time presenters:

Friday, August 9, 2013

Upcoming Appearances - Fall 2013

I will be speaking several times in the coming months at several conferences in the US and Europe. I hope to see you at one of these events!

Thursday, August 8, 2013

Don't Worry About BREACH

Last week at the BlackHat security conference, a new attack on SSL secured content was unveiled. This attack is called BREACH, and has been generating a lot of buz on the internet. Tech blogs have been plastering their sites with articles about how there's no fix, and how you can try to defend against BREACH. Well respected security people have been writing about it

And I'm here to say don't worry about it. 

Wednesday, July 24, 2013

Why We Do What We Do

For the past several months I have been struggling to figure out what I want the next step in my career to be. I am still trying to figure the details out, but I had an important revelation last night. I want to share that revelation with you.

Tuesday, July 16, 2013

Disclosure: WordPress WPDB SQL Injection Vulnerability

At the current point in time there exists a very significant SQL Injection vulnerability in the WordPress code base. I want to make it abundantly clear that this does not affect anyone using WordPress "off the shelf". It only is exploitable if you use certain WordPress code outside of a WordPress install. So this is not a very "attackable" vulnerability. Or to put it in other terms, this is a high level vulnerability which has a very low threat level. It is also worth noting that it has not been fixed by WordPress (even 90 days after disclosure).

Friday, July 12, 2013

Taking Monads to OOP PHP

Lately I've been playing around with some functional languages and concepts. I have found that some of these concepts are directly applicable in the OOP code that I've been writing. One of those concepts that I think is worth talking about is the Monad. This is something that every functional developer tries to write a tutorial on, because it's such a cool but hard to grasp concept. This post is not really going to be a Monad tutorial per se, but more of a post about bringing the general concept to OOP, and what that looks like.

Tuesday, June 25, 2013

Backwards Compatibility Is For Suckers

Yes, you read that right. If your project aims to provide backwards compatibility as a primary goal, you're a sucker. Tons of popular software projects from PHP to Microsoft Windows have stated goals of providing Backwards Compatibility between releases. And yes, I am here to say that they are doing it wrong.

Sunday, June 16, 2013

Google Glass - A First Impression

This past Thursday evening I picked up my Explorer edition of Google Glass. I was lucky enough to have my #ifihadglass tweet chosen to receive the chance to pay an arm and a leg to get them. Needless to say, I did choose to pony up the cash, and on Thursday evening I walked home with my brand new piece of technology dangling off of my right temple. Since first impressions are often strong, but can be misleading, I chose to wait until I had used them for a few days before writing my thoughts. So here they are:

Friday, June 7, 2013

PHP, Under The Hood Slides

Today, I did a talk at The Dutch PHP Conference 2013 on how PHP works under the hood. Click through for the slides!

Tuesday, May 21, 2013

Development By The Numbers - Slides

Today, I'm doing a talk at DrupalCon Portland 2013 on Static analysis and code metrics. Here are the slides for that talk. When the videos are posted, I'll make a followup post that links to it. Click through for the slides!

Monday, May 6, 2013

Our Failure As An Industry


In the April issue of the PHPArch magazine (also published on her blog), Elizabeth Tucker Long wrote a really interesting editorial piece coining a concept she called Security-Driven-Development. She (quite correctly) identified a problem in the current development community where security has become an after-thought (if it's thought of at all). This isn't a new concept, in fact it's a concept that I and many others have been preaching for quite a while now. However I've been coming to realize that I've had it wrong the whole time. And I think the entire industry is getting it wrong today.

Friday, March 29, 2013

Failure Is Always An Option - Programming With Anthony

A few days ago, I posted a video about how to become a better developer. There were a few interesting comments made, but one in particular from the Reddit thread ( http://www.reddit.com/r/PHP/comments/... ) peaked my interest. So I decided to do a reply. Check it out:

Wednesday, March 27, 2013

Becoming A Better Developer - Programming With Anthony

In today's episode, I talk a little bit about what it takes to become a better developer. Nobody will ever expect you to know everything, but you better know how to find it...

I'm trying out a new format with this video. Less scripted, more free-form, and with less visuals. This is not going to replace the other format (which I'm still working on), but instead compliment it from time to time. Let me know what you think in the comments below! Check it out:

Thursday, March 21, 2013

Upcoming Talks - Spring 2013

It's been a little while since I've posted anything here or on YouTube. I've been working on some interesting ideas that hopefully will be pretty decent, so it wasn't time wasted. But I figured now would be a good time to tell you about some upcoming speaking engagements that I have, and where I'll be over the next few months. So with no further adue:

April 9th: 

Where: Lehigh Valley Tech Meetup
Location: Allentown, PA, USA
What: PHPPHP - A guide to how PHP works under the hood -
Huh? I'll be giving a talk about my PHPPHP project, and using it to explain how PHP works under the hood. 
Cost: Free
Register: On Meetup.

May 20 - 24:

Where: DrupalCon Portland
Location: Portland, OR, USA
What: Development, By The Numbers
Huh? I'm going to be talking about quantitative code quality analysis tools and how to implement them into your development workflow. I'll be covering things like NPath Complexity, CRAP Indexes, Fanout and Average Hierarchy Height, and how tracking them over time can help improve the quality of your codebase.
Cost: $500 (until April 26)
Register: On The DrupalCon Site

Where: Symfony Live Portland
Location: Portland, OR, USA
What: Cryptography For The Average Developer
Huh? I'll be giving my popular Cryptography talk again at Symfony Live.
Cost: $390 (Until April 26)
Register: On The Symfony Live Site

OR You can buy a combo ticket for both conferences (Symfony Live and DrupalCon) for just $600 from either registration page!

June 6 - 9:

Where: Dutch PHP Conference
Location: Amsterdam, NL
What: Code Review for Security Workshop
Huh? I will be leading a workshop intended to teach developers how to perform code review with security in mind. I'll be introducing some vulnerabilities and some of the methods that I use to find them while performing code reviews.
Cost: € 306
Register: On MyUpComing.nl

Where: Dutch PHP Conference
Location: Amsterdam, NL
What: PHP, Under The Hood
Huh? I'm going to be exploring PHP and how it works, by presenting PHPPHP, an implementation of PHP written in PHP itself.
Cost: € 306
Register: On MyUpComing.nl

OR You can buy a combo ticket to the workshop and the talk for € 550.

I hope to see you at one of these events!

Thursday, March 7, 2013

On "Wealth Inequality In America"

There's been a viral video that's been circulating the internet recently called Wealth Inequality In America. It's actually been published for quite some time, but it's crossed my plane of vision a few times in the past few days. While I don't believe that the content is wrong (in fact, it is actually quite right), I believe that the point the video makes and how it makes it are both misleading. The video tends to imply some nefarious plot to keep the poor down. But in reality, all it is showing is the natural tendency for any system of sufficient complexity to trend towards having a power-law distribution. 

Want to see something shocking? Let's run the same analysis against the top 50,000 websites on the internet, comparing the number of visitors each gets (as provided by Quantcast). When we run the numbers, we get some really interesting data points. In total, there were about 12 billion site-vistiors (since each visitor can be counted multiple times by different sites, that makes sense). Let's take a look at a graph of this data:


Now at first glance, it doesn't look like much. It could be anything. But let's zoom in a bit...
That looks surprisingly like the graph that was shown in the video. So let's not rely on looks, let's look at the numbers. The bottom 20%, makes less than 2% of the total traffic. The top 20% of websites account for 82% of the traffic on the internt. Taking it a step further, the top 1% of sites accounts for 42% of all traffic on the internet.

These numbers look shockingly like the ones from the video. But there's a very important difference. I've cut out a very large number of small sites, and only focused on the top 50k sites. If I included all sites (or the top 1 million sites, for example), the exact same thing would happen. The numbers may change slightly, but the shape and the effect will stay the same...

Power law graphs have a really interesting property: they have a fractal quality. That means that if you pick any sub-range of a graph, it will have the same basic shape as the main graph. Why is that important? Because once we realize that this is a power law graph, we don't need all the information. We know instantly that this sub-graph will have the same shape and behavior as the full graph.

So what does this tell us about the economy? The fact that the economy fits a power law graph shows us that it's operating properly. There's no conspiracy by the richest 1% to keep the other 99% down. Just like there's no conspiracy by the top 1% of websites to keep the other 99% down. The trends and actualities of the distribution of wealth is natural. 


We could conjecture for years about why this happens, and likely none of us would be right. But the point I want to make is that we need to get past this notion of fair and balanced. What makes a stable equilibrium? The video points out several "ideal distributions", but without explaining why or how they should be ideal. What are the forces that are supposed to keep income evenly distributed (or at least linearly distributed)? 


However there is another way of looking at it. Since the entire graph is fractal, that means that everyone on the list can get a significant gain from a small increase in position. Going from a position at 80% to 81% gives a 6% return. Going from 20% to 21% (bottom 20% up one slot) gives a 2.5% return. So what does that mean?

This power-law model favors those who try to advance themselves. By moving up a fairly small amount you can get good gains. The harder it is to move up (meaning that there are fewer people infront of you to pass), the more the gains that are available. It promotes growth by rewarding it significantly. It doesn't punish those in low positions, but instead it doesn't reward people who don't want to move up (advance)... Is that right? It depends on your priorities and sense of school-yard justice...

If you want to know more about power laws and networks, I HIGHLY recommend the book Linked: How Everything Is Connected to Everything Else and What It Means.

Wednesday, February 27, 2013

Musings And Inspirations

About three months ago I decided to start shooting videos teaching programming concepts to put on YouTube. When I first started it, I didn't think it would take off. In fact, I thought it'd be just another failed attempt at trying something new. But three months, 11 videos, nearly 700 subscribers, over 17,000 views and 1.5 man-months of viewership later, I can't really complain. I've missed a few videos over the past few weeks, and missed another one today. And I feel that you deserve to know why.

Tuesday, February 26, 2013

On Equality, Sexism and an Even Hand

Over the past 3 or 4 days there's been a huge upturn on Twitter and in the community bashing Web and PHP Magazine for giving away T-Shirts (and tweeting a photo) with a double-entendre at PHPUK. A lot of banter going back and forth from those like Cal Evans who went so far as to pledge never to go to another conference sponsored by the magazine, to Stefan Koopmanschap who basically thinks it's no big deal. (note: these are my interpretations from their posts). I think the whole thing has grown WAY out of proportion...

Wednesday, February 20, 2013

Design Patterns - Programming With Anthony

Today we are joined by open source contributor Larry Garfield. Larry introduces us to design patterns through his own unique style: Cooking With Crell. He introduces the concept of Design Patterns, goes through a few basic patterns and closes out with some pretty solid justification for why we should care. Check it out:

Tuesday, February 19, 2013

Preventing CSRF Attacks

There's been a bit of noise in the past week about the proper way to prevent Cross-Site-Request-Forgery (CSRF) attacks. It seemed to have started with this post. There's been discussion in the comments, and on Twitter about it, and there seems to be several opposing viewpoints on the matter. I want to start off by saying that I agree completely with the post in question. But I figured I'd write a post to explain WHY I agree with it.

Friday, January 25, 2013

Password Storage talk at PHP Benelux 13

Today, I'm doing a talk at PHP Benelux 13 on Password Storage and Attacking in PHP. Here are the slides for that talk, as well as the accompanying GitHub repo that I use throughout the talk. When the videos are posted, I'll make a followup post that links to it. Without rambling on further, click through for the links!

Wednesday, January 23, 2013

Mediators - Programming With Anthony

The Mediator Pattern is an extremely flexible and useful tool to help decouple your code and provide added flexibility in your applications. We'll explore the basic concept of a Mediator, some places you've used it and some things that you can do to improve upon the basic concept. Check out the video:

Friday, January 18, 2013

Promise for Clean Code

I first came across the concept of a Promise about 3 years ago. At the time I was working with jQuery and was rather put off by the concept. It wasn't that it wasn't useful, I just didn't understand it. Then, about a year ago the concept finally "clicked"... I refactored some existing applications and the reduction in code and simplicity of it all was breathtaking. But I never really appreciated the true power until I used them in PHP...

Wednesday, January 16, 2013

Iterators - Programming With Anthony

Today's Programming With Anthony video focuses on the concept of Iterators. We'll look at the abstraction that they represent, how they can be used and some of the benefits of using them. When used correctly, Iterators can lead to very efficient, flexible and clean code. Check out the video:

Wednesday, January 9, 2013

Dependency Injection - Programming With Anthony

This week, we're going to talk about the topic of Dependency Injection in Object oriented code (specifically PHP). You don't need a fancy container to do it, it's actually quite simple to do manually! Check out the video:

Monday, January 7, 2013

Don't Be Afraid To Be Silly

When was the last time you were silly? Well, more specifically, when was the last time that you wrote code that was downright silly? I'm not talking about writing code that's dirty, or hacking something together. I'm talking about writing code that you know before writing won't work, or is wrong or is just plain silly... I'm talking about the kind of code that you think that if you show other developers, they'll just sit back and go "Why the #@$% would you do that in the first place?"... Well, I do it quite often, and let me tell you why you should do it more as well!

Wednesday, January 2, 2013

JavaScript Closures - Programming With Anthony

In today's video, we're going to explore the concepts of closures in JavaScript and PHP. During this quick exploration, we'll talk a little bit about variable scope and the difference between scoping in JS and PHP. Check out the video: