I’ve never been a rock. I’m about as passionate as someone can be when I choose to do something. Unfortunately that means I tend to throw myself (my raw unadulterated self) at my interests. It’s just who I am and who I’ve always been. This has positives and negatives associated with it (especially from a personal perspective).

Throwing yourself at a passion has enormous benefits. You get a lot done, you can truly touch people’s lives. You can really change the world. But you also take on a lot of risk. Putting yourself out there is the easiest way to get burned. When you’re passionate, it’s hard to not take things emotionally. It’s hard to not care. After all, caring is where you draw your power from.

I have always been held up by those that I knew were rocks. I always leaned on people who I know weren’t just abiding a flight-of-fancy, but who could wear the tide. But what happens when you start to see those who you thought were rocks, falter…?

Recently, there has been a spout of attention about how to deal with eval(base64_decode("blah")); style attacks. A number of posts about “The Dreaded eval(base64_decode()) - And how to protect your site and visitors” have appeared lately. They have been suggesting how to mitigate the attacks. This is downright bad.

A few days ago, I wrote An Open Letter to PHP-FIG. Largely the feedback on it was positive, but not all. So I feel like I do have a few more things to say.

What follows is a collection of followups to specific points of contention raised about my post. I’m going to ignore the politics and any non-technical discussion here.

Dear PHP-FIG,

Please stop trying to solve generic problems. Solve the 50% problem, not the 99% problem.

Signed,

Anthony

PS:

…

Last weekend I gave the opening keynote at PHPNW14. The talk was recorded, and no, the video isn’t online yet. The basis of the talk was centered around community and how we can come together (and how we are drifting apart). But there was one point that I mentioned that I think requires further thought and discussion. And that point is that there is far less trolling going on than it may seem at first glance.

Over 1.5 years ago, I introduced PHPPHP to the world. It was the first implementation of the PHP language written in PHP itself. But PHPPHP suffered from a few problems which relegated it to toy status (such as performance). Today, I get to introduce you to another implementation of PHP, written in PHP. But this one is no toy. This one… This one is fun…

There is a lesson that I was taught many years ago that I think everybody who contributes to Open Source projects should learn. Back when I was a volunteer firefighter, I had a rather interesting conversation with one of our ex-chiefs. Let’s teleport back to when I was 21 years old.

As many of you likely know, I have a “thing” for password storage. I don’t know what it is about it, but it fascinates me. So I try to keep up as best as I can on the latest trends. In the past few years, we’ve seen the rise of a new algorithm called scrypt (it’s 5 years old actually). It’s gaining more and more adoption. But I don’t recommend its use in production systems for password storage. Let me explain why:

There’s been a lot of buzz in the community lately around PHP and its future. The vast majority of this buzz has been distinctly positive, which is awesome to hear. There’s been a lot of talk about PHP6 and what that might look like. There’s been a lot of questions around HHVM and its role in the future of the language and community. Well, let me share with you some of my thoughts in this space…

It’s that time of the year again. A time to look back on all that was accomplished in the previous year, and a time to look forward to all that can be accomplished next year. Once again, let’s look at what I was able to do this year: