PHP Next Generation

The PHP Group has put up a post about the future of PHP. They say, ‘Over the last year, some research into the possibility of introducing JIT compilation capabilities to PHP has been conducted. During this research, the realization was made that in order to achieve optimal performance from PHP, some internal API’s should be changed. This necessitated the birth of the phpng branch, initially authored by Dmitry Stogov, Xinchen Hui, and Nikita Popov. This branch does not include JIT capabilities, but rather seeks to solve those problems that prohibit the current, and any future implementation of a JIT capable executor achieving optimal performance by improving memory usage and cleaning up some core API’s. By making these improvements, the phpng branch gives us a considerable performance gain in real world applications, for example a 20% increase in throughput for WordPress. The door may well now be open for a JIT capable compiler that can perform as we expect, but it’s necessary to say that these changes stand strong on their own, without requiring a JIT capable compiler in the future to validate them.’

Lunch 2.0 with Bing!

Well, it’s official. The folks over at SHIFT Communications, especially Marie Williams and team, have done it again… Done what you ask? Well, I’ll tell you — they have thrown a wonderful get together known to Bay Area folks fondly as Lunch 2.0. It was over at Powerset’s sweet office and was a wonderful chance to meet the Bing team. Not only did they have some amazingly tasty grub, as well as some great beer and other non-alcoholic beverages (for those got to go back to the office types), but they also had a stellar collection of Bing swag (like these ultra-nice beanies) to take home for a warm fall day in San Francisco.

I can’t wait to see some of the photos taken by non-other than the world infamous and elusive PHP terrorist. Until the next the Lunch 2.0 color me satisfied!

Microsoft Bing Party | Web 2.0 Summit 2009 | ZendCon 2009 | Ruby Skye

So, Microsoft Bing had a huge party at San Francisco’s famed venue, Ruby Skye. Some of us, from the PHP Community were fortunate enough; to attend this exclusive party…  and as if that wasn’t enough in and of it’s self. Josh Holmes, and John Coggeshall thought hey, I have an idea –  (let’s take this pilgrimage from “ZendCon 2009” in San Jose, to the “Microsoft’s Bing” party in San Francisco, to the next level) let’s go ahead and hire a Party bus… yeah that sounds like a great idea! So, in true geek fashion about 34 fortunate souls, piled on a Party bus destined for San Francisco, oh and did I forget to mention that John Coggeshall and Scott MacVicar (in true Scottish fashion, no, no really I kid you not) decided that a regular old Party bus just could not be enough so they stocked that bad boy… with roughly, $150.00 dollars worth of liquor! It was a great party and Microsoft was gracious enough to provide a copy of “Windows 7 Ultimate” to all attendees…. sweet!

Monitoring Gearman over Telnet port 4730

So, the only way to monitor the Gearman daemon is via telnet to port 4730.

The current monitoring supported commands are really fairly basic.

I could not locate any documentation on the support commands so had to, “literally look at the code to figure out the supported commands” (the below command documentation is copied from the comments in code).

Note: There are plans to include more set of commands in the next release.

Command: STATUS

The output format of this function is tab separated columns as follows, followed by a line consisting of a full stop and a newline (”.n”) to indicate the end of output, below are the columns shown:

– Function name : A string denoting the name of the function of the job
– Number in queue : A positive integer indicating the total number of jobs for this function in the queue. This includes currently running ones as well (next column)
– Number of jobs running : A positive integer showing how many jobs of this function are currently running
– Number of capable workers : A positive integer denoting the maximum possible count of workers that could be doing this job. Though they may not all be working on it due to other tasks holding them busy.

Notification    1    0    1
GroupNews    2    1    1

Command : WORKERS

This command show the details of various clients registered with the “gearmand” server. For each worker it shows the following info:

– Peer IP: Client remote host
 Client ID: Unique ID assigned to client
– Functions: List of functions this client has registered for.

12 :: – : Notification
11 :: – : GroupNews

Any other command text throws a error “ERR unknown_command Unknown+server+command”

Here is a simple PHP class, to get the output of the two currently supported monitoring commands:

GearmanTelnet.php (GitHub)

Join the PHP Evangelism Team

As, fellow members of the PHP Development Team we are all called to be developer evangelists to the PHP Community.

So, what is our cause, our reason for being… how are we trying to change the “Web 2.0″ world?

The goal of the PHP Evangelism Team is to bring together the right people, resources and experience from across the PHP Community to provide developers with the process guidance and best practices needed to create new opportunities for the web.

We also ensure the various PHP User Groups, get adequate support – as well, as publicize PHP related events.

Patrick Reilly
PHP Evangelism Team

To subscribe send a blank email message to: or, use the Mailing Lists page on

Also, you can show your support for our collective efforts by joining the group on Facebook.

php|works is now over – back to work

Well, it started off a little weird – Paul Reinheimer was a total tard to me (just kidding man – glad we worked through that stuff). Note: Should totally learn to speak Canadian one of these days… maybe Sean Coates offers a small course to those south of the Canucks’ border.

Chris Shiflett’s keynote, “PHP 4 is dead! Migrate your code” was short but, sweet – although I think Shiflett’s Mom was a bit confused by it. [ But, I am sure she was proud of her little baby. ;-) ] But, to be totally honest the nightmare that night wasn’t cool – the image of Wez Furlong as a zombie was hard to shake and that crazy White Russian with the Edward scissor hand action was a bit hard to handle as well.

Terry Chay did such a wonderful job with his, “Finding Art in the Software Architecture” talk it really isn’t funny – he so reminds me of a young Guy Kawasaki (no offense Guy…). I really felt that it would have been better suited as a keynote. It didn’t really have much technical content unless you count the fact that he provided a description of viral growth using the exponential function  !, x(t)=x_0 e^{kt} — (e.g., exponential growth…). Not bad for a south bay kid with a masters degree in something like Theoretical Particle Physics from University of Illinois.

LHB got to have a little East Coast festive occasion at a nice little spot conveniently located in mid-town Atlanta called Sutra Lounge — we now have an additional sixteen or so Andrei Zmievski and random unicode fan photos to post (stay tuned).

In closing, the final keynote was a cool concept – nicely executed – hope Paul/Sean still have a job… when they get home.

All I can say is good work to the entire php | architect crew… it was a good educational event for all in attendance. Looking forward to their spring conference – if you missed this one you totally owe it to yourself to attend their spring conference in Chicago.

ZendCon Unconference Chairperson for 2007 Is…

You my friend are now an active participant! Let’s get those ideas out of the hallway and back into the meeting room…. welcome to our first annual ZendCon Unconference. If you are sick of being just another person in the audience, today’s your day, you just earned a promotion.

Together we can choose topics of interest and utilize the mountains of expertise available in the room. Everyone is able to be a source and share their unique experiences with fellow PHP developers – you all can and will be called on to share.

So, I guess congratulations are in order, you are indeed our next esteemed speaker – and yes you will be called on, so make sure you don’t fall asleep or daydream……

Zend Framework 1.0.0 Production Released

Zend Framework is now the best class library available for PHP 5 web application development. It is an open source project that provides solutions to solve frequent needs of web application developers, including the following areas: Powerful MVC, Database access solutions, Advanced I18N support, Robust authentication/authorization, and many more.

My new company OmniTI

OmniTI, employer of several active members of the PHP community including Chris ShiflettGeorge SchlossnagleTheo SchlossnagleWez Furlong, and Laura Thomson.

I’m very excited to announce that I am a new addition to OmniTI and get to work with some of the smartest and friendliest people around.

The combination of working with super smart people and getting to work on super cool and important stuff is a lot of fun.

Last day at Schematic

Today was my last day working for Schematic as an employee.

I look forward to a new day… with a new set of challenges.

To everyone at Schematic; I wish you the best and appreciate the opportunities that I was giving duing my time with you.

Congratulations! I have been accepted as a presenter…

I have been accepted as a presenter for
the O’Reilly Open Source Convention 2007 at the
Oregon Convention Center, July 23, 2007 – July 27, 2007.

The following has been accepted as a session for the event:

“Improving Performance by Profiling PHP Applications”

They are still building the program and so will be determining final session
date and time shortly.
Also, the program schedule is subject to change.

Zend Framework Project Teams Need You

Most components and subprojects need volunteers to help with documentation, unit test coverage, code reviews, improving integration with other ZF components, and enhancing architecture and design for the purpose of improving extensibility and ease of use with new components. If you see a subject area or component that interests you, please contact any project members currently associated with the component.

Read the license

The license is BSD-based. It can be found here.
Sign the Contributor License Agreement (CLA)

To contribute source code or documentation at any level (from a few lines, to a patch, to a proposal, to an entirely new component), you must first sign the Contributor License Agreement. This will also give you access to become a developer in the issue tracking system and the developer’s wiki.

CLA signers who also establish a wiki account on this website will be listed on our Project Teams page.
Thus, others will know who to accept code contributions from and who they can work with in drafting proposals.

Subscribe to the appropriate mailing lists

Please join the Zend Framework community by subscribing to the mailing lists that interest you, using the e-mail account you wish to send messages from.

Why PHP?

So, yesterday after reading Ben Ramsey’s post, “Business Case for PHP” I decided to join Stuart Herbert ’s Google Group for developing a business case for PHP.

I am very interested in the outcome of the group’s research:

* Concerns about PHP being open-source
* Security concerns about PHP itself
* Security concerns about software written in PHP
* Performance and scalability
* Finding credible case studies / references for vertical markets
(e.g., insurance, health, finance, etc.)
What do you want to see the business case cover?
Join the, “Why PHP?” – Google Group today!

March To Be Month of PHP Bugs (Bring It On)

During Stefan Esser’s interview with SecurityFocus he announced the upcoming Month of PHP bugs initiative in March.


“The Month of PHP bugs will take place in March 2007. Its goal is to make people and especially the PHP developers aware that bugs in PHP exist. While this sounds obvious for everyone on the outside, it is actually required. PHP has a very bad reputation when it comes to security, which is mostly caused by all the advisories about security holes in PHP applications. For some of the reported bug classes like SQL injection and XSS, this is quite unfair, because those can happen in any language. But Remote File Inclusions, vulnerabilities due to register_globals or other problems within the PHP engine (e.g. zend_hash_del_key_or_index bug) are fully to blame on the PHP language. Unfortunately this kind of thinking is not appreciated by the PHP developers and they continue to claim that PHP is not worse than other languages, and that only badly written PHP applications are the problem. The Month of PHP bugs will show however that a lot of bugs in PHP’s own source code exist.

We will disclose different types of bugs, mainly buffer overflows or double free(/destruction) vulnerabilities, some only local, but some remotely trigger-able (for example, because they are in functions usually exposed to user input). Additionally there are some trivial bypass vulnerabilities in PHP’s own protection features. Only holes within the code shipped with the default distribution of PHP will be disclosed. That means we will not disclose holes in extensions that only exist in PECL, while we are sure that those contain vulnerabilities, too. Most of the holes were previously disclosed to the vendor, but not all.

As a vulnerability reporter you feel kinda puzzled how people among the PHP Security Response Team can claim in public that they do not know about any security vulnerability in PHP, when you disclosed about 20 holes to them in the two weeks before. At this point you stop bothering whether anyone considers the disclosure of unreported vulnerabilities unethical. Additionally a few of the reported bugs have been known for years among the PHP developers and will most probably never be fixed. In total we have more than 31 bugs to disclose, and therefore there will be days when more than one vulnerability will be disclosed.”

As, Ilia Alshanetsky notes, “It would be interesting to see what issues he discovers, hopefully most of them have already been reported to the PHP Security Team, in which case the upcoming 5.2.1 release will provide a resolution path for affected users.”

He also notes, “I have to look at this as a free security audit of PHP by someone with a clue about security and ultimately, in the long run it will only make PHP better, even if March is going to be rather busy…”.

I couldn’t agree more with Ilia…. I want to see what he really discovers. ;-)

Zend Framework Preview 0.7.0

Zend Framework is a simple, straightforward, open-source software framework for PHP 5 designed to eliminate the tedious details of coding and let you focus on the big picture. Its strength is in its highly-modular MVC design, making your code more reusable and easier to maintain. Although it’s currently in preview release, take a look—you may be surprised.

The Zend Framework community has released the 0.7.0 Preview Release.
This release showcases the latest developed classes to support Localization (L10N) and Internationalization (I18N).
This makes it easy to develop world-class PHP applications; here at Schematic.

More details:

  • Locale-management component
  • Locale-aware Date parsing and formatting class
  • New translation-management component with gettext support
  • Comprehensive class for working with measurements and conversions
  • New prototype class for filtering and validation parameters
  • New class for managing memory usage in PHP applications
  • Many other improvements in current components such as MVC, SessionGdataHTTP Client, SearchXmlRpc, and others
  • Many other enhancements to test suites and documentation.

Download Zend Framework Preview 0.7.0!

My New Gig

How come I’m not blogging lately?

Typical reasons, ranging from lots of travel, to project work.

But there is one reason that might stand out: I’m starting with a new company.

I have accepted the position of Senior Architect, Open Source Platforms Group at Schematic, Inc.

PHP Security Expert Resigns

“PHP security holes have a name — quite often it was Stefan Esser who found and reported them. Now Esser has quit the PHP security team. He feels that his attempt to make PHP safer “from the inside” is futile. Basic security issues are not addressed sufficiently by the developers. Zeev Suraski, Zend’s CTO of course disagrees and urges Stefan to work with the PHP development team instead of working against it. But given the number of remote code execution holes in PHP apps this year, Esser might have a point. And he plans to continue his quest for security holes in PHP. Only that from now on, he will publish them after reasonable time — regardless if a patch is available or not.”

Zeev Suraski wrote in to protest: “I’m quoted as if I ‘point fingers at inexperienced developers,’ and of course, there’s no link to that — because it’s not true! The two issues — security problems in Web apps written in PHP, and security problems in PHP itself — are two distinct issues. Nobody, including myself, is saying that there are no security problems in PHP — not unlike pretty much any other piece of software. Nobody, I think, argues the fact that there have been many more security problems at the application level, then there were at the language level. I never replied to Stefan’s accusations of security problems in PHP saying ‘that’s bull, it’s all the developers’ fault,’ and I have no intention to do it in the future.”