Preventing Dependency Confusion in PHP with Composer
The problem boils down to companies referencing internal packages by name, e.g. "my-internal-package" and an attacker then publishing a package by the same name "my-internal-package" with a higher version number on the central registry / package repository for that language (for PHP that would be packagist.org). The companies then installed and ran these malicious packages instead of their internal packages because their package manager chose the higher version number from the default package repository over their internal repository.
The problem boils down to companies referencing internal packages by name, e.g. "my-internal-package" and an attacker then publishing a package by the same name "my-internal-package" with a higher version number on the central registry / package repository for that language (for PHP that would be packagist.org). The companies then installed and ran these malicious packages instead of their internal packages because their package manager chose the higher version number from the default package repository over their internal repository.
When to use empty in PHP? Iβd say never
I realized that I am very strict about the use of PHPs empty function in code review. There isnβt really any reason to use it in my opinion:
I realized that I am very strict about the use of PHPs empty function in code review. There isnβt really any reason to use it in my opinion:
Sell files online fast and easy
Want to sell e-books, PDF documents, audio/video files, or any other type of files? It is easy.
Just upload your file, get a short link, share it and make money. No monthly or hidden fees.
Want to sell e-books, PDF documents, audio/video files, or any other type of files? It is easy.
Just upload your file, get a short link, share it and make money. No monthly or hidden fees.
Testing HTTP Middleware in Laravel
Testing HTTP middleware in a Laravel app might look easy at first glance but can be surprisingly difficult to get right. There are many possible pitfalls. In this post, I want to show some of these pitfalls and what problems they can cause. Then, I will explain how I write tests for my custom middleware.
Testing HTTP middleware in a Laravel app might look easy at first glance but can be surprisingly difficult to get right. There are many possible pitfalls. In this post, I want to show some of these pitfalls and what problems they can cause. Then, I will explain how I write tests for my custom middleware.
Object Oriented Done Right
Alan Kay, the inventor of the term βobject-oriented programmingβ, told a story once during a talk more than 20 years ago. You can build a dog house using only a hammer, nails, planks, and just a little bit of skill. I figure even I would be able to build it given enough time. Once you've built it you've earned the skills and know-how, and could apply it to other projects. Next, you want to build a cathedral, using the same approach with your hammer, nails, and planks. It's a 100 times larger, but you've done this before β right? It'll only take a little longer.
Alan Kay, the inventor of the term βobject-oriented programmingβ, told a story once during a talk more than 20 years ago. You can build a dog house using only a hammer, nails, planks, and just a little bit of skill. I figure even I would be able to build it given enough time. Once you've built it you've earned the skills and know-how, and could apply it to other projects. Next, you want to build a cathedral, using the same approach with your hammer, nails, and planks. It's a 100 times larger, but you've done this before β right? It'll only take a little longer.
Modular Monolith: A Primer
Many years have passed since the rise of the popularity of microservice architecture and it is still one of the main topics discussed in the context of the system architecture. The popularity of cloud solutions, containerization and advanced tools supporting the development and maintenance of distributed systems (such as Kubernetes) is even more conducive to this phenomenon.
Observing what is happening in the community, companies and during conversations with programmers, it can be concluded that most of the new projects are implemented using the microservice architecture. Moreover, some legacy systems are also moving towards this approach.
Many years have passed since the rise of the popularity of microservice architecture and it is still one of the main topics discussed in the context of the system architecture. The popularity of cloud solutions, containerization and advanced tools supporting the development and maintenance of distributed systems (such as Kubernetes) is even more conducive to this phenomenon.
Observing what is happening in the community, companies and during conversations with programmers, it can be concluded that most of the new projects are implemented using the microservice architecture. Moreover, some legacy systems are also moving towards this approach.
Unit testing tips by examples in PHP
In these times, the benefits of writing unit tests are huge. I think that most of the recently started projects contain any unit tests. In enterprise applications with a lot of business logic, unit tests are the most important tests, because they are fast and can us instantly assure that our implementation is correct. However, I often see a problem with good tests in projects, though these tests' benefits are only huge when you have good unit tests. So in these examples, I will try to share some tips on what to do to write good unit tests.
In these times, the benefits of writing unit tests are huge. I think that most of the recently started projects contain any unit tests. In enterprise applications with a lot of business logic, unit tests are the most important tests, because they are fast and can us instantly assure that our implementation is correct. However, I often see a problem with good tests in projects, though these tests' benefits are only huge when you have good unit tests. So in these examples, I will try to share some tips on what to do to write good unit tests.
Character escape sequences and numeric notations in PHP
Many modern programming languages support various way to use various characters such as simple English Latin characters, numbers, symbols, Emojis, and various special characters such as a new line or a tab character.
Many modern programming languages support various way to use various characters such as simple English Latin characters, numbers, symbols, Emojis, and various special characters such as a new line or a tab character.
ββDoes it belong in the application or domain layer?
If you're one of those people who make a separation between an application and a domain layer in their code base (like I do), then a question you'll often have is: does this service go in the application or in the domain layer? It sometimes makes you wonder if the distinction between these layers is superficial after all. I'm not going to write again about what the layers mean, but here is how I decide if a service goes into Application or Domain
If you're one of those people who make a separation between an application and a domain layer in their code base (like I do), then a question you'll often have is: does this service go in the application or in the domain layer? It sometimes makes you wonder if the distinction between these layers is superficial after all. I'm not going to write again about what the layers mean, but here is how I decide if a service goes into Application or Domain
Setup Step Debugging in PHP with Xdebug 3 and Docker Compose
In versions of Xdebug before version 3 setting up step debugging for code inside Docker containers has often been challenging to say the least. However, in version 3 itβs become almost trivial. In this short tutorial, Iβll step you through what you need to do, regardless of the (supported) text editor or IDE youβre using.
In versions of Xdebug before version 3 setting up step debugging for code inside Docker containers has often been challenging to say the least. However, in version 3 itβs become almost trivial. In this short tutorial, Iβll step you through what you need to do, regardless of the (supported) text editor or IDE youβre using.
ββ100ms -> 40ms -> 1ms: Maximizing response caching in Laravel
How to take (some) response times from 100ms to 40ms to 1ms.
How to take (some) response times from 100ms to 40ms to 1ms.
Unit testing tips by examples in PHP
In these times, the benefits of writing unit tests are huge. I think that most of the recently started projects contain any unit tests. In enterprise applications with a lot of business logic, unit tests are the most important tests, because they are fast and can us instantly assure that our implementation is correct. However, I often see a problem with good tests in projects, though these tests' benefits are only huge when you have good unit tests. So in these examples, I will try to share some tips on what to do to write good unit tests.
In these times, the benefits of writing unit tests are huge. I think that most of the recently started projects contain any unit tests. In enterprise applications with a lot of business logic, unit tests are the most important tests, because they are fast and can us instantly assure that our implementation is correct. However, I often see a problem with good tests in projects, though these tests' benefits are only huge when you have good unit tests. So in these examples, I will try to share some tips on what to do to write good unit tests.
ββData Transfer Object V3 Modernizes DTOs With PHP 8 Features
Spatie's Data Transfer Object (DTO) package makes constructing objects from arrays a breeze, giving you confidence in the data contained therein. I've been a fan of this package since learning about the initial V1 release, and I hope you'll consider this package for passing around data in your application.
Spatie's Data Transfer Object (DTO) package makes constructing objects from arrays a breeze, giving you confidence in the data contained therein. I've been a fan of this package since learning about the initial V1 release, and I hope you'll consider this package for passing around data in your application.
Do not mock what you do not own
Web applications typically process HTTP requests. Commonly, objects are used to encapsulate request data. Depending on the framework, we may have an interface such as...
Web applications typically process HTTP requests. Commonly, objects are used to encapsulate request data. Depending on the framework, we may have an interface such as...
ββUpgrading a Project to PHP 8.0
This article is not about new features or comparative tests; first, we need to update the project to make it compatible with PHP 8.
Today, we are going to draw up a plan for the update and discuss the key potential difficulties based on the example of updating a large project from PHP 7.4 to 8.0. Most of the steps will also be helpful when planning an upgrade from earlier versions.
This article is not about new features or comparative tests; first, we need to update the project to make it compatible with PHP 8.
Today, we are going to draw up a plan for the update and discuss the key potential difficulties based on the example of updating a large project from PHP 7.4 to 8.0. Most of the steps will also be helpful when planning an upgrade from earlier versions.
ββWhy GraphQL is Taking Over APIs
A few years ago, I managed a team at DocuSign that was tasked with re-writing the main DocuSign web app which was used by tens of millions of users. The APIs didnβt exist yet to support our new shiny front-end app because since the beginning the web app was a .NET monolith. The API team in Seattle was taking the monolith apart and exposing RESTful APIs slowly. This API team consisted of just two engineers and had a release cycle of one month. Our front-end team in San Francisco released every week. The API team release cycle was so long because a lot of (almost all) the functionality had to be tested manually.
A few years ago, I managed a team at DocuSign that was tasked with re-writing the main DocuSign web app which was used by tens of millions of users. The APIs didnβt exist yet to support our new shiny front-end app because since the beginning the web app was a .NET monolith. The API team in Seattle was taking the monolith apart and exposing RESTful APIs slowly. This API team consisted of just two engineers and had a release cycle of one month. Our front-end team in San Francisco released every week. The API team release cycle was so long because a lot of (almost all) the functionality had to be tested manually.
Contract Tests
There is more to the contract of an interface than just the methods it provides. All implementation of this interface actually need to behave consistently in the same situations. This post shows a way how we can test for this.
There is more to the contract of an interface than just the methods it provides. All implementation of this interface actually need to behave consistently in the same situations. This post shows a way how we can test for this.
Back the func off, this is my abstraction!
Integrating services over API's exposes your application to a range of possible failures. At scale, any network interaction can and will fail. Implementing a retry mechanism is a common approach to increase fault tolerance. Taking into account how systems fail when designing software can greatly improve the quality of your code. In this blogpost I'd like to show how I approach these kinds of problems.
Integrating services over API's exposes your application to a range of possible failures. At scale, any network interaction can and will fail. Implementing a retry mechanism is a common approach to increase fault tolerance. Taking into account how systems fail when designing software can greatly improve the quality of your code. In this blogpost I'd like to show how I approach these kinds of problems.
Object Oriented Done Right
Alan Kay, the inventor of the term βobject-oriented programmingβ, told a story once during a talk more than 20 years ago. You can build a dog house using only a hammer, nails, planks, and just a little bit of skill. I figure even I would be able to build it given enough time. Once you've built it you've earned the skills and know-how, and could apply it to other projects. Next, you want to build a cathedral, using the same approach with your hammer, nails, and planks. It's a 100 times larger, but you've done this before β right? It'll only take a little longer.
Alan Kay, the inventor of the term βobject-oriented programmingβ, told a story once during a talk more than 20 years ago. You can build a dog house using only a hammer, nails, planks, and just a little bit of skill. I figure even I would be able to build it given enough time. Once you've built it you've earned the skills and know-how, and could apply it to other projects. Next, you want to build a cathedral, using the same approach with your hammer, nails, and planks. It's a 100 times larger, but you've done this before β right? It'll only take a little longer.
Roadmap to learn Software Design
I have been planning to learn Software Design for a quite a while now but I always ended up finding some other fancy topic. You can be a software engineer with years of experience and still do fine without delving into the meat of Software design but the perks of understanding this complex process are unfathomable.
I have been planning to learn Software Design for a quite a while now but I always ended up finding some other fancy topic. You can be a software engineer with years of experience and still do fine without delving into the meat of Software design but the perks of understanding this complex process are unfathomable.