The PHP development team would like to announce the immediate availability of PHP 5.2.14. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. This release marks the end of the active support for PHP 5.2. Following this release the PHP 5.2 series will receive no further active bug maintenance. Security fixes for PHP 5.2 might be published on a case by cases basis. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.Security Enhancements and Fixes in PHP 5.2.14:Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs.Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().Fixed a possible memory corruption in substr_replace().Fixed SplObjectStorage unserialization problems (CVE-2010-2225).Fixed a possible stack exaustion inside fnmatch().Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).Fixed handling of session variable serialization on certain prefix characters.Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.Key enhancements in PHP 5.2.14 include:Upgraded bundled PCRE to version 8.02.Updated timezone database to version 2010.5.Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).Fixed bug #52237 (Crash when passing the reference of the property of a non-object).Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).Fixed bug #51822 (Segfault with strange __destruct() for static class variables).Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues).Fixed bug #49267 (Linking fails for iconv on MacOS: "Undefined symbols: _libiconv").To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a migration guide available on http://php.net/migration53, details the changes between PHP 5.2 and PHP 5.3.For a full list of changes in PHP 5.2.14 see the ChangeLog at http://www.php.net/ChangeLog-5.php#5.2.14.

indieconf – the conference for independent web professionals – is now open for registation.

What is indieconf? It’s a conference that brings together the topics that affect freelance web people with experts who’ve been there and done that.  I’ve attended a number of tech/web conferences over the past 12 years or so, and while they’ve all been ‘good’, there’s usually very little in the way of information that helps me in the business side of my work.  As an independent, there’s questions about bookkeeping, outsourcing, legal issues, time management, billing, sales and marketing, and more that don’t typically get addressed at the typical tech conference.  And at ‘small business’ events (conferences, networking meetings, etc), there tend to be very few ‘web geeks’ who speak my own language and understand the particular challenges that I face.

So, from that quandary, indieconf was born.

I’ve been contemplating this for a while, focused the idea some, and have been working for the past 6 weeks organizing a core set of speakers/sessions, location, paperwork, and more ‘stuff’ that goes on with a conference.  I’m not even half done, but have been having a great time so far.  I think we’ve got a pretty solid line up of speakers and sessions so far, although we’ve got room for a few more (planning between 15 and 18, and we’ve got about 9 or 10 nailed down).

One of the things I’ve tried to do with this is to get speakers from outside the Raleigh area.  Right now we’ve got speakers from California, Texas and Pennsylvania as well as the Raleigh area and the Carolina coast.  Even people who’ve been to many local or regional events in the NC area likely won’t have crossed paths with all of these speakers, which I hope is seen as a good thing (I think it is!).

So whether you’re a PHP guru just starting out freelancing, a PSD master who’s been at it for years, or someone just considering getting in to the world of freelance web work, I think indieconf will have something for you.  With that said, what are some other types of sessions/info you’d like to get out of a conference like this?  I’ve got some more topics planned based on early feedback from people, and would like to take on a bit more before making more decisions.

I look forward to seeing you in Raleigh this November at indieconf!

WonderProxy is proud to present Where’s it Up?, a new tool to help system administrators determine whether or not their site is up from around the world. The tool accepts a URL, and allows you to select global locations. It then attempts to connect to the given server and issue a HEAD request from the global locations you selected, and reports the results.

Key Features

• Servers around the world
• Local DNS resolution on each server
• Reports IP and timing information
• Follows a reasonable number of redirects

Key Technology

• Curl
• PHP with pecl_http
• Memcached
• Gearman
• Supervisord

How it Works

Building a reasonably robust application was trivial, thanks to being able to leverage the great technology built by others. When a request is received, an intermediate script does some basic checking, then passes off a number of jobs to Gearman (one per location requested), the job ID is handed back to the user and results will be displayed via ajax. In the background Supervisord keeps five workers running all the time, they basically spin waiting for new work. When a job arrives they first check to see if there’s a recently cached result in memcached. Failing that an SSH tunnel is used to connect to the requested server, the request is issued with curl, and the results parsed. This result information is pushed into memcached.

On the client side, requests are made back to the server including the job id, and already obtained results. New results are handed off as they become available.

The system also uses memcached to throttle incoming requests from a given IP based on the example given by Simon Willison. In this case I’m actually using Swatch Beat time to manage the count; the edge case over midnight is quite easy.

Gearman is helpful in this case for three reasons: it provides great separation between the client requesting the work, and the workers actually completing it. It also trivially allows for multiple workers to be used in the resolution of requests. Finally, it provides a very effective work queue; when the site is under heavy load it will just take a bit longer to resolve requests. A small side benefit is the ability to pull down all the workers, update the worker script, then restart them, all without affecting the jobs in queue (except for the momentary delay).

Memcached is helpful as it’s a quick place to store the values that handles expiry for me automagically. In this particular case, as there’s a single server involved, something like APC would provider a thinner solution, however I have a lot of experience building apps with Memcached as a storage engine, and not much using APC.

Supervisord is helpful as it keeps the workers running, starts them up after they crash (hasn’t happened yet) and on machine boot. The dæmonize your PHP post by Sean Coates was incredibly helpful in getting this going.

SSH is helpful as it allows us to display accurate timing information from that machine to the requested location. We could use our own proxies directly, but then we're dealing with the time to connect from Washington -> Sydney -> Your website. That extra bit of math in the middle is only moderately tricky, but more importantly: inconsistent. The tunnel lets us execute the commands directly on the remote server.

Why we built it

We've used tools in the past that allow us to quickly check if a site is up or down. They're nifty, but these days many sites are using anycast DNS to publish different IPs globally, with multiple servers and multiple data centers. Simple tools simply aren't able to adequately express whether or not a site is up, or down. By leveraging the network of servers we already had, building a more advanced and complete tool was easy.

It is with a certain amount of pride that I announce the release of Graphr (iTunes link), my new iPhone app that allows you to copy and paste special characters like ☺, ⌘ and ✈ directly into any iOS app that supports text, including Mail, Twitter and Safari (or even the OS itself, if you want to create fancypants folders). Simply launch it, choose one of the eighty symbols it supports and then paste it directly into your favourite app using iOS’s copy-and-paste feature. Because it’s an iOS 4 app with minimal memory footprint, you can switch in and out of it in a heartbeat, making it the perfect companion for your day-to-day device usage.

Graphr also learns which symbols you use most often and moves them to a location that is more readily accessible so that they become easier to find. As you use the app, you will notice that your favourite characters will slowly move towards the top-left corner of the screen (note that it takes a while for the algorithm to kick in). Plus, it’s iPhone 4-compatible, taking advantage of that device’s Retina Screen with high-resolution graphics for its button frames and text.

Why Graphr?

Graphr is an app that I have wanted for a long time. Unicode characters are handy for a number of reasons; first, they are there: most OSs support them, so I don’t see why we shouldn’t be able to use them on iOS the way we do on other platforms. Plus, they are succinct: writing “YYZ✈MCO” is just as clear as “I’m flying from Toronto to Orlando” in Twitter parlance, but only requires seven characters. And those “I ♥ You” e-mails, while corny, always impress!

Graphr is inspired by GlyphBoard, a web-based Unicode symbol picker that features a great concept but that is ultimately impractical for everyday use, mostly because switching back and forth between Safari and any other app (including other Safari windows) takes too much time. By writing a native iOS 4 app and supporting fast switching, however, I can keep Graphr loaded and switch back-and-forth between it and other apps very quickly, thus making it almost an extension of the built-in keyboard. The app doesn’t support anything before iOS 4, because, frankly, the usage experience would be abysmal—can you imagine quitting your apps, launching Graphr, copying a character and then relaunching your other app on older iOS versions? Besides, GlyphBoard already does as good a job of that as possible under the circumstances.

Why not more features?

Graphr is the app I wanted to build—in fact, it didn’t even occur to me to release it to the public until after it was pretty much finished. Even though it doesn’t necessarily look like one, it’s pretty much built like a keyboard and, therefore, must be as simple and intuitive to use as one. And so it is: launch it, click on a button, and you’re done. There are no secret handshakes, no settings, no geeky character tables or codes. The app tries to learn how you use it and adapt to your specific needs rather than asking you to “tell it” something you may not even be aware of.

This is not to say that there are no features to add. For example, the app is built for right-handed users, a “leftie mode” that pushes popular symbols to the top-right corner instead of the top-left corner would be useful. Likewise, the symbols that the app supports are based on a thoroughly unscientific survey of web pages and tweets with some biases thrown in for good measure, which may or may reflect reality for everyone else.

Also, unlike Glyphboard, Graphr doesn’t allow you to copy more than one symbol into the pasteboard at a time. I considered this feature (obviously—it was staring right at me), but ultimately decided that having more characters and a simpler look was more important.

Why free?

Graphr is completely free, although it features iAd ads. This is not because I think the app is cheap or useless—quite the contrary. First, it’s an app that provides value over time; therefore, asking people to pay upfront doesn’t reflect the return that they will get out of it. With iAd, if you load the app and only use it once or twice, I will maybe make a few cents from showing you a couple of ads. If, on the other hand, you become a regular user, I’ll make more revenue over time. Of course, people are also going to be more likely to try out a free app, which doesn’t hurt, either.

Incidentally, I could have made the same decision for some of my other apps, but, well, iAd simply wasn’t available when I developed them, and I

Truncated by Planet PHP, read more at the original (another 539 bytes)

I’ve had landline phone service all my life.  I’ve had cell phones for a long time, and Vonage for about 6 years.  Even with Vonage and cell pones, I’d never brought myself to get rid of the landline.  Rationalizing it was not too hard – we occasionally get power outages as well as internet outages, so having a stable line would be at least moderately useful for these minor occasions.  However, the monthly bill got landline service seemed to go up continually each month, regardless of how little we used it each month.

A few months ago the bill started going over $50/month, and this is for *nearly* no bells and whistles – no voicemail, no ‘warranty’ on the line.  Wait, I tell a lie – we had an ‘international calling plan’ package, so that when we called my wife’s family overseas it would only cost 10 cents per minute instead of $1.25 (approx).  That said, we still rarely used the thing.  The base rate was a bit over $30/month, and taxes/fees – even if we made no calls at all, added another $16/month – > 50% tax/fee rate, basically.  So keeping a solid phone connection to the house was $46/month before *using* the stupid thing.

A few years back the taxes seemed lower – I would swear total fees before making any calls was below $40 back in 2006.  I may fish out an old bill and compare if I can find one.  In any event, when bills for minimal usage started creeping over $50, I’d had enough.  We already have a Vonage line, so I looked to port over the existing number (which many of my wife’s customers have used for years) to our Vonage box, and – great! – it was possible. The process took almost two weeks, and the service was working before we were actually notified by email that it was working, but it was fairly seamless all in all.

So, now I’ve come kicking and screaming in to the ‘no land line’ age, and it feels a bit odd.  What was funny, though, is when I called to cancel service.  The *2nd* option on the provider’s phone tree was ‘If you’re calling to cancel your service, press 2′.  *2*!  They must be losing customers right and left.  While I’m paying some taxes via Vonage, I suspect it’s only a few years before we start seeing punishing taxes applied to VOIP systems to make up for lost revenue from land lines.  If the govt was recouping $192/year from me via landlines, and might only be collecting half that from Vonage tax collection.

Scratch that – nope.  They’re still collecting around $16/month from me in taxes already.  My minimum monthly Vonage bill is now $42.94.  Hrmm…. So… I’ve sort of traded one price point for another.  And actually, there’s another $5 on top of that because we have an incoming virtual number from the UK.  So… $47.93 minimum.  About the same as the CenturyLink line we had before.  So why cancel?

Vonage is giving us much more.  Unlimited calling, which many US-based VOIP providers also offer, but *every single ad* I hear/see from TWC, CenturyLink, etc – all focused on ‘unlimited calling in the US!’.  I couldn’t care less, as half my family is overseas – UK and Australia – as are many of my wife’s customers.  Vonage gives free calling to Australia and most of Europe in that $24.99.  We pay $5 month for a UK line which rings in to us for that flat $5, and allows most of her UK customers to call for the price of a local call in the UK.  Voicemail calls transcribed and sent to email for free.  And… a web interface to manage it all.  CenturyLink and other traditional landline monopolies have a long way to go to catch up to the value provided by Vonage.  If we got a Vonage program *just* for the amount of calls we make in the US, and didn’t have international needs, we’d at least $20 off that $47, so, we’d probably be paying $25/month.  And the ability to physically take the phone number (via the physical box) with you around wherever you travel is pretty nice (though I’ve only done it once).

Before Vonage, even using landline ‘calling plans’ to get international calls down to a few cents per minute, our bills were easily over $100/month, sometimes $150.  Now with Vonage, two lines, a third incoming number, and *more* calling than we used to do, $55/month is about average.  *Huge* savings, and more convenience.  Can’t ask for much more, can you?

That’s my rant.  Glad I did those numbers.  It wasn’t specifically the $50/month that was necessarily upsetting, but given how little value we were getting for that $50, that was the breaking point.

What is Hadoop?

Apache Hadoop is a Java-Framework for large-scale distributed batch processing infrastructure which runs on standard computers. The biggest advantage is the ability to scale to hundreds or thousands of computers. Hadoop is designed to efficiently distribute and handle large amounts of work across a set of machines. When I speak of very large amounts of data, in this case I mean hundreds of Giga-, Tera- or Peta-Bytes. There is not enough space for such an amount of data on a single node. Therefore, there is a separate "Hadoop Distributed File Systems (HDFS)" which splits data into many smaller parts and distributes each part redundantly across multiple nodes. Hadoop can handle lower amounts of data and is even able to run on a single computer, but it is not particularly efficient because of the resulting overhead. There are better alternatives like Gearman in such a case.

A Hadoop-Cluster often consists of thousands of nodes whereof errors are a daily occurrence. Therefore, it has a high degree of fault tolerance to correct failures as quickly and as automatically as possible.
Continue reading "An introduction to Hadoop"

There are thousands of hosting companies on the Internet and maybe this article will help you to start your own. Many companies offering web services are hosting reseller of other (bigger) companies or have partnerships with hosting companies. Maybe you have ever thought to offer hosting services by yourself, with a dedicated server or a VPS hosting account, it’s very easy to offer hosting plans for your existing customers. The following article will show you, using a few examples, how to use a web server installed with the software DirectAdmin to create web hosting accounts using their native API system.

Don’t think it’s easy to pull a new hosting company from the ground. This market is very saturated and we suggest to start offering hosting services most of all to your existing customers only.

VPS hosting versus dedicated server hosting

These days it’s not necessary to have your own dedicated server, a good maintained VPS host is often much more reliable. If the VPS hosting platform is well managed, you don’t have to worry about the shared memory because the virtualization software is able to manage all the resources. Why do you need a dedicated server if a VPS is so powerful? You need your own server for special hardware configurations or if your provider doesn’t have a good VPS platform. While many VPS companies using the same machines, the risk of hardware failures is low because hardware replacements should be a peace of cake. A “special” dedicated or colocated server might be a serious risk, f.e if the motherboard replacement is not available. A VPS host is scalable and often much cheaper than a dedicated server.

Web Server Control Panel

Using a control panel, makes it easy to create or maintain all the web hosting accounts for your customers. Sure as a Linux expert you don’t need a CP, but if you core business is web development, a control panel might really help. There are many of them, most of them are commercial products, but there are also a a few open source projects which are available for free. In this blog post we suggest to use DirectAdmin, because this software is easy to use, the license is not very expensive and there is also a very powerful API system.

Installing DirectAdmin

After you got your VPS (or dedicated server) you’re ready to install the server software. Before you start the installation process check these DirectAdmin requirements. Most important is that your Linux server is not pre-installed with software like Apache, MySQL, PHP, FTP… check this warning from the DA website:

***Please do not install services such as Apache, PHP, MySQL, Ftp, Sendmail, etc., as we will do this for you. All we need is a CLEAN install of your operating system.***
We do not recommend installing DirectAdmin on an existing live production server.
DirectAdmin does not convert existing data upon install.

For most DirectAdmin hosts CentOS is the preferred Linux operating system. You need also a DirectAdmin license, ask your VPS hosting provider, he can offer the license for a low fee.

DirectAdmin installation resources:

• Getting Started with DirectAdmin: What kind of server do I need?
• DirectAdmin Installation Guide

The installation process is not part of this article. If you finished the installation part, you should check this DNS installation guide.

Creating hosting accounts

After the final re-boot and your DirectAdmin server is running, you’re able to setup hosting accounts for your customers. You can create them by yourself using the DA control panel or using the DirectAdmin API within your web application. Think about the following application process:

1. Customer has ordered a hosting accpunt from your website
2. The payment is cleared and a request is send the API system
3. Within DirectAdmin a hosting account is created
4. The customer gets the login and hosting accpunt details via e-mail

How far you’re using this features of DA depends on yourself. The DirectAdmin API is able to manage all functions you need. This way you’re able to create your own we application, without telling your customers that a control panel is used.

Access the DirectAdmin API system

T

Truncated by Planet PHP, read more at the original (another 8511 bytes)

Over the past few weeks, my business partner Cameron and I have spent evenings, late nights, and weekends (at least partially) working on a much-improved seancoates.com.

If you’re reading this via my feed, or through a syndication outlet, you probably hadn’t noticed.

The primary goal of this change was to reduce (hopefully even remove) the ugliness of my main presence on the Web, and I’m very happy with the results.

In addition to making things look nicer, we also wanted to improve the actual functionality of the site. Formerly, seancoates.com was a blog, with a couple haphazard pages thrown in. The new version serves to highlight my blog (which I fully intend to pick up with more frequency), but also contains a little bit of info about me, a place to highlight my code and speaking/writing contributions, and a good place for me to keep my beer recipes.

Cameron came up with the simple visual design and great interaction design, so a public “Thank You” is in order for his many hours of thought and contribution. Clearly, the ugliness reduction was his doing (due to my poorly-functioning right brain).

I’m very happy with how the site turned out as a whole, and thought I’d outline a few of my favourite bits (that might otherwise be missed at first glance).

URL Sentences

The technique of turning URLs into sentences was pioneered by my friend and colleague Chris Shiflett. Cameron (who shares studio space (and significant amounts of beer) with Chris) and I both like this technique, so we decided to implement it for my site.

The main sections of the site are verbs, so this was pretty easy (once we decided on proper nomenclature). Here are a few examples:

• seancoates.com/blogs – Sean Coates blogs…
• seancoates.com/blogs/about-php – Sean Coates blogs about PHP (my “PHP” blog tag)
• seancoates.com/brews – an index of my published recipes
• seancoates.com/brews/coatesmeal-stout – the recipe page for Coatesmeal Stout

To complement the URLs, the page title spells out the page you’re viewing in plain language, and the visual site header indicates where you are (while hopefully enticing you to click through to the other sections).

Moving my blog from the root “directory” on seancoates.com to /blogs caused my URLs to break, so I had to whip up yet another bit of transition code to keep old links functioning. Even links on my original blog (which was hosted on blog.phpdoc.info) should still work. If you find broken links, please let me know.

Vertical Content Integration

My “/is” page contains feeds from Twitter and Flickr.

The Twitter integration was pretty simple; I use the JSON version of my user feed, but I didn’t want to include @replies, so they’ve been filtered out by my code. If the fetch was successful, the filtered data is cached in APC for a short period of time so that I’m not constantly hammering Twitter’s API.

Flickr’s integration was also very simple. After a run-in with some malformed JSON in their API, I decided to integrate through their Serialized PHP Response Format. The resulting data is also cached in APC, but for a longer period of time, as my beer tasting log changes much less frequently.

Code Listings

Displaying code listings on a blog isn’t quite as easy as it sounds. I recently had a discussion with a friend about redesigning his site, and he was considering using Gist from Github’s pastebin-like functionality. Doing so would have given him easy highlighting, but one thing he hadn’t considered was that his blog’s feed would be missing the embedded listings (they come from a third party, and wouldn’t actually appear in his feed’s data

Truncated by Planet PHP, read more at the original (another 3047 bytes)

Most PHP frameworks natively support the separation of interface and business logic. However, if your project is small enough that you don't need a framework (or if you just don't like them), you can still achieve the same benefits by using a standalone template engine. In this article, I'll introduce you to one such engine, which goes by the rather unique name of Dwoo.

For those of us using SVN there are some quite common pre- and post-commit hooks in a lot of company repositories, all using their own implementation: Lint checks, CodeSniffer checks, etc. We created a small framework for those commit hooks, which makes it easy to create own checks and custom reporters. Read on for details.