Rafael Dohms

I must confess that Jono Bacon actually caught me by surprise. While I was following the creation process of the book (O’Reilly invited UG leaders to send feedback) I could have never imagined I would one day have something so useful for someone who deals with communities on a day to day basis. In this universe Jono is a well known figure, with vast experience in managing and participating in online communities, which credits him as a perfect candidate to write a book like this one.

A book about how to manage and live amongst virtual communities has all the elements to be a boring book full of “do’s and don’t’s”, in summary a very repetitive and unpleasant book. However Jono proves his understanding of the communication channels (important part of any community) right off the bat in the book’s introduction. Here he showcases his writing strategy, telling personal experiences. Building on top of this premise the author goes throughout the book presenting us with new concepts or strategies and following it up with a real life example from his and others’ experience in communities. This makes the book a delightful read, easy and flowing, the kind of book you can pickup anywhere and have fun while you plow through the pages, perfect for the everyday life of lines and waiting. I recommend loading it up on your e-reader if you got one.

The book is incredibly broad and valid for numerous roles inside every community, from managers to members, volunteers, to the regular Open Source developer. Each level of the community stands to gain from this book and even people who work with or use the community, such as marketing people, and activists who need to learn how to communicate and win-over the communities. Each chapter dives into a different and fundamental aspect, like communication, building buzz, measuring, events and handling conflicts.

Anyone who has ever managed a community and looks at this table of contents will surely have a few flashbacks of various moments in their experience, I know I for one identified myself in quite a few situations, from my motivation to participate in the PHP community to the conflicts and the experience of contributing to Open Source. I usually like to give more details of each chapter when I do reviews like this one, but in this case that feels like I would be cheating the reader from the amazing experience of having Jono lead you through his experiences and concepts, so i’ll not do it.

In summary, if you have any involvement with virtual communities, be it as a manager, member or just someone who interacts with them, this book should have its place in your shelf. Buy it, read it, enjoy it an have fun while you learn to take your community to the next level.

The Art of Community

Author: Jono Bacon
ISBN: 978-0-596-15671-8
Pages: 400
Year: 2009
Publisher: O’Reilly
On O’Reilly
On Amazon

Just this tuesday Facebook announced a ambitious project called “HipHop for PHP”, if you missed it general opinion says you have been coding PHP in a cave. As I write this review no code has been posted yet, but Facebook has made a great move to open source the project so we can all get our hands on it, use it and contribute to it. So since the code is not out there yet, this is literally a first impression article based on the presentation made by Facebook and various posts from core PHP developers who got a first look at the technology before the release.

What is it?

To be blunt, its a PHP to C++ code transformer (compiler). But that does not make justice to it, so let’s look deeper. To those of you that know PHP intimately you understand the process behind running PHP, it is thus:

PHP Code –interpreter–> OP CODE –Zend Engine–> Machine Language

Generally caching solutions store OP Code and reuse it instead of running the interpreter for every request. What HipHop does is completely different and surprised quite a few people who decided to guess what they were doing. On a general view this is the process (simplified):

PHP Code –parser–> C++ Code –g++–> Compiled binary

Historically PHP has always been executed on the Zend Engine, heart of PHP that has been around since PHP3, but what this solution does is that the Zend Engine has been recoded into the HipHop Runtime Engine, which instead of OP Code takes in C++ code that has been generated based on the original PHP code.

Why HipHop?

Its a well known fact that running code in C is faster then running PHP code, for obvious reasons, its very common for large applications in PHP to port part of its codebase to C and package it into an extension, such as Yahoo and even PHP projects like Doctrine have done so, performance of simple operations can increase in as much as hundreds percent, depending on load and usage.

This is the premise for Facebook’s project, they have long contributed to APC and PHP to get more performance out of their code, but with the increased load of billions of pages served it was not enough, they decided then to solve the problem. One of the options on the table was move on to another language all together, but this is where PHP shines, Facebook declared that PHP is simply a great solution because they can easily and rapidly get new programers up to status and developing in PHP due to its simplicity, that and the fact that their code base consists of million+ lines of code made them decide that this was not a solution, thus HipHop started.

How does it work?

The idea is that PHP code can be divided into “mundane” and “magic” code. Being mundane code basic operations that are directly mapped to C++ functions. This code if converted to C++ can be executed with much higher performance, while the magic code, which is the really complex code to be converted would run at equal or slightly lower speeds. This is the point that determines if you application can benefit from this, is it more mundane then magic?

If your answer is yes, then you may want to look into it. The converter does a lot of processing identifying dependencies, doing static analysis and other operations to get the basic code, it then has to take care of the problematic issue, Typing. PHP is a weakly typed language, meaning variables can juggle their types to and from various types. In the backend of this Zend Engine implements the ZVAL type, which basically stores anything. For the C++ code the new variables are typed so the parser needs to do all this in its Type Interface. The project’s lead Engineer, Haiting Zhao, stated that one of the solutions was to map ZVALs to the C++ Variant type whenever its impossible to determine a specific type (failed type inference), or when typecasting occurs in the process of the script. After all this analysis code is finally generated.

Thus this code is compiled against the HipHop Runtime, which as I said works like the Zend Engine and works now with specialized types instead of the abstract types in the Zend Engine. Binary in hand this can now be run straight from the command line, or interfacing with a web server as its compatible with the libevent library. Currently Facebook also wrote a very simple web server to interface with its compiled code replacing its Apache on calls to this code (as far as information goes, they proxy PHP traffic to this server and leave resources going through Apache).

The good and the bad

Good: This leaves programmers to continue coding in PHP, no slow downs, they can still have PHP’s ease of operation, code, run, see, fix, run, see, no need to re-compile and such. Compilation only happens to production code and unfortunately is a slow process. The final result is one large binary, a true binary that can be executed and it maps out to one process with multiple threads, which is interesting in other scaling topics like this mean you have one DB connection and not multiple.

Bad: Its compatible up to PHP 5.2, existing PHP extensions need to be converted to be compatible, compilation. With the markets overwhelming move to 5.3 and the incredible features present in it, having to fall back on 5.2 (earlier 5.2 versions, not latest) can really be a downside to the whole thing. Also, PHP extensions based in C and not thread safe need to be rewritten in C++ to be compatible, Facebook has converted a few, but their are lots of extensions out there and we might need to use more then a few. Compilation process is long so fixing a bug on a live production app is not as simple as fix, test, deploy, works; code must be recompiled and deployed, which is just fine if your QA processes are spotless, but in most cases you will run into delays due to compilation.

Not Supported? Some pieces of PHP are not and probably never will be supported, like eval(), create_function() and preg_replace using the /e flag. These functions won’t be missed if you like clean and quality code, but templating systems rely on it, like Smarty, so that’s not good news for them.

Result? Well Facebook has one advantage here, this is not an “experiment” or a theoretical project, its currently being used massively on their code base, so it works. Facebook stated reduction of 50% CPU usage on their servers, which is the equivalent of doubling your pool of servers, really impressive results.

What’s coming down the pipe? Well current plans include PHP 5.2.12 support followed by PHP 5.3 and support for running this inside Apache (mod_hiphop?). Timeframes on this are still undeclared.

Is HipHop for you?

From the various articles around the web, Terry Chay does a great job of helping you define if this if something you need to look into. In general I must say if you can run your application on 2 servers or less, keep going this is not for you. If you host or code apps that will live in Hosted Services, then this is still not for you, even though some providers like Server Groove already pointed out they intend to look into supporting it, its still shaky ground. Also if you application is more magic code then “mundane” code, you are still better off with PHP.

Conclusion

HipHop is an amazing concept and the complexity of it is enough to leave you in awe of the team responsible for it. It is definitively not a solution for most of the PHP-related market, apps and developers, most reviews I have seen state its not for 99,9% of code out there. I do think it will grow and evolve quite a bit once it is open to the community, its open source nature will be a generous boost and by far this has been one of the greatest moves by Facebook and something I really respect in their work.

I was quite refreshed to see a move of total innovation when all external medias placed their bets on a JIT compiler or re-write of the language. Its a solution that holds on to one of PHP’s advantages, its simplicity, and still brings a new point of performance gains to be explored by the community, it also puts some end to the various discussions on PHP and Performance, being able to generate performatic code that can be compared to the likes of Java and C#. In short it takes a scripting language and promotes it to machine code.

I will wait for the code to hit github so our team can dwell further into the inner workings and run it up against thinks like Zend Framework and Symfony, corner-stones of most applications out there, if it can’t support them its market space is restricted.

Other interesting topics to be watched is fragmentation, how will the PHP community react to this, compatibility will surely be a issue, some PHP features will not be supported in HipHop and vice-versa. Having this split can weaken the language, but if this is done in more of a “joint operation”, PHP will rise to new levels and embrace a greater audience.

This review has been pending for a while, but recently I finished reading Derick Rethans‘ book: Date and Time Programming. A first look at the topic (Date and Time) might get you thinking, “Why the hell do I need a book to teach me about time?” But further investigating, and some life experience will show you that dealing with Date and Time is not always as straightforward as “Its twelve o’clock”. Derick’s book gives you an in depth look into handling various factors of date and time such as timezones and days that did not exist, as well as finally delivering something missing from php.net: documentation of the DateTime Object.

The book covers a lot of ground, even tough it looks rather thin. Derick does a wonderful job of introducing date/time matter in the opening chapter, covering all the calendar switches (Julian to Gregorian) and its complexities (did you know Feb 30th has already happened once?) as well as timezones, solar times and daylight-saving details. This is all very valuable information for anyone working with dates.

The progressing chapters dwell into the various operations we use with and around date and time, like parsing, representing, manipulating and bringing attention to various perks of timezone and daylight saving handling in all the various functions in PHP. Its also very interesting that the book fully covers and makes crystal clear the new features in PHP 5.3 to deal with this topic.

The book also dewlls into PHP internals and describes how to use timezones and to update the internal timezone database, as well as how to deal with database engines and still get back correctly timezoned dates.

The book is a really pleasant read in a very orderly fashion, Derick covers all steps before introducing new issues instead of just throwing them out and explaining afterwards. It also functions very well as reference book, since documentation on this topic is not all it should be on the PHP Manual. This is a *must-read* book for anyone that has ever had to deal with handling date or time in a PHP system, or anyone who plans on launching systems that are aware of timezone differences.

.

php/architect’s Guide to Date and Time Programming
by Derick Rethans
Paperback: 152 pages
Publisher: Marco Tabini & Associates, Inc. (April 20, 2009)
Language: English
ISBN-10: 0981034500
ISBN-13: 978-0981034508

Even having being published in 2005, the book “Essential PHP Security” addresses a very up-to-date topic even today. Written by Chris Shiflett the book goes through various security aspects associated with a PHP application, for that reason even to today its content can be considered updated and applicable to various day to day situations faced by developers.

The book has a very easy going and exemplified approach to expose the various aspects presented. Aspects which are very clearly exposed and separated in chapters, going all the way from forms to includes and security in shared hosting environments. Each topic is analyzed in detail and internally divided into exploits and attack strategies for that security flaw, that way the book also becomes a easy to access reference book where its possible to go directly to the chapter that addresses the specific aspect you are coding right now, allowing you to know which flaws to look for. Further the introduction chapter presents Principles and Practice os Security which can be applied in any application and any language, like for example “Defense in Depth”, allowing you to glimpse the fact that security is much bigger than analyzing specific points of you application.

Even having a few years on it, the book addresses topic like XSS that play a important role in the AJAX driven web we observe nowadays. Also old friends like Session Hijacking and SQL Injection are analyzed from various points of view, aligned to the various segments of an application. This structure makes for a very light and enjoyable reading experience which can easily fit into these moments of relaxation or in the waiting room of the occasional visit to the doctor’s office (it worked for me anyway).

This book deserves to be part of any developers history (or shelf), at least to serve as a reminder and inspiration for reflection, even in a world where more and more Frameworks internalize all aspects of security, but as I always say, we developers should always know what goes on behind the curtains.

Essential PHP Security A Guide to Building Secure Web Applications

By Chris Shiflett
October 2005
Pages: 124
ISBN 10: 0-596-00656-X | ISBN 13: 9780596006563