I came across this somewhere on the interwebs. Which also reminded me of this article (in Russian), which discusses the “progressive JPEG” approach to projects. The idea being for a project to always be 100% ready, but with varying degree of details being worked through.
“Understanding AD Access Control Entries” is a quick and simple article describing some of the madness of the Active Directory access control entities. This is particularly useful for those of us who had to deal with Active Directory, without having much experience with MS Windows. I’m sure this will come handy again in the future.
Lately, I feel like I’m behaving very similar to Steve Ballmer, running around screaming “GDPR! GDPR! GDPR!”.
But I find it to be a huge change for anyone around Europe, and I see it coming into play very soon, and most of the people around me are mostly like “GDPR? What’s that?”.
This article does a lot of good explaining how big of a deal it is. And it doesn’t matter whether you support this or totally against it, I think it will be a huge change for everyone all around. In particularly so – technical people implementing the necessary changes.
- Psalm by Vimeo. The cool thing about this static analyzer is that it supports both PHP 5.6 and PHP 7, unlike PHPStan which requires PHP 7. (Yeah, I know PHP 5.6 has reached the end of its active support a while back, but there are still quite a few projects around using it.) Additionally, Psalm is easy to control via the XML configuration file, much like PHPUnit and PHP CodeSniffer.
- Phan. This one is a bit trickier to install, as it requires some PHP extensions that I’ve never heard about (like PHP AST).
Here are a couple of bits that I liked in “Why programmers are not paid in proportion to their productivity” blog post:
How can someone be 10x more productive than his peers without being noticed? In some professions such a difference would be obvious. A salesman who sells 10x as much as his peers will be noticed, and compensated accordingly. Sales are easy to measure, and some salesmen make orders of magnitude more money than others. If a bricklayer were 10x more productive than his peers this would be obvious too, but it doesn’t happen: the best bricklayers cannot lay 10x as much brick as average bricklayers. Software output cannot be measured as easily as dollars or bricks. The best programmers do not necessarily write 10x as many lines of code and they certainly do not work 10x longer hours.
Programmers are most effective when they avoid writing code.
The romantic image of an über-programmer is someone who fires up Emacs, types like a machine gun, and delivers a flawless final product from scratch. A more accurate image would be someone who stares quietly into space for a few minutes and then says “Hmm. I think I’ve seen something like this before.”
Harward Business Review runs this article: “Drunk People Are Better at Creative Problem Solving“. Here are a few quotes to get you started:
Tipsy subjects solved 13% to 20% more problems than sober subjects did.
Intoxicated subjects had more “Aha!” moments than their sober counterparts.
People under the influence submitted answers more quickly than people in the control group.
I rest my case, ladies and gentlemen.
Chris Cornutt wrote “PREPARING FOR PENTESTING (@ LONGHORN PHP 2018)” blog post for his upcoming talk at the conference. I’d gladly attend the talk, but the time and place didn’t work out for me this time. Here are a few useful links from his blog post that might come in handy for anyone evaluating the security of their PHP application and preparing for the penetration testing:
- OWASP Top 10 2017 – the ten most critical web application security risks
- PortSwigger Burp Suite (community edition)
- PHP Security Cheat Sheet
- Top 7 PHP Security Blunders
- The 2018 Guide to Building Secure PHP Software
The above are not a replacement for the talk, but if you are like me and can’t attend, these should at least get you started in the right direction.