Thoughts on technology, movies, and everything else
Category: Web work
These days, most of my work is very related to the online world. Building web sites, reviewing web applications, integrating with web services, coordinating people who are far away from each other, etc. Whenever I find a new tool or service or an innovative, interesting idea about working online, I share it in this category.
PHP-FPM already acts as a queue for Nginx/Apache FastCGI clients. While your web-request is running you can just send another FastCGI request to the same PHP-FPM socket asynchronously and non-blocking. This request is immediately executed in another php-fpm process in parallel and you could wait for it to complete or just fire and forget.
Given the experimental nature of this approach, you probably won’t be running this in production. And with many developers switching to the built-in PHP web server for the local development, this doesn’t work for those environments other.
But it makes me think what else can be used as a queuing mechanism. After all, there are plenty of systems that rely on this already – email servers, printer spoolers, web and proxy servers, and probably more.
After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. It will enter in force 20 days after its publication in the EU Official Journal and will be directly application in all members states two years after this date. Enforcement date: 25 May 2018 – at which time those organizations in non-compliance will face heavy fines.
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
Who does the GDPR affect? The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
What are the penalties for non-compliance? Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.
What constitutes personal data? Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Events are a great way to separate the business logic of your application and make things simpler and, often, faster. CakePHP framework introduced an events system in version 2.1, and since then it got much better. The official documentation covers current implementation pretty well. But in this post I wanted to link to a few articles that provide more of a historical perspective.
First, goes this blog post by Martin Bean from back in 2013. It shows how things were initially. Even with all the improvements in version 3, the first implementation was still pretty useful.
Second, comes this review of the CakePHP events system (still in version 2), and some profiling of this new functionality. These guys looked at all the details and eventually suggested some improvements.
Their effort didn’t go unnoticed. Mark Story, one of the lead developers of CakePHP framework, wrote this blog post, explaining the upcoming (at the time) changes to the events system in CakePHP version 3.
As a result CakePHP 3 event system is a much simpler and cleaner implementation. Have a look at this guide for a quick introduction.
I’m sure this is not the end of the road, as no software is ever perfect. But it’s a good place to be.
Git hook scripts are useful for identifying simple issues before submission to code review. We run our hooks on every commit to automatically point out issues in code such as missing semicolons, trailing whitespace, and debug statements. By pointing these issues out before code review, this allows a code reviewer to focus on the architecture of a change while not wasting time with trivial style nitpicks.
As we created more libraries and projects we recognized that sharing our pre-commit hooks across projects is painful. We copied and pasted unwieldy bash scripts from project to project and had to manually change the hooks to work for different project structures.
We built pre-commit to solve our hook issues. It is a multi-language package manager for pre-commit hooks. You specify a list of hooks you want and pre-commit manages the installation and execution of any hook written in any language before every commit. pre-commit is specifically designed to not require root access.
Modern browsers offer a variety of security mechanisms for web developers. Unfortunately, some of these aren’t so easy to manage. One needs a deep understanding of the functionality as well as theory behind. Secure Headers is a library that makes all that work a lot easier for PHP developers. Here are some of the features:
Add/remove and manage headers easily
Build a Content Security Policy, or combine multiple together
Content Security Policy analysis
Easy integeration with arbitrary frameworks (take a look at the HttpAdapter)
Protect incorrectly set cookies
Safe mode prevents accidental long-term self-DOS when using HSTS, or HPKP
Receive warnings about missing, or misconfigured security headers