web development

PHP Static Analysis

Here are a couple of new tools in addition to previously mentioned PHPStan:

Psalm by Vimeo. The cool thing about this static analyzer is that it supports both PHP 5.6 and PHP 7, unlike PHPStan which requires PHP 7. (Yeah, I know PHP 5.6 has reached the end of its active support a while back, but there are still quite a few projects around using it.) Additionally, Psalm is easy to control via the XML configuration file, much like PHPUnit and PHP CodeSniffer.
Phan. This one is a bit trickier to install, as it requires some PHP extensions that I’ve never heard about (like PHP AST).

Introducing the AWS Amplify GraphQL Client

“Introducing the AWS Amplify GraphQL Client” showcases the new GraphQL client that was built by the Amazon Amplify team. It’s pretty sweet.

Why programmers are not paid in proportion to their productivity

Here are a couple of bits that I liked in “Why programmers are not paid in proportion to their productivity” blog post:

How can someone be 10x more productive than his peers without being noticed? In some professions such a difference would be obvious. A salesman who sells 10x as much as his peers will be noticed, and compensated accordingly. Sales are easy to measure, and some salesmen make orders of magnitude more money than others. If a bricklayer were 10x more productive than his peers this would be obvious too, but it doesn’t happen: the best bricklayers cannot lay 10x as much brick as average bricklayers. Software output cannot be measured as easily as dollars or bricks. The best programmers do not necessarily write 10x as many lines of code and they certainly do not work 10x longer hours.

Programmers are most effective when they avoid writing code.

… and:

The romantic image of an über-programmer is someone who fires up Emacs, types like a machine gun, and delivers a flawless final product from scratch. A more accurate image would be someone who stares quietly into space for a few minutes and then says “Hmm. I think I’ve seen something like this before.”

What’s new and changing in PHP 7.3

Here’s a list of things that are upcoming in the PHP 7.3 release. According the release plan, the work on PHP 7.3 starts on June 7 2018 and it should be generally available November 29 2018.

PHP : Preparing for the Penetration Testing

Chris Cornutt wrote “PREPARING FOR PENTESTING (@ LONGHORN PHP 2018)” blog post for his upcoming talk at the conference. I’d gladly attend the talk, but the time and place didn’t work out for me this time. Here are a few useful links from his blog post that might come in handy for anyone evaluating the security of their PHP application and preparing for the penetration testing:

OWASP Top 10 2017 – the ten most critical web application security risks
PortSwigger Burp Suite (community edition)
PHP Security Cheat Sheet
Top 7 PHP Security Blunders
The 2018 Guide to Building Secure PHP Software

The above are not a replacement for the talk, but if you are like me and can’t attend, these should at least get you started in the right direction.