Tag: ioncube decode

What is Liip’s contribution to a better world? – Liip

Together with our clients, we want to maximise our impact on sustainable development. We distinguish between the impact on people and the environment resulting from within Liip, and from the projects that we implement. So the HOW and the WHAT. We wrote extensively about the HOW last year.

What are Sustainable Development Goals?

In 2015, the UN adopted the Sustainable Development Goals. The 17 goals set out the key areas of the social, environmental and economic sustainable development that the global community seeks to achieve. Examples include measures on climate action (13) or protecting life below water (14) and on land (15).

We opted for the internationally broadly supported SDGs,because the current proliferation of tools and labels are obstacles more than help. There is currently no single standard, as has been in place for decades for financial accounting, for example.

So that we do not lose an opportunity, we are using the SDGs to collect impact data at a very high level of granularity across all aspects of sustainability.

What exactly are we measuring?

How does the project affect the SDGs? Which SDGs more than others? And what about the company behind it: is there a clear, mandatory message regarding its impact on humans and the environment? We have assigned a percentage weighting to the individual goals. For example, topics such as species protection (14/15) or climate action (13) are weighted much more heavily for a food producer than they would be for a training company.

We then take a look at how strongly connected the project is with the company’s activities. Does the project represent the client’s main area of activity, or is it far removed from its core business? The project’s classification may be congruent with the company, may be separate, or may be a mixture of both.

For each individual aspect, we rate the contribution to a specific sustainability goal on a scale of -2 to +2. We use objective, measurable criteria wherever possible. For example, has a company made a clear and verifiable statement using recognised methods regarding if and how it expects to achieve the climate targets from the Paris Agreement?

Figure 1: Relevance and impact assessment of the individual UN goals of the client project

Of course, there are also assessments for which we lack the data basis. This is a weak point, and we will try to cross-check with recognised agencies wherever possible, especially for large-scale projects.

Figure 2: Sustainability impact of a customer product, composed of company impact (here 80%) and project impact (here 20%)

And how well are we performing?

Our first ‘inventory’ offered a fundamentally good result. Most projects are positively contributing to the SDGs, respectively do not produce any demonstrable damage. This is also thanks to the fact that we have consistently rejected critical projects ever since the company was founded – for example, any projects related to oil production or conflict materials. We are therefore beginning the measurement with a ‘beneficial’ portfolio. Due to the fact that the topic of biodiversity as a whole still receives far too little attention in the economy. This also influences our portfolio. We will pay special attention to this goal.

We now have an overall picture of our activities. This enables us to prioritise specific goals that are not doing so well more strategically.To keep it simple, we multiply the hours worked on a project by the impact on a goal. Admittedly, this is rather imprecise, but it is still meaningful for us because it gives us an indicator of what we are spending our time on in the first place.

Figure 3: Effect of hours worked for clients per SDG

Is this just greenwashing?

There are currently huge amounts of activity relating to impact measurement. And much of this is marginal. Sustainability is currently in fashion, and often things that are brown and unfair are painted green and put in a social light. Because we are aware of this, we are operating as cautiously as possible by setting broad system limits, and by drawing on a holistic metric with the SDGs. And, in the event of doubt, we make a more conservative assessment to avoid a false sense of security. As a point of principle, we obtain publicly available evidence and statements from companies wherever these are available.

What is the next step?

We plan to take this chosen approach

Truncated by Planet PHP, read more at the original (another 517 bytes)

JWT token based authentication for rokka and more – Liip

We do constantly update and improve our image delivery and storage service rokka.io and we’d like to talk about some new feature since the last update here. You can always check the changelog for public additions or follow us on Twitter for the latest and greatest on time updates.

Option for JWT based API Tokens for authentication instead of API Keys

To access the rokka API until now, you needed the API Key which you get on sign up and of which you can create new ones in the Dashboard or via the API. This is fine for most of its use cases, like storing it somewhere on the server side. But maybe not so much when many people, you may not even know, need and have access to such a key. Be it even only with limited rights like for uploading some images or read only access. The problem with rokka’s API keys is that they are valid forever (until you revoke them) and can be used from everywhere.

We could have added time-limitable API Keys, but we chose another path: JWT tokens, which you can get via the API (and an API Key…). They do need an expiry date and can also be IP limited. You can also make them renewable or disallow that. And more limitations could be added in the future.

You most certainly don’t need such tokens, if your code runs on the server side anyway and you don’t need to give out that key to many people or store it somewhere not trustworthy.

But for browser based access to the rokka API directly, there are at least three good use cases for such tokens.

Of course you could run all your communication needed with the rokka API through your backend and wouldn’t need to give out any credentials. But either you do not even have a backend (the rokka Dashboard and the rokka Gallery are just static sites in the end) or you want to avoid unneeded latency and stressed resources on your backend and directly talk to the rokka API from the browser. For example for uploading large images and videos.

The technical details of all this are documented in the authentication chapter of the rokka documentation and our PHP library (in 1.17.0) and the JavaScript library (only in 3.7.0-rc.1 yet, stable release will follow soon) do have already support for all this. And the Dashboard and the Gallery do use these new API tokens already.

But now to three possible use cases:

1. No need to store the API key in the browser, just the limited token

This is what we do in the mentioned dashboard and gallery. People login with their organisation and an API Key, we then fetch an API Token directly from the rokka API and just store that in localStorage, but not the API Key. The token time limited to 3 days, we restrict it by IP (but do remember the last few used ones, so you don’t have to login all the time when switching IPs) and try to renew it after a day. The rokka.js library takes care of most of that, except the multiple IP limiting. The rokka.js file in the dashboard is an example of how to do all that.

Even though the end user still needs to know a valid API Key, at least we don’t store it in the browser permanently. So that if someone could steal the credentials somehow, it will only be valid for 3 days (but can be renewed within those 3 days in the above setup) and more importantly only from the IPs the user itself logged in. We add some additional layers of security this way.

2. Have more control over who has access to it

This is more or less an extension of the above. Let’s say you want to give more granular control to such a site, but not wanting to have to create an API Key for each new user (you could revoke, when the access of a user should be revoked, but that gets cumbersome). You also would lose control of what the users do with such an API Key, like reusing it somewhere else. But you maybe do have a backend already with some single sign on solution and user based access control.

In this scenario, your rokka.js based frontend would then ask your backend for an API token, log in people if they’re not already, the backend generates that token through the rokka API and the (only stored in the backend) API Key, makes it time limited for like a day and marks it as non-renewable. And even can make it IP protected, if that’s what you want.

Truncated by Planet PHP, read more at the original (another 5391 bytes)

Interview with Matthias Noback – Voices of the ElePHPant

Cal Evans hosts his friend Matthias Noback as they talk about Domain Driven Design and Matthias’ new book “Recipes for Decoupling.

Picture of Matthias Noback

Show Notes

Audio

This episode is sponsored by
RingCentral Developers


Sponsor Logo

The post Interview with Matthias Noback appeared first on Voices of the ElePHPant.

PHP Internals News: Episode 101: More Partially Supported Callable Deprecations – Derick Rethans

PHP Internals News: Episode 101: More Partially Supported Callable Deprecations

London, UK
Thursday, May 19th 2022, 09:05 BST

In this episode of “PHP Internals News” I talk with Juliette Reinders Folmer (Website, Twitter, GitHub) about the “More Partially Supported Callable Deprecations” RFC that she has proposed.

The RSS feed for this podcast is https://derickrethans.nl/feed-phpinternalsnews.xml, you can download this episode’s MP3 file, and it’s available on Spotify and iTunes. There is a dedicated website: https://phpinternals.news

Transcript

Derick Rethans 0:14

Hi, I’m Derick. Welcome to PHP internals news, the podcast dedicated to explaining the latest developments in the PHP language. This is episode 101. Today I’m talking with Juliette Reinders Folmer, about the Expand Deprecation Notice Scope for Partially supported Callables RFC that she’s proposing. That’s quite a mouthful. I think you should shorten the title. Juliette, would you please introduce yourself?

Juliette Reinders Folmer 0:37

You’re starting with the hardest questions, because introducing myself is something I never know how to do. So let’s just say I’m a PHP developer and I work in open source, nearly all the time.

Derick Rethans 0:50

Mostly related to WordPress as far as I understand?

Juliette Reinders Folmer 0:52

Nope, mostly related to actually CLI tools. Things like PHP Unit polyfills. Things like PHP Code Sniffer, PHP parallel Lint. I spend the majority of my time on CLI tools, and only a small portion of my time consulting on the things for WordPress, like keeping that cross version compatible.

Derick Rethans 1:12

All right, very well. I actually did not know that. So I learned something new already.

Juliette Reinders Folmer 1:16

Yeah, but it’s nice. You give me the chance now to correct that image. Because I notice a lot of people see me in within the PHP world as the voice of WordPress and vice versa, by the way in WordPress world to see me as far as PHP. And in reality, I do completely different things. There is a perception bias there somewhere and which has slipped in.

Derick Rethans 1:38

It’s good to clear that up then.

Juliette Reinders Folmer 1:39

Yeah, thank you.

Derick Rethans 1:40

Let’s have a chat about the RFC itself then. What is the problem that is RFC is trying to solve?

Juliette Reinders Folmer 1:46

There was an RFC or 8.2 which has already been approved in October, which deprecates partially supported callables. Now for those people listening who do not know enough about that RFC, partially supported callables are callables which you can call via a function like call_user_func that which you can’t assign to variable and then call as a variable. Sometimes you can call them just by using the syntax which you used for defining the callable, so not as variable but as the actual literal.

Derick Rethans 2:20

And as an example here, that is, for example, static colon colon function name, for example.

Juliette Reinders Folmer 2:26

Absolutely, yeah.

Derick Rethans 2:27

Which you can use with call_user_func by having two array elements. You can call it with literal syntax, but you can’t assign it to a variable and then call it. Do I get that, right?

Juliette Re

Truncated by Planet PHP, read more at the original (another 21583 bytes)

Deploy dockerized PHP Apps on a GCP VM [Tutorial Part 8] – Pascal Landau

TODO

  • split article in GCP only and production only

  • add info, that each user via IAP has sudo access by default

    • find docu reference
    • double check the tutorial where a user is used

  • update php-base Dockerfile

    • fix for the git issue ==> add to the git secret tutorial

  • backport the git fix to part 6 and 7

TODO globally replace all IP addresses of the VM. Canonical one is 35.192.212.130
Others: 35.239.69.58, 34.136.107.232

In the eighth part of this tutorial series on developing PHP on Docker we will manually create
a VM on GCP (Google Cloud Platform) as a “production” environment to deploy our dockerized PHP
application there and run it via docker compose as a proof of concept.

TODO: Add intro video

Add sectino on “why only a POC”

  • docker compose shold not be used in production, especially true for data stores like mysql and
    redis
  • permissions are far too wide
  • using a Debian base image instead of a COS image

All code samples are publicly available in my
Docker PHP Tutorial repository on github.
You find the branch for this tutorial at
part-8-deploy-docker-compose-php-gcp-poc.

Published parts of the Docker PHP Tutorial

If you want to follow along, please subscribe to the RSS feed
or via email
to get automatic notifications when the next part comes out 🙂

Table of contents

Truncated by Planet PHP, read more at the original (another 162008 bytes)

Much ado about null – Larry Garfield

Much ado about null

Submitted by Larry on 13 May 2022 – 11:24am

null has a controversial history. It’s been called “the billion-dollar mistake” by its creator. Most languages implement null, but those few that do not (such as Rust) are generally lauded for their smart design by eliminating a class of errors entirely. Many developers (myself included) have argued that code that uses null or nullable parameters/returns is intrinsically a code smell to be avoided, while others (also myself included, naturally) have argued that is too draconian of a stance to take.

Anna Filina has a very good three-part series (properties, parameters, and returns) on how to avoid null in PHP generally. Alexis King has a related post (excuse the Haskell) on how to avoid needing edge cases like null in the first place.

However, I want to go a bit deeper and try to understand null from a different angle, and tease out the nuance of why one would really want to use it, and thus what we should be doing instead. To get there we’ll have to go through a tiny little bit of type theory, but it will be quick and painless, I swear.

Continue reading this post on PeakD.

Xdebug Update: April 2022 – Derick Rethans

Xdebug Update: April 2022

London, UK
Tuesday, May 10th 2022, 09:39 BST

In this monthly update I explain what happened with Xdebug development in this past month. These are normally published on the first Tuesday on or after the 5th of each month.

Patreon and GitHub supporters will get it earlier, around the first of each month.

You can become a patron or support me through GitHub Sponsors. I am currently 46% towards my $2,500 per month goal. If you are leading a team or company, then it is also possible to support Xdebug through a subscription.

In April, I spend 29 hours on Xdebug, with 27 hours funded.

Development

I continued my exploration of different set-ups that developers user, and have created a prototype branch that adds support for the “pseudo-host” xdebug://gateway which can be used with the xdebug.client_host setting instead of, and in addition to the Docker specific host.docker.internal. This pseudo-host automatically evaluates to the network gateway address in the container, which will then allow Xdebug to connect to an IDE on the host machine.

This value will work for:

  • PHP/Xdebug running in Docker on Linux, Windows, and macOS; with the IDE on the host.

  • PHP/Xdebug running in WSL, with the IDE on the (Windows) host.

  • PHP/Xdebug running in Docker in Ubuntu on WSL, with the (Linux) IDE running in WSL.

It will not work where network isolation is used, for example with the following set-ups:

  • PHP/Xdebug running in root-less Docker on Linux, IDE on (Linux) host

  • PHP/Xdebug running in Docker for Windows in WSL, with the Linux version of the IDE inside WSL.

I have not figured out how to do it will all different set-ups, so if you have extra information, or if I am still missing set-ups, feel free to comment on the Google Doc.

In the more complicated set-ups, it would likely be easier to use Xdebug Cloud as it has none of these networking complications.

Course

I have spend a fair amount of time developing the Xdebug course, with the first lesson now written and ready to be recorded. I have decided to include a “Tech Corner” with each lesson, to explain how Xdebug interacts with PHP to do the things that are explained in each lesson. Hopefully you’ll find this interesting as well. It will also serve to reduce the bus factor.

For further lessons I have started to draft outlines, and they are in different states of completion.

If you want to make sure that the course covers specific tasks that you find hard to do, or what you would like explained, please drop me an email, or leave a comment.

Xdebug Recorder

I have been making little progress as I have been focused on developing the course. There is a persistent bug while creating the recording, which is hard to track down, as it only happens occasionally and does not seem to be easily reproducible.

You can follow the development in the recorder branch.

Xdebug Cloud

Xdebug Cloud is the Proxy As A Service platform to allow for debugging in more scenarios, where it is hard, or impossible, to have Xdebug make a connection to the IDE. It is continuing to operate as Beta release. Packages start at £49/month.

If you want to be kept up to date with Xdebug Cloud, please sign up to the mailinglist, which I will use to send out an update not more than once a month.

the original (another 1331 bytes)

TailwindCSS Tips – Matthew Weier O’Phinney

I’ve been dabbling in CSS my entire career.
In the early days, it was relatively simple, as our browsers were fairly limited.
But over the years, CSS has become more and more capable, allowing styles to target only tags with specific tag attributes, only apply at specific screen sizes, and even perform complex layouts using things like flexbox and grid.
I take a bit of time every now and then to understand these things… but since I don’t use CSS a ton, it’s hard to keep up.

As such, over the past decade, I’ve tended to use CSS frameworks, and generally Bootstrap.
Every couple years, a new major version is dropped, and I have to learn new structures and components, and struggle to get things to look the way I want.
Worse, when I use these frameworks, injecting custom CSS often means understanding how the framework is already styling components so I can ensure things don’t conflict.

The last couple years, I’ve been keeping an eye on TailwindCSS.
I’ve been a bit skeptical, as its declarative, utility-first approach looks a lot like doing CSS inside your html, which, honestly, feels off.
I’ve typically subscribed to the idea of semantic html, which advocates separating style from markup.
Having styles directly that mimic CSS directives associated with every tag feels like an unholy mix, and a far cry from semantic html.

And then there’s the hype.
The original author and project lead of Tailwind is a huge hype man, and hype tends to turn me off.
That’s on me, not them, but having been in the business for over two decades, I’m finding I’m more and more likely to discount hyped products and projects, because I’ve seen them come and go so frequently; there’s often an indirect relationship between the amount of hype and the long-term viability of a project.
I’ve also often observed that hype serves as a way for users to deflect reasonable critique, and the more vehement the user base, the less interested I am in engaging with them because of this.
Clearly, YMMV, but it was definitely something keeping me from really investigating Tailwind.

However, recently, in helping out the PHP Foundation, I volunteered to setup their static website, and the team requested using TailwindCSS, so I dove in.

And I discovered… I kind of love it.

This is one of those “I’ll be googling this in the future” posts.

How it works

I won’t go into how to get started with Tailwind; their docs do a great job of doing that for you.
However, I will give a quick overview of how things work, so you can see (a) where I’m coming from, and (b) what you’ll be doing when you start with Tailwind.

The way I’ve always learned to do CSS is to first write html, and then write CSS to style that html the way you want it to appear.

<div class="box"> <h2>Title</h2> <p>Some content</p>
</div> <style>
.box { margin: 0.5rem; background-color: #333333; border: #000000 padding: 0.5rem;
} .box h2 { background-color: #dedede; padding: 0.5rem; color: #111111; font-size: 2rem; min-width: max-content;
} .box p { padding: 0.5rem; font-size: 1.2rem; min-width: max-content;
}
</style>

Tailwind instead provides a ton of “utility” classes, targetting just about every CSS directive.
You then add these html classes to elements to style them:

<div class="m-2 p-2 bg-neutral-600 border-black"> <h2 class="min-w-full p-2 bg-neutral-300 text-4xl text-neutral-800">Title</h2> <p class="min-w-full p-2 text-xl">Some content</p>
</div>

Behind the scenes, you run the Tailwind CLI tool, and it analyzes your html to generate CSS for you.
You can even have it watching for filesystem changes to files you’re interested in (templates, JS scripts, etc.), and it will regenerate the CSS automatically.

Tip 1: Layers

Out of the box, Tailwind does a CSS reset that removes all styles.
This is great, because it means that any changes you make, you can anticipate exactly what will hapen.
It’s also a pain in the ass, because everything is unstyled: your headings look just like your paragraphs, your lists look just like your paragraphs, and there’s no way to tell where one paragraph ends and another begins.

So, the first thing you’ll want to do is define your base styles.
Tailwind has a very specific suggestion for where and how to do this: in the “base” layer.

Opening your site CSS file, you’ll see these directives when you begin:

@tailwind base;
@tailwind component

Truncated by Planet PHP, read more at the original (another 14308 bytes)