Building Bridges
In this Episode
We’re trying a new format in this episode. Eric, John, and Oscar recorded together. Let us know what you think of the new format? Should we keep it?
Topics
- Eric and John get a look behind the scenes into what goes into producing each magazine issue.
- Call for Writers – get feedback on talk/article proposals.
- From the March magazine issue: scaling your database, owning your content with Indieweb, OAuth and CSRF protection, the benefits of type hints in PHP 7 code, Margaret Staples’ survey results for Women in History month and more.
- An interview with Barry O’Donovan about migrating legacy applications to Laravel, his involvement with PHP, and PHP’s reputation in other communities.
Listen
Podcast (episodes): Play in new window | Download | Subscribe
Transcript
[music]
0:00:01 S: Welcome to the official podcast of PHP Architect. Join us to listen to the latest news and tech talk from our conferences, the magazine, and wider PHP community.
[music]
0:00:15 Eric Van Johnson: You’re listening to the PHP Podcast, the official podcast of the PHP Architect Magazine. This is episode 18, volume 18, issue three, for March 2019, Building Bridges. I’m your host, Eric van Johnson, and with me, as always, my good friend John Congdon.
0:00:31 John Congdon: Did you just forget my name? You say “good friend” and then forget my name? That hurts, deep.
0:00:38 EJ: I would’ve fixed it in post.
0:00:41 JC: You can’t fix a relationship. It doesn’t work that way.
0:00:45 Oscar Merida: Guys?
0:00:46 EJ: Let’s… Who’s…
0:00:48 JC: Wait, wait, wait, what?
0:00:48 OM: Remember we’re doing something different this month? Hello?
0:00:51 JC: Oscar, where did you come from?
0:00:53 OM: I snuck into the new digs, digitally.
0:00:56 EJ: Nice. The editor-in-chief himself, heart of the podcast, Oscar. How are you doing, good sir?
0:01:02 OM: I’m doing pretty good, trying to start the week off on a productive note, but my kids are home from school, so it’s been a challenge.
0:01:10 EJ: So what brings you on to the show, Oscar?
0:01:12 OM: Well, back when Tim kinda gave us feedback, he said our transitions were awkward, so this was one way to make them less awkward.
0:01:19 JC: I thought I’d banned Tim’s name from the podcast.
[chuckle]
0:01:22 EJ: I haven’t said his name. Oscar said it.
0:01:25 OM: We can re-edit that and say, “When he who cannot be named gave us feedback.” Although it’s good to see that we have listeners.
0:01:31 JC: I think he’s legally required to listen, though, because he works with me.
[chuckle]
0:01:35 JC: So he does this so he can tease me and make fun of my work, but that’s okay, I love him anyway.
0:01:40 OM: He’s a good guy.
0:01:40 EJ: So let’s talk about it real quick. We’ll get into the magazine here in a moment, but we’ve been doing this for a little over a year now, and how has the feedback on the podcast been?
0:01:51 OM: Gonna be close to two years, with this summer, but I’ve gotten good feedback. It’s always surprising when people recognize me by my voice, which happened at World, and I think at Wave also. Running the numbers too, I was surprised. It’s hard… I don’t know how you guys do it. It’s hard to get listener numbers if you’re self-hosting and not going through someone else, but I finally put all our podcasts on… Well, they’ve been on S-3, and I finally started logging requests and downloading them, and some months, we get 300 to 400, up to 500 downloads, which I assume is one listen, ’cause no one’s gonna listen to an episode more than once. So that was really good feedback to see that people are actually listening and finding value and subscribing to the podcast.
0:02:35 JC: That, or my 400 tablets I have in the closet are working well.
0:02:40 OM: I know some of… There was one episode that was abnormally high, and I realized was it ’cause I was testing the whole S-3 integration. I was like, “Yeah, okay, that one is a bit of a outlier, we won’t include that one.”
0:02:52 EJ: Maybe you can answer a question for me. I don’t know if you’ve actually listened to the podcasts, I assume you do. [chuckle] But I have…
0:03:00 OM: I listen to it.
0:03:00 EJ: I’ve been absolutely fascinated with the artwork lately on the magazine. Is that coming from any one source? Or where are you getting the artwork lately for the PHP Architect Magazine?
0:03:13 OM: Oh, I can’t spill my secrets. Although, no, I inherited Kevin Bruce’s process, which, when he could draw a cover, he would. But a lot of the times, I’m just going off on Shutterstock and looking for interesting pieces that tie into the title and theme that I pick for each month.
0:03:30 EJ: So you have done a couple yourself then, right?
0:03:32 OM: Yeah, sometimes I assemble a cover from different pieces. There was a Composer one issue in 2017 that was three different pieces I found that I kinda collaged. I drew the elephant rearing on its back in September, I think, last year. So I did that one. That was a completely new piece by me. I think there was one more somewhere before.
0:03:56 JC: Yeah. One thing I’m always in awe of, being friends with you on Facebook and seeing the artwork that you’re drawing, I’m like, “How do you do that?” I just have no artistic ability myself, and I think you do a great job.
0:04:08 OM: Thanks, it’s something I’ve tried to do more of lately, ’cause I found a good way to relax is to draw. And it’s just practice, like anything else. Anyone can draw, and it just takes practice and dedication to getting better.
0:04:23 JC: I should have taken a picture of the condor I drew for my kid’s lunchbox today.
[chuckle]
0:04:28 JC: You’d be highly impressed at my skills, or not.
[chuckle]
0:04:32 OM: It’s just like programming. You gotta start somewhere, and then you look back at drawings you did two years ago and wonder like, “Oh, I was such a terrible artist.”
[chuckle]
0:04:41 EJ: So we have php[tel] coming up in a few months.
0:04:44 OM: Yep, in almost three… Two months now.
0:04:46 EJ: Yeah, May 21st through the 23rd. Do you know… John and I were talking about it on the last podcast. The…
0:04:53 OM: I heard.
0:04:54 EJ: Venue that you guys are hosting at this year, is this a new venue or is this the same one you used last year?
0:05:00 OM: It’s a new venue, ’cause it’s a dedicated event spot, it’s not a hotel that does events. It’s the Loudermilk, which Eli and Heather have visited and found that it would fit well. I think one of the cool new things which we haven’t had at tek before is that there’s gonna be one room that’s a classroom, amphitheater style, if I remember correctly. So for the bigger talks, they’ll probably be in that room. And then, usual break-out rooms for other talks.
0:05:35 EJ: Yeah, but even that is a little different this year. You guys have a lot more focused tracks this time?
0:05:41 OM: Yeah, so one of the big things we’ve heard, and it wasn’t just at the last tek, last couple teks, is that for being one of the longest running conferences and being seen as a very technical event, critique we hear is that there’s not a lot of deep-dives into a topic. So you might have someone talk about testing, but people are wanting to go into the more advanced, edge cases kind of things, about… Whether it’s testing, or… We’ve had internals talks that just kinda would get you started with internals, but not really get you that far. So this year, instead of putting out a call for speakers, what we did is talk to people who we know would be good speakers and could put together a sequence of talks on just testing, or just security. Web performance and DevOps, there’s seven tracks.
0:06:37 OM: And instead of hopscotching between different talks, the ideas is that an attendee could sit in one room and get a whole day’s worth of talks from that group of speakers on security, or whatever it is, and the talks would build on each other. So you wouldn’t have just one session that tries to… Everything you need to know about web security into one 50-minute slot, you could have one that’s like, “Okay, in this talk we’re gonna focus on SQL injection, and in the next one, we’re gonna talk about cross-site request forgeries, and in the third hour, we’ll talk about something else.” And so, in each of those talks, you’re gonna go much more in depth into that one aspect of it than you could in even just a workshop session, or a regular hour-long slot. So those speakers are hard at work, ’cause they’re crafting all new talks, or that can flow one into the next. That also gives you the opportunity, if you already know the basics of web security, you could come in the afternoon for the more advanced parts, and vice versa.
0:07:37 JC: Yeah, I’m definitely looking forward to seeing how this works out for you. And I’ve already got my tickets, gonna be there. So really excited for it.
0:07:44 OM: Cool, look forward to hanging out.
0:07:45 JC: Definitely.
0:07:45 EJ: Yeah, unfortunately, I’m not gonna be able to make it to tek this year. I’ve got a few personal obligations going on, but I am hoping to hit World again. I did enjoy myself at World.
0:07:54 OM: We’ll do another live recording then?
0:07:56 EJ: Absolutely, I don’t see how we can’t. So continuing down my path of… ’Cause I’m very curious about what it takes for you to publish the magazine month after month. I was talking to John and we’ve mentioned it on the podcast a few times now, I don’t think people have a real appreciation for how hard you work to get this magazine published month after month. You don’t have a big team behind you, it’s actually very few people who help you, and most of it is on your shoulders. How do you find the writers for the articles?
0:08:33 OM: In the past, they’ve come from our call for speakers, so that’s probably been three-quarters to 90% of the articles come from talks that we couldn’t accept. I think I’ve mentioned before, we’d love to accept pretty much everyone who submits to the conferences, but we can’t, because topics overlap and the rest. So the ones that are well-rated and look like there’s some meat to them, or they’re on a topic that’s gonna be of interest to the readers, I’ll wait a few weeks and then reach out to the folks who weren’t accepted, and ask them to turn them into an article.
0:09:05 OM: I’ve also done that when I see someone speaking elsewhere or has spoken in another PHP, or Drupal, or WordPress event, and I reach out to them to draw from the wider PHP applications community. What I’m gonna do, since we didn’t have the call for speakers for tek, is do a call for writers, and it’s on my to-do-list for this week, so by the time this goes out, this will be live on phparch.com. There’ll be a form where you can enter, basically the same stuff that you would do to submit to a conference, and the first couple that I get, like 20 or 30, unless I’m inundated, I don’t expect to get 500 submissions like we do for a call for speakers.
0:09:52 OM: What I’m hoping to do is give feedback to all the submissions I get, ’cause I fully expect these are people who want to also turn these into talks for events, and I’d like to give feedback about, “Does your title makes sense? Is it good? Is it too boring or is it just not descriptive enough? And also how well have you written your abstract from a conference reviewer’s point of view?” So look for that probably by the end of this week, if this… Well, I don’t know if we need to put a date on it, if this gonna be out, yeah.
0:10:21 JC: Is it going to be an open-ended call for speakers? Not call for speakers, call for writers, where will this form just always be up now?
0:10:27 OM: Oh, yeah.
0:10:29 JC: Is it in limited time scope?
0:10:30 OM: It’ll be open all the time, ’cause right now, there’s already an email address where people can send me article pitches, and I get a couple each month that way, but I wanted to formalize and track it better than just in my inbox. If something happens and I have a hundred submissions and I’m set for content for the rest of the year, then I might pause the form or not promise to give feedback on your talk abstracts, but that would be a good problem to have.
0:11:00 JC: It’s always nice having content when you need it.
0:11:02 OM: Yeah.
0:11:02 JC: It’s always a problem we have with the user groups too, getting speakers and people interested in submitting, and one thing I can say about you is, you do a great job giving feedback all along the process, submitting an article and getting feedback, both on grammar or content within it. So anyone that wants to write should, because it’s a great opportunity to be published. I remember getting my first article published, it was like a highlight, it was… I felt accomplished.
0:11:36 OM: That’s awesome. I’ve seen some people who have framed their print issues too, that seems really cool to have. And if you are… Going back to if you wanna become a speaker, I know some people who have written for me, and then I see they’ve given that as a talk later, so it does help you establish some credentials and expertise on a topic.
0:11:58 EJ: Yeah, you mentioned it being a good problem to have, why don’t we go ahead and get into the articles of the magazines? And speaking of a good problem to have, we’re following up our, “We Need a Bigger Boat” article from Liam this month, with his part two. He’s talking about scaling websites, which is another good problem to have if you ever need to scale, and he’s been touching on a lot of the things that maybe you don’t think about when scaling. This month, one of the big things that he talks about is database scaling and sharding. Do either one of you guys have any experience with sharding databases?
0:12:41 JC: Yes, to a point. Recently, one of our clients decided to basically change how they were doing business. It was mostly a move from their own bare metal servers into AWS, and instead of moving everything at once, it was a methodical approach to make sure that we had the processes down, and by doing that, we ended up sharding in a different way. So we ended up with multiple databases, but segmented. So they have a, what they refer to as systems, so different domain names going to these separate clusters of machines. So within Amazon’s AWS, they will have their own database, their own web servers, their own caching servers, and then, as the process was perfected, they set up a second one of these clusters for additional domain names, and then ultimately, a third one. So it’s sharded in that way, not just at the database level, but at the server level as well.
0:13:48 EJ: And he talks, also, about partitions and replication of databases, and caching as well. This has been just a really good series to follow, he’s giving you a lot of things to think about, even when you’re developing your application, before you get to that stage of needing to scale the application, he’s giving you some things to keep in the back of your mind as you’re developing apps, to make scaling easier in the future.
0:14:16 JC: Yeah. One thing that jumped out at me was the use of master-slave, which I stopped using a few years ago, and… Mostly out of the connotation of that, and moved to primary and replica, so just a wording thing. But one thing I didn’t know about was, since MySQL 5.6, GTID replication, which I didn’t even know existed. I’m so used to that primary-replica scenario where the replica knows, “Okay, I’ve read up to this point in the primary’s binlog, and now I gotta go get more data.” Something I definitely wanna check out is the different type of replications.
0:14:58 OM: Replication is really tricky, from what I’ve seen, and I think I may be scarred just from, real early in my career, trying to do that binlog replication, and it never really quite worked well, and of course, this was probably MySQL 3 at the time, but I know that the newest versions of MySQL seem to handle that much better, and with less pain, than it used to be done.
0:15:23 JC: Yeah, it’s definitely come a long way, and it’s not that hard to do than having your application be able to read from multiple locations can also be tricky in itself, knowing when am I gonna hit which server. One of the things that one of our clients has done recently is brought in ProxySQL. Through that, you can have all the connections go to this one central point, and again with AWS, it’s going through a load balancer, so they have multiple ProxySQL servers, and then, based on rules within there, you could say, by default, all traffic goes to the primary server, and then you have another group of servers, like your replicas, and you can get down to very complicated regex expressions. Let’s say if the query looks like this, I want it to go either to a very specific replica, maybe you have a very high-end server with a lot of RAM, and you want that specific query to go to that server; or a round robin, you put five replicas in there and the select request will bounce between these five servers. So just another option versus having to do it within your code base.
0:16:40 OM: Oh, cool.
0:16:41 JC: That’s always been tricky, depending on how it’s written.
0:16:44 OM: I think, for most small to medium size applications, you wanna try to make sure you don’t have to partition and scale your database. This is some pretty last resort kind of stuff, the way I see it. You wanna make sure, I think, first, that your database is performing fast indexes, are in the right place, you don’t have too many queries per request, that sort of stuff. And then, when you’ve exhausted all those optimizations, then you’re like, “Okay, yeah, really, we’re handling so much data that we need to store almost more and more than just gigabytes.”
0:17:17 JC: No, it’s way more fun to be very inefficient in your queries and then scale out your servers. I may have been part of that a couple of times. Oscar, well, we love having you on this episode. We did have to do a different call where we interviewed Barry O’Donovan about migrating legacy web applications, so you weren’t involved in that one, but we’ll cut over to that, we’ll see you back on the other side. Alright, Barry, welcome to the show.
0:17:46 Barry O’Donovan: Thanks John.
0:17:47 JC: How are you doing this evening? It’s…
0:17:48 BO: I’m very well, yeah.
0:17:48 JC: It’s what? It’s 6:00 o’clock your time right now?
0:17:49 BO: 6:00 o’clock in Dublin, yeah. Not raining, which is great.
[laughter]
0:17:57 JC: Yeah, we’re recording at 11:00 AM our time, so that time difference, it’s a bit tricky to hook up, huh?
0:18:03 BO: Yeah, if it was only a little later, I could sit here with a Guinness while you have your coffee. It’s just a bit too early to open one of those.
0:18:09 JC: Too early? Guinness, you can drink at lunch time.
0:18:14 BO: Yeah, I don’t think my wife would approve of that.
[laughter]
0:18:16 EJ: So Barry, is this your first article with PHP Architect?
0:18:23 BO: It is my first article with PHP Architect, yeah.
0:18:25 EJ: Yeah, John did the article in phparch a few months ago on a very similar topic of legacy applications and migrating them to a current code base, but it looks like you’re taking a little bit of a different approach than he did, can you tell us what brought you to write this article? Is this something you deal with every day? The article, by the way, for those listening, is “Migrating Legacy Web Applications to Laravel.”
0:18:55 BO: Yeah, it’s… What brought me to write it was, it’s a project that we were working on in INEX, we have a open source project called IXP Manager. INEX is an internet exchange point, which is a… It’s a switching center where networks can come to interconnect, so eyeball networks, like your ISP and Google and Netflix, for example. So we have an open source application that runs about 70 different IXs around the world, mostly in Europe and Africa, and we needed to modernize the codebase for a number of reasons, but we were running on Zend framework 1 for the last 10 years, which is well past end-of-life at this stage. I’d been using Laravel for other projects, I needed to find a way to migrate without putting the brakes on development.
0:19:39 JC: You were using Laravel on other projects. Was there a reason you chose that over upgrading to the latest Zend framework?
0:19:44 BO: Some years ago, I looked at Zend framework 2, and it was very different to Zend framework 1. I never looked at Zend framework 3, but the differences between 1 and 2 made an upgrade path from 1 to 2 very difficult. So when we were upgrading from 1, as I said, I’d been looking… We’d been using Laravel for other projects; I liked it a lot, so it just seemed like the logical place to go at that point.
0:20:05 JC: Yeah, it was funny when I was scanning through this month’s article and I saw the title of yours, I was like, “Wait a second, I just wrote this article.” And talking to Oscar, it was actually a couple of years ago that I wrote it, and mine was “Wrapping Your Legacy Application in a Warm Laravel Blanket,” or something to that effect. [chuckle] One of the biggest differences is, you’re actually wrapping another framework in Laravel, where my article was about how to take a legacy app that didn’t have a framework. So yours is very appealing and interesting in how you were doing that.
0:20:49 BO: It was something we… I suppose it was something that I fell upon when we were looking at how to do this. You know yourself, with open source projects, you can’t really just take six months off, work full-time on what is mostly a labor of love, and try and just get a clean upgrade, so we had to find a way of doing it in parallel. In playing around with it, we just kinda found this mechanism of, when the 404 was triggered, the “path not found”, that handed off that legacy framework, which seemed like a perfect way of doing it, because Laravel was first, and Laravel, with its roots structure, lets you carve off, not even controllers, but just individual actions into Laravel, and then, by passing that control to the legacy application, you get the benefit from all the stuff that Laravel has, all those facades and everything else are available to your legacy application. So even if you want to just tweak what you already have, you can still tweak it without doing a wholesale migration and still use some of the Laravel stuff as well.
0:21:48 JC: Yeah, it’s fascinating. When I did it before, it actually was the other way around, where it would look for login.php, and if that was there, it would run your normal legacy app, and if it wasn’t, then it would fall back to the Laravel application.
0:22:08 BO: Yeah, we could have gone that way. I guess the approach I took was sort of start where you want to finish.
0:22:13 JC: Yeah. Yours was… Your way is awesome. Like you said, getting access to the Laravel framework within the legacy application basically for free was a great take on it.
0:22:28 EJ: So how long have you been developing, Barry? Is this… You say you’ve been working with the Laravel framework for a while. How long have you been involved with PHP, just in general?
0:22:39 BO: I guess I fell into PHP back in college, giving away my age now, turning early 40 soon. So back in college, back around the turn of the century, I would have been on the computer society ComSoc in my own hometown’s college. On the committee, we would have ran servers, we would let users create some PHP scripts in there, the publication mail directory of the user directory, some… Kind of things you don’t do anymore. So I think, back then, I guess, that was PHP 3, so that was how I started using it. Kinda played around with it a bit over the years that followed. I think the first big project I did was in my first job, which was for an internet service provider in Ireland. I had to build a portal to support about 30,000 users. It didn’t have to do anything massive, it just had to allow users to create email addresses, configure content filtering, register for VoIP services, that kind of thing, and that was built over a Mambo framework, Mambo portal. Haven’t seen that around. Or sorry, I think it was actually Joomla! , pre-Mambo times. So that was the first big project I had.
0:23:56 BO: And then from there, over the years, through my own company, through the stuff we do at INEX, we’ve been doing a lot more PHP stuff. I have an open source application I built, it’s kind of a while ago now, called ViMbAdmin, it’s… I don’t know if you ever heard of PostfixAdmin; it’s a web-based tool for allowing you to manage email addresses and email aliases on multiple domains. That was pretty old in the tooth at the time we were looking at it, so we used ViMbAdmin as a training tool for some developers I worked with on different projects, open source, that has about 10,000 installs that we track. Even that now, that itself is probably old in the tooth, that’s a Zend framework app as well, that needs… Definitely is in need of modernization. So over the years, while usually I’d be a network engineer or a sysadmin, do an awful lot of PHP programming, enjoy it an awful lot, with various open source projects and the commercial stuff that we do.
0:24:53 JC: You said you’ve worked for ISPs in the past, and you have your own company now?
0:24:58 BO: That’s right, yeah, myself and my business partner have a network consultancy company.
0:25:02 JC: Okay. Working maybe with…
0:25:03 BO: We work with a lot of… Yeah, we work… What we do is, certainly in Ireland, with the huge companies like Facebook and Google and Amazon that have massive offices here, it’s very hard for smaller ISPs to get network engineers, so what we do is, we outsource that function, or we insource it to ourselves, where we look after the core and edge network for smaller ISPs. So that they can concentrate on sales and support and these sort of access into their network.
0:25:30 JC: That’s fascinating because, over here in the States, it seems like we don’t have many options for ISPs. We get stuck with, basically, where we’re living, we go with the major cable company near us, which is a pain when you’re upset and there’s just no where else to turn. [chuckle] I want more options and I’m stuck.
0:25:53 BO: Yeah. I certainly wouldn’t want you to go away thinking that Ireland is a utopia for ISPs. Certainly in rural Ireland, it’s very difficult to get good connections. I’m fortunate, living in the capital.
0:26:03 JC: Gotcha. How many ISPs are in your area? Do you have a lot of choice in that way?
0:26:10 BO: I do where I am I. Have a choice of cable, which will get me up to about 400 Meg, VDSL get me about 70, 80 Meg. I think that’s the two main choices here. There are fixed wireless providers, but you wouldn’t really gravitate to fixed wireless if you can get wired broadband.
0:26:29 JC: Makes sense.
0:26:30 BO: Yeah. In the more rural parts, it’s really all fixed wireless or mobile 4G.
0:26:36 JC: So you said this is your first article with PHP Architect, how’d you come to write for them, did they contact you or did you contact them?
0:26:45 BO: Yeah, I have been reading PHP Architect for a few years now, I think it’s a great magazine, and I did a talk on this topic at a conference last June in London at the Laracon… Sorry, at the Laravel UK Live Conference, and I had always intended to write it up, just put it in my own blog. I wrote it up in draft form, and I just kind of said, “You know what? Maybe I’ll touch base with the editor of PHP Architect and see if there’s any interest there.” So dealing with Oscar then, and yeah, he took it up straight right away. So it was a good outcome.
0:27:21 EJ: So that Laravel Live UK Conference, that was the first year of that conference last year, correct?
0:27:28 BO: That’s correct, yeah. They’re running a second one this June. It’s turned into a two-day event.
0:27:33 EJ: Yeah?
0:27:34 BO: I don’t know much about it yet, ’cause I think they’ve only announced it recently.
0:27:38 EJ: Yeah, okay.
0:27:39 BO: But it was a good… It was… Yeah, it was a good conference. For the first conference, there was an awful lot of people there, it was… There’s definitely a big Laravel community in the UK.
0:27:50 EJ: That was gonna be my question is, it seems like Laravel has a pretty large presence there in UK. I know, just around Europe in general, Laravel’s pretty well known. There’s actually some very popular developers who are in Belgium and different areas over there. Do you do any meet-ups? Either Laravel or PHP meet-ups or… I don’t know if they are called meet-ups there, but group get-togethers?
0:28:23 BO: Yeah, there is a Laravel meet-up… Sorry, there is a PHP meet-up in Dublin. It’s been around for, I think, for a couple of years. I haven’t had the opportunity to go to it. A lot of what I do in Dublin in that regard would be through INEX and networking meetings, so INEX has four meetings a year, and then there’s a… Like the PHP meet-ups, there’s an Irish Network Operators Group that has a meet-up every few weeks that we’d… That I’d go to, where I’ve presented at a couple times as well.
0:28:54 EJ: Everything sounds more badass when you say Irish.
[laughter]
0:29:02 EJ: Do you ever make it over here to the States for any conferences?
0:29:04 BO: I do, I was in Seattle last… About this time last year, for a conference called GPF, it’s the Global Peering Forum. So it’s where a lot of the larger eyeball and content networks get together to talk about interconnecting, and as INEX, we’re the internet exchange point for Ireland, we’d go because most of them would be members of us, and we have to facilitate that. So that was in Seattle last year, it was in New York the year before, and I’m going to be in Montreal in a couple of weeks for the 2019 version of that. And as it happens, I’m taking a family holiday out of that to New York, Philadelphia and Washington for two weeks, so looking forward to that.
0:29:42 JC: It’s nice when you can combine conferences and vacations, kinda two-for-one there.
0:29:47 BO: Yeah, definitely. One of the first times I’ve got to do this, actually. And so we’re really looking forward to it. My wife keeps pegging it as my 40th birthday present.
[laughter]
0:29:58 JC: Yeah. You said you’re showing your age, pushing 40. Eric and I are already there, just a wee bit over 40. I had to throw “a wee bit” in there for some reason.
[laughter]
0:30:12 JC: So you went to Laravel UK. Do you do any other PHP conferences? Have you gone to any, spoken at any?
0:30:19 BO: I haven’t that I can recall. What I have done is various Hackathons around the networking community. I mean, to be perfectly honest, PHP has a bad rep in that community, I think that’s just… I think, that’s quite frankly, ignorance on some people’s parts. They have this prehistoric view of PHP as it was many years ago, so I think the next talk I need to put together is in defense of PHP, and educate them on the modern version of… Python seems to be the language of choice at a lot of those places.
0:31:00 JC: Yeah, we were actually just talking about this in the Longhorn PHP Slack channel yesterday, the bad rap PHP gets, especially in a lot of coding boot camps, and they said that they actually have instructors that are… Just won’t show up for the small block that is for PHP, and it’s like, how do you hate PHP so much that you’re gonna talk badly about it and not show up for that portion of the day?
0:31:30 BO: Yeah. I mean, it was… I have to say, it surprised the hell out of me at that one Hackathon. I had some developers up and said, “Look, I love your idea, but my sysadmins would never let me install PHP on our production servers.” I said, “I’d be surprised if it wasn’t already installed on your production servers.”
0:31:48 JC: Well, the same thing happens with frameworks. I don’t understand the hate that Laravel gets. I understand it’s not your preferred framework, you use other ones that you like better, but Laravel is a decent framework that… Yeah, there’s some politics within the community itself, but it’s still a great framework and gets the job done for lots of people.
0:32:11 BO: Yeah, I guess one thing for me is, not having been to so many PHP meet-ups is, I haven’t been too exposed to that, but I mean what I recently, maybe two weeks ago, I was sitting down with a customer’s PHP developer, they asked me to come in and chat to him and just talk to him about Laravel. And I remember, walking away, he was really happy, really impressed with the things Laravel could make easier for him over the stuff he was already using.
0:32:37 EJ: Right. And I think that’s what makes your article so timely, where I definitely don’t agree with a lot of the hate that PHP gets. We did have some rough years, and I think a lot of companies are finding themselves, we have clients in the same boat who have these legacy applications, who aren’t taking advantage of a lot of the modern tools, workflows and frameworks that we have out there, that need to get that legacy application up to speed, get it on Composer, get it on PHP 7.3, 7.2. So that’s why these articles, I see… I’ve been seeing more and more of these “migrating your legacy applications using framework X” and they’re just so timely and so beneficial to the community.
0:33:31 BO: So I was gonna say, one of the things I tried to do in my article was kinda make the case that, in a commercial environment, the method I tried to outline makes it easy in that, you don’t need to pause development, you don’t need to highlight the cost because it’s hidden, really. You put Laravel over your existing legacy application, you work away in development as normal, everything looks the same on the front end, and you can start adding stuff to Laravel and migrating as you have spare time. And it’s a great way to bring in new hires and unexperienced developers. You can give them the smaller chunks of controller to migrate, it’s a great way for them to get to know the existing application, the code base, and makes for great mini-projects, just, “Migrate that controller, migrate those actions.”
0:34:21 JC: The one area that I was confused on was in the session management piece. Were you basically saying there was no cross-session… If you wrote code in Laravel, you weren’t taking advantage of the same session that your older controllers and routes were using, right?
0:34:35 BO: Correct, at least for a Zend framework, which uses PHP session management. You can use… You can configure it to do different things, but in general, it uses PHP’s cookie-based session management. Laravel also has a cookie-based session management, but it has its own version of it, so when you put the two frameworks together, you end up with two cookies, one for each, which, as it turns out, is great because you don’t have any namespace collisions or two different authentication systems tripping over each other. It just lets you put the two together, and then, because Laravel is first, if you need to share session state between the two aspects of your application, you can just use a session facade in the legacy app.
0:35:14 JC: Because Zend had a session facade, is that what you mean?
0:35:18 BO: What I mean is, let’s say, on one of those rare occasions where you may have put some information in the session in the legacy app that you needed to access in Laravel because you’ve migrated half of controllers there. You can… In the legacy app, you can use Laravel’s session facade to put that data into Laravel session, so it’s available in the Laravel side the next time you come through.
0:35:42 JC: Got it.
0:35:42 BO: If that makes sense.
0:35:44 JC: Yeah. So you need to update the legacy app to use Laravel session facade, ultimately putting it in both places?
0:35:50 BO: Yeah, but only for the data you need to share between the two frameworks.
0:35:55 JC: Gotcha, okay. Yeah.
0:35:56 BO: Which, for us, turned out to be very little, in fairness.
0:36:00 JC: Well, yeah, I’ve seen some legacy apps that just abuse the hell out of a session.
0:36:02 BO: Yeah, that is true. [chuckle] It’s a good opportunity to fix that as you migrate as well.
0:36:08 JC: Putting just huge amounts, huge arrays and everything into the session.
0:36:12 BO: Yeah. Absolutely.
0:36:14 JC: Okay, that makes more sense then, just being more cognizant. And I like the fact that you included user authentication and talked through your reasonings for whether to do it first or last in the whole scheme of things.
0:36:27 BO: Yeah. It was a coin toss, but I think in the end, leaving it till last is probably best, or as towards the end as you can, because that way, as you migrate stuff, you can be cognizant of any areas where authentication might become a problem. So if you’re doing anything authentication-wise, password resets, all that, if you leave it till the end, it seemed to work for us and certainly because the Zend framework authentication was fine, and the… All it required, really, was a little bit of code that says, “Is a user authenticated in Zend? And if he is, just log him into Laravel, and vice versa, if he’s logged out of Zend, log him out of Laravel.”
0:37:08 JC: Fascinating.
0:37:09 BO: So yeah.
0:37:09 JC: Yeah, definitely a lot easier than the way I had to do it for other types of authentication, or for when I was handling legacy apps without a framework, a lot trickier.
0:37:22 BO: Yeah, yeah. And the way I’ve set out will work for other frameworks, it’ll also work for legacy apps. The LibreNMS example was a legacy app that had no framework. So everything in that case went through in index.php, so the bit where Laravel shows the 404 and you load the Zend framework service provider, you would just load the legacy index.php file.
0:37:47 JC: Right.
0:37:47 BO: And it should just work from there.
0:37:49 JC: Yeah, that works if you have an up-front loader or whatever it’s called, the index.php. If you go back prior to that, where you had…
0:38:00 BO: Everything was a PHP file.
[overlapping conversation]
0:38:00 JC: All in a separate page.
0:38:01 BO: Yeah.
0:38:02 JC: Yeah, that becomes of a little more tricky.
0:38:04 BO: I kinda hinted at that, but I didn’t get into it, in that you could move everything, you could use Apache read/write rules, throw everything into an index file. Obviously, you need to be security aware that you don’t let people access stuff and paths that aren’t the web application. But it is possible to do that way as well.
0:38:23 JC: Yeah. One thing that I definitely like about the newer frameworks is having that routes file so you know what all your routes are ahead of time.
0:38:30 BO: Yeah, yeah. It’s very useful.
0:38:31 JC: Versus just having… Just have files everywhere. Barry, is there anything else you’d like to cover?
0:38:36 BO: No, guys, I think that goes through all of my article. I think the one thing to mention is that it seems to be the one that PHP Architect and Oscar are giving away as a downloadable PDF this month.
0:38:47 JC: Nice.
0:38:48 BO: So I don’t think you need to buy the magazine to read this, but you should definitely subscribe if you’re listening because it’s an excellent magazine.
0:38:53 EJ: And when you read the article, make sure you read it with the Irish accent that Barry’s presenting here. It makes for a much better read.
0:39:01 JC: So it also helps if you’re drinking a Guinness at the time.
0:39:05 BO: Definitely.
[laughter]
0:39:07 JC: You did a fantastic job writing it, great writing style, easy-to-follow, so great job.
0:39:12 BO: Thanks a million guys, appreciate that.
0:39:13 JC: And we really appreciate your time, it’s been great having you on the show.
0:39:16 BO: It’s been a pleasure, thanks a million guys.
0:39:18 EJ: That was a great interview. I enjoyed talking to Barry. How about you Oscar, any thoughts or opinions on migrating legacy web applications?
0:39:26 OM: Yeah, it’s good to see that there’s more than one way to do this. I know John wrote about it in a previous issue, and Barry’s got a great take on doing it over two years, slowly and methodically, which is usually not the approach a lot of people wanna take. They just either wanna do a big re-write all at once, or throw out the old code and start from scratch. But his approach is really cool to see, ’cause I’ve run into a couple of clients that have… I literally have one client who’s on a framework that’s built on top of Zend framework 1 that no longer exists on the web. So seeing how to do that piecemeal to Laravel, I think, would be really applicable to what they’re doing.
0:40:06 JC: When I saw the title, I was like, “Wait, I already wrote this,” and one of the big differences is, what I needed it for was the more traditional legacy app that wasn’t built on a framework. So each one of your files, you didn’t have a front router or whatever you call the index.php page. Every file was the controller, you had your login.php, for my use case, and the way I wrote the article, it handled that, where Barry’s went back and everything was around having basically two frameworks side-by-side.
0:40:42 JC: Alright, well, that brings us to the next article, “WordPress and the IndieWeb,” which I found is a very interesting article. It’s not about WordPress, as you would think because of the title, it was a lot around the IndieWeb and all about owning your own content, stop providing Facebook and some of these other massive sites with your content. I think the whole idea around this IndieWeb movement is owning your own identity, owning your own content, de-centralizing the web, in a way. And one of the things David brings up in here, he mentions this Mastodon, and I remember looking into it, and I still I am so confused by it, but the way he wrote made it seem a little more accessible. Have either of you looked into that?
0:41:30 OM: I have. There’s actually… Someone set up a Mastodon for the PHP community, so I went and grabbed a handle on there, and it seems a lot like Twitter, it’s PHPC.social, if anyone wants to go out there and join, and you can get basically an account there. And like I said, it seems a lot like Twitter, but it’s distributed, it’s not one big company that owns it, different groups can set up these own instances and then federate the messages between them for micro-blogging. It looks pretty cool. I haven’t been able to stick with it ’cause it’s not on my phone. I think I just need to download an app to my phone and try to be better about participating in there instead of Twitter.
0:42:18 JC: My assumption is, it’s gonna be more like, instead of going to Twitter, where I’m going to follow you, follow Eric, I have to find your specific servers, or communities, like you said, with the PHP one, where now, within my feed, it’s gathering data from all of these other servers out there, which just gets hard to wrap your head around that I guess, until you actually become part of this IndieWeb movement, and really understand what you’re trying to accomplish.
0:42:53 EJ: I think one of the bigger challenges for these efforts, and this has come up a few times. I am actually on the Mastodon, the PHPC Mastodon server, but it’s all about numbers, right? I mean, I don’t go on there because there’s just not that much activity going on there that I can’t get in Twitter, and that’s the Achilles heel. I mean, I would like to participate more in these communities that I feel I’m more secure in, but if the content isn’t there, if the communities aren’t there, if the people aren’t there, it’s kinda hard to do.
0:43:34 EJ: Yeah, I don’t know, it’s a tricky problem. And the article also goes on to talking about hosting your own your blogs, and that’s kinda where WordPress comes in, and not contributing to these larger services, because they’re very tempting with their free tiers and ways of getting people drawn in, but owning your data and hosting your own data. So it’s tricky, because it’s discoverability, if you host your own blog, once you’re really popular, having people… Getting people to discover that blog can be challenging. I think that would be kind of a cool service to see, is a search engine that has a focus more on the “IndieWeb” where it’s not looking at these big conglomerate sort of blogs and it looks for blogs that are specifically just these one-off blogs.
0:44:35 JC: Yeah, I think the hard part is… Most people will open one of these servers, but they still post the same content to Twitter or to Facebook. Any of the competitors, it’s like, I wanna get my name out there so I’m gonna do both, just like with blogging. If I write a blog article, I don’t just leave it there for people to find, I’m gonna tweet about it and post it wherever I can. It’s just gonna be so hard for anything to compete with the big corporations, unfortunately.
0:45:09 EJ: If there’s only a small group of a community that really could entice people to come join the community by offering, I don’t know, discount codes to magazines or something, that might be cool.
0:45:24 OM: This article kind of made me feel old, ’cause this was a lot of the promise of blogs, and RSS, and the web 2.0, or maybe 1.5 when it came out, and everyone who was kind of technical started to blog, and would have your blog roll, and you could follow some of your friends.
0:45:42 JC: Blog rolls, I haven’t heard that in forever.
0:45:45 OM: And then, when Eric, you just mentioned a search engine for blogs, that was Technorati, and for a while, you could put that little badge on your blog, and they’d give you a rank, you guys remember that?
0:45:55 EJ: Oh, that’s right. I forget about that.
0:45:57 OM: But they shut done a few years ago, yeah. And they would grab your posts from your RSS feed, and people could search and find you that way. But it is tricky, and I think one of the things David brought up in his article about IndieWeb is how there are two ways to go about it, you could have a blog that’s recording what you do elsewhere, like your tweets, your Instagram uploads, and that’s one way to do it. I think the ideal way that they would push you toward those, like you would post first on your blog, and then it would automatically promote your stuff on Twitter, share it on Facebook, on Instagram, or whatever other channels you wanna have a presence on, and there are plug-ins that he lists that help you do that so you don’t have to program at all, you just have to set it up. But I think the technical bar is a little high, I wouldn’t expect most of my friends to be running their own blogs and configuring plug-ins and dealing with all the headaches that come with that, but maybe that’s something wordpress.com could do.
0:47:05 JC: But that’s also that the challenge, is getting the masses. The Twitters and Facebook make it easy for the non-tech group. I believe it’s the techies that made Twitter what it is, and then it blew up with everybody else, but it also became… It was also an easy place to go.
0:47:27 OM: Yeah.
0:47:30 JC: Moving on, the next article I really liked was the “OAuth 2: How It Works, Refresh Tokens, and the State Parameter” by Daniele. Is it Daniele?
0:47:40 OM: I think so.
0:47:41 JC: What I found very interesting was, I do a lot of OAuth stuff, and I’ve used the state parameter, but not as a CSRF piece, and that’s basically what the article’s about, is, mitigating CSRF request forgeries, cross-site request forgeries that can happen in OAuth, so I found that fascinating, a fascinating article.
0:48:06 EJ: That’s really an inventive way of leveraging that. When I read that, I’m like, “Wow, I never thought to do that, but yeah, that’s very creative.”
0:48:17 JC: But have you thought about hijacking somebody else’s session through CSRF, that’s the key. Are you that kind of hacker?
0:48:25 EJ: Not that you can prove, John.
0:48:27 OM: It’s interesting to hear, in his article, too, how different implementations of OAuth kind of vary and how you have to account for that when you’re integrating, but it kinda goes back to, OAuth isn’t a standard that dictates exactly how everything is gonna flow and work, just the steps or the things you need to do to have an OAuth flow, if that makes sense, and whereas the details are kinda up to each implementer to sort out.
0:48:55 JC: Yeah, I’ve seen Keith Casey talk on the subject and how it’s not really a standard…
0:49:02 OM: Especially OAuth.
0:49:03 JC: Speak 2…
0:49:04 OM: I think OAuth 1 was more defined.
0:49:06 JC: Gotcha.
0:49:06 EJ: So moving on, “Explicit is Better Than Implicit,” by Chris Tankersley.
0:49:14 JC: I disagree. I disagree. Oh, I was trying to be explicit.
0:49:18 EJ: Thoughts and opinions.
0:49:20 OM: Well, I’m curious to hear from you guys how… Are you making an effort to use type hints, the scalar type hints more? Where I’ve done it, it led me to discover assumptions about my code, and I was like, “Oh, I can’t have this yet.”
0:49:33 EJ: So it’s funny, when it was all being discussed, I have to say, I was probably more in the camp of, PHP isn’t a compiled code, it’s not a compiled language, that doesn’t… Doing these type hinting isn’t getting us anything. I have since been brought around, I think a lot of it has been by John, as to… It is actually very beneficial when you’re using IDEs to do your development, so where, yes, you’re not going to catch anything at compile-time like you would with a language that you have to compile, that’s true, but when you’re using tools within the PHP ecosystem, they can take advantage of it and they can help you with your development. Now, I’ve actually become a big fan of it, even with the return types and things like that, it’s like, “Oh yeah, I’m…” It definitely feels better when I’m in my IDE of… The information my IDE has given me back because of that type hinting.
0:50:42 JC: Yeah, definitely. The static analysis, you can make use of other tools to make sure you didn’t accidentally mess something up, it makes you think about what you’re writing, as far as what should be going in there, and it allows for better testing, so you know you can use that information to figure out what your edge cases are, and, “Oh, I’m expecting an int, maybe I should think about passing a string in, and how is that going to mess with this application? Am I handling exceptions properly?” So just giving the extra bit of emphasis on thinking about what’s there, is so beneficial.
0:51:26 OM: I hadn’t thought of that. I’ve been using them as a living code, ’cause, like you were saying with an IDE and the tooling around it, we’ve had automated DocBlocks forever, so most of the time, when I’m creating a new method or something, PhpStorm will automatically create my doc block for me with the param annotations and the rest, but I never found myself going back and updating those if I change the types or the function signature too much.
0:51:52 OM: But now, by putting those in the actual method signature, saying that this first parameter’s gonna be an int and the second one’s a float or whatever, if you change those, you know you’re likely to be breaking something or need to test to catch regressions, or you’re definitely altering how a function is going to work, whereas before, it was much easier to let the comments rot and not reflect your inputs and outputs correctly.
0:52:21 JC: Yeah, the main code base I work was on 5.6 up until very recently, and again, going back to… We talked earlier about having that migration to AWS, one of those clusters is completely PHP 7.3 now, where the others are still on 5.6, so we’re still in this migration period of getting the code fully up to PHP 7. I can’t wait to be able to put the actual types into the method signature. I’m using DocBlocks like you are and just hoping for the best. But you’re right, that code rot, where it just kinda… If you don’t update it, nobody knows. And I think the PhpStorm and most other IDEs, they don’t know what type it is unless you’re… Especially on the scalars, because you couldn’t type hint on, int their string before.
0:53:10 OM: Right. I think they might have parse DocBlocks, but again, if those are wrong, that’s useless. Did you guys hear of this PHP unit dissension that Chris Tankersley brought up in his article?
0:53:22 JC: No, I had not heard of it.
0:53:23 OM: That’s what led him to write it, is that they changed one of the methods, the setup method for testing. Before, it didn’t have a return type specified, so people kinda hijacked it and were returning objects they needed in their test. In PHPUnit 8, that method is now a void return, so you can’t return anything from it, which broke a lot of tests and upset the people who were assuming you could do that, and didn’t like that the PHPUnit folks said “No, don’t do that, and put it in the code.”
0:53:55 JC: What I’m confused about is why would somebody call this setup, ’cause it’s being called automatically. So when it’s setup, are you just getting called twice in that case?
0:54:06 OM: I guess.
0:54:07 JC: That’s weird.
0:54:09 OM: Yeah.
0:54:09 JC: I’m sorry, but if you did it that way, you’re wrong.
[chuckle]
0:54:12 OM: The PHPUnit maintainers have spoken.
0:54:14 JC: Especially in a lot of my tests which, unfortunately, hit the database directly, if I were to call the setup method multiple times, that would be bad. Often in my setup method is where I’m getting stuff ready for the test to run, and then getting it ready a second time would just be silly.
0:54:33 EJ: So we mentioned we’re in the month of March, and March is notable for several reasons. One, it’s the month my beautiful daughters were born. Two, it’s the month that opening day of Major League Baseball is, and three, it is also now Women in History Month, and we have an article this month “Women in History,” by Margaret.
0:54:55 OM: I think it was a good follow-up to last month’s discussion with Jill and Lukas. What Margaret did is survey some women and people, under-represented folks in the community about their experiences, which is great to hear what they had to say about how to make meet-ups, user group meetings, conference events like those, more welcoming, more inclusive. Some stuff that we’ve tried to really do at tek and World, like encouraging people who are… To use the Pac Man configuration when you’re talking in a group so there’s room for someone else to jump in. Yeah, overall, it was great to hear what she collected.
0:55:40 JC: Yeah, the Pac Man rule, I had just learned about, and when we were still planning on doing [0:55:46] ____ PHP this year, I added it to, basically, our little list of things we were planning, and I wanted to make that something I focused on in the welcoming of attendees, and talk about the Pac Man rule, ’cause I don’t think a lot of people know about it. So we’re trying to just make it known, “Hey, if you’re talking in a group, open up space, make it known that more people are welcome.” That’s the whole point. And as the group grows, you just keep that space open.
0:56:19 EJ: And when you say “space,” you’re talking physical space, right?
0:56:22 OM: Right, so leave space for one or two other people to jump into the group and open it up further instead of being a closed-off circle, like you might tend to group in with your friends.
0:56:35 EJ: I like that, I like that. And I also liked in this article, first thing, the conversation we had last month with Jill was great. I’m glad that you brought that to our attention. It was out of the norm, it wasn’t an article in the actual magazine, so it was something that you had actually reached out and said, “Hey, this is something important. I wanna make sure we talk about it and I want to give them some time to explain to everybody what it is they’re trying to do.” So that was real great of you. But in this magazine, in this article as well, kind of following along what she said she was going to do is just reading through the little snippets of feedback that she got, and just seeing how people’s experiences through their words, it was a nice read.
0:57:33 OM: Yeah and along with that, I wanted to bring up what Jill’s doing, if folks haven’t listened to last month’s episode yet, go and listen to it after this. But Lukas Smith is part of the Symfony Diversity Initiative, and working with Jill, they’re putting together a workshop for speaker mentoring. That’s coming up, actually, I think it’s this week, so hopefully we can get this out soon. And PHP Architect is sponsoring that. We’re helping out with some of the cost, but they are still looking for donations. And also, if you wanna register to be part of the mentoring workshop, you can do so for free if you go to opencollective.com/symfony-diversity-speaker-mentoring, or check out their ad in this issue to get that link.
0:58:29 EJ: Well, we’re running a little long. As always, there are more articles in the printed version of the magazine. We strongly encourage you to pick one up, either in digital or actual print format, and read about some of the articles we talked about today, read about the articles that we didn’t talk about. Great resource to have, if you have a team. That’s where having the physical copy comes in real handy. I bring my copy in to the office and we throw it down on a shelf and anybody on the team can pick it up and thumb through it. Digital copy, about as cheap as it comes, definitely worth having. Makes for great birthday and Christmas gifts. [chuckle] But besides that, I think that will do us for this month. Oscar, it was fantastic having you join us. Is this going to be a regular thing moving forward?
0:59:24 OM: I think so.
0:59:26 EJ: You’re the boss. You just have to say yes. [laughter]
0:59:28 JC: Let’s see what happens with the download numbers first.
0:59:32 EJ: There you go. I like that idea.
0:59:34 JC: Well, I can’t wait to see you at tek and we will talk again soon.
0:59:38 OM: Cool, thanks guys.
0:59:39 EJ: Bye.
0:59:40 S: This has been PHP Podcast, the official podcast of PHP Architect, the industry’s leading tech magazine and publisher, focused on PHP and web development. Subscribe today at phparch.com to see what the leaders in the community and industry are talking about.
[music]
Air date | March 25, 2019 |
---|---|
Hosted by | Eric van Johnson and John Congdon |
Guest(s) | Barry O'Donovan, and Oscar Merida |
Leave a comment
Use the form below to leave a comment: