Built from source.

The problem with unofficial, de facto standards, like magic.mime? What happened late last month, when the Unix file(1) command development team, led by Christos Zoulas, released version 4.24, a minor revision that changes the entire magic format and no longer generates a magic.mime file.

Many programs rely on the magic format in order to identify a file’s MIME type (for example, returning “video/quicktime” for a QuickTime movie or “image/jpeg” for a JPEG image). With MIME detection being merged into magic.mgc, a compiled file, programs that rely on this functionality must be modified in order to use the latest changes.

According to Christos the new format yields more accurate results:

[N]ow mime detection is more precise as it depends on the full magic specification of each magic type, not just a single magic/offset.

And indeed, in testing this appears to be the case, e.g., MP4 videos are detected more often than they were in 4.23. But to use these latest changes, many developers must make system-level calls directly to the file command until extensions are updated.

The PHP extension Fileinfo, for example, is a thin wrapper around the library version of file (libmagic), but yet does not understand the new format. In PHP, calling the file command on a fast machine via exec() is about 16 times slower than using Fileinfo (0.128 seconds versus 0.008).

Of course, there is a standard specification, but neither file(1) nor Fileinfo use it, unfortunately.

I don’t use Dreamweaver, but everyone I work with does. It so happens that whenever I need server connection information, they send it to me in the form of a Dreamweaver site definition (.ste). Naturally, this isn’t terribly useful for someone like me who connects via SSH or SCP most of the time. In the end, I have to waste time asking around to see if anyone actually remembers the password.

So today I finally took a few minutes out of my day and wrote a simple PHP class to parse site definitions. It reads the bare essentials of the connection information and decrypts the password. Because Dreamweaver site definitions are just XML files, if (for some bizarre reason) someone wanted to extend this, it wouldn’t be hard at all.

/**
 * A Dreamweaver site definition (.ste) reader.
 */
class SteReader
{
    /** @var SimpleXMLElement SimpleXML object */
    protected $_xml = null;

    /**
     * Constructor.
     *
     * Parses a site definition file into its SimpleXML equivalent.
     *
     * @param string $file Fully-qualified file path
     */
    public function __construct($file)
    {
        if (!is_file($file)) {
            throw new Exception('File does not exist');
        }

        $contents = file($file);
        foreach ($contents as $i => $line) {
            // This element is unnecessary, and often contains duplicate
            // attributes that prevent the file from loading correctly
            if (substr($line, 0, 14) == '<appserverinfo') {
                unset($contents[$i]);
            }
        }
        $contents = implode('', $contents);
        try {
            $xml = new SimpleXMLElement($contents, LIBXML_NOWARNING | LIBXML_NOERROR);
        } catch (Exception $e) {
            throw new Exception("File is not a valid Dreamweaver site definition");
        }
        $this->_xml = $xml;
    }

    /**
     * @return string Site name
     */
    public function getSiteName()
    {
        return (string) $this->_xml->localinfo['sitename'];
    }

    /**
     * @return string Host address
     */
    public function getHost()
    {
        return (string) $this->_xml->remoteinfo['host'];
    }

    /**
     * @return string Remote root directory
     */
    public function getRemoteRoot()
    {
        return (string) $this->_xml->remoteinfo['remoteroot'];
    }

    /**
     * @return string Username
     */
    public function getUsername()
    {
        return (string) $this->_xml->remoteinfo['user'];
    }

    /**
     * @return string Password
     */
    public function getPassword()
    {
        if (!isset($this->_xml->remoteinfo['pw'])) {
            return false;
        }

        $encoded  = (string) $this->_xml->remoteinfo['pw'];
        $literals = explode(' ', wordwrap($encoded, 2, ' ', 2));
        $password = '';
        for ($i = 0; $i < count($literals); $i++) {
            $password .= chr(hexdec($literals[$i]) - $i);
        }

        return $password;
    }
}

Thanks to Bart Grantham for his Dreamweaver site definition password decryption algorithm!

It was a fun week. Of course, the big news on Tuesday was Zend’s new partnership with Microsoft, which promises to make PHP perform better with Windows in general, and IIS and Windows Server 2003 in particular. Zend’s own branch of PHP, Zend Core, will include even more improvements. Both Zend and Microsoft were obviously excited by the announcement, and I’ve got to admit that I was pretty impressed by the ease of configuring PHP in IIS 7. They showed some in-house benchmarks, but I’ll be interested to see some independent tests conducted when the final product ships (sometime next year?).

At some point during the same keynote, MySQL AB CEO MÃ¥rten Mickos jumped on stage for about seven seconds just to brag about what we already know—that MySQL is the most-used database with PHP. I wish he had spent a few more seconds, then, and explained why they clearly don’t bother to test their installations with PHP, since the default installation of MySQL prevents PHP from compiling if it also has OpenSSL (a somewhat common package).

In any event, the hot topics for this year were scalability and security, and there were lots of sessions on both. Eli White, the senior developer over at Digg, gave a great talk on scaling techniques (OpenOffice Impress format). George Schlossnagle, lead developer of APC and, frankly, entirely too many other PECL packages, followed up with his own excellent talk on scalability (PDF), which was naturally a bit more focused on caching.

Jaisen Mathai of FotoFlix briefly covered JSON and PHP, although (as with all of the sessions) the time constraints really limited how much he was able to talk about. After the session I mentioned Zend_Json to him—although any JSON library will do for encoding and decoding objects, I like the things attached to that one in particular, like Zend_Json_Server. In one of my projects I decided to expose entire PHP objects as JavaScript, modify them on the client using some Script.aculo.us voodoo, then return back the entire object. That’s the kind of thing that’s really useful when you’re dealing with complex data and needing a simple UI that doesn’t require lots of page refreshing, and although his talk was a good introduction to JSON/PHP interaction in general it didn’t cover interesting ways that JSON can be used outside of retrieving exposed, external information or your standard Ajax stuff. And to be honest, I felt like the examples in his presentation would have worked better as REST services. Oh well, you can only do so much with 45 minutes, and he was a pretty good presenter notwithstanding.

Unit testing also got a deserving nod from Sebastian Bergmann, creator of PHPUnit. His talk hammered home the test-first methodology and also revealed some new functionality in the upcoming PHPUnit 3, including being able to automatically run Selenium tests. That’s hot.

I should also mention that Chris Anderson, author of The Long Tail, gave an excellent keynote on Wednesday. It wasn’t particularly tailored to apply to PHP, though, as one questioner pointed out. Still, I’m just as (if not more) interested in business strategy as I am in software development, so I loved it. Plus, we all got free hardcover copies of his new book, so that was nice (I picked up two—my boss wanted one). Maybe it’s just because he’s been touting the concept for awhile, but I was impressed at how on the ball he was with the Q&A session at the end.

Andrei Zmievski of Yahoo!, though, won the prize for having far and away the most interesting session of the week—”Unicoding with PHP” (PDF). He walked through in great detail the challenges of creating a Unicode-aware PHP 6 that (almost) transparently handles the hellish details of the standard. I’m guessing the Japanese user-base is drooling in anticipation of being able to (among other things) use hiragana, katakana, and kanji to represent variables instead of the Latin alphabet. Andrei promised a PHP 6 Unicode pre-release to get the functionality out there and tested, so keep an eye out for that. I’ll link to it when it’s available. Update: Here it is.

Last but not least, the Zend Framework get-together was one of the highlights of the week. Meeting Gavin, Darby, Bill, Andi, and all the rest of the Zend crew (along with contributors and users like Richard and Keith) in person was great, and I got a t-shirt. BONUS.

Anyway, that’s enough for this post, and I haven’t even covered half of it. Really, if you haven’t been before and you’re interested in PHP, you really should make some time to go next year. Plus, you know… t-shirts!

A couple of months ago, Zend unveiled the new PHP 5 version of their certification exam, which they promised would focus less on syntactical issues and trick questions and more on testing if you actually understood how to program pattern-based, object-oriented code—or knew enough about it to fake it, anyway.

The importance of a well-known, respected PHP certification is pretty simple: there are lots of crappy PHP developers out there. From my experience, most of the people that do job interviews can’t tell good code from bad, so having some kind of recognizable certification is a way to say there’s a pretty good chance you won’t spew out a bunch of ugly, unmaintainable code that someone else will just have to rewrite a year after you leave.

Well, I just finished taking it, and I suppose it’s appropriate that it’s Halloween because there were plenty of tricks on the test. Roughly one-third of the questions seemed to be along the lines of, “Assume you are an idiot, and you enjoy wasting your time doing stupid things. Here is an example of one of the many stupid things you might try. What would happen?” For example, what would happen if you had a PHP 4-style constructor and a PHP-5-style constructor in the same class? What is the difference in the return values (not the output!) of print versus echo?

Questions like these are bad because they rely solely on educated guesses about PHP’s behavior—after all, most people will not have tried to do things like this. That would be fine if PHP were consistent, but one of PHP’s biggest flaws is its complete lack of consistency. You can never really predict how PHP will react to an exotic code sequence without just trying it and finding out, because there are very few rules that apply across the board. Sometimes PHP will try to discern what you meant and other times it will error out. Occasionally, and most egregiously, it will fail silently.

Not quite as bad but still annoying is the third of the exam consisting of questions about functions that most PHP programmers rarely or never use. When’s the last time you wrote a custom stream, for instance? And perhaps like any good programmer who commits inane things to memory and never uses an IDE or PHP.net you have memorized all of the parameters of all functions, ever. Can tell me exactly what a “1″ in this particular argument position does? And if you want this particular behavior, should it be a constant in this spot or a Boolean value?

Now, to be fair, the entire exam isn’t like that, and if you’ve been adding in your head I’m only up to two thirds. The final third of the questions is actually quite reasonable and covers object-oriented programming concepts in PHP, basic design patterns, implementation of interfaces versus abstract classes, multiple inheritance, E_STRICT compliance, and so on. These are good—they actually test if you understood how PHP 5 works on a broad level, and understanding broad concepts is far more important as a programmer than memorizing the effect of little-used parameters and the return values of things that you would never want the return value for—even if you’re testing knowledge of a specific language.

We took the test on paper (I had been told it would be on a computer and scored instantly), so I have to wait a week for my results. I have been programming in PHP for seven years now (starting with version 3 in 1999) and strictly in version 5 for the last year and a half. I also attended an excellent, mostly-English 8-hour prep session by Christian Wenz as part of the 2006 Zend PHP Conference. Tellingly, Christian again and again said things like, “You’ll never encounter this in the real world, but it might be on the exam.” Despite all that, I frankly have no idea if I’ll pass or not.

As I was leaving, I rode the elevator with a fellow test-taker. “I feel like I’m back in high school,” he said, “and I just failed the SAT.” Tell me about it.

Update: I passed.

Note: None of the specific questions I’ve written here are actual questions I encountered as part of the exam. However, they are similar in nature for the purposes of example.