A while ago, PHP 4.4 was released to address a rather weird memory corruption problem in the PHP 4.3 series. The problem was related to returning by reference. The bug allowed statements to be returned by reference while it should only be possible to return variables by reference. To provide users with a PHP 4.4 compatible [...]

The first Free and Open Source Conference "FrOSCon" takes place on 24th and 25th June 2006 in St. Augustin, near Bonn, Germany, Organized by a commited team, it aims to become a significant event for free software in the Rhineland. The conference is hosted by the faculty of computer science of the University of Applied Sciences Bonn-Rhein-Sieg in collaboration with the student body and the Linux/Unix User Group St. Augustin. In a Call for Papers, the organizers ask for submission of contributions. A broad variety of topics concerning free and open source software is desired. Particularly welcome are contributions about programming languages, free software on the desktop, security, systems administration and networks. Aspects of free software in busincess and industry are also a focus of the conference. Contributions can be submitted in English or German and should summarize the intended talk concisely and succinctly; talks should range from 45 to 60 minutes in length. Deadline for submission is 15th March 2006.

I will have a session on Free Software and Open Source licensing at the 2006 eZ publish Conference. Details of the session are a bit sketchy, but should improve shortly.

The eZ community has experienced a steady growth over the past years and is now bigger than ever.

According to this new article from Netcraft, PHP applications are becoming more and more at risk for hacking attempts.

Security holes in PHP-based content management and forum apps are an increasingly active front in Internet security, as hackers target unpatched weaknesses. The latest example is Monday's hack of chip maker AMD's customer support forums, in which an older version of Invision Power Board was compromised and used to distribute malware using the Windows Metafile (WMF) exploit.

While Windows flaws like the WMF vulnerability are useful to hackers assembling armies of compromised desktop computers, security holes in PHP applications provide access to more powerful servers hooked directly to high-speed network connections.

They go on to talk about the growth of CMSs that PHP has fueled - both the good and the bad - and how a less than religious application of patches to those CMSs can cause big headaches down the road.

It is good, though, that they make the distinction:

Most of the security issues with PHP-driven programs are found not in PHP itself, but rather in the libraries and applications built atop the server-side scripting language.

In his latest post, Chris Shiflett links to more information from Andrew van der Stock about his proposed PHP security architecture.

Andrew van der Stock has started providing more details about a proposed security architecture for PHP, beginning with the SABSA (Sherwood Applied Business Security Architecture) approach. This approach is broken down into layers:

• Contextual
• Conceptual
• Logical
• Physical
• Component

He describes each of these layers and how they relate to PHP, and he also hints that more details are coming.

Andrew's post, a follow-up from previous posts, maps out the structure above visually, and provides this link to a book published dealing with a business-driven security approach...

I have been appointed Chief Knowledge Officer (CKO) at eZ systems. Some of you might go "Uh, CwtfO???", so here is what Wikipedia has to say about the CKO role:

"A Chief Knowledge Officer is an organizational leader, responsible for ensuring that the organization maximizes the value it achieves through "knowledge". [...] CKO responsibilities include such things as (1) developing an overall framework that guides knowledge management, (2) actively promoting the knowledge agenda within and beyond the company, (3) overseeing the development of the knowledge infrastructure, and (4) facilitating connections, coordination and communications."

That's quite a nice description. One special thing about eZ systems is, that it is an Open Source company, thus the borders between internal and external communication often do not exist. In fact, an Open Source company is just as much about an open communication as it is about open software.

This is actually the part I am most excited about: to explore the potentials of open knowledge management, which includes the eZ systems team just as much as the developers community, the partners, etc. In an Open Source ecosystem, knowledge management is very much a joint effort of all actors involved and can only follow a bottom-up approach.

With the CKO role, eZ systems is the only Open Source company I know of with a dedicated role for managing its knowledge and that of the whole ecosystem. It shows that eZ systems is serious about its slogan "Share your Information".

If this all sounds too abstract to you, stay tuned, as I plan to write about concrete KM projects and their results in my Weblog.

I modified two old, unmaintained eZ publish extensions to make them compatible with PHP 4.4 (eZ 3.7/3.8): the survey module the personlist datatype Have fun with it!

Gestern veröffentlichte eZ systems die eZ components. Die unter der laxen New BSD Lizenz stehenden Components bilden eine Sammlung von PHP-Klassen, die die Entwicklung von Webanwendungen beschleunigen und sicherer machen sollen. Hier ein kurzer Auszug aus der Liste verfügbarer Komponenten: Cache, Configuration, Database, Debug, ImageAnalysis, ImageConversion, Mail, PersistentObject, Template, Translation, UserInput

Die Klassen sind weitestgehend voneinander unabhängig und laufen grundsätzlich unter PHP 5.1 (lediglich einige benötigen das kommende PHP 6, weil sie auf dessen Unicode-Unterstützung aufbauen). Über einen cleveren Autoload-Mechanismus spart man sich - nach Initialisierung der Base-Klasse - jegliches include() und es wird nur das in den Speicher geladen, was gerade benötigt wird.

Die Components bilden die Basis des kommenden eZ publish 4. Daran lässt sich der Anspruch ablesen, dass die Components auch für Highend-Anwendungen ausgelegt sein sollen - wenngleich natürlich auch kleinere Projekte von dem einheitlichen Design der Klassen profitieren.

Die Komponenten sind sowohl auf der Webseite von eZ systems zum Download als auch mittels PEAR-Installer verfügbar. Nähere Infos und Tutorials finden sich auf der Produktseite der Components. Ebenso bietet der Artikel eZ components vs PEAR auf ezpublish.de einen Vergleich zwischen den Components und PEAR.

DevShed has posted the next part in their "Building a PHP 5 Form Processor" series today - "Using the Form Processor Package" - a look at how to use the class created in the previous two parts to make useful, powerful forms.

Now, before proceeding further, let's spend a few minutes discussing the objectives of this last tutorial, so you can have an accurate idea of how I'll use this form processing library. Basically, I'll set up an example, in order to demonstrate the functionality of both modules within a real application.

First, I'll use the corresponding classes for constructing an online form, then I'll instruct the application to apply client-side validation on some of the form fields. Finally I'll have the application perform server-side checking on the form data, by displaying the appropriate error messages if any values entered on the form eventually fail to pass the verification process.

They step through its creation, from a bare-bones form, on to adding validation, putting those pieces together, and a look at the overall structure of the form to get a good, whole picture...