Planet eZ publish


I will have a session on Free Software and Open Source licensing at the 2006 eZ publish Conference. Details of the session are a bit sketchy, but should improve shortly.

The eZ community has experienced a steady growth over the past years and is now bigger than ever.
While Windows flaws like the WMF vulnerability are useful to hackers assembling armies of compromised desktop computers, security holes in PHP applications provide access to more powerful servers hooked directly to high-speed network connections.
Security holes in PHP-based content management and forum apps are an increasingly active front in Internet security, as hackers target unpatched weaknesses. The latest example is Monday's hack of chip maker AMD's customer support forums, in which an older version of Invision Power Board was compromised and used to distribute malware using the Windows Metafile (WMF) exploit.
They go on to talk about the growth of CMSs that PHP has fueled - both the good and the bad - and how a less than religious application of patches to those CMSs can cause big headaches down the road.
It is good, though, that they make the distinction:
Most of the security issues with PHP-driven programs are found not in PHP itself, but rather in the libraries and applications built atop the server-side scripting language.
Andrew van der Stock has started providing more details about a proposed security architecture for PHP, beginning with the SABSA (Sherwood Applied Business Security Architecture) approach. This approach is broken down into layers:
He describes each of these layers and how they relate to PHP, and he also hints that more details are coming.
Andrew's post, a follow-up from previous posts, maps out the structure above visually, and provides this link to a book published dealing with a business-driven security approach...
I have been appointed Chief Knowledge Officer (CKO) at eZ systems. Some of you might go "Uh, CwtfO???", so here is what Wikipedia has to say about the CKO role:
"A Chief Knowledge Officer is an organizational leader, responsible for ensuring that the organization maximizes the value it achieves through "knowledge". [...] CKO responsibilities include such things as (1) developing an overall framework that guides knowledge management, (2) actively promoting the knowledge agenda within and beyond the company, (3) overseeing the development of the knowledge infrastructure, and (4) facilitating connections, coordination and communications."
That's quite a nice description. One special thing about eZ systems is, that it is an Open Source company, thus the borders between internal and external communication often do not exist. In fact, an Open Source company is just as much about an open communication as it is about open software.
This is actually the part I am most excited about: to explore the potentials of open knowledge management, which includes the eZ systems team just as much as the developers community, the partners, etc. In an Open Source ecosystem, knowledge management is very much a joint effort of all actors involved and can only follow a bottom-up approach.
With the CKO role, eZ systems is the only Open Source company I know of with a dedicated role for managing its knowledge and that of the whole ecosystem. It shows that eZ systems is serious about its slogan "Share your Information".
If this all sounds too abstract to you, stay tuned, as I plan to write about concrete KM projects and their results in my Weblog.
Gestern veröffentlichte eZ systems die eZ components. Die unter der laxen New BSD Lizenz stehenden Components bilden eine Sammlung von PHP-Klassen, die die Entwicklung von Webanwendungen beschleunigen und sicherer machen sollen. Hier ein kurzer Auszug aus der Liste verfügbarer Komponenten: Cache, Configuration, Database, Debug, ImageAnalysis, ImageConversion, Mail, PersistentObject, Template, Translation, UserInput
Die Klassen sind weitestgehend voneinander unabhängig und laufen grundsätzlich unter PHP 5.1 (lediglich einige benötigen das kommende PHP 6, weil sie auf dessen Unicode-Unterstützung aufbauen). Über einen cleveren Autoload-Mechanismus spart man sich - nach Initialisierung der Base-Klasse - jegliches include() und es wird nur das in den Speicher geladen, was gerade benötigt wird.
Die Components bilden die Basis des kommenden eZ publish 4. Daran lässt sich der Anspruch ablesen, dass die Components auch für Highend-Anwendungen ausgelegt sein sollen - wenngleich natürlich auch kleinere Projekte von dem einheitlichen Design der Klassen profitieren.
Die Komponenten sind sowohl auf der Webseite von eZ systems zum Download als auch mittels PEAR-Installer verfügbar. Nähere Infos und Tutorials finden sich auf der Produktseite der Components. Ebenso bietet der Artikel eZ components vs PEAR auf ezpublish.de einen Vergleich zwischen den Components und PEAR.
First, I'll use the corresponding classes for constructing an online form, then I'll instruct the application to apply client-side validation on some of the form fields. Finally I'll have the application perform server-side checking on the form data, by displaying the appropriate error messages if any values entered on the form eventually fail to pass the verification process.
Now, before proceeding further, let's spend a few minutes discussing the objectives of this last tutorial, so you can have an accurate idea of how I'll use this form processing library. Basically, I'll set up an example, in order to demonstrate the functionality of both modules within a real application.
They step through its creation, from a bare-bones form, on to adding validation, putting those pieces together, and a look at the overall structure of the form to get a good, whole picture...
