"Microsoft? What on earth do they want to have to do with PHP?", I was asked incredulously last night.
Well, apparently, quiet a lot, although calling it "The greatest love story as yet untold" may be going a bit far (and possibly even a little creepy?)

To many of us, Microsoft is still seen as the antithesis of the Open Source world, something due in large part to their own behaviour. Most developers who've been around long enough to recall the browser wars, the EU antitrust case, the battles Samba used to have to interoperate, frankly don't trust them. Indeed my own last significant interaction with them was when we were developing the Sender Policy Framework, and Microsoft wanted to leverage their own Intellectual Property into it and then require a "RAND-Z" licence on top of it - which would have crippled open-source adoption, and thereby the standard itself.

So yeah, I'm not really predisposed to liking Microsoft.

But that experience was several years ago, and the Microsoft Behemoth is starting to turn. Led internally by figures such as Hank Jannsen and (in the UK) Will Coleman (who apparently exists only on Twitter), there's a strong "If you can't beat 'em, join 'em" pro-open-source movement gathering steam.

Microsoft appear to have realised that when they try and beat open source technologies such as PHP, everyone loses. That gives them the choice of ignoring it and hoping it'll go away, or working with the PHP movement to try and make IIS a good choice of platform to run PHP on (previously it's been dog-slow and unstable) and MS-SQL a good database to pair with.

Fortunately, they've gone with this last option, and there's a significant and growing effort within MS to make this work well, as can be seen at their Open Source blog.

It was for this reason that I (and a number of other UK "PHP community leaders") was invited to a "Microsoft PHP Community Event" last week. They're trying to engage the community at its own level, which in this case meant a few talks, and quite a bit of Q&A, in the back room of a pub. This comprised a video presentation from Hank Jannsen, and talks from Will Coleman from the MS side together with Ivo Jansch and Scott MacVicar from the community side. As this was all done in a Pecha-Kucha (20/20) fashion it was all slightly hectic. The community asked for a lot, and Microsoft promised a lot, in terms of technical assistance, time, cash, and attitude change.

It's worth admitting that MS already do a far bit - technical assistance to the Samba project, financial aid to the Apache foundation, and technical improvements to Zend Core which have brought the speed of PHP on Windows/IIS servers to parity with that on Linux/Apache. The question is whether they can do enough both to convince the community, and to convince businesses to combine Open Source and commercial platforms.

It'll be worth watching, but they've got some work to do.


Special mention has to be given both to the food at the Windmill pub - Sausage and Mash as finger food? How about Fish, chips and mushy peas? - and to the goodie bags; Santa hats, Xbox 360 games, whisky, very small trees, and and crunchie bars ("To make the credit crunch fun!"). Well, Will's a nice guy, but sometimes he worries me.

So... you'd like to get in on the act and start coding PHP? Perhaps you'd like to add a few features to your homepage, or perhaps you're looking for a career shift? How do you get started in the Brave New World of PHP?

The main thing you'll need is a strong desire to learn and to improve. There are thousands of junior developers out there who frankly have poor skills and produce terrible code, and who are unlikely ever to get much better. By just displaying a reasonable amount of determination and drive, you can rise above them and become skilled and highly employable! If, on the other hand, you're not interested in becoming great, please don't start - the shallow end of the pool is full enough already.

There are three key points you'll need to bear in mind:

1) You're aiming at a moving target. The discipline of software engineering, and the PHP language, are both young and evolving.

2) Security is absolutely key to your code! Unlike 20 years (or so) ago, when I started coding in BBC Basic and the code never left the room, your site and the code on it will be out in the wild from day one, and will need to be resistant to numerous security attacks. The good news is that security basics aren't that difficult to learn.

3) You will never stop learning. And it'll (usually) be fun.

There are also three areas you'll need to study in:

Firstly, the grammar and rules of the language you want to learn, for which you can start with a basic book on PHP such as Learning PHP 5 or the slightly more advanced Programming PHP.

Secondly, the tools and techniques of software engineering. Much as you wouldn't build a house without some architectural understanding, or a car without some key ideas in mechanical engineering, your code will be immeasurably improved if you understand the best techniques to use. To a large extent, these techniques are language-independent, and will serve you well whether you end up coding in PHP, C, Java or ay other modern language. My own personal favourite book on this topic has to be The Pragmatic Programmer.

And thirdly, you'll need an understanding of the environment you're working in, both with regards to security (for which I invariably recommend Chris Shiflett's Essential PHP Security) and wider issues such as the platform you'll be running on, and the wider functionality and expectations of the web.

The good news is that it's not all book learning, and you won't be on your own. However, I've presented these books first because the community is also far keener to help someone who'll help themselves and, if you choose to splash out on professional training, it never hurts to get a head start to make the best of your investment.

So, who is out there to help you? Well, tens, possibly hundreds, of thousands of people, arranged into various types of online and real-world communities. If you're in London UK, where I am, you should join PHP London; sign up to the mailing lists and join us at the social meets. If you're elsewhere, take a look at PHP User Groups or MeetUp.com to find a local group.

Does that feel a bit too much like jumping in at the deep end? Don't worry about that. These communities are here to support you at all levels, and as per this recent piece by Chris Cornutt, you're unlikely to become a great developer on your own. We could save you a few years of confusion, and do wonders for your skills and earning power!

If you do want to go for professional coaching, the best place to go in the UK is probably iBuildings, who are Zend's partners for the UK and Netherlands. They can provide a range of training for various skill levels - I and my team took some a few months back and found it very useful. However I should probably disclaim here that I've since become friends to a few of the iBuildings staff, and I will (much as Paul will hate me for admitting this) point out that you can become a good developer without their help! For individuals in particular, the training can be quite an investment, and so self-study can be a good option.

So, where (and how) to self-study? Well, as you're reading this I presume you're already familiar with various blogs and online sources, but I'll point out that PHP London has a collected RSS feed (including this blog) at http://feeds.feedburner.com/PHPLondon, and you'll find many more blogs at Planet PHP. Another good resource is the hardcopy (and recently relaunched) PHP|Architect magazine, which is a must at its new price.

Personally, I find self-study most productive when I have a goal. One I'd particularly recommend would be the Zend PHP5 Certification. This is not a basic certification (for that, look at something like BrainBench), and may take you a year or two to learn enough to pass if you're new to programming, but that's precisely what makes it useful. If you can pass this, you probably know what you're doing. Note that while there is a study guide for the certification, it's not enough to refer to this book alone as it's mainly a syllabus - you'll need to study from other resources to pass.

Well, I figure that that should get you started! As ever, do feel free to comment or drop me a line with any ideas or queries.

PHP London are pleased to announce their 4th annual UK PHP conference, building on the success of previous events and accommodating the continual growth of the PHP community and PHP development industry.

The event will take place on Friday February 27th 2009 at Olympia Conference Centre, London. Registration will commence in December 2008 and those interested in attending can create an account on the PHP UK Conference website at http://www.phpconference.co.uk/user/register and sign-up for notifications of updates to the website. Important announcements will also be made to the PHP London announcement mailing list:
http://lists.phplondon.org/cgi-bin/mailman/listinfo/phplondon-announce

The Call For Papers is now open and finishes at the end of November 2008. Speakers interested in talking at the event can submit their details at http://www.phpconference.co.uk/call-for-papers whilst potential sponsors can contact the conference committee using the form at
http://www.phpconference.co.uk/contact

All known information about the conference so far is available at http://www.phpconference.co.uk. We hope to see you at the event next year!

(I'm the treasurer of PHP London and on the organising committee of the conference)

Occasionally I get reminded that there are actually people reading this thing, and that it's more useful to them when I actually write something on it. Fair enough - I'm aware that, due to a combination of illness, holiday and work - and the fact that I've been actually writing code, rather than writing about it - the series has stalled a bit.

It's not going to restart this minute, as it's 11pm and I'm just back from PHP London, but I'll continue where I left off shortly. And, having done some work with it recently, I'll add PhpUnderControl / CruiseControl to the topic list - I've found it to be much more useful than other Continuous Integration tools I've tried.

I'll also, at some point, talk more about the human side of running a team (it's been very technical so far), but in the meantime, I promised I'd pass on some resources.

Firstly, my Agile PHP Development Bookshelf list at Amazon, which contains some recommendations on technical and management books.

Secondly, a couple of podcasts that have been recommended to me (but are, I have to admit, still waiting to be listened to): Manager Tools and Stack Overflow.

I should probably dig out my blogroll too, but that's on another machine...

(and yes, I *will* add tags to this site at some point so you can filter content....)

So, I've fixed the RSS feed on phase.org, taking the chance to play with some PHP DOM code. The feed's actually built up as DOM operations - probably overkill for RSS, but an interesting exercise, and it should mean I can't somehow create a badly-formed feed. Although, as the post itself is encoded as CDATA, I'm not quite sure what'd happen if I tried to include the CDATA escape sequence. No, I'm not gonna try it now, it's late.

Why fix the feed now? Because Nigel James has come up with the great idea of aggregating the blog feeds from PHP-London members, and he was going to include mine 'til I broke the feed. Plus, my imagination has just been fired up by recently attending FOWA, *and* I've just got a new job, *and* I've got two weeks off, *and* I've been promising for far too long that I'd actually start blogging again. I've also been meaning to put some social and political content on here too (much as many other tech bloggers do) and Ming Campbell's resignation tonight provides as good a start point as any. Oh, and the revelation that people think I might actually be saying stuff worth following is useful too...

Yesterday I attended the UK's first PHP conference at LSBU. This was a low-cost, volunteer-run affair organised by the local PHP user group - and it was admittedly a little rough around the edges. However it was competently run and, taking it as an enthusiast's conference rather than a professional one, very much satisfactory. The conference was sponsored by O'Reilly, City Safe, Packt Publishing, Word Tracker and Propel Recruitment.

The conference took the form of a day of talks held in a university lecture theatre, with coffee and lunch breaks, but no lunch provided (something which the organisers may not have planned on, although there were adequate food sources nearby). Further, there were a number of technical hitches during the day when the venue's equipment either failed or wouldn't integrate with the speakers' equipment (which admittedly threw a couple of faults of its own). Fortunately, these were not overly disruptive (with enough geeks, all bugs are shallow) and the venue was modern and comfortable with excellent accoustics and high-speed WiFi.

Being an enthusiast's conference, with WiFi, the audience was well-equipped with laptops and were thus able to take notes and explore websites linked from the talks; I'm sure many notes were taken and blogs posted. As is common at PHP-London meetings, most of the laptops were Apple Macs; the combination of functional desktop and unix architechture seems to be a popular one among PHP developers.

The first talk was given by Derick Rethans on "ez Components" - a PHP toolkit providing useful base functionality such as configuration reading and management, caching, cli and mail tools (among others). To me, this talk was useful on the basis of the development and coding techniques used, as well as in bringing me up to speed on a few PHP5 developments I'd not caught up with. The use of function namespacing (as in this site's codebase, but sadly missing from PHP itself) was of interest as I was wondering if this was just some weird idea that only I used.

Besides technical discussion of such things as SQL connection pooling, the actual subject matter - the component library - was interesting (and something I could conceivably use in future). The tools themselves (although not fully described) seem distinctly useful, and the knowledge of the coding techniques used gave me confidence in the quality of the library.

Unfortunately the talk over-ran (I presume Derick is not a particularly praticed presenter) and we didn't get the full material before the break, but I certainly learned something from the talk and would suggest that anyone needing a component library take a good look at this one, which seems to fit the open source requirements of high code quality and active development.

After a belated break (it having been pointed out to the organisers that the sponsors would not appreciate being deprived of face-time with the participants) we moved onto the second talk, and the most visibly nervous presenter, Pavel Kozlowski with a talk on "Pico and Dependency Injection". Now, before this talk I'd heard a fair bit about "dependency injection" from Marcus (from whom I suspect I've learned a great deal) but never really understood what it was; the word "injection" for me having very negative connotations of SQL and code injection attacks.

In fact that's not the issued. Dependency Injection is, if I may make a stab at a definition, the problem of providing code elements with their functional dependencies closely enough to be effective, but loosely enough to make unit testing and isolated development pratcical. Methods of providing such dependencies vary from calling 'new' within the dependent object, through use of a DAO registry to a fully-fledged DI container such as Pico.

I won't go into much technical detail, as these concepts are still fairly new to me, beyond saying that Pico essentially acts as a dependency "broker" which accepts registrations by classes (in part) according to the interfaces they provide or the requirements of their constructors. I'll leave the rest to the Pico site itself.

Unfortunately this talk also ran out of time, although it was probably fortunate that the organisers were keeping on top of time by now; I'd have liked to here more but at least have a useful start point.

Lunch was a "seek and ye shall find" affair; I found a Nando's (portugese spiced chicken chain) and had a very pleasant meal in the company of a Swiss delegate, but found that Nando's idea of "medium" is rather hotter than my own. The lunchbreak also gave me a chance to get to the O'Reilly stand and feed my tech-book habit; I walked out with the SQL cookbook, PHP Hacks, a Podcasting pocket guide and (given to me for free later) an book on PHPUnit. Something of a haul, but 30% off for show prices helped. I also notice O'Reilly are releasing a "Head-First" series with a much lighter "voice"; personally I didn't think the cartoony elements were for me but I'm told they've been well received. Certainly the presentation of "Design Patterns" as "Why make your own mistakes when you can learn from others" is an interesting approach...

After lunch, Matt Zandstra - Author, Yahoo! senior developer and, to be frank, rather disappointing speaker. Matt's material on "The Template Path" was at best tangentially related to PHP and the presentation showed every sign of being an in-house training presentation. It didn't map well to the audience, who weren't generally interested in code specifics of in-house material they were unlikely ever to use. Yahoo! were actually recruiting at the event and I have to say I think Matt sold them short. I've got a copy of his book at the moment and will withold judgement until I've at least taken a look at it, but I really couldn't find much beyond a simple but interesing design pattern to take away from the presentation.

Update: Evidently Matt can write pretty well; the Zend.com PHP5 exceptions article is extremely clear and readable. I suspect that if he'd billed his talk as "stuff you can do at Yahoo! if we hire you" and it had been one of alternative tracks, the talk would have worked much better.

Following that, however, a much more interesting presentation by Christopher Kunz: "I've been told to scare you awake". Well it wasn't quite that terrifying (as I'd already been studying PHP security recently) but it did make the point that "there's always going to be one more vulnerability". Some wince-inducing examples of "wild code" were shown but I was already familiar with the issues presented (not that I'm entirely immune to them in my own code yet). There were also some valid points on vulnerability disclosure and responsibility.

The focus of the talk, however, was the PHP Hardening patch, designed for and by ISP administrators to protect themselves and their users from internal and external attacks. It's not a complete solution to security - it doesn't claim to be - but it's a good start, and seems to be compatible with most well-written code (at least my own apps still work when I recompiled PHP after adding it on this server). I'll let the patch speak for itself, but I strongly advise that you take a look at it, and also at Christopher's book (at least, once it gets an english translation - any volunteers?), at which I was able to get a quick look after the conference.

The final talk of the day was something of an oddball - Harry Fuecks of SitePoint basically talking about why AJAX was overhyped and tricky to use effectively (and often misused) (talk resources here). Harry, this isn't news! Any technology can suffer from these issues and it's down to the developer to work around them. Had this been a presentation on how to work around them it might have been more interesting, but in the end I wasn't told anything I didn't know (in fact I'd already solved some of the issues mentioned in my own implementations) and the negative topic was unsatisfying. It might have served better on a multi-track conference where there were alternative topics.

That said, Harry's actually a pretty good speaker, and with a better topic (and he's certainly got the material) I could have really enjoyed his presentation; certainly his site's extremely useful (if slightly over-commercial, to my mind).

After Harry's talk there was the gathering of the feedback forms and then the Closing (which I imagine the organisers didn't gather much feedback on...) which involved a number of book giveaways and the traditional "Thanks to all". Following this, a number of us repaired to Living Space for free beer (courtesy of CitySafe, who are hiring) and general chat and (nominally) blogging; it was at this point that I installed the Hardening patch on this server (and *then* discovered an XSS attack on one of the sites had recently succeeded - I think I know why, though).

All in all, a good event; certainly worth the time and money, and a very promising first event. Congratulations and thanks to the organisers, and thanks also to all sponsors and speakers.

Update: It occurs to me that, while not all the talks were "great", no-one can really expect every single topic at a conference to excite them and that this is really just an artefact of a single-track conference. It'd be interesting to see if next year's can be made multi-track.

Disclaimer: I am a member of PHP-London but was not involved in the organisation of the conference. Hopefully I will be able to help out next year if the group decide to repeat the exercise.

Well, that last-but-one post proved to be rather more prophetic than I'd intended. Rest assured that, like 99.999% of London's population, I survived July without getting blown up. In fact, it's been another case of "too busy doing to document":

I've launched another site off this codebase: http://www.londongamelist.org/

Calendar: there's a graphical calendar view in place now, which can synchronise from iCal (and thus, indirectly, from most PDAs).

Filestore: Improvements to the upload system - in paticular fixes to handle the fact that MSIE uses some very strange mimetype declarations on file upload (image/x-png and image/pjpeg in place of image/png and image/jpeg, for example) and the ability to set icons manually (as they can't generate for Really Big images).

PHP code quality: I've turned on E_NOTICE and E_STRICT error levels on several sites using this codebase, which means I've had a fairly major task of updating code to the strict PHP5 way of doing things, and made sure all variables are pre-declared. A long task, but it should cut down on future debugging. (there are probably a few stray notices floating around this site - do let me know!)

AJAX: Many ajax tutorials advise you to use text rather than XML as your ajax page format, but also advise that you use the line
http_request.overrideMimeType('text/xml'); to force the behaviour of your XMLHttpRequest object
The new Firefox 1.5 betas throw errors on this in the (now misnamed) JavaScript Console (it now serves as a fully-fledged error console) which I've explained in updates to this page on DevMo:
http://developer.mozilla.org/en/docs/AJAX:Getting_Started
These errors can be pretty tricky to debug, particularly when they appear as JS errors...

XSS: Nasty stuff. Cross-site scripting occurs when you accidentally let a user manipulate the content of your website, either by submitted content or URL manipulation. This codebase caught most of those tricks, but at a recent talk by Rasmus Lerdorf at PHP London I discovered one that I'd completely missed: PHP_SELF. Needless to say I've done quite a few bugfixes on that one now!

MySociety: I've recently joined the MySociety group (http://www.mysociety.org/), and submitted a few code fragments - this is probably going to be a focus of my coding efforts from here, although I'll still be working on this site's codebase, particularly if there's user interest. For a start, there's a couple of external libraries that I can now jettison, due to PHP5 improvements.

I've also been to Linux World Expo, looked at picking up some LPI and MySQL certs, bought an iPod Nano (yes, they *do* scratch far too easily, Apple!) and started listening to Podcasts. Busy life.