For the past few months i have been switching some projects over to git from Subversion. And have been trying to get the hang of all the command line options available. And i will be doing that for a while longer until i get completely comfortable. And for communication to the remote git server i have been using SSH key authentication. Which works smoothly just like it did with Subversion.

But i wanted to check out the GIT support available in Zend Studio 9. And hit a problem pretty quickly. But i will describe that below. First i will create a local clone of my git project.

$ git clone ssh://[somehost]/~/git/project.git

To test if everything is working i do a test commit. If that succeeds if push it out to the remote master.

$ cd project.git
$ touch TEST
$ git commit
$ git push origin master

So that works fine. Now time to see how Zen Studio handles this. To create a project i use the Create from Git option. And select the local checkout i just created. This will read the whole repository configuration. And you are basically done from here. But as i mentioned earlier, i had some difficulties getting things running smoothly. I discovered that when it was time to push changes to the master repository.

When i used the Push to Upstream option. I was greeted by a login panel that seemed to have selected the correct SSH key and user to perform the login. But when i typed the password, it just kept asking for the password. Again and again. Hmm. That sucks! The password was correct. I tried with a newly created key. No luck either. The last thing i tried was updating to a nightly build of Egit found here. But this offered no solution either.

After reading a couple of complaints i found this bug report for the EGit eclipse plugin. The thread contains a solution for the login issue i was having. Gotta love Google!

Apparently the problem has to do with the encryption algorithm used to create the SSH keys. In this case the EGit plugin (which uses Jsch to do the SSH communication) was having problems with AES encrypted keys. And to solve the problem the Jsch library should be replaced with a newer version to make things work again.

So lets download this JSch library and update it manually. The library (JSch v 0.1.46) can be found here.

$ cd ZendStudio9
$ find . -name ‘*jsch*’ -type f

Found it plugins/com.jcraft.jsch_0.1.41.v201101211617.jar. So let’s try to update that.

$ cp plugins/com.jcraft.jsch_0.1.41.v201101211617.jar plugins/com.jcraft.jsch_0.1.41.v201101211617.jar.backup
$ wget http://sourceforge.net/projects/jsch/files/jsch.jar/0.1.46/jsch-0.1.46.jar/download
$ mv jsch-0.1.46.jar plugins/com.jcraft.jsch_0.1.41.v201101211617.jar

After restarting ZS everything worked fine again. Another problem solved! Thanks to the guys who posted in the EGit bug thread. Some good community Karma here! Time for other things. Hope it helps!

For years PHP has been vulnerable to session adoption which can enable session fixation. And since sessions are a major part of web applications now a days. A lot of platforms are open and waiting for an attack to happen.

session adoption & session fixation

The problem exists because the current session module does not validate the session id that comes in from a cookie. This means uninitialized session id’s can be passed by the client. This happens due to the fact that browsers overwrite cookie if multiple cookies are send per request.
Some people would say this is solvable by implementing session_regenerate_id(). But this is not the case.

Because session fixation can be used to take over control of web applications. Validation is required when multiple cookies are send per request. When multiple cookie are send with a request. Browsers send multiple cookies without domain / path information. This way it’s impossible to tell which cookie belongs to which domain.

So how do we fix this?

There is some userland code that does offer the ability to validate session data. But this has not been widely adopted by other developers.

Code that adds the session ID as a validation key:

session_destory();
session_regenerate_id();
$_SESSION['valid_id'] = session_id();

And the code to check if the session was properly initialized:

if ($_SESSION['valid_id'] !== session_id()) {
  die('Invalid use of session ID');
}

Thank god the internal developer know this. And are working to fix this. For the past days there has been an interesting discussion going on on the internals list. About applying a patch that will fix this. The patch will add some new php.ini features and a new method validate_id() for the session save handler. Hopefully this will be available in version 5.4.

To not break BC strict_mode will be disabled by default. But can be enabled by setting the following setting in php.ini. When enabled uninitialized session ID will be discarded.

session.use_strict_mode=0

To prevent a DoS instead of session fixation. An new feature has been added that deletes possible malicious cookies that prevent new session ID.

session.safe_session_cookie=1

You can read more about session fixation and the upcoming patch on the PHP-Wiki

So we have a PHP based importer script that does some heavy duty media processing at the office. And i had to import some new media today. But for some reason a couple of files weren’t picked up without a message. So i cleaned up the upload folder. The only files left were the files not being processed. And when i started the importer. The result was.

Importer found (0) files to import!

Hmmm. That’s not right. So i had a look at the code behind the importer. Which basically is a loop using a DirectoryIterator object. And some var_dump calls revealed the issue. For some reason ->isFile() was returning (false) for regular files. WTF! Let’s test that on the command line.

$ php -r “var_dump(is_file(‘/some/file.ext’));”;
bool(false)

Ok so we have an issue here. How big are these files really. A inspection revealed they are all over 2GB. Maybe some 32 bit issue? As the platform the code is running on is a 32 bit server. So i asked my colleagues, Googled a bit and read through php.net. To find out that there is an issue with PHP and files larger then 2GB.

https://bugs.php.net/bug.php?id=27792
https://bugs.php.net/bug.php?id=48886
http://nl.php.net/manual/en/function.filesize.php

Those however all seem related to filesize. The filesize function manual page even has a note about it. Maybe it’s related?

Note: Because PHP’s integer type is signed and many platforms use 32bit integers, filesize() may return unexpected results for files which are larger than 2GB. For files between 2GB and 4GB in size this can usually be overcome by using sprintf(“%u”, filesize($file)).

But i can’t apply that patch on a production server. So i came up with a simple solution for now. I extended the DirectoryIterator class and have overwritten the isFile method. Which works for now (don’t think this will work on windows).

Class MyDirectoryIterator extends DirectoryIterator {
	public function isFile() {
		return (integer) exec("[ -f {$this->getPathname()} ] && echo 1 || echo 0");
	}
}

Convinced it was a 32 bit issue. I came home later that day. And wanted to try it out on my own desktop. That is a 32 bit system and runs Ubuntu 11.04. To my surprise the result was different then i expected.

$ php -r “var_dump(is_file(‘/some/file.ext’));”;
bool(true)

I used the same files as before. And tested some more big files. But the result was the same. Weird. Let’s try some other 32 bit machines.

Ubuntu 11.04: bool(true)

CentOS release 5.6 (Final): bool(false)
Debian 6.0.2 (squeeze): bool(false)

Only my desktop at home seems to have a good result. Ubuntu must have some patch somewhere to fix this issue? To confirm i compiled PHP 5.3.8 from source. And did the same test again on Ubuntu 11.04. And this time it was (false).

$ php -r “var_dump(is_file(‘/some/file.ext’));”;
bool(false)

I am not really in the mood to search the Ubuntu changelog. And for now the work around will do. But i really would like to know what patch is applied to resolve the issue.

[ update ]

While applying the patch for the is_file issue. I was confronted with the fact that way more function calls cause issues. So while waiting for PHP to get patched i had to create some workarounds for the time being.

Getting the filesize:

(integer) exec("stat -c%s {$file->getFilename()}");

Calculate a MD5 checksum:

$md5 = exec("md5sum {$file->getFilename()}");
$expl = explode('\t', $md5);
return (string) $expl[0];

Calculate the CRC32 checksum:

$hash = exec("cksum {$this->path}");
$expl = explode(' ', $hash);
return $expl[0];

Get the modified time:

$stat = explode('.', exec("stat -c%y {$this->path}"));
$timestamp = strtotime($stat[0]);
return $timestamp;

Hopefully that will do for now. On a side note the issue is solvable by setting certain CFLAGS when compiling PHP. I have no idea what the impact of that will be on the PHP binary. But it does seem to solve the issue. Not sure how one would apply that when PHP is installed from the distro’s repository though.

CFLAGS=”-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64″ ./configure

A while back i was contacted by Vijay Laxmi. Vijay is a Sr Partner Marketing Manager over at Zend Technologies. And she was interested in doing a podcast like interview about the brand new and shiny VMWare & Zend Studio integration. And because i am a big fan of this feature. I didn’t see why not. So we had a few chat sessions. Along the way Joshua Solomin from Zend and Michael Paiko from VMWare joined the party. And after some preparation we recorded the session. Considering i have never been much of a speaker. This was quite fun to do.

Michael send me the end result. And everybody seemed happy with it. After that life resumed and i have been incredibly busy every since. So i kinda forgot about the whole thing. Till Vijay mailed me today (ty! Vijay). VMWare put the recording on their website. And a customer mailing has been transmitted over the wire. Cool stuff!

2011-02-07 VMware-Zend VOC Podcast

Because i was so happy with my new 3 monitor configuration. I decided to refresh my development environment as well. Normally all my files would reside in the Devspace older in my user folder under the /home directory. Now i used a new 500 GB SATA drive and formatted it EXT3. Moving your workspace in Zend Studio has the minor inconvenience that the local settings like fonts / syntax colours are lost. I still haven’t found a way to export this. So i decided to take this opportunity to create a nice new dark theme.. My friend Bart (still no blog?) was friendly enough to let me know how to export the theme related data in ZS. And was nice enough to send me his zenburn theme.

File > Export > General > Preferences

File > Import > General > Preferences

Bart’s zenburn theme:

Most developers i know don’t seem to care much about the colour of their screen and the font they use. But considering the fact that i spend an insanely amount of time behind a screen. It would be nice if this environment i am in all day put the least amount of constrained on my eyes as possible. So i choose to take time and configure this for optimal viewing pleasure. This starts with the font. For years i have been using the Envy Code font by Damien Guard inside my IDE. This all started i think with a post by Jeff Atwood It’s a great font that is extremely easy to read even for terminals. Although still in beta. I advice people to use it when possible.

The second thing i configure are the colour schemes my IDE uses. The standard colour always has a white background. White makes sure things are clear. But staring at a white screen for more then 6 hours always resulted in headaches for me. So the darker the better. And with a dark background you are forced to change the rest as well.

Changing the font is first

General > Appearance > Colors and Fonts
Font : Envy Code R Bold (11 pt)

Second up are some general text editor colours

General > Editors > Text Editors
Line number foreground : #787878 (120, 120, 120)
Current line highlight : #35353D (53, 53, 61)
Background color : #25252D (37, 37, 45)

And finally the PHP syntax coloring

PHP > Editor > Syntax Coloring
Decprecated : #000 (0, 0, 0)
Fields : #FFFFFF (255, 255, 255)
Heredoc : #008282 (0, 130, 130)
Keyword : #DE5727 (222, 87, 39)
Multi-line comment : #557F5F (85, 127, 95)
Normal : #FFF (255, 255, 255)
Number : #FFCECE (255, 206, 206)
PHP tags : #DE5727 (222, 87, 39)
PHP Doc : #FEC601 (254, 198, 1)
PHPDoc Comment : #FEC601 (254, 198, 1)
single line comment : #FEC601 (254, 198, 1)
static fields : #FFFFFF (255, 255, 255)
static methods : #FFFFFF (255, 255, 255)
String : #B3C0C8 (179, 192, 200)
Task Tags : #FEC601 (254, 198, 1)
Variable : #0B91B7 (11, 145, 183)

The result can be viewed below

There are much more configuration options to do but for now this is what i came up with. Setting up the theme is a since in ZS. But one thing bothered me. The function / property name highlighting when you select an element inside the IDE. Was a very light colour. And this made it impossible to read the contents of the selection.

So after searching for a while and setting every possible setting in the configuration tabs. I finally figured out how the set the colour for these two actions. This is done from the Annotations setting in the Text editors panel under the general tab. The two options to change are PHP elements read / write occurrences.

For now i settled with a dark colour. But maybe i will change this in the future since it is not very readable

That’s it for now. This of course only sets up the PHP environment. The syntax colours for XML, HTML, CSS and Javascript still have to be changed. But i will leave it at this.

I finally took the time to read ‘You want to do what with PHP?‘. Normally i would not write about the books i read. But this book is a bit different. And since i won a copy of Kevin Schroeder’s book in a twitter sweepstake. I thought i might as well write a small review to show a bit of gratitude. I will keep it short.

Kevin is Zend Evangelist for products like the Zend Framework, Zend Server, Zend Studio and co writer of the book The IBM i Programmer’s Guide to PHP

It’s been a while since i read a PHP related book. I have been doing PHP based development for the past 10 years. And after reading almost every book of value on this topic. It’s hard to find something interesting to read about it. Most books just go over the basics. Or target a specific project / way of developing.

This book is a bit different from what i have read so far. And it will get a nice place near my other books of value. So what does make this book so different? First of all the topics that pass by are some of the more advanced topics you will come by in the PHP world. A lot of it is related to low level programming. So a bit of experience or interest in this subject is a must. Besides the advanced topics Kevin shows how to solve issues in ways i have never done them before. And that probably comes down to his experience with more low level languages like C.

He touches topics like Networking and sockets, Binary protocols, character encoding, streams, SPL, Asynchronous operations, file access, Daemons, And two great chapters about debugging, good development practises and just how to become a better developer in general. The book has a considerable amount of binary math in it which is cool. And which is also needed when doing things like handling raw TCP/IP and TCP/UDP data, writing stream handlers or creating your own file-system.

Maybe not all of the material touched in the book is relevant to web development. And most of us will probably never have to write an HTTP daemon in PHP. But the way Kevin tackles problems showed me things i never thought of before and new ways to attack old problems.

It gave me some good pointers for a webcrawler i have been working on. As i have wanted to add threading to this for a long time now. Besides that i just had a lot of fun reading this book. And would definitely advocate other developers to read it as well.

Added a review on Amazon as well.

Zend Studio added a new great feature to there already impressive stack of features. The IDE just keeps growing in the right direction.

So the new 8 version which at the time of writing is in Beta added VMWare support. This is a feature i was looking forward to. And couldn’t wait to give this a try. So when i got a email that the new beta is out. I didn’t wait and downloaded the behemoth.

Adding VMWare support to the IDE seems like a logical thing to do. Specially since everything is virtualized now a days. I thought about this a while. But you can use it in different setups. For me it is an extra on my development environment. I’m a big Linux enthusiast. But at the office i work on windows. So now i can develop in my own virtual Linux environment. But it’s also a great solution for running Unit Test on a production VM. Or just to test on a production VM.

My first try was on my OS of choice which is Ubuntu. That however didn’t go to well. As soon as i started the “Run as VMWare application” my IDE would die on me. I quickly gave up on this mainly because i am running Maverick which is not considered stable. And VMWare already had some problems building the kernel modules. If anybody is interested in the crash logs. I still have some.

So back to windows. Windows 7 in particular. I always keep a Windows partition laying around. For games and stuff. So i downloaded the following files.

* Ubuntu-Server
* Zend Studio 8 Beta (trial)
* VMWare 7.1.2 (trial)

Installing VMWare and Zend Studio is a since. Nothing to make note off here. After that was done i installed Ubuntu 10.04 Server edition. And installed Zend Server inside of it. That should be all.. right? So let’s launch the IDE and give it a shot. Well it launched but i got back an error like below.

At first i had no clue what was going on. But i had the feeling there was something wrong with the VMWare client tools. After digging through the Zend Studio manual i found the answer The ‘hgfs’ was not mounted on teh client OS. And this was because the vmware tools did not have enough libraries to build everything. To build the complete VMWare tools on the client OS we need

* gcc
* make
* build-essential
* linux-headers-(current version)

When that’s done it necessary to attach the linux version of the VMWare tools to the virtual CDRom drive. So we can mount it inside the VM.

/usr/lib/vmware/isoimages/linux.iso

mount /dev/cdrom /mnt

Copy the file somewhere and unmount the /mnt or the build will fail. Unpack the VMWare tools and run the perl script inside to install. Once that’s done follow the VMWare instructions. Or reboot the VM.

Now we are all set. Now it’s just a matter of writing code. And running it on the VM. When running an application as a VMWare application the IDE syncs the files with the shared folder on the VM. After that the internal browser is launched to see the result.

The first time you will be asked for the VM to use. Just point it to the VM image created by VMWare.

When no VM is active when launching the application. Zend Studio will trigger VMWare to launch the VM.

Some output in Zend Studio