I'm moving to a new server, and my avatar image generation script did not work anymore: $ php surrogator.php processing mm.svg PHP Fatal error: Uncaught ImagickException: unable to open file `/tmp/magick-bcfNKPgxfBoOcZ5_de_xB9LzxZLhN2Dq': No such file or directory @ error/constitute.c/ReadImage/614 in /home/cweiske/www/avatar.cweiske.de/surrogator.php:236 Stack trace: #0 /home/cweiske/www/avatar.cweiske.de/surrogator.php(236): Imagick->readImage() #1 /home/cweiske/www/avatar.cweiske.de/surrogator.php(155): surrogator\createSquare() #2 {main} thrown in /home/cweiske/www/avatar.cwe ..read more

Using PSR-3 placeholders properly In the last 2 years or so, I've run into a number of projects that claim to use the PSR-3 logging standard as published by the PHP Framework Interoperability Group (PHP-FIG, or just FIG). Unfortunately, it's quite clear that those responsible for the project have not understood PSR-3 and how it is intended to work. This frustrates me greatly, as PSR-3's design addresses a number of issues that these projects are not benefiting from, and it reduces interoperability between projects (which was the whole point in the first place). Rather than just rant angrily o ..read more

I have just returned from the 2023 edition of PHPUK and, as always, found it a valuable conference to catch up with the PHP community and find out what’s happening in the ecosystem. This year, I was accepted to speak on the differences between RPC, REST and GraphQL APIs and was surprised and gratified that the room was at full capacity. Thank you to everyone that attended; I hope that you learnt something useful. I think that good APIs matter and am fairly pragmatic about implementations. In general, I would far rather that you wrote a really good RPC API than a bad GraphQL one for example. Th ..read more

In 2019 I started Bad Gateway as a software development agency. Last year we grew all the way to 7 people. It was crazy challenging, especially with Covid in the mix; but ultimately could not get the company into a good financial state to be able to carry on. Big thanks to my co-workers and partners Ju, Becky, Phil, Michael, Siep, Richard and Syed. I’m incredibly grateful you came on this journey with me. We shared some tears, exchanged some words but mostly had lots of laughs. Despite the challenges I feel my relationship with you has only strengthened and I wish you well in the next steps of ..read more

I’m a maintainer of several dozen open source libraries. One thing I’ve always done is maintain a hand-written changelog. Here’s an example from a12n-server 0.22.0 (2022-09-27) ------------------- Warning note for upgraders. This release has a database migration on the `oauth2_tokens` table. For most users this is the largest table, some downtime may be expected while the server runs its migrations. * #425: Using a `client_secret` is now supported with `authorization_code`, and it's read from either the request body or HTTP Basic Authorization header. * The service now keeps track when ..read more

Xdebug Update: January 2023 London, UK Tuesday, February 7th 2023, 09:52 GMT In this monthly update I explain what happened with Xdebug development in this past month. These are normally published on the first Tuesday on or after the 5th of each month. Patreon and GitHub supporters will get it earlier, around the first of each month. You can become a patron or support me through GitHub Sponsors. I am currently 41% (4% less than last month) towards my $2,500 per month goal. If you are leading a team or company, then it is also possible to support Xdebug through a subscription. In the last mon ..read more

Mastobot: For your Fediverse PHP posting needs Like much of the world I've been working to migrate off of Twitter to Mastodon and the rest of the Fediverse. Along with a new network is the need for new automation tools, and I've taken this opportunity to scratch my own itch and finally build an auto-posting bot for my own needs. And it is, of course, available as Free Software. Announcing Mastobot! Your PHP-based Mastodon auto-poster. Continue reading this post on PeakD. Larry 23 January 2023 - 10:13pm Read more about Mastobot: For your Fediverse PHP posting needs ..read more

Knex recently released a new version this week (2.4.0). Before this version, Knex had a pretty scary SQL injection. Knex currently has 1.3 million weekly downloads and is quite popular. The security bug is probably one of the worst SQL injections I’ve seen in recent memory, especially considering the scope and popularity. If you want to get straight to the details: Check out the Github issue, which was opened 7 years ago(!) An article from Ghostccamm explaining the vulnerability. CVE-2016-20018. My understanding of this bug If I understand the vulnerability correctly, I feel this can impact ..read more

Xdebug Update: December 2022 London, UK Tuesday, January 10th 2023, 09:06 GMT In this monthly update I explain what happened with Xdebug development in this past month. These are normally published on the first Tuesday on or after the 5th of each month. Patreon and GitHub supporters will get it earlier, around the first of each month. You can become a patron or support me through GitHub Sponsors. I am currently 45% towards my $2,500 per month goal. If you are leading a team or company, then it is also possible to support Xdebug through a subscription. In the last month, I spend 25 hours on X ..read more

As developers we write a lot of code, but we also deal with a lot of configuration files. The three major formats I tend to use day to day are: JSON YAML .env And, they all kinda suck. JSON feels like it should never have become a format that people hand-write. So many quotes, and and configuration files need comments to tell users why certain decisions were made. .env has a specific purpose (and it’s ok at that), but it’s not a great universal format, and YAML has always been difficult to read and write to me. I can somehow never retain the syntax and end up copy-pasting things from example ..read more