funkatron.com

Just a quick note that my slides from my OSCON 2008 talk, “Securing the PHP Environment With PHPSecInfo,” are now online.

• PDF
• Slideshare

If you’re at OSCON, and you love security, you may or may not enjoy my talk on PHPSecInfo, a security auditing tool for the PHP environment. I’m actually going to try to show some new code, so if you’ve seen it before, you can see it again – for the first time.

The talk is at 1:45pm Thursday, 07/24/2008.

• PHPSecInfo homepage
• PHPSecInfo code repository

After experiencing the inspiring atmosphere of php|tek 2008, I vowed to write a blog post a day to hone my writing skills.

Whoops!

Building Desktop RIAs with PHP, HTML & Javascript in AIR

Note: The ZIP on the php|tek 2008 site didn’t have the AIR code in it, so until that’s fixed I’m linking to my locally hosted copied

• Slides (PDF)
• Code

Securing the PHP Environment with PHPSecInfo

• Slides (PDF)

Clearly the free booze and other gifts provided to the php|arch team is paying off, as two of my talks have been accepted for php|tek 2008 in Chicago. I’ll be speaking on desktop app development with AIR, and the PHPSecInfo project. The full schedule of talks will help you plan on how best to avoid me.

Desktop app dev with AIR has been something near and dear to my heart lately, as I’ve spent a lot of time in the past several months developing Spaz, a Twitter client based on AIR. In the process I’ve learned a whole heck of a lot about Javascript development, and learned intimately what works well in AIR and what doesn’t. Combining PHP on the server side and Javascript/HTML on the client side makes a lot of sense for me, then. Getting the two sides to work together has gotten a fair bit easier with the JSON extension that was added in PHP 5.2.0. With that, exchange of data structures carries a lot less overhead.

PHPSecInfo has been quiet for a while on the development side, but I’m hoping things will pick up a bit with the introduction of public SVN access to the project. The trunk version has some extra stuff in it, like the beginnings of a new view system to output results in various formats. I’ve also added Paul Reinheimer as a contributor, so feel free to guilt him into making updates as well. If you’re interested in contributing patches or updates to PHPSecInfo, drop me a line and we’ll chat.

Maintaining focus has never been one of my strong suits, but I’ve been doing a fairly bad job of it lately even for me. So, I’m finally posting the slides from my two talks a DC PHP:

• Securing the PHP Environment with PHPSecInfo
• Secure PHP Development with Inspekt

I think my talks went okay, but not great. Definitely could have been more prepared and presented more useful information, especially in the Inspekt talk. It’s the first time I’ve done a talk on that project, so I still am feeling that one out a bit, whereas I’ve talked about PHPSecInfo a few times before this.

The DC PHP Conference was a nice surprise. It was clearly still in the learning stages, but everyone was friendly and happy to help, and the organizers definitely seemed interested in sorting out what worked and what didn’t. I believe they said the next one will be in July 2008; I hope to be there!