140: Web Application Security, Part 1 With Scott Arciszewski Three Devs And A Maybe podcast

1:07:07

In this weeks episode we are lucky to have Keyvan Akbary back on the show. We start off by discussing the job role he has taken since moving back to Madrid, and the importance of building autonomous teams. From here, we talk about the technology stack they are using at Cabify, highlighting some of the interesting features found in Elixir and Go. Finally, we touch upon Cabify’s infrastructure and deployment strategy, showcasing how awesome GitLab is along the way. Show Links Keyvan Akbary Keyvan Akbary on GitHub Keyvan Akbary on Twitter Life as a Software Developer with Keyvan Akbary - Three Devs and a Maybe Cabify TransferWise Elixir The Go Programming Language Erlang/OTP The Phoenix Framework 100 functions, 1 data structure vs. 10 functions, 10 data structures Erlang — dialyzer phoenixframework/phoenix_live_view - Rich, real-time user experiences with server-rendered HTML Programming Elixir 1.6 - The Pragmatic Bookshelf Programming Phoenix 1.4 - The Pragmatic Bookshelf Exercism - Elixir CodeWars - Elixir GitLab GitLab - Auto DevOps Nomad by HashiCorp asdf-vm/asdf - Extendable version manager with support for Elixir…

1
163: Building SaaS Products with Simon Bennett 48:10

6 years ago48:10

48:10

In this weeks episode we chat to Simon Bennett about his experience bootstrapping SaaS products. We start off with how he got into software development and highlight some of his previous/current business ventures. This leads us to highlight treating each failure as an experiment, and the danger (as a developer) of using a new product idea as a platform to learn new technology. From here, we discuss the success he has had from SnapShooter, his new product Automaily, and the unique challenges building products targeted at developers. Finally, we touch upon how he comes up with new ideas, the necessity to quickly validate them, and advice for any listener who has an idea and is thinking of building a product from it. Show Links Simon Bennett on Twitter Simon Bennett - Software Consultant Simple Scheduled DigitalOcean and AWS Backups - SnapShooter Eliminate SaaS Churn - Automaily Simon Bennett - Building SaaS Automaily How Starting Small Helped Me Build a Server Backup Company Smooth PHP - GitHub Simple Scalable Secure Backup - Backup Stream Manage Team SSH Keys - Authorized.sh Artisan.host…

1
162: PHP + JIT = GR8 with Joe Watkins 51:04

6 years ago51:04

51:04

In this weeks episode we have good friend of the show Joe Watkins back on to discuss the recent developments in PHP. We start off by highlighting how code is currently compiled and executed using the Zend VM, and distill how the recently approved JIT (for PHP 8) will change this. From here we mention the reasoning for going down this path now, the difference between I/O vs CPU bound code, and the use-cases where the JIT will improve performance. This leads us to the PHP compiler project Anthony Ferrara is working on (with the goal of Ahead-of-Time PHP compilation), and the new parallel concurrency API Joe is working on which uses a model similar to Goroutines. Finally, we discuss his recently approved Weak References and Abolish Narrow Margins RFC’s. Show Links Musings, ninja ones - PHP GR8 PHP RFC - JIT nikic/php-ast - Extension exposing PHP 7 abstract syntax tree ircmaxell/php-ast-visualizer - An AST visualizer, for PHP PHPNG PHP OPcache ircmaxell/php-compiler - A compiler. For PHP ircmaxell/php-compiler-toolkit - A compiler toolkit. For PHP ircmaxell/FFIMe - A FFI Wrapper library and header parser! Anthony Ferrara - High Performance PHP - YouTube Musings, ninja ones - Parallel PHP - The Next Chapter krakjoe/parallel - A succinct parallel concurrency API for PHP7 Joe Watkins on Twitter - “parallel+jit+php-nes-emulator = 80’s fun at full speed” PHP RFC - Weak References PHP RFC - Abolish Narrow Margins…

1
161: Exploring Bitcoin with Mattias Geniar 1:14:26

6 years ago1:14:26

1:14:26

In this weeks episode we are lucky to have Mattias Geniar back on the show to discuss his experiences delving into Bitcoin and Cryptocurrencies. We start off by chatting about his introduction to Bitcoin, the ‘bear market’ of 2018 and how valuable the ‘Mastering Bitcoin’ book is to understanding its’ internals. From here we move on to the concept of ‘Code is Law’ and the implications of such an approach, the pros n’ cons of being a developer in this space, and how he stores his private keys (not your keys, not your coins!). This leads us to highlight second-layer scaling solutions such as the Lighting Network, and the confusion around projects reusing the Bitcoin name. We then touch upon the power of Ethereum, its’ planned consensus transition from PoW to PoS, and how different it is developing on a distributed platform. Finally, we look at the Mimblewimble protocol and Atomic Swaps, discussing their use-cases and how they can improve the space. Show Links Mattias on Twitter Initial impressions on running a Bitcoin Core full node Run a Bitcoin Lightning Node on CentOS 7 Run a Bitcoin Core full node on CentOS 7 Bitcoin Core Mastering Bitcoin The Internet of Money Mastering Ethereum Andreas M. Antonopoulos - The open blockchain expert jack on Twitter - “…hiring 3-4 crypto engineers and 1 designer to work full-time on open source contributions to the bitcoin/crypto ecosystem” Trezor - Hardware Wallet Ledger - Hardware Wallet Truffle Suite - Sweet Tools for Smart Contracts Michelson - the language of Smart Contracts in Tezos What is Mimblewimble? The Complete Beginner’s Guide Grin What is Merged Mining? Can You Mine Two Cryptos at the Same Time? #CryptoTwitter on Twitter…

1
160: Serverless PHP using Bref with Matthieu Napoli and Neal Brooks 51:21

6 years ago51:21

51:21

In this weeks episode we are lucky to have both Matthieu Napoli and Neal Brooks on the show to discuss all things Serverless PHP. We start off by discussing what drew Matthieu to Serverless, the creation of the Bref project and the technical challenges encountered with getting PHP to work within the Lambda environment. From here, we touch upon the reasons behind moving from the Serverless Framework to SAM (for the 0.3 release) and how Bref uses the new Lambda Layers and Runtime API. This leads us on to highlight how a typical PHP project would use Bref, the decision to be opinionated in order to stay minimal and the experimental Loop SAPI. Finally, we envision what the future holds for the Bref project and Serverless compute. Show Links Matthieu Napoli - Software consultant expert with PHP and Symfony Matthieu Napoli on Twitter Neal Brooks on Twitter Bref - Serverless PHP applications made simple Running your PHP site on AWS Lambda - Speaker Deck Running Symfony on AWS Lambda with Neal Brooks - Three Devs and a Maybe What Is the AWS Serverless Application Model (AWS SAM)? return true to win Serverless PHP news AWS Lambda Layers New for AWS Lambda - Use Any Programming Language and Share Common Components AWS Builders’ Day - re:Invent Deep Dive on Lambda Layers and Runtime API - YouTube A Serverless Journey - AWS Lambda Under the Hood - YouTube Add loop mode (-L) in the CLI SAPI by mnapoli - GitHub mnapoli/bref-bootstrap-benchmarks - Benchmark of possible solutions for Bref and the new AWS Lambda runtime API HTTP performances with Bref v0.3 - Matthieu Napoli Bref Slack Workspace awslabs/aws-lambda-container-image-converter - The AWS Lambda container image converter tool Firecracker - Lightweight Virtualization for Serverless Computing…

1
159: PHP Test Tooling and RFC Roundup with Joe Watkins 56:37

6 years ago56:37

56:37

In this weeks episode we are joined by Joe Watkins for a long overdue catchup. We start off the show by discussing what Sandboxing is and the new Sandbox extension he has developed. From here, we touch upon test-doubles/mocking frameworks, the reasoning behind building uopz in the past, and now componere/mimus to aid in testing. This leads us on to highlight what test coverage is, the history of coverage tooling within PHP, and the new exciting pcov extension he has released. Finally, we do a big ol’ RFC roundup, discussing RFCs that have been accepted for PHP 7.4 (FFI, Typed Properties and Preloading) and ones under discussion (JIT and Weak References). Show Links Boxes of Sand krakjoe/sandbox - A sandbox environment for PHP 7.1+ Faking It krakjoe/uopz - User Operations for Zend krakjoe/componere - Complex Type Composition and Manipulation krakjoe/mimus - mocking framework as light as a bird Running for Coverage krakjoe/pcov - PCOV - CodeCoverage compatible driver for PHP krakjoe/pcov-clobber - Run PCOV in versions of PHPUnit before 8, if you must PHP RFC - FFI (Foreign Function Interface) PHP RFC - Typed Properties 2.0 PHP RFC - Preloading PHP RFC - JIT PHP RFC - Weak References…

1
158: Hexagonal Architecture (Ports and Adapters) with Matthias Noback 1:01:16

6 years ago1:01:16

1:01:16

In this weeks episode we are lucky to have Matthias Noback on the show to discuss software architecture design. We start off the show by highlighting why we should invest time in the architecture of our software, and what is meant by ‘layers’ of an application. This leads us to discuss what Hexagonal Architecture (Ports and Adapters) actually is, Infrastructure vs. Core (Domain, Application) and the Dependency Inversion Principle. From here we mention the different responsibilities Ports and Adapters have, the different forms of testing you can do within this architecture and Use-cases/Command Buses. Finally, we touch upon the new book ‘Style Guide for Object Design’, which Matthias is currently in the process of writing. Show Links Matthias Noback’s Blog Matthias Noback on Twitter Hexagonal Architecture - training by Matthias Noback Layers, ports & adapters - Part 1, Foreword Layers, ports & adapters - Part 2, Layers Layers, ports & adapters - Part 3, Ports & Adapters A wave of command buses Exceptions and talking back to the user SimpleBus/SimpleBus sensiolabs-de/deptrac - Keep your architecture clean The Clean Architecture The Onion Architecture Style Guide for Object Design - Leanpub…

1
157: The Symfony Ecosystem with Nicolas Grekas 49:55

7 years ago49:55

49:55

In this week’s episode Edd and guest co-host Neal Brooks chat to Nicolas Grekas about all things Symfony. We start off discussion with how he got interested in programming, his introduction to Symfony, and his journey to now working on the code-base almost daily. This leads us on to talk about how he helped build the performance profiler Blackfire, and the importance of quantitative measurements whilst making performance improvements. From here we highlight managing pull requests, the social factors when leading open-source projects and Symfony’s continuous migration path. Finally, we touch upon the recently released Messenger component and upcoming Symfony Contracts initiative. Show Links Nicolas Grekas on Twitter Nicolas Grekas - GitHub Symfony, High Performance PHP Framework for Web Development What is Symfony Blackfire.io - Continuous PHP Performance Testing Symfony 4.2 roadmap The Cache Component - Symfony Making Symfony’s Router 77.7x faster 1/2 Making Symfony router lightning fast 2/2 The Messenger Component - Symfony symfony/contracts: A set of abstractions extracted out of the Symfony components PHP-FIG - PHP Framework Interop Group…

1
156: Running Symfony on AWS Lambda with Neal Brooks 57:42

7 years ago57:42

57:42

In this weeks episode we are lucky to be joined by Neal Brooks, a fellow developer of Edd’s at MyBuilder. We start off by discussing how he got into programming, QBasic and video driver shenanigans. From here, we move on to introduce his SymfonyLive London talk ‘Running Symfony on AWS Lambda’. We highlight what drew him to Lambda, and the new tooling that is making it easier to run PHP and frameworks (such as Symfony) on it. This leads us to cover his demo application, and explore handling assets using S3, database migrations and AWS resources using CloudFormation. Finally, we debate using catch-all gateway endpoints vs. dedicated gateway endpoints and Lambda performance. Show Links Neal Brooks on Twitter Neal Brooks - Medium SymfonyLive London 2018 Running Symfony on AWS Lambda with Neal Brooks QBasic mnapoli/bref - Serverless framework for PHP return true to win Everything Serverless with Andy Raines - Three Devs and a Maybe Creating a ‘Winning’ Audio Lambda Service using Serverless, Polly and compiled SOX The Twelve-Factor App Session Management - Symfony Uploading Objects Using Pre-Signed URLs - Amazon S3 Using a CDN - Symfony dittto/serverless-s3-assets - Uploads requested assets to S3 as part of Serverless deploy Mince Pie Challenge - Building a Serverless RESTful API and React Client MyBuilder Careers MyBuilder Tech Blog…

1
155: Bridging the Security Gap with Scott Arciszewski 1:12:30

7 years ago1:12:30

1:12:30

In this weeks episode we are lucky to be joined by Scott Arciszewski to discuss all things Security. We start off by chatting about a recent talk he gave at DEF CON 25 and the importance of secure API design. From here we highlight Google Tink, misunderstandings of how PHP has changed over the years and what CVE’s are. This leads us on to delve into the tools and processes used within the reconnaissance phase of a security engagement. Finally, we briefly mention Quantum Computing and its impact on cryptography - followed by best practises for securely managing secrets within web applications. Show Links Paragon Initiative Enterprises Scott Arciszewski on Twitter NaCl - Networking and Cryptography library google/tink PHP Implementation? - google/tink - GitHub PHP RFC - Flexible Heredoc and Nowdoc Syntaxes Common Vulnerabilities and Exposures (CVE) Common Weakness Enumeration Shodan Nmap - the Network Mapper Burp Suite Scanner Puppy Linux klange/ponyos - My Little Unix, Kernels are Magic! Fiddler - Web Debugging Proxy Charles Web Debugging Proxy OWASP Zed Attack Proxy Project - OWASP How and Why Developers Use Asymmetric (Public Key) Cryptography in Real-World Applications Secrets, Secrets, Are No Fun - PHP Roundtable Keeping Credentials Secure in PHP Securing Credentials for PHP with Docker Vault by HashiCorp AWS Secrets Manager…

1
154: Why all the Curly Braces? with Scott Wlaschin 1:10:08

7 years ago1:10:08

1:10:08

In this weeks episode we are lucky to have Scott Wlaschin back on the show to discuss his most recent talk ‘Four Languages from Forty Years Ago’. We start off by talking about why the 1970’s was such an influential decade for language design. This leads us on to highlight what a programming language fundamentally is, and explain the many different paradigms that are present. From here, we explain the issue with throwing out the design phase completely when building software, and the interesting points made in Richard Gabriel’s ‘Worse is Better’ essay. Finally, we try to make sense of why all popular programming languages today follow a very similar style, and what is with all the curly braces?! Show Links Scott Wlaschin on Twitter F# for fun and profit Four Languages from Forty Years Ago Four Languages From Forty Years Ago (Slides) Seven Languages in Seven Weeks - The Pragmatic Bookshelf Seven More Languages in Seven Weeks - The Pragmatic Bookshelf Smalltalk - Wikipedia ‘Epigrams in Programming’ by Alan J. Perlis Sudoku Solver in Prolog A Philosophy of Software Design - John Ousterhout Garbage collection - Wikipedia ‘Worse is Better’ by Richard Gabriel Introvert and extrovert programming languages ReasonML…

1
153: The Mouse in the House 48:45

7 years ago48:45

48:45

In this weeks episode we start off discussion around testing in a Continuous Integration pipeline, and setting up a personal Bamboo CI system. We then move on to separating domain logic from the delivery, and how a Package-Bridge-Delivery split works. After a small mouse related intermission, we touch upon experiences building custom Babel plugins and testing using Jest, Travis CI and Docker. Finally, we highlight creating small CLI applications with Go, Serverless Offline and Logic-Gates/8-bit computers. Show Links Bamboo Continuous Integration and Deployment Build Server Jenkins on AWS Dredd - HTTP API Testing Framework Running PHPUnit tests in parallel with Jenkins and Ant Conductor - A return to monolith The Grand Theory of Amazon FANG Stocks Babel with Henry Zhu Building a Babel Plugin - Adding a Function Composition Operator and Auto-Curried Functions to JavaScript Mince Pie Challenge - Adding Test Coverage using Jest and Travis CI Travis CI Serverless Offline Alpine Docker GitHub Pages Learn Go in 12 Minutes Learn Docker in 12 Minutes Building a 8-bit Computer…

1
152: New Jobs, Engagements and Marathons 52:09

7 years ago52:09

52:09

In this weeks episode Mick and Edd have a long overdue catchup! We start off the show by discussing Mick’s new job, the new stack he is using, and the benefits of working in a team. From here we highlight how his company uses Scrum (Sprints, Planning Poker and Story Points), handling event-sourced models with the introduction of GDPR, and logic within annotations. Finally, we touch upon Edd’s recent engagement and marathon, a new Serverless/React blog series he is working on, developing applications for the Ethereum blockchain, and how to manage application secrets. Show Links CQRS Event Sourcing Planning Poker - An Agile Estimating and Planning Technique What Are Story Points? doctrine/dbal - Doctrine Database Abstraction Layer Mince Pie Challenge - Building a Serverless RESTful API and React Client eddmann/mince-pie-challenge-api-serverless - Serverless HAL API, using Webpack, Flow, Jest, DynamoDB, Cognito and Docker eddmann/mince-pie-challenge-client - React Client, using create-react-app, Redux and Enzyme eddmann/mince-pie-challenge-client-terraform - AWS S3/CloudFront deployment def. for the Frontend Client, using Terraform eddmann/mince-pie-challenge-dapp - Truffle, Solidity, IPFS, Web3 and React Truffle Suite - Your Ethereum Swiss Army Knife IPFS is the Distributed Web Solidity AWS Lambda Adds Amazon Simple Queue Service to Supported Event Sources Head First Design Patterns - O’Reilly Media Secrets, Secrets, Are No Fun - PHP Roundtable Vault by HashiCorp AWS Secrets Manager - Rotate, Manage, Retrieve Secrets git-secret Using Libsodium in PHP Projects - Paragon Initiative Enterprises…

1
151: AWS, Golang and iOS Development with Alex Bilbie 1:00:22

7 years ago1:00:22

1:00:22

In this weeks episode we are lucky to be joined by Alex Bilbie to discuss all things AWS, Golang and iOS development. We start off the show by exploring how he got into programming, the stack he currently uses, and moving from a Monolith Laravel application to Golang microservices (deployed using ECS). From here, we move on to highlight his time developing the popular PHP OAuth 2.0 Server package, and how he first got interested in the AWS platform. We then discuss the power of composing services offered by AWS together, the concept of being ‘cloud-proof’ and the AWS certification system. Finally, we talk about his upcoming S3 master-class video series, use of Terraform for IaC and experiences building/shipping an iOS application. Show Links Alex Bilbie Alex Bilbie on Twitter Coding Solo Podcast OAuth 2.0 Server - PHP, meet OAuth 2 The Go Programming Language gofmt - The Go Programming Language Amazon ECS - run containerized applications in production Protocol Buffers - Google Developers Alex Bilbie - OAuth 2 and API Security - Full Stack Radio Open Source Guilt - Alex Bilbie Amazon DynamoDB Global Tables Amazon Aurora - Auto-Scaling Serverless Database Service Amazon Web Services Solutions Architect Associate Certification - Alex Bilbie Amazon S3 Transfer Acceleration S3 Select and Glacier Select Amazon Athena — Serverless Interactive Query Service Laravel Live UK Workspaces - Terraform by HashiCorp cloudreach/sceptre - Build better AWS infrastructure cloudtools/troposphere - Python library to create AWS CloudFormation descriptions Can’t Eat That - An app for food allergy sufferers…

1
150: PHP was not designed for that?! with Joe Watkins 44:38

7 years ago44:38