"best practices" entries
The Puppet design philosophy
Explore the declarative, idempotent, and stateless Puppet DSL.
Before we begin to explore practical best practices with Puppet, it’s valuable to understand the reasoning behind these recommendations.
Puppet can be somewhat alien to technologists who have a background in automation scripting. Where most of our scripts are procedural, Puppet is declarative. While a declarative language has many major advantages for configuration management, it does impose some interesting restrictions on the approaches we use to solve common problems.
Although Puppet’s design philosophy may not be the most exciting topic to begin this book, it drives many of the practices in the coming chapters. Understanding that philosophy will help contextualize many of the recommendations covered.
Dos and don’ts in JavaScript
A few best practices for when you're learning the language
With every programming language, there’s a list of do’s and don’ts and JavaScript is no exception. Some of these best practices are there for your protection (like always always always using semi-colons!); some to make your code more readable and less error-prone; and some to increase the efficiency of your code. Read more…
The new PHP
PHP's experiencing a renaissance, with improvements and new standards
The programming language many love to hate is experiencing a renaissance. This is not your parents’ PHP. The new PHP is a more mature language with community standards, a growing affinity for interoperable components, and a passionate movement to improve performance. If you have bypassed PHP for alternative languages, or if you are a PHP veteran unaware of recent changes, you owe it to yourself to give PHP a second look.
Language Features
PHP 5.5 (the latest stable build as of this writing) has made major progress from earlier versions. Recent PHP releases contain powerful new features and helpful developer tools, such as a built-in web server, generators for simpler iteration, and namespaces. With PHP 5.4, traits were introduced (a la Scala or Perl) to allow code reuse in single inheritance languages, as well as closures, which allow you to code PHP in a functional style. Other important features include the built-in FastCGI process manager and phpdbg debugger, and a new password hashing API that makes it easy to hash and securely manage passwords in PHP.
Preventing Problems in PHP Security
Taking a look at the usual suspects: SQLi, XSS & CSRF
As any PHP developer that’s been around for a while will tell you, there’s a certain kind of stigma that comes with the language. They’ll hear it from their peers using other languages that PHP is “sloppy” or that “it’s just a scripting language, not a real one.” There’s one other that seems to follow the language around as well—that it’s insecure. Sure, PHP’s not without its problems—but any language is going to have its share. Ruby’s had several major vulnerabilities in the press lately and Java has definitely had its own list over its extensive lifetime. People put down PHP for not being secure, but they forget that it’s not the language that makes for insecure code, it’s the developer.
PHP, by its nature is “meant to die” at the end of every request, so the developers don’t have to worry about some things that more persistent languages do. There’s still some common dangers, though, that you as a PHP developer should be aware of. The most common ones come from the well known OWASP Top 10 list. Here’s a quick look at how to help prevent just a few:
Be a Polyglot Learner First, Then a Polyglot Programmer
How dabbling in a new language now can lead to innovation later
Being a polyglot programmer has its benefits; most of us have read or heard about those benefits from various respectable sources. I’d like to highlight the importance of being a polyglot learner before being a polyglot programmer.
You heard me right—learn a new language, but don’t rush to use it in production. At least not right away. I have used this approach and have realized two major benefits:
- Enhanced design skills, and
- The ability to adapt quickly to an evolving mainstream language
Most programmers currently code in one of the mainstream languages like Java, C#, and C++. On a typical enterprise project, chances are we’re using one of these languages. It might seem like a tall order for most of us to be able to intermix other languages. However, it’s becoming more critical that we do. Let’s discuss why.
Polyglot Programming: What Is It and Why Should You Be Using It?
An Interview with Neal Ford
I recently interviewed O’Reilly author Neal Ford (Functional Thinking, The Productive Programmer) on the subject of polyglot programming. In 2006, Neal wrote a blog post which resurrected the term, suggesting that as modern applications become more complex, it is important for developers to leverage knowledge of multiple languages and use the right tool for the job. In the interview, we discuss the benefits and challenges of polyglot programming, how it has evolved in recent years, and the impact it’s had on software development.
Some key highlights in our conversation include:
- What is polyglot programming? [Discussed at 0:15]
- What are some of the benefits? [Discussed at 1:39]
- How polyglot programming has affected software development in recent years [Discussed at 4:25]
- Downsides to polyglot programming? What are the trade-offs? [Discussed at 6:22]
- Best practices when starting out in polyglot programming [Discussed at 8:58]
- Where is polyglot going? The pervasiveness of JavaScript… [Discussed at 10:32]
- Resources for keeping up on trends and new technologies [Discussed at 12:48]