I am seeking speakers for my @phpugffm & @phpugmrn meetups. We prefer in-person presentations in Frankfurt or the Mannheim area, but remote talks are also an option. If you have anything interesting to share with us, let us know. We'd be more than happy to have you! Thx! #php#phpc#phpugffm#phpugmrn
@vanamerongen There might be... Options ... as @shochdoerfer already mentioned. But in general we (as in The Usergroups) are (sadly) also missing the budged. 😉
@thomastospace usually you hire someone who is going to perform the pentests. In that case, you just wait for a report and address the issues they will point out.
If you're the author of the pentested application, it makes no sense to be also the one who will do the pentesting. The best results are when someone else makes those.
After the last few things I've learned about #PHP 8.4 by accident I thought why not look into it and see what else there is. So, here's an example of the four new rounding modes PHP 8.4 will introduce to the 'round' function:
PHP_ROUND_CEILING
PHP_ROUND_FLOOR
PHP_ROUND_TOWARD_ZERO
PHP_ROUND_AWAY_FROM_ZERO
I rarely use anything else than 'ceil' and 'floor' in my daily work but this is still good to know.
@doefom Sounds useful at first glance but is more likely to encourage using floats inaccurately for decimal / monetary calculations. bcmath is also getting a new bcround and related methods which should be used instead, or one of the libraries specifically for decimal or money calculations.
@zimzat Didn't know there are better/worse solutions for rounding, I thought there's one right way to do it under the hood and that's it. Well, as you say there is more to rounding than I thought :D Thanks for your feedback!
Charles Fol a présenté la faille #iconv (CVE-2024-2961) à #OffensiveCon le 10/05/2024. On n'a toujours pas de détails. On dirait bien qu'il n'y a pas d'attaques généralisées non plus.
Quelqu'un aurait vu des sites #PHP compromis via ce genre de chose récemment ? Ou pire ?
Had fun this weekend working on a performance focussed proof of concept using Bunny in the #PHP#queue interop contracts. The first metrics are in using the #RabbitMQ cluster on my #Raspberrypi#Kubernetes home cluster. (Which isn't meant for high performance. Still pleased by these numbers.)
Thanks to @jay Bunny #PHP will support client properties in the upcoming 0.5.6 and 0.6 releases. Client properties can be used to set a human readable name to your connection with #RabbitMQ:
📢 Woohoo! Version v6.1.16 of Firefly III has just been released 🎉. Check it out over at GitHub, Docker, or download it using your favorite package manager.
One thing that’s funny about #ai and #programming is I keep hearing the same thing. “Oh I use it for generic snippets, just common tasks and functions”.
The amusing thing about that is when I first started working with a #php app years ago there was already a solution to that problem. It was called “the PHP Cookbook” published by O’Reilly. I was told “oh we buy you a PDF copy and you just search for whatever you are trying to do and use that code. It saves a ton of time for junior programmers.”
Not only was it true, it did save me a ton of time and headaches, but we didn’t need to steal anything. The authors got paid, it worked offline, it didn’t require scraping the entirety of human knowledge to write or nuclear power plants worth of energy to distribute.
It also helped me learn. Since I would have a solid foundation to the solution, I felt more confident experimenting. I always had a known-functioning standard library solution as my base. So when something broke I knew where to start debugging.
Just an incredible thought that instead of paying $20 for a pdf once we decided this was the way to go.
@matdevdug I mean, pretending that CTRL+F and an AI are somewhat equivalent is not the argument you wanna be making.
Sure, reading a book and learning stuff is good and everyone should do it. But some problems are really specific and no book will have an example that you can find within few minutes.
@chrastecky Well as someone whose tried virtually every paid and free AI product on the market and can’t even get the paid Google Gemini one to return accurate results about their own Google Cloud libraries I’m gonna have to give it to CTRL-F.
They’re such unbelievable dogshit that Google cannot even make it as accurate as reading their own tests in their own client library. Imagine that. Reading the tests is easier and more reliable than asking an LLM. I didn’t even need to burn down a rainforest or make 12 more datacenters to do it.