Preview: Ben Ramsey
Web Craftsman, Author, & Speaker
7 Tips for php[tek]
This week, I’m attending php[tek]. This is my seventh php[tek], and the first I’ve attended not as a speaker. It’s one of my favorite conferences, and I didn’t want to miss its first year in a new city: St. Louis. As we gear up for the eleventh php[tek] conference, I thought I’d list my seven tip...
This week, I’m attending php[tek]. This is my seventh php[tek], and the first I’ve attended not as a speaker. It’s one of my favorite conferences, and I didn’t want to miss its first year in a new city: St. Louis. As we gear up for the eleventh php[tek] conference, I thought I’d list my seven tips for getting the most out of your php[tek] experience.
Hang out in the evenings, after the conference sessions.
php[tek] is known for hosting events in the evening, from video games and board games to hackathons. Make sure you you stick around and take part. One of the best features of PHP is its community, and taking part in the events following the day’s conference sessions is a great way to build relationships in this community.
After the conference events, follow folks to the bar.
Do you have to be a drinker? Nope. There’s much more to a bar than drinking. In Chicago (Rosemont), php[tek] had Shoeless Joe’s, a nearby sports bar, where attendees would congregate each evening following the conference activities. In St. Louis, I don’t know what that place will be, but I’m certain there will be one. This is where relationship-building continues. There’s so much that can come from these relationships—friendships, business opportunities, mentors, and more!
I closed down Shoeless Joe’s with @cspruck, @ElizabethN, @derickr, @coderabbi, @JimLindForPope, @dshafik, @ptahdunbar, et al. #phptek— Ben Ramsey (@ramsey) May 23, 2014
Having begun a new job myself, I shared Ed’s sentiment. Last weekend, while at the Madison PHP Conference, we were discussing what developers can do during the interview process to get an idea of the kind of codebase a company has. After all, the developer is interviewing potential employers just as much as they are being interviewed as a potential employee. It would suck to be hired only to find the code is in shambles. Short of signing an NDA and asking to see the their code, what can you do?
Here are a few tips I think go a long way in helping determine the state of a company’s codebase. If you have other ideas, feel free to leave them in the comments.
Ask what coding standards the company follows. Can they articulate those standards well? Grill them on specifics. Be sure to ask this of the developers and not the managers. Otherwise, you might not get a good picture of how standards factor into their practices.
For PHP projects, you should hear something about PSR-2 and PSR-1. If not, then at least the old PEAR coding standards should come up.
Ask whether the company uses a dependency/package management tool. Answers to this question are a good indication of whether the company subscribes to a not invented here (NIH) philosophy. Companies that reuse code from a variety of third-party packages tend to—in my experience—have better structured and cleaner codebases. I’m not sure why this is, but I suspect it’s because the developers have more exposure to how others are doing things and pick up on best practices in this way.
For PHP projects, you should hear the company talk about their use of Composer. At the very least, they should mention PEAR, but PEAR is waning.
Ask how much of the code is covered by tests. There are unit tests, functional tests, integration tests, and acceptance tests. Maybe there are others that I’m not aware of. Start a conversation about which testing strategies the company uses and how many tests they have.
For PHP and web projects, there are many different testing tools available. At the least, I woul[...]
Setting Up Jenkins on Amazon Linux for PHP Testing
These instructions are specifically tailored for setting up Jenkins on an Amazon Linux EC2 instance. If that’s not what you’re running, your mileage may vary. These commands should run on RHEL-based systems, and with modifications to the package manager and names of packages, they should work on other Unix-like systems.
1. Launch and Prepare an EC2 Instance
The Amazon Linux AMI I used was the latest (at the time) paravirtual, 64-bit, instance store AMI (ami-ed8e9284), but choosing the latest for your region should work just fine. You can use an EBS-backed volume instead and set up regular snapshots of it, or you can follow these directions, create an AMI from your configured instance, and set up regular snapshots of the EBS volume we attach to the instance. Either way will work fine. I just happened to use an instance store with an EBS volume attached.
Launch an EC2 instance (use this link to launch one, if you like)
Create an EBS volume
Attach the EBS volume to the instance you launched
SSH to the instance, format and mount the EBS volume (see below)
I’m using XFS for the EBS volume’s file system, but you may use what you prefer. We’ll mount the volume at /var/lib/jenkins, so that we don’t have to do any complex trickery with the default jenkins user, home, and permissions. The EBS volume may exist at /dev/xvdf, as it does in the following example, or it may be attached at another point. See also Amazon’s guide to “Making an Amazon EBS Volume Available for Use.”
Note: All of these instructions require root access. You may prefix them with sudo, or you may change to the root user.
$ yum install xfsprogs
$ mkfs -t xfs /dev/xvdf
$ mkdir -p /var/lib/jenkins
$ mount /dev/xvdf /var/lib/jenkins
Now, the volume is mounted at /var/lib/jenkins. We want to ensure it always gets mounted there when we restart the instance, so let’s add a line to /etc/fstab:
$ cp /etc/fstab /etc/fstab.orig
$ sh -c 'echo "/dev/xvdf /var/lib/jenkins xfs defaults,nofail 0 2" >> /etc/fstab'
$ mount -a
2. Install and Start Jenkins
Installing and starting Jenkins is fairly simple. We need to add the official Jenkins project repository to the list of yum repos, and then we install with yum, start the service, and ensure that Jenkins starts up on a reboot.
$ wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo
$ rpm --import http://pkg.jenkins-ci.org/redhat-stable/jenkins-ci.org.key
$ yum update
$ yum install jenkins
$ service jenkins start
$ chkconfig jenkins on
3. Configure the Server for Running Tests
Now, we need to install some stuff on the system so that Jenkins can do its thing. These instructions are intended for tests that use the Template for Jenkins Jobs for PHP Projects. This will give you a basic PHP installation with all the tools necessary to run the template. If you need to use anything that deviates from the stock template, then you’ll need to make changes.
$ yum install ant git graphviz gcc gcc-c++
$ yum install php55 php55-devel php55-common php55-cli php55-intl php55-gd php55-pecl-imagick php55-mbstring php55-mcrypt php55-mysqlnd php55-pdo php55-pecl-xdebug
$ sh -c 'sed -i "s/^memory_limit =.*/memory_limit = 256M/" /etc/php.ini'
$ sh -c 'sed -i "s/[...]
My First Month at ShootProof
My first day at ShootProof was July 1st, and as I've come to my one-month anniversary with the company, I wanted to share some of the reasons that attracted me to ShootProof and why I'm still excited about it, after a month of working here.
It’s difficult to write a blog post about a new gig without coming across as sounding critical of past employers. That’s not my intent, but this first month I’ve spent at ShootProof has been one of the best months I’ve had in a long time, career-wise.
My first day at ShootProof was July 1st, and as I’ve come to my one-month anniversary with the company, I wanted to share some of the reasons that attracted me to ShootProof and why I’m still excited about it, after a month of working here.
The primary reason I joined ShootProof was for the team. I had worked with Robert Swarthout and Brian DeShong previously at Schematic (now POSSIBLE). We worked well together then, and the opportunity to work with them again was almost too good to be true. On top of that, ShootProof hires the best. With folks like Jenn Downs, Terry Allen, Kevin Bandy, Josh Davies, Colin Breece, and the rest of the ShootProof team, ShootProof really is a dream team.
At PHP Tek 2009, my friend Sean Coates gave me some awesome career advice. He said, “You need to work with people who know you.” At ShootProof, I am doing just that, and it’s a great working relationship.
Another thing that attracted me to ShootProof is its funding. As of today, it’s 100% bootstrapped. Ideologically, I’m not one of those who say your company must be bootstrapped or VC funded. There are pros and cons to both types of funding. But having experienced VC funding, a bootstrapped company had a certain appeal to me: all the investors have “skin in the game” in both the monetary investment sense, as well as the agile “pig” sense.
What this means for me is that I work on a daily basis with the primary decision makers in the company, and these decision makers answer only to themselves (and our customers). There’s a great deal of freedom and trust in this relationship.
Will we always remain bootstrapped? That’s not a question for me to answer or even to presume to know the answer. There are a variety of reasons we may or may not consider funding in the future, and that’s a question for our founders to tackle, but for now, the fact that we’re bootstrapped is important to me. It all comes back to the team. We’re intimate. We’re lean. We’re agile. We’re not tied down by VC money. We work only for our customers and ourselves.
Top-notch Support Team
After meeting with Colin, I realized that ShootProof not only prides itself in building a great product, but our special sauce is our customer support team. Our loyalty builders will do whatever it takes to ensure the happiness of our customers. I know this makes me sound rather dense and naïve, having worked in the industry for so many years, but after hearing about the work of our customer support team, I realized that customer support is just as much a part of our product as the code that makes up our web properties. I’m proud of the work they do, and I’m excited to be a part of their team.
Along with customer support, ShootProof is working to ensure we have the best possible user experience for our customers. That’s why we have ace UX folks on our team.
User experience has always been an important cornerstone of software development to me. How users feel when they interact with your software interface determines whether they want to continue using it or not. Working at Schematic showed me how UX must be a discipline to any software company. I am more than thrilled that ShootProof feels the same way and has made it a crucial tenet of our process.
As Brian said in his “Joining ShootProof” blog post, I also sought out ShootProof because I love to build products. I want to work for a company that is product-fo[...]
All Good Things…
I’ve spent the past four-and-a-half years at Moontoast. It has been an excellent ride, but it’s time for me to move on.
Over the past month or so, I have wrestled with one of the hardest decisions I’ve faced in my career. I’ve spent just over one-fourth of my professional career with Moontoast—4.5 years. This is a long time in Internet years. During my time here, I’ve learned a lot about startups, building Internet products, running in the cloud, and much more. There are great things happening at Moontoast—changes that make it a stronger, more effective company with an awesome product. It’s an exciting time to be a part of the company! For me, it’s been an excellent ride, but it’s time to move on.
I do not currently have another job lined up, though I do have a number of opportunities that are under discussion. One of the primary reasons for this career move is my lack of involvement in the greater PHP and general open source communities over the last three years. I believe my visibility and personal brand have diminished, and that’s something I want to change.
In particular, here are some areas I want to focus on:
Blogging: In 2009, I made 24 blog posts. In 2008, I made 27. In 2007, 43. Notice a trend? Since January 2010, I have made only 17 blog posts in four years. Blogging is a great way to position yourself as a thought leader; my lack of blogging shows that I’ve not been leading any thoughts.
Speaking at Conferences: I enjoy speaking at conferences. I enjoy teaching. Over the last few years, I have done very little of this, and that’s been bothering me. I want to return to the conference circuit in a big way.
Thought Leadership: Thought leadership is one of those areas of personal branding that helps set you apart from other speakers and writers. It’s a way of defining your niche and making you one of the “go-to” people in the industry for a particular topic. I have focused little on my personal thought leadership over the last few years, and I will be changing this. I will return my focus to APIs and HTTP, but I will be focusing more on practical integrations and real-world applications, rather than theory and design.
Writing a Book: I am currently working on the outline of a technical book. I hope to finish the book this year. More details on this later.
API and Integrations Consulting/Training: I have given thought to consulting or training on APIs and integrations. If this is something that interests you, let me know, and we can talk specifics.
Hacking on Open Source Software: I’ve made small contributions to the PHP core, as well as other open source projects, but I want to begin contributing even more to open source libraries, tools, and SDKs.
I’m looking forward to what the rest of the year holds for me. It’s an exciting time, and I can’t wait to get started!
In evaluating opportunities, I have been asking about potential employers’ comfort level with all of the above. As an employer, if these are things you like, encourage, and think can make your own brand stronger, then I’d love to talk to you. Feel free to reach out to me via email at ben at benramsey.com.
Ben Ramsey is a web craftsman, author, and speaker. He is a software architect at ShootProof, where he builds a platform for professional photographers. He enjoys organizing user groups and contributing to open source software. Ben blogs at benramsey.com and is @ramsey on Twitter.
“All Good Things…” was originally published at benramsey.com and is Copyright © 2014 Ben Ramsey. It is licensed for use under a Creative Commons Attribution-ShareAlike license.
Will Encryption Catch On With Keybase?
Encryption is hard, and the difficulty barrier keeps us from adopting it. I hope Keybase paves the way to making encryption easier for us all, from the technologically-skilled to the technologically-challenged.
Email is not secure. Let’s stop fooling ourselves. Just because I use Gmail, and I’m using it over HTTPS does not mean that the email I send or receive is encrypted while being transmitted outside of Google’s network. Inside Google’s network, even, the contents are not encrypted.1 So, why do we keep sending sensitive information through email, and why do our banks and mortgage brokers and HR departments keep asking for us to send our Social Security number, bank accounts, and other private details through email?
Is it because we are oblivious, naïve, or do we just not care? I suspect it’s a little of all three, but mainly it’s because encryption is hard, and the difficulty barrier keeps us from adopting it.
The alpha launch of Keybase has got me excited. It uses the public-key cryptography (a.k.a. PGP/GnuPG) model to identify yourself, prove your identity, and allow others to vouch for your identity. I hope it paves the way to making encryption easier for us all, from the technologically-skilled to the technologically-challenged.
How Public-key Encryption Works
I want people to send me sensitive information, but I don’t want anyone else to read it while the information is traveling across the Internet. So, I create a pair of keys. One is public; I can send it to others. One is private; I should keep it secret and safe, like the most secret password I’ve ever had.
I give my public key to someone who wants to send me sensitive information, like a Social Security number. They encrypt a file using my public key and send the encrypted file to me. I can decrypt it, since I have the private key that’s paired with the public key used to encrypt the file. I’m the only one in the world who can read the file, and that’s great because I was the intended recipient.
Here’s what’s important: even if someone intercepts the file, they cannot read it because they do not have the private key to decrypt the message. Even if they have my public key, they cannot decrypt it. The information is safe!
A second benefit of encryption is that I can sign my messages to other people, using my private key. If the recipient has my public key, they can verify the signature. If the signature is bogus, they know I didn’t send the message, but if it checks out, they can be certain I sent the message. No one can forge my signature. Using the signature ensures the message hasn’t been tampered with and the recipient hasn’t been fooled into thinking they’ve received a message from me that is really spam (or worse).
A third benefit is the web of trust. Others may validate my public key by signing it with their own key. These signatures are then added to public key servers as additional proofs that the keys in question do, in fact, belong to their real owners. This helps others know whether a signed message from me is actually coming from the real me and not just someone claiming to be me with a false key. The web of trust is decentralized, with key servers around the world.
Encryption Is Hard
While encryption provides massive benefits, it is difficult even for seasoned technologists to perform, much less everyone else. This is because the tools we use for encryption often require basic knowledge of how encryption works. Command line tools and mail and browser plugins may be used to encrypt and decrypt messages using your public/private key pair, but these tools are all afterthoughts, things that must be installed and maintained by a user who knows what they are doing.
In order to gain mass adoption of encryption, it needs to be made central to the applications and platforms we use, and we need the ability to use it easily without fully understanding it. It needs to jus[...]