Freek.dev

On his blog Barry van Veen listed some examples of things you can do within a Laravel service provider.

Currently, I'm working on my first Laravel package. So, it was time to dive into the wonderful world of the service container and service providers.

Laravel has some great docs about, but I wanted to see some real-world examples for myself. And what better way than to have a look at the packages that you already depend on?

This post details the different things that a service provider can be used for, each taken from a real open-source project. I've linked to the source of each example.

https://barryvanveen.nl/blog/34-laravel-service-provider-examples

Read more

Zalando, a large online fashion plaform, published it's guidelines around open source creation and usage.

Why Open Source? Because it can: improve quality, mitigate risk, increase trust, save us money, expand our technology choices, be fun, enable us to give back to the community, strengthen our tech brand, and attract talent. ... Do “Open Source First”: If your Zalando project can also be useful to non-Zalandos, release it as open source from the start.

https://github.com/zalando/zalando-howto-open-source

Read more

Laravel employee #1, Mohammed Said, recently gave an interview at codeforaliving.io on his career and how he started with open source. Terrific story. A lot of what he says resonates with how I feel about working on open source.

Said believes many developers, in the Middle East and elsewhere, are interested in the open source community, but not sure how to get started: “They think they have to wait until they have something perfect.” That’s simply not the case, Said maintains. He encourages developers to dig deep into their favorite projects, especially into software they work with on a daily basis, and look for places they can offer “enhancements” to existing code.

Open source, he believes, is the best experience a developer can show in an interview. “Tech interviewers want one thing,” he says: “Show me your code.” You can share code you’ve written for your day job, but it’s probably impersonal or boring or even proprietary and closed source, so you can’t share it at all. Some code at work is done as part of a team and you can’t pick out what you did and what Jane down the hall did. Open source, on the other hand, is all you. It’s your passion, it’s publicly accessible, and it has your name on it.

http://www.codeforaliving.io/how-i-open-sourced-my-way-to-my-dream-job-mohamed-said

Read more

Kyle E. Mitchell goes over the MIT License, line by line.

If you’re involved in open-source software and haven’t taken the time to read the license from top to bottom—it’s only 171 words—you need to do so now. Especially if licenses aren’t your day-to-day. Make a mental note of anything that seems off or unclear, and keep trucking. I’ll repeat every word again, in chunks and in order, with context and commentary. But it’s important to have the whole in mind.

https://writing.kemitchell.com/2016/09/21/MIT-License-Line-by-Line.html

Read more

Joind.in is a website where attendees can leave feedback for speakers delivering talks and conferences and user groups. This feedback is very useful for the speakers who which improve their skills. In my mind it is an essential part of the PHP ecosystem.

For the last 6 years Lorna Jane Mitchell and Rob Allen have maintained the project. They are now looking for others to take over their duties.

This post is about the open source project, Joind.in. Joind.in is a tool to allow attendees at conferences or other events to offer immediate public feedback to speakers and organisers at those events. Joind.in is an open source project run by volunteers. For the last 6 years I've been a maintainer of this project, following a year or two of being a contributor. Over the last few months, myself and my comaintainer Rob Allen have been mostly inactive due to other commitments, and we have agreed it's time to step aside and let others take up the baton.

http://lornajane.net/posts/2016/joind-in-needs-help

Read more

Without any doubt Tim Wood, the creator of the awesome moment.js library, has done a lot for the community. It's really a shame that the constant pressure of maintaining the library has taken it's toll.

The correlation between Open Source and burnout is no secret, and I am not immune to it. ... Seeing bugs and issues continue to roll in and being mentally unable to address them has led to feelings of failure and depression. When looking at the moment project, I could only see the negatives. The bugs and misnomers and mistakes I had made. It let to a cycle of being too depressed to contribute, which led to being depressed because I wasn’t contributing.

https://medium.com/@timrwood/moment-endof-term-522d8965689

Read more

With vanilla PHP it's possible to check of if the SSL certificate of a given site is valid. But it's kinda madness to do it. Let's look at the code required:

<br />// Step 1: downloading the certificate from the site
$streamContext = stream_context_create([
    'ssl' => [
        'capture_peer_cert' => true,
    ],
]);

$client = stream_socket_client(
    "ssl://spatie.be:443",
    $errorNumber,
    $errorDescription,
    $timeout,
    STREAM_CLIENT_CONNECT,
    $streamContext);

$response = stream_context_get_params($client);

$certificateProperties = openssl_x509_parse($response['options']['ssl']['peer_certificate']);

// Step 2: parsing the certificate

/*
* I'm not even going to type out the further code needed.
*
* `$certificateProperties` has two keys `validFrom_time_t` and `validTo_time_t`. 
* Those keys contain the UTC representation of the date.
* You will need to check if the current date is between those dates.
*/ 

What. The. Actual. F. Let's fix this!

We've released a new package named spatie/ssl-certificate that makes checking the SSL certificate of a site laughably easy. Let's take a look at the code:

$certificate = SslCertificate::createForHostName('spatie.be');
$certificate->isValid(); // returns true if the certificate is currently valid

Boom, done.

The package has a few more methods that makes working with an SSL certificate a breeze:

$certificate->getIssuer(); // returns "Let's Encrypt Authority X3"

$certificate->getDomain(); // returns "spatie.be"

//A certificate can cover multiple (sub)domains. Here's how to get them.
$certificate->getAdditionalDomains(); // returns ["spatie.be", "www.spatie.be]

$this->certificate->validFromDate(); // returns an instance of Carbon

$certificate->getExpirationDate(); // returns an instance of Carbon

You can also use isValid to determine if a given domain is covered by the certificate. Of course it'll keep checking if the current datetime is between validFromDate and expirationDate.

$this->certificate->isValid('spatie.be'); // returns true
$this->certificate->isValid('laravel.com'); // returns false

The source code of the package is available on GitHub. My company has made many more PHP framework agnostic, Laravel and JavaScript packages in the past. Take a look at the open source page at our site to see if we've made anything that could be of use to you.

Read more

Jordi Boggiano investigated if there are pundits actively abusing typos in package names.

Earlier this month an article was published summarizing Nikolai Philipp Tschacher's thesis about typosquatting. In short typosquatting is a way to attack users of a package manager by registering a package with a name similar to a popular package, hoping that someone will accidentally typo the name and end up installing your version of it that contains malware.

... I wanted to take a look at our repository data and see if I could spot any bad actors.

https://seld.be/notes/typo-squatting-and-packagist

Read more

Michael Bromley on his blog:

There is an implicit agreement which needs to be understood by both consumers and creators of FOSS projects¹. It goes something like this:

• I agree to provide you with some free code which solves your problem.
• I recognize that in doing so, I have taken on a small portion of responsibility to you as a user of my code.
• I agree to try to help you if you have difficulty in using my code.
• I agree to try to fix bugs that you find in my code.
• Crucially, you agree that I, in acting without remuneration, am free to assign priority to the above points as I see fit.

The last point is the reason why I haven’t fixed your issue yet.

As a package consumer you should be grateful for the free code you're given. Keep in mind that when you use someone else's code, you are responsible for that code as well. If a package maintainer solves an issue for you that's great. If he or she doesn't, than that's your problem, not the maintainer's. You can always submit a PR with a fix. And if the fix or feature doesn't get accepted you can always maintain your own fork.

For our own packages we try to respond to every single issue in a timely manner. The users of our packages are generally very friendly and helpful. There's only one instance when things went sour. I do make a point of thanking everybody who takes the time to submit a PR. It's a small thing but I do believe it helps creating a positive vibe on our GitHub repo's.

Read more