Sunday, February 16, 2014

I will use this password only once

Source Flickr: Lou_Lou Chan
Sad to see that people still use a single password for all their online accounts. Every day we read about accounts being compromised, major web sites being hacked and personal details stolen.

There's not a 100% secure way of securing web sites, there will always be flaws in the system that are beyond your control (like the latest Target credit card heist). But as a user, there are a lot of things you can do to ensure that whenever a site gets compromised, you don't have to worry your other accounts are in danger.

Single email address per account

First of all, if you have a Google account there's a nice trick you can do that your have only one email address assigned with an online service. A regular Google mail account looks something like <username>@gmail.com. But when you register with an online service, you can enter <username>+<servicename>@gmail.com. So, whenever this service gets compromised, you can watch suspicious emails entering on <username>+<servicename>@gmail.com and filter them out.

If you use another mail service (or have a mail service of your own) you might want to use a wildcard to accept emails, so whenever you signup for an account you can just use <servicename>@yourmail.tld.

Use one password per account

Secondly, I can only urge you to use a password tool like 1Password, LastPass or KeePass. Because you only need to remember a single password, the password for the tool itself and from that point on, you can have a different password for each account you create.

I use 1Password myself and I'm pretty happy about it. I now have for each account a different password, and I use it even for generating (and remembering) database passwords, keeping track of my loyalty programs and even store hash keys I use to connect to other servers using SSH or SSL.

1Password interface: clean, very convenient and secure
The nice thing of 1Password is it integrates with your OS and directly with your browsers. So whenever you open a website that requires authentication, you just click the plugin in your browser, enter your password and have it fill out the form. Just that easy.

But also using it for your databases, credit cards, loyalty programs and whatever thing you need to remember securely. And you save it securely with your "master" password on your computer. Just make sure this single password is the most difficult one to remember. Using a quote from a book or a movie is always a great way to secure things with a passphrase, especially when you combine 2 quotes in different languages. This ensures no one has direct access to those passwords when your computer gets stolen. I'm saying "direct access" and not "no access" as people can still try to break in once they have direct access to your computer.

Limitations on the web

Even when I'm using a password tool to generate automatic passwords, I sometimes stumble against web sites that have strict regulations on how passwords should be made. You might want to think twice using a service like that because for passwords you should be able to use any character at your disposal and as long as you want it to be.

For instance Microsoft has a limitation of 16 characters for passwords on their services.
16 Character limit on passwords by Microsoft
Other websites have even limitations on what characters you can use, which might indicate they're not even hashing passwords on their services. Another reason you want to have a password stored there that's not used anywhere else.

Your web applications

When you build a web application with authentication, be sure to allow people use whatever password they want, even if they want to paste in the whole Macbeth book.

On the backend you might want to use PHP's password_hash that's now being provided by PHP 5.5. If you haven't upgraded yet to PHP 5.5 yet, check out Anthony Ferrara's talk on password hashing, he even has made a video of it.

Conclusion

Keep your passwords safe, secure and use them only once! On the backend you need to ensure that you keep those passwords secure and difficult to break. And allow all input!

Wednesday, February 12, 2014

There's no PHP user group here!

PHP User Group PHPBenelux

When going to conferences you always hear "join a local user group, and if there's none in your area you're the person who needs to start one". But then what? Where do you get started? How do you organise a PHP user group? Basically, you're left in the dark and you're missing out of all the great stuff everyone else can enjoy.

So how do you get started?

You've attended a conference or visited a remote user group and you're completely pumped up to start a local community in your area. But how do you organise a user group meetup? How do you let people in your area know, you've started something for developers to meet each other, learn from each other and have a good time?
There's no one-size-fits-all solution to these questions though, most of it depends where you're located and what the penetration level is of PHP developers.

Meetup.com

Meetup.com
The easiest way to let everyone know you're organising a PHP meetup, is using Meetup.com where you can announce your meetups, create a user group profile and more. You can even use meetup as your user group webpage if you don't want to invest in setting up a seperate web page.
Everyone who's already a member of Meetup will receive a mail informing them there's a new meetup in their area: yours!
Meetup costs about $ 2.00 per month

Facebook.com

Facebook.com
If you don't want to invest money in setting up a user group, you can use also Facebook and create a group for your user group. It doesn't inform members there's a new user group in their area likeMeetup.com does, but via facebook sharing you might get some traction throug your peers.

Linkedin.com

Linkedin.com
As a professional, most likely you have a Linkedin profile. If not, I can highly recommend it as it is your professional network hub which you want to use anyways when networking during user group meetups.
Another benefit of Linkedin is you can search for PHP in your area and get to see companies and people currently doing "something" with PHP in your area.
I love Linkedin as it allows me to connect with local businesses and fellow PHP developers in my area. Through their social network services, I can keep in touch with my peers and follow up on their interests.
One of the nice features of Linkedin is searching people and businesses in a particular area with keywords. So if you would like to know which businesses are doing PHP in your area, you can filter on "php" in your area. This will give you a list of companies in your area who you can contact to see if they want to host a meetup or want to sponsor for drinks or pizza.
Search for PHP in Antwerp Area, Belgium

PHP.net

The PHP UG section on PHP.net
The main resource for PHP developers is still php.net and thanks to the efforts of Ben Ramsey there's a whole page dedicated to PHP user groups. Find it at php.net/ug. Here you can search for a local user group or register a new user group.

First meetup

The first meetup is going to be really exciting as you have high hopes many people will come and will congratulate you for taking the initiative.
If this is the case, you're in luck. Most of the time you get only a few people just checking out what it's all about or none at all. But don't despair, keep the faith and continue with planning meetups. As an example: our first meeting had just 2 visitors. Now we're between 50 and 80 attendees.
I think Michelle Sanver said it the best:
I knew no PHP developers in Groningen managed to get a venue and just holding my thumbs someone would turn up the first meetup. In the end the first meetup was just a "How do we do this?" meetup and I had 3 attendees, which was awesome. The next meetup we were 15 people and since then a steady stream of between 10 - 20 people depending on topic and interest, most of them have never been anywhere in the community before, so if there is no community people - Make them.

Community support

Know you're not alone out there. There's a network of PHP user group leaders available that will help you getting the word out and mentor you to grow your community.

User Group Wiki

Over on php.net there's a whole wiki created for user groups with access to the mailing list and user group handbook. Don't forget to join us on irc in channel #phpgroups where you can find further assistance in getting your community of the ground.

Cal Evans

Don't forget to inform the Godfather of the PHP Community Cal Evans that you started a PHP user group and provide the twitter handle to him, he keeps a list of user groups on his twitter account.

PHP|Architect

Did you know there's a genuine PHP magazine out there? It's PHP|Architect. Send a mail tobeth@phparch.com and notify her about the user group you created.
Whenever you have a big event or something, you can ask to have them to include it in their newsletter and if necessary have a community article or ad about it in the magazine.

Zend

Zend Technologies, Inc. is the company behind PHP and are offering professional services to businesses and governments. And they too have a newsletter. You might want to inform them about your newly created user group so they put it on their website as well and announce news reports from your community.

Closing remarks

Thanks for stepping up and start becoming a community leader. I can't say it's a simple task, but if you keep believing in it you will succeed and become the go-to community leader for your area. Remember, we've got your back on this!

Saturday, February 01, 2014

PHPBenelux Conference 2014 Review

Past weekend was the 5th anniversary of PHPBenelux Conference and people have known it! With close to 50 speakers, 400 attendees and a massive number of sponsors made this conference a true "epic" event. Not because of the numbers, but because of the social events after each conference day.

The theme of the conference was "Carnaval" and like you would expect from any big fair, there were arcade games, money slots and even a huge bumper car stand.

Speakers dinner

Speakers were invited to arrive on Thursday before 6pm because the crew of PHPBenelux had something "special" in mind: a speakers dinner in the national symbol of Belgium: Atomium. Due to a traffic jam I wasn't able to attend the dinner, but as I needed to try the location to see if it met our standards, I already experienced the good dinner in an awesome setting.

Tutorial sessions

On Friday morning we had no less than 7 tutorial tracks and it felt great to see the majority of our attendees were attending these tutorial sessions. Twitter was not lying, the content delivered by these speakers were of high quality and everyone enjoyed it a lot.

Conference day 1

Friday afternoon was the start of PHPBenelux Conference. An epic keynote presented by Elizabeth Marie Smith officially kicked of this 5th edition of the conference. After the keynote 3 simultaneous tracks with great speakers and contents was making it hard for our attendees to choose which track to attend.
Elizabeth Marie Smith keynoting on Mentoring Developers

Socials

The social events of PHPBenelux have always been "rememberable" and "epic", but since we lost the bowling alley, we needed to come up with something new: Bumper cars! And little did we know it was such a huge success. People walked away from it with bruises and pain in their backs, and still yelled "awesome".

Bumper cars ready to entertain
We haven't forgotten our signature "Belgian fries" and "Belgian beer" and even though people were waiting a long time in the cold, they all agreed it was all worth it.

Conference day 2

Saturday morning was the second conference day where everyone had time to recover from all the bruises and hangovers and again 3 tracks filled with great sessions was offered to our attendees. Of course the event was closed by our appreciation of speakers, staff, hotel and of course the attendees. In the evening we've provided again a social event for everyone left at the conference.

Behind the scenes

When you attend a conference, everything magically runs smoothly. But from an organiser point of view it's a whole other ballgame. To organise an event like this, you need to prepare everything months in advance. Sending out sponsor package details to companies, negotiating sponsor deals, open up the Call for Papers, selecting a selection of talks from all proposals, decide on the artwork, negotiate with suppliers, follow up on additional requests and so much more.

Picture taken by Brett Gaasbeek
PHPBenelux is a 7-man team with each person having a specific role: finance (Leon), logistics (Paul), communication (Jeroen), sponsorships (Thijs & Richard), website & mobile app (Martin) and last but not least suppliers (me). This team is truly awesome and we weren't able to set up an event like PHPBenelux Conference 2014 if it wasn't for these guys. And don't forget, all was done voluntarily after working hours in our free time, only using Skype, Google Drive and Asana.
Goodie bags and blankets
In preparation and during the event we also worked with volunteers to help us picking up and dropping of speakers at the airport and train station, at the registration desk, in the rooms and on the venue floor. So a big gratitude goes out to Lineke, Steffi, John, Michelle, Tobias, Peter, Tom & Stijn.

Even my five year old son Xander helped out a little.

Xander in charge of the flags
For 5 years we've been working closely with the staff of Ter Elst which allows us to be flexible in our food and drinks offerings, set up and tear down rooms as we need them and be very flexible when it comes down to people's requests. We can say that after 5 years we've grown towards each other becoming a well-oiled machine for organising a conference of this magnitude. So, a big "thank you" to the crew at Ter Elst.

Closing remarks

This event goes in the history books as "epic", "awesome" and "painful" (due to bumper cars). Yes, we've raised the bar for ourselves and it will be challenging to give you all a similar experience next year without repeating what we did this year. Knowing our team, we will come up with something crazy. Follow @PHPBenelux and keep an eye out for our announcements.

One piece of advice

Since we sold out the past 2 editions, be sure you buy your tickets early! If later you cannot make it to the conference, you can always cancel it up to 2 weeks before the conference. But don't wait until we have sold out…

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.