Kate the Coder

1. There’s a new spatie PHP package on the block – this one for making parallel processing in PHP simpler. Now I just need to find an excuse to try it out in one of my hobby projects…
2. Disabling buttons to prevent double-clicks is bad for accessibility. Here Chris Ferdinandi argues for the more elegant solution of applying an attribute to the form element and checking it within the onsubmit logic, which also prevents users from firing duplicate submissions via keyboard actions.
3. Here’s an interesting take from the Google Testing Blog about whether there’s such a thing as making your tests too DRY. “Since tests don’t have tests, it should be easy for humans to manually inspect them for correctness, even at the expense of greater code duplication”. Instead you could aim to make your tests DAMP (full of Descriptive And Meaningful Phrases).
4. Despite what my first CTO told me back in 2007, COUNT(*) is not actually slower than COUNT(id), in mysql at least. In fact, it’s better to do it this way and let the query optimiser have free rein to choose the most efficient column to count on.
5. A useful checklist of things to consider when adding a second server to your project. All of which will also make it easier to migrate your project from one server to another (say, if you want to change which cloud service you are hosting it on), a process I’m currently going through with one of my side projects.

1. The PHP Foundation have released their first update. I’m particularly excited to see the new SensitiveParameter attribute, which can be used to prevent values like secrets or credit card numbers from appearing in stack traces.
2. Earlier this year I read this post about the potential WebAssembly offers for using popular server-side languages in the browser. A few months later, I’ve encountered the first example of this in the wild – PyScript!
3. I enjoyed this little CSS selector test, although I only managed to get a couple of them without Googling. I’m not doing much complicated front-end work at the moment but it’s nice to refresh my brain now and again about how powerful CSS selectors can be.
4. Why are modern programming languages so materialistic? Because they are object-oriented! Just one of many groan-worthy puns at DevDadJokes. I love terrible jokes … particularly when they’re about somebody else’s favourite language or framework.
5. Speaking of favourite languages … mine is probably still Java, and while PHP has improved in leaps and bounds lately, there are still some things about the language that infuriate like. One of these is how f*#!ing hard it is to validate whether a piece of data is “int-like”, so that I can write code that handles input both from the browser (where everything’s a string) and from API requests (where people like to pass in ints for things that should be ints). I enjoyed this summary of the methods available, although sadly there is still no silver bullet … besides writing my own library function to abstract away all the nastiness, that is.

1. About resource expansion in RESTful interfaces. Somehow I have never encountered this practice before, but I found my first use for it straight away and I am very happy with my shiny new thing.
2. This handy checklist of modern PHP features helps you quickly look up which cool new features you can use with each version. I switch around between projects using 4 different versions of PHP regularly, and while PHPStorm is helpful at reminding me which things I can and can’t typehint at each version, I could definitely make more use of some of PHP’s recent enhancements when they’re available.
3. “Browser in the Browser” attacks are the latest sophisticated phishing technique. The fake site pops up a separate browser window for you to enter your single sign-on credentials – but the browser window is actually just an image of a browser window. Layer input fields over it in the right place and add some JS to make it draggable, and you have a very convincing sign-in window. The giveaway is that you can’t drag the new “window” outside of the bounds of its parent, and presumably you can’t Alt-Tab between windows either.
4. A new lens for thinking about CSS layout algorithms. I haven’t done much greenfield front-end work thus far in my career, and when I do I usually finish up trying to combine two different answer from StackOverflow only to find that it Just Doesn’t Work. I have figured out by trial and error that some properties don’t go with display: flex; but this article really helped me to understand the bigger picture of what’s going on.
5. The Laravel Origins documentary is an entertaining glimpse into the Laravel community. I do sometimes get culty vibes from Laravel fans (the bit about Taylor Otwell’s beautiful comments near the start was a bit cringy) but if it is a cult, it seems to be a very benign and happy one.

1. More about the problem of “Seeing Like a State” – designing from the top down and then being forced to make the territory fit the map. I also have a tendency to try to come up with Grand Unified Theories of Everything when I’m refactoring, although experience has taught me that if something doesn’t fit nicely into this box, it’s better to come up with two similar approaches that can reuse some code than to keep squishing it until I can make it fit.
2. About the performance impact of repeated array_merge calls. I’ve been doing a lot of cron scripts with batch processing lately and this pattern seems to keep coming up. The variable-length argument operator means it’s only one extra line of code to build an array of arrays and then do one merge at the end of the loop – nice!
3. The story of René Carmille, the French civil servant who may have been the world’s first ethical hacker. Carmille sabotaged punch card readers so that he couldn’t provide the list of French Jewish citizens that the Nazis asked him for, and helped to save thousands of lives. The full(er) story on French Wikipedia raises the age-old question about the ethics of using data for a different purpose than stated.
4. I loved this whole CakePHP presentation on writing readable code by Rafael Dohms, but the section on Object Calisthenics has really captured mthe New Zealand dollar has fallen under 65 USc overnight and is 64.9 USc just before 8am. That’s near a two-year low.y imagination. Some of the suggested rules line up with how I usually code – like preferring early returns over if/else statements – but others are a bit more challenging. I tried “only one -> per line” for half an hour this week and it was hard work!
5. I always get ten good laughs out of every Webbed Brief video and the latest “Is HTML A Programming Language?” is no exception. I’m not sure I agree with the conclusion though – if HTML is programming then so is editing a wikipedia page or using a formula in a spreadsheet. I guess like most things in life, there’s a spectrum of programming languaginess rather than a binary distinction.

1. I was enthralled by this deep dive into pagination, and wish I’d known the proposed solution of using a covering index and a deferred join to speed up offset/limit pagination at one of my last jobs … Hopefully I find an opportunity to try it out on one of my side projects soon.
2. Google Analytics, Google Fonts, and a cookie consent popup implementation have all been declared illegal in various European courts recently. The Google Fonts example is particularly interesting as the only PII that Google receives is the IP address – it had never occurred to me that user consent would be needed just to load assets from a CDN, but this ruling suggests that it is.
3. Speaking of CDNs, I missed the news that Chrome and Firefox both implemented cache partitioning last year. I guess my habit of using a CDN to load JS and CSS libraries on my side projects is now so 2012. I already suspected that my assets weren’t going to be in my users’ cache very often, given how many versions of Bootstrap and jQuery there are floating around on the web, but for a small project it feels like a simpler option than using a package manager or cluttering up the repository with dependencies.
4. In other Google news, say bye-bye to FLoC and hello to the Topics API. The chief difference here is that once Google knows everywhere you’ve been, they will generate a list of topics that you’re interested in, instead of putting you into a cohort with other people who’ve been to the same places. Or in other words, it’s FLoC but with a predefined list of 300 cohorts. Users will be able to review and change the topics that Google assigns them to as well, which will come in handy next time I google “preg tester” and get inundated with nappy ads.
5. How !important actually works. Sort of. I understood more about how CSS actually works after watching this video, but then I had to go and find out what cascade layers are. And now I have many thoughts about the fact that a lower-specificity selector in one layer can override a higher-specificity selector in another one. I suppose there must be use cases where this is worth the debugging headache, but until I meet one I think I’ll leave layers alone.

1. How enums are going to work in PHP 8.1, thanks to Laravel News. In some ways they will be less useful than defining class constants to identify your possible states (e.g. you can’t compare an enum to an integer directly, so you’ll need to do a tiny bit more to get the value of the enum). In other ways they have lots to offer (e.g. the ability to add methods, something I did occasionally back in my Java days). The main thing I love about enums is the strong typing that they offer, removing the need to keep checking whether a value that’s been passed is actually one of the “approved” values for order status or what-have-you.
2. 16 different ways of building hamburger buttons with sub-optimal accessibility. The main moral of the story is: if you’re making a button, use a <button>.
3. Spring means the start of daylight saving here in NZ. I found this summary of the last 120 years of time zone changes interesting – turns out nothing mucks with time quite like a World War.
4. The Opquast Web Quality Assurance checklist is a set of over 200 benchmarks for creating an easy-to-use website – everything from favicons to I18n to explicit embargoes on evil ecommerce practices like sneaking extra items into the cart or signing unwitting users up for your spamletter . I particularly like rule #94 (“The homepage explains the nature of the content and services offered”) – astonishing how often this isn’t the case in the real world!
5. I’ve always preferred to use my IDE in light mode. Partly because I have shitty eyesight, but let’s be honest, also because this polarising issue is second only to the tabs v spaces debate and I tend to pick the side with the least obnoxious evangelists. Deep down I wondered whether the mainstream preference for dark mode was more about showing you were a “real dev” by changing as many of your IDE settings as possible (or using vim), or a hipsterish nostalgia for the days of yore when dark mode was all there was. Imagine how delighted I was to stumble across a scientifical explanation of why light mode is better!

1. How to write better regexes in PHP. I’m looking forward to my next opportunity to use regexes in the “real world” so that I can try out some of the suggestions in this great post.
2. I already knew about the PHPStorm “Run Anything” widget (CTRL + CTRL), but I did not know there was a similar feature for code actions – SHIFT + SHIFT. This is one of several new shortcuts I discovered with this Laraval Daily video and Christoph Rumpel’s great list of PHPStorm Tips & Tricks. I’m so happy because now I can rename variables without using my mouse (a big win when working with legacy code) and also because I now know that PHPStorm has multiple cursors so there’s no reason for anybody to still be using SublimeText.
3. This quick summary of 5 Doctrine performance pitfalls has given me some food for thought about the balance between overuse of fetch joins and N+1 queries. I had not realised that Doctrine’s internal processing of rows returned via fetch joins had its inefficiencies, and it’s inspired me to revisit one of my projects and see whether two queries might be better than one.
4. If you attempt to array_unshift() an element onto the start of an array which is indexed by integer-like strings, these indexes will all get reset starting from 1 as if they were integers. This wasn’t what I meant to do anyway, but it always makes my day when I spot a weird PHP quirk in the wild on a debugging safari.
5. This delightful photo gallery of HTTP status codes illustrated by dogs brings together the two loves of my life. I particularly love the 502, which reminds me of my dog’s tireless efforts at cramming herself through various undersized escape portals after we moved to a new house this year.

1. NoSQL injection attacks are in fact a real thing, and PHP is especially prone to them due to the way you can pass arrays in your query string. The defence against these is to turn off JavaScript execution on your Mongo server (or if you really need it, to never send user-generated data to it), and to check every field of user input to make sure it is a string (or other primitive if passed in as a JSON blob) and not an array.
2. I really enjoyed a talk about information architecture called Beyond the Polar Bear by Mike Atherton. It’s a great introduction to the subject as Mike discusses the mammoth task of reorganising the BBC’s web presence, and the impossibility of generating simple, canonical, user-readable URLs for every piece of content when working at that scale. And you’ll also learn what a polar bear and a barn owl have in common.
3. How to clone a single directory of a repository using Git sparse-checkout.
4. Composer 2.0 was released in October last year and it’s waaaaay faster than its predecessor. I’ve been installing a few projects recently and it’s so nice not to be twiddling my thumbs for too long while my packages are downloaded. I’m also surprised to see that the Symfony install time is way faster than Laravel, which I’ve always considered less “enterprisy”.
5. How to test a link that opens in a new tab with Selenium and PHPUnit.

1. What the FLoC Google’s been up to in their quest to help advertisers target web users without third party cookies. I’m also reading Wild Swans at the moment and my first thought is that “Federated Learning of Cohorts” sounds more like a Maoist indoctrination camp than a technology designed to help advertisers profile website visitors. Literally the only thing I like about this is that the profile is supposed to reset after a week – I am still being stalked around the internet by a bookshelf I bought last year – but then if you visit any website that knows your personally identifiable information there’s nothing stopping them from storing this week’s profile against your name and amassing a history of the things. The thing that I like the least is perhaps Google’s proposal that it will monitor profile groups for correlations with sensitive information like race and gender … by using data that it’s collected about people’s sensitive information. I have installed the Disable FLoC WordPress plugin on this site and will be using this handy idiot’s guide to opting out to do the same on other sites I manage.
2. Insomnia is a desktop API client available for Mac, Windows and Linux. I really distrust browser-based API testers (notably Postman) because of their tendency to share cookies with any browser tabs you have open on the same subdomain. My mainstay for years has been the mock REST client in PHPStorm but that’s now been replaced with a new implementation that’s less wysiwyg so I’m looking for something new. So far I’m very happy with it, especially with how easy it is to import and export request sets so they can be shared with colleagues.
3. PHP 8 has a constructor promotion feature which allows for a lot of boilerplate declarations and assignments to be removed, and a nullsafe operator which allows you to chain away to your heart’s content. It’ll be a while before I get to play with these in production code, but I hope when the time comes I will be strong enough to wield this new superpower responsibly, rather than making all of my methods one-line chains of chaos like I used to as a grad.
4. JetBrains are introducing a new remote pairing feature called Code with Me into their IDEs. Funnily enough I only had my first experience of true remote pairing (as opposed to passively looking at someone else’s IDE in a Google Hangout) a couple of weeks ago, using a tool called Drovio which does the trick nicely. The big drawback to the JetBrains tool that I can see is that it doesn’t sound like you can share non-IDE windows (e.g. a browser or MySQL Workbench) which could be a limiting factor in some situations.
5. StackOverflow used the code they built for their April Fool’s Day joke to figure out how many people copy and paste content off their website – turns out it’s one in four users, or 40 million times in two weeks. They seem surprised that more copies are made off questions without accepted answers than questions with them, but I’m not. When there’s an answer that’s known to work you only have to copy that; when you’re swearing at your cheap burner laptop because Ubuntu doesn’t like the wireless card you’re in for a tedious afternoon of throwing random solutions at it until you’ve lost track of which ones you’ve already tried.

1. If you’re doing a query with a subselect on the @rid field in OrientDB, you need to filter out nulls from your subselect or you’ll get a OSBTreeException saying “Null keys are not supported”. It wouldn’t be a Java program without the odd glorified NullPointerException, I guess.
2. How to set up a slow query log in MongoDB. And that when you add the vital missing index, this operation too will slow up in the slow query log.
3. PHP arrays are slightly faster than objects, but they actually use a boatload more memory. And did you know that if you have a numerically-indexed array with the last key being n, and then you unset($myArray['n']), the next value pushed to the array will have key n+1 and your array will now be associative? Just two weird PHP array facts from Larry Garfield’s great Nomad PHP talk about why most uses of arrays in PHP should be replaced by custom classes which can provide better type safety and readability.
4. Composer 2.0 is now released and it’s way faster. I’m looking forward to having my first play with it over the Christmas break.
5. Why some old-school HTML format-related tags (e.g. <b> and <i>) aren’t deprecated when most of the others are (e.g. <font> and <strike>). The purist in me thinks that if these tags have really come to have a meaning beyond just the formatting, they could be renamed to something that conveys that more clearly – it would never occur to me that <u> is for annotating spelling errors!