Yes, Composer and Packagist have long-standing security issues.
The short-story: Evan is the new maintainer of xhprof. He decided against setting up his own “phacility/xhprof” package over at packagist.org and dropped Composer support completely, after he found out, that Lachlan Donald (lox), who is not the maintainer of xhprof, created such a package on packagist.org to provide Composer support for the community. Lachlan solved the problem of unresponsiveness of the original maintainer, facebook, to this request. Now, instead of solving a simple packagist registering problem, Evan came up with general and already known security concerns of the Composer and Packagist eco-system.
I’ve pulled out some of the issues raised in this debate:
1. How to verify the identify of a user account on packagist.org?
2. There isn’t any documentation on the transfer policy of packages from one user account to another.
3. How to verify that the owner of a packagist.org package is someone I trust?
4. How to verify, that any changes made to the package are authorized changes?
5. Would it be possible to sign Composer packages to raise the trust level?
And now i have to hand Evan a snickers, because: you’re not you, when you’re hungry.
PHP – http://php.net/
PHPPHP – https://github.com/ircmaxell/PHPPHP
A PHP VM implementation in PHP
HHVM – http://hhvm.com/
HHVM is an open-source virtual machine designed for executing programs written in Hack and PHP.
JPHP – https://github.com/jphp-compiler/jphp
PHP Compiler for JVM
PH7 – http://ph7.symisc.net/
An Embedded Implementation of PHP (C Library)
Phalanger – http://www.php-compiler.net/
PHP runtime & compiler for .NET/Mono
HippyVM – http://hippyvm.com/
An implementation of the PHP language in RPython
KPHP (KittenPHP) – https://github.com/vk-com/kphp-kdb
VKontake PHP to C++ transformer
Roadsend PHP Compiler – https://github.com/weyrick/roadsend-php
Roadsend PHP Raven – https://github.com/weyrick/roadsend-php-raven
Rewrite of the Roadsend PHP compiler in C++ using LLVM
php compiler – http://www.phpcompiler.org/
Zend ByteCode to LLVM Compiler – https://github.com/preillyme/llvm
(started by Nuno Lopes, not finished)
While phpUnit-testing i got the following error:
Cannot modify header information - headers already sent by (output started at /usr/bin/phpunit.phar:2)
The solution is to redirect the phpunit output to the standard error output.
phpunit --stderr ...
How to use Unicodes for Music Note Symbols as List Bullets?
Ok, here we go. Firstly, select your desired Musical Note Symbol:
2669 = ♩
266A = ♪
266B = ♫
266C = ♬
266D = ♭
266E = ♮
266F = ♯
Secondly, add the musical note symbol as content to a li:before tag.
Instead of adding the symbol directly, you might try escaping the Unicode (“/2669″).
Thirdly, remove the default bullets by applying “list-style-type: none;” to the li tag.
How to add a SQLite driver as a Database Service into Netbeans for accessing SQLite database files?
- You will need a SQLite driver. I suggest to use the one from https://bitbucket.org/xerial/sqlite-jdbc
- Direct Download: https://bitbucket.org/xerial/sqlite-jdbc/downloads/sqlite-jdbc-3.7.2.jar
- Start Netbeans
- Open the Services Window via Menu: Window -> Services (or just Ctrl+5)
- Expand the “Databases” node and right-click on “Drivers”.
- The dialog “New JDBC Driver” appears. Click “Add…” and in the “Select Driver” dialog, select the downloaded driver file.
- Click Find to scan for the proper class name. Now “org.sqlite.JDBC” should appear in the Driver Class text field.
- Give this driver a name field like “SQLite Driver”
- Expand the Drivers node, and you should see the SQlite entry
How do i access a SQLite database file with this thingy?
- Expand the Drivers node, right-click on “SQLite Driver”.
- Click “New Connection..”.
- The “New Connection Wizard” dialog appears.
- Specify a JDBC URL to your SQLite file, like so jdbc:sqlite://C:/folder-where-your-database-file-resides/sampledb.sqlite