Paul M. Jones

It can be difficult to find a truly standalone, authentication-only library, and Aura.Auth fits that bill.

The library is still under development, but the major pieces are all now in place:

• a state-tracking object

• services for login, logout, and resuming sessions

• adapters for htpasswd and PDO backends

• service integration idioms (including HTTP Authorization: Basic login integration)

• native session management

Each layer can handle custom implementations. There are instructions for custom adapters, custom session managers (including session-less authentication), and custom services.

Via An Updated Preview Of Aura.Auth.

But this idea that bureaucrats -- very broadly defined -- can become their own class bent on protecting their interests at the expense of the public seems not only plausible but obviously true.

The evidence is everywhere. Every day it seems there’s another story about teachers’ unions using their stranglehold on public schools to reward themselves at the expense of children. School-choice programs and even public charter schools are under vicious attack, not because they are bad at educating children but because they’re good at it. Specifically, they are good at it because they don’t have to abide by rules aimed at protecting government workers at the expense of students.

The Veterans Affairs scandal can be boiled down to the fact that VA employees are the agency’s most important constituency. The Phoenix VA health-care system created secret waiting lists where patients languished and even died, while the administrator paid out almost $10 million in bonuses to VA employees over the last three years.

Working for the federal government simply isn’t like working for the private sector. Government employees are essentially unfireable.

See also the IRS. Via Of the Bureaucrats, by the Bureaucrats, for the Bureaucrats | National Review Online.

The Supreme Court ruled Wednesday that police cannot go snooping through people’s cell phones without a warrant, in a unanimous decision that amounts to a major statement in favor of privacy rights.

Police agencies had argued that searching through the data on cell phones was no different than asking someone to turn out his pockets, but the justices rejected that, saying a cell phone is more fundamental.

This is a blow in favor of liberty. Now you need to remember to uphold your rights. When the officer asks to see your cellphone, you reply in a polite and deferential tone: "Officer, with great respect, I do not consent to searches. May I be on my way now?" Via Supreme Court bans warrantless cell phone searches - Washington Times.

In an earlier article I described how to start moving away from singletons in favor of dependency injection. It occurs to me that the process for moving away from Service Locator is almost exactly the same, except that we use the container outside the class instead of inside it.

Let's say we have a class that uses a Service Locator. First we examine the class for all uses of the locator. Then, we create constructor parameters for the dependencies it extracts from the locator, and add setter code for those dependencies in the constructor body. For example, we can convert the above Service Locator example classes to these dependency-injected variations:

<?php
class FooClass
{
    protected $db;
    public function __construct(Database $db)
    {
        $this->db = $db;
    }
}

class BarClass
{
    protected $db;
    public function __construct(Database $db)
    {
        $this->db = $db;
    }
}
?>

Finally, any time we instantiate one of these dependency-injected classes, we use the locator outside the class to retrieve the dependencies. We then pass them to the new call for the class. For example:

<?php
// for FooClass
$db = $container->get('db');
$foo = new FooClass($db);

// for BarClass
$db = StaticContainer::get('db');
$bar = new BarClass($db);
?>

Now the class dependencies are explicit and predictable, instead of implicit and unpredictable (i.e., the class might depend on any combination of dependencies hidden inside the container). It is also somewhat easier to build a test, since we only have to build the dependencies themselves, not the container that holds the dependencies.

Afterword

Are you overwhelmed by a legacy PHP application? Have you inherited a spaghetti mess of code? Does it use globals everywhere, so that a fix in one place causes a bug somewhere else? Does every feature addition feel like slogging through a swamp of includes?

It doesn’t have to be that way. "Modernizing Legacy Applications in PHP" gives you step-by-step instructions on how to get your legacy code under control by eliminating globals and separating concerns. Each chapter shows you exactly one task and how to accomplish it, along with common questions related to that task.

When you are done, you will come and go through your code like the wind. Your application will have become autoloaded, dependency injected, unit tested, layer separated, and front controlled. And you will have kept it running the whole time.

Buy the book today!

Read the Reddit discussion about this post here.

Marion Zimmer Bradley, celebrated science fiction and fantasy author, recipient of the, cofounder of the Society for Creative Anachronism, posthumous recipient of the World Fantasy Award for lifetime achievement, has just been revealed by her own daughter Moira Greyland as a repeat child molester, who not only countenanced her sometime husband Walter Breen‘s relationship with an underage boy, but also violated her own daughter,  and other children, of both sexes, repeatedly, over many years.

I apologize to anyone this offends, but this is already public information and I am simply repeating it. Walter Breen’s convictions are a matter of public record, and reinforced by Bradley’s own public statements on the subject. This goes far beyond any notion of Fifties homophobia. And also, I apologize to Moira Greyland if sharing this upsets her further, but her statement is already being shared elsewhere, and I’m just adding a little more exposure on top of what’s already going on – with some good purpose, I hope. And I apologize if this article title for one moment appears to call into question what she said, but I’m adding it in case TeleRead needs a fallback position and I’ve been wrong all along. But so far it looks like anything but.

Cue the excuses. Via Marion Zimmer Bradley was a child abuser - says her own daughter « TeleRead: News and views on e-books, libraries, publishing and related topics.

Bad software may be created by coders. But its cause is bad management. The typical problems are needlessly complex requirements, poor communication in the project team between business and technical people, and inadequate testing.

From the discussion of an article about whether to require software engineers to be licensed at Good Sentences, Bad Sentences | askblog.

According to the RSS satellite data, whose value for May 2014 has just been published, the global warming trend in the 17 years 9 [months] since September 1996 is zero (Fig. 1). The 213 months without global warming represent more than half the 425-month satellite data record since January 1979. No one now in high school has lived through global warming.

The hiatus period of 17 years 9 months is the farthest back one can go in the RSS satellite temperature record and still show a zero trend. But the length of the pause in global warming, significant though it now is, is of less importance than the ever-growing discrepancy between the temperature trends predicted by models and the less exciting real-world temperature change that has been observed.

Meanwhile, my understanding is that atmospheric carbon has continued to increase. The models based on carbon don't look very predictive at this point. Via The pause continues – Still no global warming for 17 years 9 months | Watts Up With That?.

Aura.SqlQuery provides provides a truly independent, fully decoupled package of query-building tools for PHP 5.3 and up. With it, you can use object-oriented techniques to create SELECT, INSERT, UPDATE, and DELETE queries. The package comes with a set of common base query objects, and provides specialized objects for MySQL, PostgreSQL, SQLite, and Microsoft SQL Server.

When we say “truly independent and fully decoupled” we really mean it. The SqlQuery package has no dependencies on any particular database connection system or abstraction layer. For example, you can build a SELECT query, then pass the finished query string to a PDO connection, a mysql connection, or through the database abstraction layer of your choice. This means the package is suitable for any framework or application that needs a query-building mechanism.

Via Aura.SqlQuery v2 Stable Release.

It is heartbreaking, and intolerable, and a whole host of other adjectives that, taken together, still couldn’t account for the daily reality of women treating themselves and other women with an unbearable amount of disrespect and contempt.

How do women hate each other? They’re too numerous to catalog here but we can include ubiquitous women’s magazines and websites that ingrain false notions of physical perfection, hypersexuality and material wealth while peddling alcohol, cigarettes and elixirs of youth.

Then there are the ever-present culture wars pitting women who believe in the “right to life” against those who believe in “a woman’s right to choose,” or those who want to pursue a career versus those who want to stay home with kids, or breast-feeding against bottle feeding, yada, yada, yada. Each portrays the other as incapable of making good choices.

If women became safe and respected by all men becoming feminists, then women accepting their own misogyny -- whether defined as bias, hatred, cattiness or extreme snark -- would seem to hasten a similar state.

Women may never be able to walk down a dark alley and feel completely comfortable, but it shouldn’t take so long to feel their self-esteem is likely to be safe within a diverse population of other women. For now, plenty of women wage war on other women.

Written by a woman, ladies. Via Esther Cepeda: Too many women ignore their own misogyny - The Washington Post.

The v1 version of the Aura framework includes a controller to handle web assets. The idea for this controller was that an Aura package might have images, scripts, and stylesheets that need to be publicly available, but in development you don't necessarily want to copy them to a public document root every time you change them. The framework dispatches all "/asset/*" routes to the asset controller, which in turn reads the requested package asset from the file system and places its contents into the response body. Performance-wise this is horrible, so in a production environment one would use a build process to copy all the package assets to a static asset server, but in a local development environment it is a valuable convenience.

Take a look at the v1 version of the asset controller. It is constructed as a Page Controller within an MVC architecture. The default actionIndex() method receives an Aura package name in the form of Vendor.Package and a trailing file path indicating the asset to load from that package, then reads that file from the package and loads it into the response body.

That v1 version is a mess. The Controller handles the response-building entirely, and there is no Model separation at all. Let's try refactoring it to an Action-Domain-Responder architecture and clean it up some for a v2 version. (For this example refactoring, we have Hari KT to thank for getting us started.)

1. First, we need to extract the Domain portions of the code. After some discussion, we determined that the Domain here is the file-reading portions of the code. Instead of an Aura-specific Vendor.Package algorithm, we build a map of vendor/package keys that point to arbitrary directory prefixes (typically but not necessarily in a Composer installation). Finally, we figure that the caching elements would be better as part of a build process rather than on-the-fly, so we remove those caching elements; this reduces a significant portion of the Domain work.

2. Next, we extract the response-building activity to a separate Responder class. The response-building work turns out to be relatively straightforward: if the asset has a path, that means the service found it, and we should present it as 200 OK; if not, we present it as 404 NOT FOUND.

3. Last, we rename the Controller to an Action, and name its one-and-only "main" entry point as __invoke(). We modify the code in the Action to (1) invoke the Domain with the incoming request input, (2) place the Domain data into the Responder, and (3) return the Responder.

The end result is three classes instead of one: AssetService to handle Domain work, AssetResponder to handle the response presentation, and AssetAction to handle the incoming request and pass data from the Domain to the Responder.

Compared to the original Controller class, we clearly have more classes, and (aside from the fact that we removed the caching functionality) we likely have somewhat more code as well. But each class, and each method in each class, is relatively short, and the package overall is much more testable:

• the AssetServiceTest is completely freed up from the Action and Responder (as it should have been in the original MVC code)

• the AssetResponderTest does not need either the AssetAction or the AssetService, and is able to examine both the body and the headers of the response

• the AssetActionTest does little more than to check if __invoke() returns a Responder, and see if the assigned data was retained

This separation has the effect of making the underlying components much more independent of each other and a lot easier to test. If we wanted to get really serious we would use interfaces and test doubles to fully isolate the classes.

Right now, some readers are looking at this example and wondering "How is this different from refactoring to a better-separated MVC?" The main difference in this particular example is that, in a webbish MVC setup, the work of setting response headers is generally handled in the Controller. Doing so does not give us as clean a Separated Presentation as we see under ADR. (Remember: on the web, the template is not the view; the response is the view.) In addition, to test the full response (i.e., the headers as well as the body) we would need to run the controller action code instead of just the separated presentation code.

Two final notes:

• This example is not the only way to do Action-Domain-Responder. The Action could invoke the Responder directly, instead of allowing the calling code to invoke it. The Action might receive a ResponderFactory instead of a Responder object directly. The Responder might receive a ResponseFactory instead of a Response object directly. The Action might just be a closure in a micro-framework route. The point is that we now have a cleanly separated presentation, where the response-building work is completely extracted from the Action, and the Domain work is simiarly completely extracted from the

• The Action returns a Responder and not a response object; this is predicated on how Aura.Dispatcher works. When the dispatcher invokes a Controller or Action, it checks the return value from that invocation; if that return value is itself invokable, the dispatcher does so recursively until the return result is no longer invokable. This means that the Dispatcher becomes responsible for invoking the Responder returned from the Action; the invoked Responder returns the completed response object.)

That is all; if you have comments on the Action-Domain-Responder paper, please leave them here or as issues out at Github.

Read the Reddit discussion about this post here.