Friday, January 29, 2016

Secure SSH configuration

Many people use default configs, keys, moduli, etc. from their hosters or distributions which is not a good idea. So I created this guide to secure your SSH service. It's not directed to PHP performance, but helps you to improve the security of your servers.

What we do:

  • block all ports for incoming traffic
  • use knockd to open the SSH port only when it's needed
  • create secure keys and moduli
  • restrict key exchange protocols
  • restrict ciphers used to encrypt the data
  • restrict message authentication codes used to ensure integrity
  • restrict openssh to those features you really need
  • use keys files for client authentication

Tuesday, January 26, 2016

Crazy PHP, a collection of phenomenons and common mistakes

Oftentimes PHP is like Java, but in many cases, it's not. In this article I'm trying to collect some examples of paranormal behavior of PHP code.

Re: Performance Impact of the PHP Garbage Collector

What is the impact of the garbage collector on PHP7? Learning from the blackfire.io blog that PHP 5.x could be faster without garbage collector, I made a test with the latest PHP 7.02.

Lessons learned:

  • Disabling the garbage collector makes the request 2.7 times slower with latest PHP7
  • Disabling the garbage collector makes the request 50 percent slower with latest PHP5.6

Labels

performance (23) benchmark (6) MySQL (5) architecture (5) coding style (5) memory usage (5) HHVM (4) C++ (3) Java (3) Javascript (3) MVC (3) SQL (3) abstraction layer (3) framework (3) maintenance (3) Go (2) Golang (2) HTML5 (2) ORM (2) PDF (2) Slim (2) Symfony (2) Zend Framework (2) Zephir (2) firewall (2) log files (2) loops (2) quality (2) real-time (2) scrum (2) streaming (2) AOP (1) Apache (1) Arrays (1) C (1) DDoS (1) Deployment (1) DoS (1) Dropbox (1) HTML to PDF (1) HipHop (1) OCR (1) OOP (1) Objects (1) PDO (1) PHP extension (1) PhantomJS (1) SPL (1) SQLite (1) Server-Sent Events (1) Silex (1) Smarty (1) SplFixedArray (1) Unicode (1) V8 (1) analytics (1) annotations (1) apc (1) archiving (1) autoloading (1) awk (1) caching (1) code quality (1) column store (1) common mistakes (1) configuration (1) controller (1) decisions (1) design patterns (1) disk space (1) dynamic routing (1) file cache (1) garbage collector (1) good developer (1) html2pdf (1) internationalization (1) invoice (1) just-in-time compiler (1) kiss (1) knockd (1) legacy code (1) legacy systems (1) logtop (1) memcache (1) memcached (1) micro framework (1) ncat (1) node.js (1) openssh (1) pfff (1) php7 (1) phpng (1) procedure models (1) ramdisk (1) recursion (1) refactoring (1) references (1) regular expressions (1) search (1) security (1) sgrep (1) shm (1) sorting (1) spatch (1) ssh (1) strange behavior (1) swig (1) template engine (1) threads (1) translation (1) ubuntu (1) ufw (1) web server (1) whois (1)