How to make them webs

APC (3.1.3)

For a time, APC ruled the world, and it was good.Then, it’s development stalled, apps began to break, and PHP 5.5 support never materialized under pressure of Zend. So sadly, end of story here.

Zend OPcache (7.0)

This is the current canonical solution, it comes bundled with every PHP since 5.5.

Zend knows a bit about PHP, no doubt. But its opcache is not really a one-size-fits-all solution, as APC. It usually comes up fastest in benchmarks, but at a price:

no user/variable caching

no clean up (once it gets full, it’s full and just waits for a complete waste purge or server reset)

The clean up thing becomes a problem when your complied php codebase is larger than the spare memory (rule of thumb 32MB per one average CMS). If you try to host even a small number of those, on a 2G VPS, it adds up quickly.

Zend OPCache never frees cache memory. Invalidation just marks space as “wasted” - lost for the rest of the server lifetime.

When you do run out, nothing catastrophic happens. The cache hit rate will start to drop slowly (tuning guides cite <99% as an indication of waste accumulation).

You can restart the server to clean the cache, but then it takes some time “warming up”.

The user caching can be outsourced by dedicated solutions, like memcached, apcu. Strangely there is currently no user caching available in PHP7 anywhere.

Other nice features include:

string caching

comment stripping

Zend Code Optimizer

PHP 7 support

Read more, than you ever wanted to know about OPcache.

XCache (3.2.0)

The rebels from lighttpd implemented op/variable caching in a way which makes it more flexible and it rocks. It’s supported on up to PHP 5.6 and is only marginally slower than Zend (rather in the “YMMV” area).

Significant features include:

user/variable caching

cache TTL

splittedcache (”pools”)

User caching is a no-brainer. People and apps got to used to it.

Splitted cache was designed to leverage parallel memory access on SMP computers, but that is more of a theoretical advantage. It’s not even clear, if it offers any advantage in a common multi-core system. But let’s not dismiss this one...

Having TTL’d cache items is a nice feature, but comes with new problems. One of the most painful is memory fragmentation management.

When you start deleting chunks of memory, holes appear. Dealing with this is more difficult as it sounds and fragmentation was a problem in APC. Sooner or later you end up with holes which are not big enough for new data.

The cache has to do garbage collection, look for holes big enough for now data, it can start cleaning up by moving fresh things around, etc. It all comes at some CPU cycle price and disrupts the speed-up summary.

This is where that splittedcache makes a comeback. XCache allows you to manage/clean pools separately, so you can partially reclaim the space, without the need to flush it all out.

I’m not really sure how keys are split to caches, whether you can influence that, or that there is a automated mechanism for fragmentation resolution in XCache. But you can push the button and gradually clean the cache up.

Note that XCache supports PHP 5.1 - 5.6, but hasn’t been updated in 18 months and PHP7 probably isn’t going to happen.

Does it matter?

When you can give enough memory to cache and have immutable source files in production, it doesn’t. You are better served with OPCache here most of the time.

When your can’t afford reserving space for seldom used items, when you run out of space, resets regularly on waste-limit, suffer from cache hit rate degradation, or high delete rates, it does. Consider XCache and it’s manageability.

Notes

This comparison assumes that you know the implications of different ways of serving PHP (fast/CGI, FPM, mod_php, LSAPI, etc) has on opcaching.

I couldn’t find any other opcache extensions for PHP 5.6

What is the motivation of a user clicking something other than start/end prev/next on a list pager?

Spoiler: get the state-of-art setting here: https://cipherli.st/

If you need to see, what’s going on, how Alice and Bob are doing, check:

https://en.wikipedia.org/wiki/Cipher_security_summary

https://en.wikipedia.org/wiki/Hash_function_security_summary

If you need a recommendation about key lengths, and the protection they offer into the future, https://www.keylength.com/en/compare/ has some publications and standards compared.

OpenSSL is one of the leading implementations, check  it for cipher support and speed (Intel “Skylake” processors bring a nice AES boost).

1. Mod_security comes bundled with the nicely branded, free OWASP CRS. Thing is - it’s stale since 2013... and is pure hell of false positives.

2. The official commercial alternative is Trustware SpiderWeb WAF, which seems to receive updates daily (no list, nor trial) at a hefty 500$/y.

3. You google further, you find the Atomicorp Gotroot ModSecurity Rules. They claim superior history and performance (”works right out of the box without any tuning and without interference”). Again, no trial or update feed, and at 200$/y.

4. And then, hidden from sight, is the Comodo WAF, which is receiving updates (every month or biweekly, at least) - and is free (registration necessary). The set seems balanced and shows a decent detection rate so far for me.

Comodo seems to use emergingthreats (now by proofpoint.com) as an internal source. ET is a great source of free and premium snort/fw rules, but does not offer converted mod_security signatures.

Snort

Snort itself (by VRT, now Talos), has an extensive web-app section in it’s free registered set, but again, it’s not easy to convert to mod_security.

Snort can work in place of mod_security, but has a major drawback - it can not see inside HTTPS traffic - which mod_security can.

we can’t just treat screens in the 5.5” range simply as a scaled-up version of a smaller phone. Grips completely change, and with that, your interface might need to do so, as well.

I think prototyping will become even more important. So if you haven’t jumped on that train, now’s the time.

It's easy to get caught in an "optimization" frenzy. Especially when it comes to such complex and side-effect loaded environment as the TCP stack.

Where can each grant directive be applied?

dt { font-weight:bold;} dd { font-size: smaller;} th { padding: 12px 3px; background-color: #ddd;} td { padding: 0.5em 0.25em; vertical-align:middle; border: ;} code { display: block;}

GRANT Global Database Table Column Procedure Proxy

ALTER

Enable use of ALTER TABLE.

yesyesyes

ALTER ROUTINE

Enable stored routines to be altered or dropped.

yesyesyes

CREATE

Enable database and table creation.

yesyesyes

CREATE ROUTINE

Enable stored routine creation.

yesyes

CREATE TEMPORARY TABLES

Enable use of CREATE TEMPORARY TABLE.

yesyes

CREATE VIEW

Enable views to be created or altered.

yesyesyes

DROP

Enable databases, tables, and views to be dropped.

yesyesyes

EVENT

Enable use of events for the Event Scheduler.

yesyes

EXECUTE

Enable the user to execute stored routines.

yesyesyes

GRANT OPTION

Enable privileges to be granted to or removed from other accounts.

yesyesyesyesyes

INDEX

Enable indexes to be created or dropped.

yesyesyes

INSERT

Enable use of INSERT.

yesyesyesyes

LOCK TABLES

Enable use of LOCK TABLES on tables for which you have the SELECT privilege.

yesyes

SELECT

Enable use of SELECT.

yesyesyesyes

SHOW VIEW

Enable use of SHOW CREATE VIEW.

yesyesyes

TRIGGER

Enable trigger operations.

yesyesyes

UPDATE

Enable use of UPDATE.

yesyesyesyes

Meta keywords: ALL is all expect grant. USAGE is none.

As of MySQL 5.6

Nice half-way solution to the "click-to-copy-without-flash" trauma by crayon-syntax-highlighter.  By using an icon for copy which preselects the text (we have seen those ) and tells you what to do (Nielsen-grade) in a nice way (Norman-grade)

Wonder if ti's platform-aware...