PHP, Docker, Xdebug and the missing local variables

Posted on 21 October 2018 – 2 minute read

I've made a switch in the last 12 months to use Docker as my local development environment for my PHP applications. One of the greatest modules for PHP IMHO, is Xdebug. Many moons ago, I used to frantically hack in 'var_dump(...); exit;' calls to see what a particular variable, object, array, etc contained. This is "OK" and it will do just that, but having a step debugger like Xdebug shows you a much wider picture and enables you to trace into other parts of the code with ease. The other massive advantage, is there's zero chance of missing a var_dump() and commiting it to your repo for deployment!

I'm not sure if this is a PHP7.2 thing (I suspect it is?)... but when putting breakpoints into the code (I use PhpStorm as my preferred IDE), I would see everything, except local variables. I'd see all of the globals, params injected into methods, but no locally initialised variables. This is when running as a 'PHP Web Page' configuration in PhpStorm. When writing tests (we are writing tests, right? =P ) I could put breakpoints in either the code or the test itself and all variables would be visible. I've been banging my head against my desk for a few days with regards to this issue. I've scoured the 'net, read multiple posts on StackOverview and the likes of others encountering the same problem, but also with other IDEs too (such as VSCode). I'd tried just about every xdebug.* PHP setting under the sun to rectify this to no avail.

I did some more digging about this evening and one of the things I tried, was enabling/disabling PHP modules. It didn't take long to discover the culprit doing this... PHP's OpCache module!

I'm guessing that as part of it's internal optimisation, that it does $something with the variables making them not visible within the Xdebug stack. By removing the symlink to the opcache.ini module loader, things are all working as expected.

Hopefully this will help others experiencing the same issue that I've been having in regards to local vars not displaying.

Nginx behind Apache reverse proxy with access restrictions

Posted on 14 March 2018 – 3 minute read

I have a couple of sites that are sitting behind Basic HTTP Authentication restrictions. They're simple applications that don't need full-blown built-in access control and are served over HTTPS, so Basic HTTP Auth serves just fine as a restriction control.

However, I do like to be able to access these either from internal, or specific static IP addresses without the need to have to log in all of the time, so I configured Apache in such a way that this can be achieved, for example, within a <Directory...></Directory> block:

Order deny,allow
Deny from all
AuthName "Restricted"
AuthUserFile /path/to/.htpasswd
AuthType Basic
Require valid-user
Allow from 192.168.0.0/16 10.0.0.0/8 1.2.3.4
Satisfy Any

This will then prompt for Basic HTTP Auth credentials unless the client IP address is one of the listed IP addresses / ranges in the Allow from... list.

GitLab CE, Docker, PHP7.1, Laravel 5.5, SQLite CI pipeline

Posted on 02 December 2017 – 5 minute read

I've been coding in PHP for more than 15 years using a variety of environments; Windows, FreeBSD, Linux, MacOS, VMWare+Vagrant+Linux, but more recently, I've been wanting to make the move to Docker.

I've also gone through various methods of working with code bases, from duplicating directories and incrementing version numbers, SVN and now Git, but unlike many, I don't much use GitHub for personal projects and prefer my self-hosted instance of GitLab CE. Git and GitLab have worked fine for some time, but I've recently started thinking about CI. This posed a few issues, but I managed to get it running with GitLab CI using a shell executor. This was OK, it's my own code running on a server I run and maintain myself in my home office, but what if I want to run things under different circumstances, PHP version for example? Welcome Docker =)

I started with a PHP image from phpdockerio, shelled into the container, added some modules etc, logged out of the container and selected to use my local image. Many of you already fluent in Docker will quickly realise this doesn't work! You need more than that... being the Docker n00b that I am, I started to search the interwebz as to why my updates hadn't survived... doh! I need to commit my changes.

WoSign / StartCom SSL certs soon to be worthless in Google Chrome

Posted on 08 July 2017 – 1 minute read

As has been announced for a while, Google, Mozilla and Apple have been slowly dropping the trust level on certificates provided by WoSign / StartCom. This was primarily due to WoSign backdating certificates allowing people to continue to use SHA-1, a known insecure hashing algorithm.

Things are about to get real, with all certificates and any whitelisting that had been put in place by Google in their Chrome browser will become fully distrusted, according to Devon O'Brien, Chrome's security engineer.

"Beginning with Chrome 61, the whitelist will be removed, resulting in full distrust of the existing WoSign and StartCom root certificates and all certificates they have issued," O'Brien said. "Based on the Chromium Development Calendar, this change should be visible in the Chrome Dev channel in the coming weeks, the Chrome Beta channel around late July 2017, and will be released to Stable around mid September 2017."

O'Brien advised sites still using certificates issued by WoSign / StartCom to "consider replacing these certificates as a matter of urgency to minimize disruption for Chrome users."

Downgrade Yubioath Desktop from 4.x to 3.1.0 for Linux

Posted on 06 April 2017 – 3 minute read

I love my Yubikey Neo and use it many, many times daily on all 3 platforms (Linux, Mac and Windows). My primary OSes are Linux for my personal Lenovo laptop and my work-issued Macbook Pro. I recently upgraded Yubioath Desktop on my Linux box running Linux Mint to v4.0.1. This upgrade touted an improved user-interface amongst other fixes and improvements.. woohoo I thought to myself as although the previous version (3.1.0) was a fair improvement over 3.0.x, it wasn't without its issues.

The install went smooth as silk as was using their Ubuntu / Debian PPA to it was a simple case of apt upgrade yubioath-desktop. After the upgrade had completed, I ran it from the desktop and a shiny new application opened. At first glance, this looked good, but it wasn't long before IMO, there was a glaring issue... the items in the list were in some kind of who-knows-what illogical order. Version 4.x, like 3.1.0 does have a filter bar at the bottom, but one of my frequently used items is 'Amazon', which was always the first entry in the list, so I didn't need the filter bar for that. Right now, in version 4.0.1, I have no idea what position my Amazon item is in, only that it's buried deep somewhere in amongst the items.

UniFi Video G3 Camera CCTV home setup

Posted on 13 March 2017 – 6 minute read

Following on from a recent post on my new Ubiquiti UniFi networking setup, I decided to write a separate post about my UniFi G3 CCTV home setup too.

I originally had an Annke system. This was “OK” for a while, but the cloud viewing component for my “iThings” used XmEye. This was apparently open to issues with the Mirai IoT botnet malware. I immediately disconnected the ethernet cable from the back of the control box and made sure that no wireless connection could be made from it to the outside world.

I had got quite accustomed to having the knowledge that CCTV was protecting my home to some degree and decided to put all my eggs in one basket for want of a better term and went with the G3 units from Ubiquiti. The immediate specs of interest for these are:

  • 1080p HD resolution
  • 30fps
  • Built-in microphone
  • PoE installation
  • IR night vision

The Annke system didn't have audio, so this was a bonus for me, plus they can record in full 1080p HD definition, better than the 720p of my previous setup. One other big bonus over the previous kit, was that they were powered via PoE so I could plug them directly into my UniFi 8 port 150w switch without requiring any extra cables.

Blogging with Ghost

Posted on 12 March 2017 – 2 minute read

After having used Wordpress for some time for Squarecone, I decided to look at alternatives as a basic blogging platform. Wordpress does what it says on the tin and provides blogging features, but it's become far more of a generalised CMS these days, that it's more complex and time consuming to work with, and to be honest, I also fancied playing with new software... welcome aboard Ghost.

I'd not looked into this before, neither had I ever worked with the Handlebars template engine. It didn't take long to get acquainted with both. I've been wanting to build a custom theme for Squarecone for ages, but have never found the spare time due to heavy work / family commitments, but part of the attraction to Ghost for me, was its simplicity and the ability to write the posts as Markdown rather than using the WYSIWYG editor (which I normally disabled and wrote as plain HTML) in Wordpress.

Ubiquiti UniFi in the home

Posted on 26 February 2017 – 11 minute read

Although I hadn’t heard of them before, I’d never thought to use a setup like Ubiquiti UniFi in the home. Initially I thought it might be overkill, despite many things connected to my home network. After poor wifi performance in some areas of the house, and some good reviews from people on Twitter, I decided to have a look.

I also wanted to replace the CCTV system at home as the system I had originally, ultimately had potential issues with the Mirai IoT malware.

My original core network simply contained a DrayTek Vigor 2850n router and a few Netgear gigabit switches.

Linux mouse speed adjustment

Posted on 08 January 2017 – 2 minute read

So I’ve recently switched semi-permanently over to using Linux Mint as my OS on my Lenovo W530. Using *nix as a desktop OS isn’t new for me, back i the day I used to run FreeBSD4.4 with Window Maker on an IBM PII 350Mhz desktop box.

However, things have moved on nicely and when I have my laptop sitting in my dock, I have a mouse plugged in, namely a Razer Mamba. This is a great mouse, and one of only 2 mice I actually enjoy using (my other trusty steeds are a couple of Logitech LX8s). The issue I have is that under Linux Mint both the trackpad and mouse are waaaay too fast for my liking and the type of use I need them for, despite being adjusted to the lowest setting in the Mouse & Touchpad settings, so I use xinput to set them directly. The problem is, is that the mouse is listed twice; the first instance is for the mouse, and the second instance as a “keyboard” (I guess this is due to the programmable nature of the device, which means I need to set the properties by using the device ID instead of the name. Not too much of an issue if you do it manually, but I want to automate this at login as setting it manually each time will get very boring, very quickly, so I decided to use PHP for this purpose as I already have it installed on the laptop.

I use the following script to set both the trackpad and mouse speeds according to the values I like. YMMV and the values can easily be adjusted from the constants at the top of the script.

TalkTalk wi-fi router passwords stolen

Posted on 06 December 2016 – 1 minute read

TalkTalk customers’ wi-fi passwords have been stolen following a malware attack that blocked their internet access last week, an expert has warned.

The researcher said other details had also been taken that would let attackers pinpoint where the equipment was being used, making more targeted hacks possible.

Pen Test Partners’ Ken Munro wants thousands of routers to be replaced.

But a TalkTalk spokeswoman said it had not see evidence to confirm the thefts.

“As is widely known, the Mirai worm is affecting many ISPs [internet service providers] around the world and it has affected a small number of TalkTalk customers,” she said.

“We continue to take steps to review any potential impacts and have deployed a variety of solutions to ensure customers’ routers remain safe.

“We have also employed additional network-level controls to further protect our customers.”

Read the full article at the BBC.