CakeDC Blog

TIPS, INSIGHTS AND THE LATEST FROM THE EXPERTS BEHIND CAKEPHP

Working with a company that embraces open source

I've done my fair share of working for closed and "open" companies. I've recently (in July 2011) clocked over two years working here at the Cake Development Corporation, and while attending the Open Source Developers Conference (2011) in Canberra, I have had some time to reflect on my experiences with the company, and my feelings regarding my work here.

Traditionally I have found that companies that claim to be pro-FOSS or open source companies are those that are making a profit, through the use of open source technologies. This is awesome. I love that the proliferation of open source software continues to grow and be adopted by traditionally closed, and proprietary software users. This produces better quality software for all of us.

While CakeDC produces a large quantity of client projects that are closed source, what we do have control over is the common reusable components that we use to build and produce web applications for our clients. These are developed and refined over a number of years, and have been a pillar in our success as a company. To be able to draw on years of experience through various developers and quickly build high quality, high performance websites continues to draw attention, referrals and interest from businesses and the community alike.

A decision made back in mid 2010, initially proposed by Larry Masters, our President, was to open source all of our plugins. This decision stirred a lot of discussion internally, and there were mixed opinions. While we each individually contribute to open source, speak about it at conferences, engage the community and promote open source, the concept of releasing all our internal code for public consumption for me was a little daunting. The decision was made, and we spent some time cleaning up code, making sure everything was documented and in a good state to release. You can now find all of our plugins and projects on the CakeDC Github Account.

The initial load of dealing with issues and support questions, emails and contact from the public was somewhat overwhelming. We deal with issues and features very well internally, but as the process is different to open source projects we contribute to, this produced a somewhat less productive period of time for us while we adjusted our work structure and organisation to accommodate our new open source projects. We now action issues, support requests and other contact from users in a timely manner, and are receiving new and useful commits to the repositories consistently from the community. Overall the experience has been a learning one, and a very positive one.

CakeDC support the staff and community in other ways. We are constantly sending staff to conferences both to speak and to attend. This allows us to talk more broadly about CakePHP, PHP in general, and other projects we use and are involved with. It also allows those attending the events from CakeDC a great opportunity to network, and learn from some of the more interesting and innovative minds of our time. This is something that we have come to do through the support of CakePHP, and through our newfound knowledge and experience in working with communities and projects openly.

Working with a company like CakeDC, embracing open source and supporting a community like CakePHP is extremely rewarding and equally challenging; and a job without challenges is not what that I would want to be involved in for any long period of time.

After speaking with many people working on awesome, interesting projects that are closed, or "not ready" to open source, I really count myself lucky to be working for a company that has embraced open source, contributed to the community, and demonstrates a dedication to supporting those projects and communities.

Latest articles

Using a vagrant box as quick environment for the Getting Started with...

We've decided to create a simple vagrant box with all the required packages to improve the environment setup step in our free Getting Started with CakePHP training session. We used other tools in the past, but we hope vagrant will help users to install a common environment before the session to get the most of it.

Requirements

Setup

  • Create a new folder where the code will be located
  • Create a new file called Vagrantfile with the following contents
# -*- mode: ruby -*- # vi: set ft=ruby : Vagrant.configure("2") do |config| config.vm.box = "cakedc/cakephp-training" config.vm.network :forwarded_port, guest: 8765, host: 8765 config.vm.network :private_network, ip: "192.168.33.33" config.vm.provider "virtualbox" do |vb| vb.memory = "1024" vb.customize ['modifyvm', :id, '--cableconnected1', 'on'] end end
  • Run vagrant up
  • Wait (download could take several minutes depending on your internet connection)
  • Run vagrant ssh
Now you have ssh access to a training ubuntu (16.04) based virtual machine, with all the requirements to run your training CakePHP application.
  • Setup a new CakePHP project
cd /vagrant composer create-project cakephp/app
  • Start the local server
cd /vagrant/app php bin/cake.php server --host 0.0.0.0
  • From your host machine, open a browser and navigate to http://localhost:8765
  • You should be able to see the CakePHP welcome page
  We think this VM will enable faster environment setups, and an easier entry point to the training session. Please let us know if you find issues with this process.

Boosting your API with CakePHP API and PHP-PM (ReactPHP)

A couple days ago AlexMax commented in CakePHP's IRC channel about the https://github.com/php-pm/php-pm project and it rang a bell for us. We did a couple tests internally and found this could be a great companion to our API plugin, so we wrote a new Bridge for CakePHP and ran some benchmarks.

The Cast

We put all together and created a sample application (1 posts table with 30 records) to do some benchmarks.

Benchmark configuration

We are not aiming to provide detailed or production figures, just a reference of the results obtained for your comparison. Results are generated from a development box, using PHP 7.1.12-3+ubuntu16.04.1+deb.sury.org+1 with xdebug enabled on ubuntu xenial, 8x Intel(R) Core(TM) i7-4771 CPU @ 3.50GHz We baked the application using the latest CakePHP 3.5.10, and set application debug to false, and log output to syslog. As we are interested in boosting API response times the most, we tested the following scenarios
  • A) CakePHP json output, served from nginx+phpfpm
  • B) CakePHP + API Plugin Middleware integration json output, served from nginx+phpfpm
  • C) CakePHP + API Plugin Middleware integration json output, served from php-pm
Benchmark figures were obtained using ab -n 5000 -c 100 URL

Results

Scenario requests/second avg time
A) CakePHP json output, served from nginx+phpfpm 372.97 [#/sec] (mean) 268.120 [ms] (mean)
B) CakePHP + API Plugin Middleware integration json output, served from nginx+phpfpm 399.79 [#/sec] (mean) 250.133 [ms] (mean)
C) CakePHP + API Plugin Middleware integration json output, served from php-pm 911.95 [#/sec] (mean) 109.656 [ms] (mean)
  These results for a NOT OPTIMIZED CakePHP application are promising, and the improvement using PHP-PM is huge in this case. There are some important considerations though:
  • PHP-FPM is mature and stable, PHP-PM is still in early development, although there is a 1.0 version released already.
  • Processes need monitoring, specially regarding memory leaks, we would need to manage a restart policy and be able to hot-restart individual workers
  • System integration, init scripts are not provided, even if this is something easy to manage nowadays via systemd or monit, would be good to have for production
  • Application bootstrapping should not be affected by the request. If your application bootstrapping depends on the request params, or logged in user, you'll need to refactor your code
  • Session handling was not tested, issues are reported for PHP-PM for other frameworks. We were aiming to stateless API's so we don't know if this would be an issue for a regular application
Performance is always a concern for the API developer, applying proven paradigms like the event driven development (https://reactphp.org/) to your existing code would be the way to go and ensure backend frameworks like CakePHP will perform as required when dealing with the peaks we all love and hate.

Giving back to the community

This Plugin's development has been sponsored by the Cake Development Corporation. Contact us if you are interested in:      

Why an independent code review is important

Passbolt recently contacted us about doing a code review so we thought now would be a great time to share more about our code review process with you. While in-house and peer reviews are important to maximise code quality, it is still incredibly important to get an independent third party to review your code - that is where CakeDC can step in. Passbolt is free, open-source, self hosted password manager for teams which makes collaboration and sharing company account credentials within a team much easier. It's based on open security standards and uses OpenPGP to authenticate users and verify secrets server side. Passbolt consists of server side web app built in CakePHP providing web interface and API, and Chrome extension for client side. The overall aspects that are reviewed in our code review include a review of quality, implementation, security, performance, documentation and test coverage. When looking into quality, the team reviews aspects concerning the code following CakePHP conventions, coding standards and coding quality. Overall, passbolt’s code review revealed that CakePHP conventions and coding standards are largely followed, no concerns were detected. Implementation outlines key issues with framework use and approach. It includes reviewing the code for framework usage, separation of concerns as well as code reuse and modularity. Key recommendations are outlined at this point and guidance is given into how to solve any issues. For the Passbolt review, bigger or concerning issues were uncovered, but improvements were recommended and outlined within the closing documentation. The security portion of the code review deals with how secure the code is in terms of CakePHP usage. No security flaws were found in the passbolt code review. Our in depth code review focuses on performance, specifically investigating any bottlenecks in the code base and database as well as indexes optimization. For the full passbolt code review results, check out the Code review results. Passbolt has also posted about their review, check out their post here. If you or your company has a CakePHP application and you aren’t sure if its running at the optimum, then get in touch - Code reviews can offer insights and learning into how to improve your application.

We Bake with CakePHP