Home » Posts tagged "version"

新書廣告「為你自己學Git」

Disclosure:我跑去找作者簽名,然後被戳說要介紹廣告一下 XDDD

這是本講 Git 的書,翻內容後的感覺... 定位差不多在入門使用者與中階使用者。先引用作者在 Twitter 的 tweet:

天瓏掛第一,然後出版社通知要二刷了,應該是賣的還不錯 XDDD

書的章節可以參考「天瓏網路書店-為你自己學Git」這邊,內容是以 Command Line 為主,對於真的要把 Git 用好蠻有幫助的。除此之外,實務上常見的問題都有提到 (像是搞爛東西後可能的解法),也講了不少冷知識,對於理解 Git 內怎麼運作會有幫助...

唯一覺得奇怪的地方應該是在最後兩章,講 GitHub 與 Git Flow (也就是「A successful Git branching model」這邊提出來的方法),反而不是 GitHub Flow... 雖然在 GitHub 上也可以走 Git Flow 啦。

PHP {7.1,7.0,5.6} 總算成為主流了...

PHP {7.1,7.0,5.6} (至少有安全性支援的版本) 佔了 90% 以上的量... 至少是有用 Composer 族群的主流了:「PHP Versions Stats - 2017.2 Edition」。

All versions                    Grouped
PHP 7.1.10      11.63%          PHP 7.136.63% (+18.99)
PHP 7.0.22      7.95%           PHP 7.030.76% (-5.36)
PHP 5.6.31      7.38%           PHP 5.623.28% (-8.16)
PHP 5.6.30      7.23%           PHP 5.56.11% (-4.5)
PHP 7.0.24      5.45%           PHP 5.41.51% (-1.6)
PHP 7.1.11      4.55%           PHP 5.30.76% (-0.22)

可以看出大家都在往 PHP 7.1 推了...

在 Git/Mercurial/Subversion 上 "-" 發生的問題

在「[ANNOUNCE] Git v2.14.1, v2.13.5, and others」這邊看到 - 開頭產生的問題:

These contain a security fix for CVE-2017-1000117, and are released in coordination with Subversion and Mercurial that share a similar issue. CVE-2017-9800 and CVE-2017-1000116 are assigned to these systems, respectively, for issues similar to it that are now addressed in their part of this coordinated release.

這算是老問題了,Git 對應的修正主要是朝 filter input 的方向修正,包括了禁用 - 開頭的 hostname,以及禁止 GIT_PROXY_COMMAND- 開頭,另外是禁止開頭是 - 的 repository name:

  • A "ssh://..." URL can result in a "ssh" command line with a hostname that begins with a dash "-", which would cause the "ssh" command to instead (mis)treat it as an option. This is now prevented by forbidding such a hostname (which should not impact any real-world usage).
  • Similarly, when GIT_PROXY_COMMAND is configured, the command is run with host and port that are parsed out from "ssh://..." URL; a poorly written GIT_PROXY_COMMAND could be tricked into treating a string that begins with a dash "-" as an option. This is now prevented by forbidding such a hostname and port number (again, which should not impact any real-world usage).
  • In the same spirit, a repository name that begins with a dash "-" is also forbidden now.

然後中華電信的 DNS server (168.95.1.1 & 168.95.192.1) 都查不到 marc.info,改用 Google 的 8.8.8.8 才查得到... =_=

MySQL 5.6/5.7/5.8 在 single thread 時的效能比較

作者 Mark Callaghan 在討論 MySQL 在量小的時候,新版可能反而比舊版慢:「The history of low-concurrency performance regressions in MySQL 5.6, 5.7 and 5.8」。

One example of the regression occurs for in-memory sysbench where MySQL 5.7 and MySQL 8 get 60% to 70% of the QPS compared to 5.6, which is the same as writing that 5.6 gets 1.43X to 1.67X more QPS than MySQL 5.7 and MySQL 8.

其實不算太意外,因為功能愈來愈多,而且最佳化的重心都放在用量大的各種情境下。並沒有針對 single thread 時的情境最佳化...

PHP 的主力版本進入 7.0 與 7.1 了...

在「PHP Versions Stats - 2017.1 Edition」這邊分析了 Packagist 上的 access log 而得到的:

可以看到 PHP 7.0 與 7.1 總算是慢慢爬上來了... 另外一個頗有趣的數字是在 comment 提到的 HHVM

@ocramius: These numbers ignore Travis CI and other CI systems that set the "CI" env var in their workers. Without excluding those HHVM is around 0.95% so it's still low but those .36% is probably actual usage.

還是有人在用...

MediaWiki 的 EmailDiff 套件

先前 MediaWiki 所提供的「變更通知」都只有在信件裡「通知」,而沒有在信件裡列出「改變的內容」,這使得讀信的人要再點進去看... (於是就懶的點了)

而前陣子看到有人寫了 extension 來輸出 diff,解決了這個問題:「MediaWiki extension EmailDiff: notification emails improved」。

信裡變成有這樣的內容:

Version differences:
@@ -846,5 +887,3 @@
 In cattle, temperament can affect production traits such as carcass and meat 
 quality or milk yield as well as affecting the animal's overall health and 
-reproduction. Cattle temperament is defined as "the consistent behavioral and physiological 
-difference observed between individuals in response to a stressor or environmental 
+reproduction. If you succeed in tipping a cow only partway, such that only one 
+of its feet is still on the ground, you have created lean beef. Such a feat is 
+well done. Naturally, being outside, the cow is unstable. When it falls over, 
+it becomes ground beef. Cattle temperament is defined as "the consistent behavioral 
+and physiological difference observed between individuals in response to a stressor or environmental 
 challenge and is used to describe the relatively stable difference in the behavioral 
 predisposition of an animal, which can be related to psychobiological mechanisms.

這樣可讀性高非常多,來找人裝看看好了...

跑 WordPress 的 PHP 版本統計

在「Why We’re Still Seeing PHP 5.3 In The Wild (Or: PHP Versions, A History)」這邊看到一些有趣的統計資料,雖然是 2015 的舊文章,但因為統計資料是公開的,可以透過同樣方式抓到現在的情況。

作者在 2015 年七月 (大約是月底) 的數字是:

$ curl http://api.wordpress.org/stats/php/1.0/ | jq '.'
{
  "5.2": 13.603,
  "5.3": 32.849,
  "5.4": 40.1,
  "5.5": 9.909,
  "5.6": 3.538
}

剛剛跑的數字是:

$ curl -s https://api.wordpress.org/stats/php/1.0/ | jq .
{
  "7.0": 0.423,
  "5.6": 12.429,
  "5.5": 17.188,
  "5.4": 35.824,
  "5.3": 24.754,
  "5.2": 9.382
}

可以看到即使是 2016 年的現在,PHP 5.3 與 PHP 5.4 還是超級大宗,但都已經沒有安全性更新了。

作者猜測 shared hosting 在 WordPress 佔的比重還是很大,而大多數的 shared hosting 商不太管這個,架完後就放著跑沒打算升級了...

WordPress 應該強硬一點啊,在「Requirements」這邊這樣寫怎麼會有 hosting 商想升級:

Note: If you are in a legacy environment where you only have older PHP or MySQL versions, WordPress also works with PHP 5.2.4+ and MySQL 5.0+, but these versions have reached official End Of Life and as such may expose your site to security vulnerabilities.

就「會動」啊...

Archives