Zend Engine Executor Models in PHP 5

Yet another tricky question from the Zend PHP 5 Certification Mock Exam. It took some time to find it, so I thought it might be worth to put it here. Correct answers are in bold.

Which of the following are examples of the new engine executor models available in PHP 5?

• Switch
• Conditional
• Goto
• Call
• Dynamic

It has been nicely described on Zend Devzone.

Zend PHP 5 Certification Mock Exam: SQLite

I came across this tricky question while solving the PHP 5 Certificatin Mock Exam. The answers in bold are the correct ones. I have also added a few words of explanation to each of them.

Which of the following SQL statements will improve SQLite write performance?

• PRAGMA locking_mode = "Row";
  locking_mode can only be "NORMAL" or "EXCLUSIVE"
  
• PRAGMA count_changes = Off;
  it is believed to increase the speed slightly
  
• PRAGMA default_synchronous = Off;
  synchronous set to "Off" makes SQLite continue after write operation without waiting for the storage to finish writing - this might give a real boost
  
• PRAGMA default_synchronous = On;
  synchronous can only be "OFF", "NORMAL" or "FULL"
  
• PRAGMA locking_mode = "Table";
  locking_mode can only be "NORMAL" or "EXCLUSIVE"

Most Useful Apps from Cydia

My Cydia selection:

1. OpenSSH
   allows you to access your iPhone filesystem remotely, you should change password for root and mobile users as soon as possible after installing it
   
2. Mobile Substrate
   allows to hook functionality into existing application, eg. make VoIP calls from Skype on 3g
   
3. VoIPover3G
   relays on Mobile Substrate, tricks applications into using VoIP over 3g, eg. Skype
4. CyDelete
   allows to delete Cydia apps directly from SpringBoard just like AppStore apps
5. Siphon
   VoIP SIP client for iPhone, works fine with voipdiscount.com
   

Jailbroken iPhone OS 3.0 is out!

This is some really cool news. The guys have already published Pwnage Tool for iPhone OS 3.0. The process is same as before. If you have pwned your iPhone before you would be familiar with it. I do it as follows and it works for me every time:

1. I download the Pwnage Tool from original website
   
2. When I connect my iPhone to my Mac, iTunes starts screaming about new firmware. I choose "download only"
3. When the firmware is already on my machine, I run Pwnage Tool in simple mode, it finds the firmware and creates pwned one on my Desktop
4. Meanwhile I create a backup copy of my iPhone using iTunes - this point is crucial if you want to preserve your data
5. When it's all done I quit iTunes
   
6. Then I put my iPhone into DFU mode using Pwnage Tool and follow the instructions (quit Pwnage Tool).
   
7. I open iTunes and it says about iPhone i recovery mode. It is all right and I press and hold Alt + Option while clicking "Restore" in iTunes
8. iTunes shows a dialog allowing me to choose the firmware file - I select newly created pwned firmware
9. iTunes uploads the firmware and reactivates iPhone
10. I restore my data from backup copy created in point 4.
11. I am happy and relaxed
    

Cross-Site Scripting (XSS)

Today I came across a question: "what is most important when trying to prevent a cross-site scripting attack?"

The answer is most intuitive. The most important rule to prevent cross-site scripting is "never trust user input". Not far behind comes "escape output".

These are general server-side programming rules, they do not apply only to specific language, like PHP.

Identity in PHP4 and PHP5

The Bible says:

In PHP4 two object instances are equal if they have the same attributes and values, and are instances of the same class.

In PHP5 when using the identity operator (===), object variables are identical if and only if they refer to the same instance of the same class.