Archive

Archive for the ‘Programming’ Category

Thunderbolting Your Video Card

March 24th, 2017 No comments
Guess which screen is OLED?

When I wrote about The Golden Age of x86 Gaming, I implied that, in the future, it might be an interesting, albeit expensive, idea to upgrade your video card via an external Thunderbolt 3 enclosure.

I’m here to report that the future is now.

Yes, that’s right, I paid $500 for an external Thunderbolt 3 enclosure to fit a $600 video card, all to enable a plug-in upgrade of a GPU on a Skull Canyon NUC that itself cost around $1000 fully built. I know, it sounds crazy, and … OK fine, I won’t argue with you. It’s crazy.

This matters mostly because of 4k, aka 2160p, aka 3840 × 2160, aka Ultra HD.

4k compared to 1080p

Plain old regular HD, aka 1080p, aka 1920 × 1080, is one quarter the size of 4k, and ¼ the work. By today’s GPU standards HD is pretty much easy mode these days. It’s not even interesting. No offense to console fans, or anything.

Late in 2016, I got a 4k OLED display and it … kind of blew my mind. I have never seen blacks so black, colors so vivid, on a display so thin. It made my previous 2008 era Panasonic plasma set look lame. It’s so good that I’m now a little angry that every display that my eyes touch isn’t OLED already. I even got into nerd fights over it, and to be honest, I’d still throw down for OLED. It is legitimately that good. Come at me, bro.

Don’t believe me? Well, guess which display in the below picture is OLED? Go on, guess:

@andrewbstiles if it was physically possible to have sex with this TV I.. uh.. I’d take it on long, romantic walks

— Jeff Atwood (@codinghorror) August 13, 2016

There’s a reason every site that reviews TVs had to recalibrate their results when they reviewed the 2016 OLED sets.

In my extended review at Reference Home Theater, I call it “the best looking TV I’ve ever reviewed.” But we aren’t alone in loving the E6. Vincent Teoh at HDTVtest writes, “We’re not even going to qualify the following endorsement: if you can afford it, this is the TV to buy.” Rtings.com gave the E6 OLED the highest score of any TV the site has ever tested. Reviewed.com awarded it a 9.9 out of 10, with only the LG G6 OLED (which offers the same image but better styling and sound for $2,000 more) coming out ahead.

But I digress.

Playing games at 1080p in my living room was already possible. But now that I have an incredible 4k display in the living room, it’s a whole other level of difficulty. Not just twice as hard – and remember current consoles barely manage to eke out 1080p at 30fps in most games – but four times as hard. That’s where external GPU power comes in.

The cool technology underpinning all of this is Thunderbolt 3. The thunderbolt cable bundled with the Razer Core is rather … diminutive. There’s a reason for this.

Is there a maximum cable length for Thunderbolt 3 technology?

Thunderbolt 3 passive cables have maximum lengths.

  • 0.5m TB 3 (40Gbps)
  • 1.0m TB 3 (20Gbps)
  • 2.0m TB 3 (20Gbps)

In the future we will offer active cables which will provide 40Gbps of bandwidth at longer lengths.

40Gbps is, for the record, an insane amount of bandwidth. Let’s use our rule of thumb based on ultra common gigabit ethernet, that 1 gigabit = 120 megabytes/second, and we arrive at 4.8 gigabytes/second. Zow.

That’s more than enough bandwidth to run even the highest of high end video cards, but it is not without overhead. There’s a mild performance hit for running the card externally, on the order of 15%. There’s also a further performance hit of 10% if you are in “loopback” mode on a laptop where you don’t have an external display, so the video frames have to be shuttled back from the GPU to the internal laptop display.

This may look like a gamer-only thing, but surprisingly, it isn’t. What you get is the general purpose ability to attach any PCI express card to any computer with a Thunderbolt 3 port and, for the most part, it just works!

Linus breaks it down and answers all your most difficult questions:

Please watch the above video closely if you’re actually interested in this stuff; it is essential. I’ll add some caveats of my own after working with the Razer Core for a while:

  • Make sure the video card you plan to put into the Razer Core is not too tall, or too wide. You can tell if a card is going to be too tall by looking at pictures of the mounting rear bracket. If the card extends significantly above the standard rear mounting bracket, it won’t fit. If the card takes more than 2 slots in width, it also won’t fit, but this is more rare. Depth (length) is rarely an issue.

  • There are four fans in the Razer Core and although it is reasonably quiet, it’s not super silent or anything. You may want to mod the fans. The Razer Core is a remarkably simple device, internally, it’s really just a power supply, some Thunderbolt 3 bridge logic, and a PCI express slot. I agree with Linus that the #1 area Razer could improve in the future, beyond generally getting the price down, is to use fewer and larger fans that run quieter.

  • If you’re putting a heavy hitter GPU in the Razer Core, I’d try to avoid blower style cards (the ones that exhaust heat from the rear) in favor of those that cool with large fans blowing down and around the card. Dissipating 150w+ is no mean feat and you’ll definitely need to keep the enclosure in open air … and of course within 0.5 meters of the computer it’s connected to.

  • There is no visible external power switch on the Razer Core. It doesn’t power on until you connect a TB3 cable to it. I was totally not expecting that. But once connected, it powers up and the Windows 10 Thunderbolt 3 drivers kick in and ask you to authorize the device, which I did (always authorize). Then it spun a bit, detected the new GPU, and suddenly I had multiple graphics card active on the same computer. I also installed the latest Nvidia drivers just to make sure everything was ship shape.

  • It’s kinda … weird having multiple GPUs simultaneously active. I wanted to make the Razer Core display the only display, but you can’t really turn off the built in GPU – you can select “only use display 2”, that’s all. I got into several weird states where windows were opening on the other display and I had to mess around a fair bit to get things locked down to just one display. You may want to consider whether you have both “displays” connected for troubleshooting, or not.

And then, there I am, playing Lego Marvel in splitscreen co-op at glorious 3840 × 2160 UltraHD resolution on an amazing OLED display with my son. It is incredible.

Beyond the technical “because I could”, I am wildly optimistic about the future of external Thunderbolt 3 expansion boxes, and here’s why:

  • The main expense and bottleneck in any stonking gaming rig is, by far, the GPU. It’s also the item you are most likely to need to replace a year or two from now.

  • The CPU and memory speeds available today are so comically fast that any device with a low-end i3-7100 for $120 will make zero difference in real world gaming at 1080p or higher … if you’re OK with 30fps minimum. If you bump up to $200, you can get a quad-core i5-7500 that guarantees you 60fps minimum everywhere.

  • If you prefer a small system or a laptop, an external GPU makes it so much more flexible. Because CPU and memory speeds are already so fast, 99.9% of the time your bottleneck is the GPU, and almost any small device you can buy with a Thunderbolt 3 port can now magically transform into a potent gaming rig with a single plug. Thunderbolt 3 may be a bit cutting edge today, but more and more devices are shipping with Thunderbolt 3. Within a few years, I predict TB3 ports will be as common as USB3 ports.

  • A general purpose external PCI express enclosure will be usable for a very long time. My last seven video card upgrades were plug and play PCI Express cards that would have worked fine in any computer I’ve built in the last ten years.

  • External GPUs are not meaningfully bottlenecked by Thunderbolt 3 bandwidth; the impact is 15% to 25%, and perhaps even less over time as drivers and implementations mature. While Thunderbolt 3 has “only” PCI Express x4 bandwidth, many benchmarkers have noted that GPUs moving from PCI Express x16 to x8 has almost no effect on performance. And there’s always Thunderbolt 4 on the horizon.

The future, as they say, is already here – it’s just not evenly distributed.

I am painfully aware that costs need to come down. Way, way down. The $499 Razer Core is well made, on the vanguard of what’s possible, a harbinger of the future, and fantastically enough, it does even more than what it says on the tin. But it’s not exactly affordable.

I would absolutely love to see a modest, dedicated $200 external Thunderbolt 3 box that included an inexpensive current-gen GPU. This would clobber any onboard GPU on the planet. Let’s compare my Skull Canyon NUC, which has Intel’s fastest ever, PS4 class embedded GPU, with the modest $150 GeForce GTX 1050 Ti:

1920 × 1080 high detail
Bioshock Infinite 15 ? 79 fps
Rise of the Tomb Raider 12 ? 49 fps
Overwatch 43 ? 114 fps

As predicted, that’s a 3x-5x stompdown. Mac users lamenting their general lack of upgradeability, hear me: this sort of box is exactly what you want and need. Imagine if Apple was to embrace upgrading their laptops and all-in-one systems via Thunderbolt 3.

I know, I know. It’s a stretch. But a man can dream … of externally upgradeable GPUs. That are too expensive, sure, but they are here, right now, today. They’ll only get cheaper over time.

[advertisement] Find a better job the Stack Overflow way – what you need when you need it, no spam, and no scams.
Categories: Others, Programming Tags:

Password Rules Are Bullshit

March 10th, 2017 No comments
entropy visualized

Of the many, many, many bad things about passwords, you know what the worst is? Password rules.

If we don’t solve the password problem for users in my lifetime I am gonna haunt you from beyond the grave as a ghost pic.twitter.com/Tf9EnwgoZv

— Jeff Atwood (@codinghorror) August 11, 2015

Let this pledge be duly noted on the permanent record of the Internet. I don’t know if there’s an afterlife, but I’ll be finding out soon enough, and I plan to go out mad as hell.

The world is absolutely awash in terrible password rules:

But I don’t need to tell you this. The more likely you are to use a truly random password generation tool, like us über-geeks are supposed to, the more likely you have suffered mightily – and daily – under this regime.

Have you seen the classic XKCD about passwords?

We can certainly debate whether “correct horse battery staple” is a viable password strategy or not, but the argument here is mostly that length matters.

That's What She Said

No, seriously, it does. I’ll go so far as to say your password is too damn short. These days, given the state of cloud computing and GPU password hash cracking, any password of 8 characters or less is perilously close to no password at all.

So then perhaps we have one rule, that passwords must not be short. A long password is much more likely to be secure than a short one … right?

What about this four character password?

?????

What about this eight character password?

????????

Or this (hypothetical, but all too real) seven character password?

@codinghorror I’m sorry but your password must contain 1 char each from: Arabic, Chinese, Thai, Korean, Klingon, Wingdings and an emoji

— Finley Creative (@FinleyCreative) March 3, 2016

You may also be surprised, if you paste the above four Unicode emojis into your favorite login dialog (go ahead – try it), to discover that it … isn’t in fact four characters.

Oh dear.

"💩".length === 2

Our old pal Unicode strikes again.

As it turns out, even the simple rule that “your password must be of reasonable length” … ain’t necessarily so. Particularly if we stop thinking like Ugly ASCII Americans.

And what of those nice, long passwords? Are they always secure?

aaaaaaaaaaaaaaaaaaa
0123456789012345689
passwordpassword
usernamepassword

Of course not, because have you met any users lately?

I changed all my passwords to

They consistently ruin every piece of software I’ve ever written. Yes, yes, I know you, Mr. or Ms. über-geek, know all about the concept of entropy. But expressing your love of entropy as terrible, idiosyncratic password rules …

  • must contain uppercase
  • must contain lowercase
  • must contain a number
  • must contain a special character

… is a spectacular failure of imagination in a world of Unicode and Emoji.

As we built Discourse, I discovered that the login dialog was a remarkably complex piece of software, despite its surface simplicity. The primary password rule we used was also the simplest one: length. Since I wrote that, we’ve already increased our minimum password default length from 8 to 10 characters. And if you happen to be an admin or moderator, we decided the minimum has to be even more, 12 characters.

I also advocated checking passwords against the 100,000 most common passwords. If you look at 10 million passwords from data breaches in 2016, you’ll find the top 25 most used passwords are:

123456
123456789
qwerty
12345678
111111
1234567890
1234567
password
123123
987654321
qwertyuiop
mynoob
123321
666666
18atcskd2w
7777777
1q2w3e4r
654321
555555
3rjs1la7qe
google
1q2w3e4r5t
123qwe
zxcvbnm
1q2w3e

Even this data betrays some ASCII-centrism. The numbers are the same in any culture I suppose, but I find it hard to believe the average Chinese person will ever choose the passwords “password”, “quertyuiop”, or “mynoob”. So this list has to be customizable, localizable.

(One interesting idea is to search for common shorter password matches inside longer passwords, but I think this would cause too many false positives.)

Also of note: only 5 of the top 25 passwords are 10 characters, so if we require 10 character passwords, we’ve already reduced our exposure to the most common passwords by 80%. I saw this originally when I gathered millions and millions of leaked passwords for Discourse research, then filtered the list down to just those passwords reflecting our new minimum requirement of 10 characters or more. It suddenly became a tiny list. (If you’ve done similar common password research, please do share your results in the comments.)

I’d like to offer the following common sense advice to my fellow developers:

1. Password rules are bullshit

  • They don’t work.
  • They heavily penalize your ideal audience, people that use real random password generators. Hey guess what, that password randomly didn’t have a number or symbol in it. I just double checked my math textbook, and yep, it’s possible. I’m pretty sure.
  • They frustrate average users, who then become uncooperative and use “creative” workarounds that make their passwords less secure.
  • Are often wrong, in the sense that they are grossly incomplete and/or insane, per the many shaming links I’ve shared above.
  • Seriously, for the love of God, stop with this arbitrary password rule nonsense already. If you won’t take my word for it, read this 2016 NIST password rules recommendation. It’s right there, “no composition rules”. However, I do see one error, it should have said “no bullshit composition rules”.

2. Enforce a minimum Unicode password length

One rule is at least easy to remember, understand, and enforce. This is the proverbial one rule to bring them all, and in the darkness bind them.

  • It’s simple. Users can count. Most of them, anyway.
  • It works. The data shows us it works; just download any common password list of your choice and group by password length.
  • The math doesn’t lie. All other things being equal, a longer password will be more random – and thus more secure – than a short password.
  • Accept that even this one rule isn’t inviolate. A minimum password length of 6 on a Chinese site might be perfectly reasonable.
  • If you don’t allow (almost) every single unicode character in the password input field, you are probably doing it wrong.
  • It’s a bit of an implementation detail, but make sure maximum password length is reasonable as well.

3. Check for common passwords

As I’ve already noted, the definition of “common” depends on your audience, and language, but it is a terrible disservice to users when you let them choose passwords that exist in the list of 10k, 100k, or million most common known passwords from data breaches. There’s no question that a hacker will submit these common passwords in a hack attempt – and it’s shocking how far you can get, even with aggressive password attempt rate limiting, using just the 1,000 most common passwords.

  • 1.6% have a password from the top 10 passwords
  • 4.4% have a password from the top 100 passwords
  • 9.7% have a password from the top 500 passwords
  • 13.2% have a password from the top 1,000 passwords
  • 30% have a password from the top 10,000 passwords

Lucky you, there are millions and millions of real breached password lists out there to sift through. It is sort of fun to do data forensics, because these aren’t hypothetical synthetic Jack the Ripper password rules some bored programmer dreamed up, these are real passwords used by real users.

Do the research. Collect the data. Protect your users from themselves.

4. Check for basic entropy

No need to get fancy here; pick the measure of entropy that satisfies you deep in the truthiness of your gut. But remember you have to be able to explain it to users when they fail the check, too.

In my opinion, the simplest way to do this is to ensure that there are at least (x) unique characters out of (y) total characters. And that’s what we do as of the current beta version of Discourse. But I’d love your ideas in the comments, too. The simpler and clearer the better!

5. Reject special case passwords

I’m embarrassed to admit that when building the Discourse login, as I discussed in The God Login, we missed two common cases that you really have to block:

  • password equal to username
  • password equal to email address

? If you are using Discourse versions earlier than 1.4, I’m so sorry and please upgrade immediately.

Similarly, you might also want to block other special cases like

  • password equal to URL or domain of website
  • password equal to app name

In short, try to think outside the password input box, like a user would.

[advertisement] Building out your tech team? Stack Overflow Careers helps you hire from the largest community for programmers on the planet. We built our site with developers like you in mind.
Categories: Others, Programming Tags:

I’m Loyal to Nothing Except the Dream

January 30th, 2017 No comments
Help Keep Your School All American!

There is much I take for granted in my life, and the normal functioning of American government is one of those things. In my 46 years, I remember presidents roughly beginning with Carter; I’ve lived under nine different presidents. I’ve voted in every presidential election since 1992, but I do not consider myself a Democrat, or a Republican. I vote based on leadership – above all, leadership – and issues.

In my 14 years of blogging, I’ve never written a political blog post. I haven’t needed to.

Until now.

It is quite clear something has become deeply unglued in the state of American politics.

As of 2017, the United States, through a sequence of highly improbable events, managed to elect an extremely controversial president.

A president with historically low approval ratings, elected on a platform many considered too extreme to even be taken literally:

Asked about Trump’s statements proposing the construction of a wall on the US-Mexico border and a ban on all Muslims entering the country, Thiel suggested that Trump supporters do not actually endorse those policies.

“I don’t support a religious test. I certainly don’t support the specific language that Trump has used in every instance,” he said. “But I think one thing that should be distinguished here is that the media is always taking Trump literally. It never takes him seriously, but it always takes him literally.”

The billionaire went on to define how he believes the average Trump supporter interprets the candidate’s statements. “I think a lot of voters who vote for Trump take Trump seriously but not literally, so when they hear things like the Muslim comment or the wall comment their question is not, ‘Are you going to build a wall like the Great Wall of China?’ or, you know, ‘How exactly are you going to enforce these tests?’ What they hear is we’re going to have a saner, more sensible immigration policy.”

A little over a week into the new presidency, it is quite clear that Trump meant every word of what he said. He will build a US-Mexico wall. And he signed an executive order that literally, not figuratively, banned Muslims from entering the US — even if they held valid green hards.

As I said, I vote on policies, and as an American, I reject these two policies. Our Mexican neighbors are not an evil to be kept out with a wall, but an ally to be cherished. One of my favorite people is a Mexican immigrant. Mexican culture is ingrained deeply into America and we are all better for it. The history of America is the history of immigrants seeking religious freedom from persecution, finding a new life in the land of opportunity. Imagine the bravery it takes to leave everything you know behind, your relatives, your home, your whole life as you know it, to take your entire family on a five thousand mile journey to another country on nothing more than the promise of a dream. I’ve never done that, though my great-great grandparents did. Muslim immigrants are more American than I will ever be, and I am incredibly proud to have them here, as fellow Americans.

Trump is the first president in 40 years to refuse to release his tax returns in office. He has also refused to divest himself from his dizzying array of businesses across the globe, which present financial conflicts of interest. All of this, plus the hasty way he is ramrodding his campaign plans through on execurive order, with little or no forethought to how it would work – or if it would work at all – speaks to how negligent and dangerous Trump is as the leader of the free world. I want to reiterate that I don’t care about party; I’d be absolutely over the moon with President Romney or President McCain, or any other rational form of leadership at this point.

It is unclear to me how we got where we are today. But echoes of this appeal to nationalism in Poland, and in Venezula, offer clues. We brought fact checkers to a culture war … and we lost. During the election campaign, I was strongly reminded of Frank Miller’s 1986 Nuke story arc, which I read in Daredevil as a teenager — the seductive appeal of unbridled nationalism bleeding across the page in stark primary colors.

Daredevil 233 page excerpt

Nuke is a self-destructive form of America First nationalism that, for whatever reasons, won the presidency through dark subvocalized whispers, and is now playing out in horrifying policy form. But we are not now a different country, we remain the very same country that elected Reagan and Obama. We lead the free world. And we do it by taking the higher moral ground, doing what is right before doing what is expedient.

I exercised my rights as a American citizen and I voted, yes. But I mostly ignored government beyond voting. I assumed that the wheels of American government would turn, and reasonable decisions would be made by reasonable people. Some I would agree with, others I would not agree with, but I could generally trust that the arc of American history inexorably turns toward justice, towards freedom, toward equality. Towards the things that make up the underlying American dream that this country is based on.

This is no longer the case.

I truly believe we are at an unprecedented time in American history, in uncharted territory. I have benefited from democracy passively, without trying at all, for 46 years. I now understand that the next four years is perhaps the most important time to be an activist in the United States since the civil rights movement. I am ready to do the work.

  • I have never once in my life called my representatives in congress or the house. That will change. I will be calling and writing my representatives regularly, using tools like 5 Calls to do so.

  • I will strongly support, advocate for, and advertise any technical tools on web or smartphone that help Americans have their voices heard by their representatives, even if it takes faxing to do so. Build these tools. Make them amazing.

  • I am subscribing to support essential investigative journalism such as the New York Times, Los Angeles Times, and Washington Post.

  • I have set up large monthly donations to the ACLU which is doing critical work in fighting governmental abuse under the current regime.

  • I have set up monthly donations to independent journalism such as ProPublica and NPR.

  • I have set up monthly donations to agencies that fight for vulnerable groups, such as Planned Parenthood, Center for Reproductive Rights, Refugee Rights, NAACP, MALDEF, the Trevor Project, and so on.

  • I wish to see the formation of a third political party in the United States, led by those who are willing to speak truth to power like Evan McMullen. It is shameful how many elected representatives will not speak out. Those who do: trust me, we’re watching and taking notes. And we will be bringing all our friends and audiences to bear to help you win.

  • I will be watching closely to see which representatives rubber-stamp harmful policies and appointees, and I will vote against them across the ticket, on every single ticket I can vote on.

  • I will actively support all efforts to make the National Popular Vote Interstate Compact happen, to reform the electoral college.

  • To the extent that my schedule allows, I will participate in protests to combat policies that I believe are harmful to Americans.

  • I am not quite at a place in my life where I’d consider running for office, but I will be, eventually. To the extent that any Stack Overflow user can be elected a moderator, I could be elected into office, locally, in the house, even congress. Has anyone asked Joel Spolsky if he’d be willing to run for office? Because I’d be hard pressed to come up with someone I trust more than my old business partner Joel to do the right thing. I would vote for him so hard I’d break the damn voting machine.

I want to pay back this great country for everything it has done for me in my life, and carry the dream forward, not just selfishly for myself and my children, but for everyone’s children, and our children’s children. I do not mean the hollow promises of American nationalism …

We would do well to renounce nationalism and all its symbols: its flags, its pledges of allegiance, its anthems, its insistence in song that God must single out America to be blessed.

Is not nationalism—that devotion to a flag, an anthem, a boundary so fierce it engenders mass murder—one of the great evils of our time, along with racism, along with religious hatred?

These ways of thinking—cultivated, nurtured, indoctrinated from childhood on— have been useful to those in power, and deadly for those out of power.

… but the enduring values of freedom, justice, and equality that this nation was founded on. I pledge my allegiance to the American dream, and the American people – not the nation, never the nation.

Daredevil 233 page excerpt

I apologize that it’s taken me 46 years to wake up and realize that some things, like the American dream, aren’t guaranteed. There will come a time where you have to stand up and fight for them, for democracy to work. I will.

Will you?

[advertisement] At Stack Overflow, we help developers learn, share, and grow. Whether you’re looking for your next dream job or looking to build out your team, we’ve got your back.
Categories: Others, Programming Tags:

The Next Chapter

January 25th, 2017 No comments
Chocolatey.IO - Software Management Automation

Six years ago I started working furiously on this little side project about package management for Windows. It started to grow and over time it became clear that it was going to be something important. A community flourished and there was a tremendous uptake for this little tool.

Fast forward to present, starting soon I will be focused solely on Chocolatey as the Founder of Chocolatey Software, Inc*! It’s an exciting opportunity to really see where we can take this Windows software management thing!

It’s a bit bittersweet as I’ve had the opportunity work with a lot of fantastic folks at Puppet and do some really awesome things for furthering automation on Windows. In many ways Puppet has been an amazing place to work (I highly recommend it, they have the remote employee situation handled). However, an opportunity to follow my first love, Chocolatey, is a dream I won’t pass up.

Not everyone gets the opportunity to follow their dreams, so when you get a chance it can be both a thrilling and scary experience! Here’s to the future of Chocolatey and Windows automation!

* – For those keeping track – Chocolatey Software was formed in November 2016 as a spin off of RealDimensions Software, LLC

Categories: Others, Programming Tags:

An Inferno on the Head of a Pin

January 17th, 2017 No comments

Today’s processors place more and more heat-generating transistors in an ever shrinking space. The CPU power watt budget might go from:

  • 1000 watts on a specialized server
  • 100 watts on desktops
  • 30 watts on laptops
  • 5 watts on tablets
  • 1 or 2 watts on a phone
  • 100 milliwatts on an embedded system

That’s three orders of magnitude. Modern CPU design is the delicate art of placing an inferno on the head of a pin.

Look at the original 1993 Pentium compared to the 20th anniversary Pentium:

1993

Pentium

66 Mhz

16kb L1
3.2 million transistors
Intel Pentium G3258 20th Anniversary Edition 2014

Pentium G3258

3.2 Ghz

2 core / 4 thread

128kb L1, 512kb L2, 3MB L3
1.4 billion transistors

I remember cooling the early CPUs with simple heatsinks; no fan. Those days are long gone.

A roomy desktop computer affords cooling opportunities (and thus a watt budget) that a laptop or tablet could only dream of. How often will you be at peak load? For most computers, the answer is “rarely”. If not, your situation gets more … challenging.

Sometimes, I build servers.

Inspired by Google and their use of cheap, commodity x86 hardware to scale on top of the open source Linux OS, I also built our own servers. When I get stressed out, when I feel the world weighing heavy on my shoulders and I don’t know where to turn … I build servers. It’s therapeutic.

Servers are one of those situations where you may be at full CPU load more often than not. I prefer to build 1U servers which is the smallest rack mountable unit, at 1.75″ total height.

As you can get so many cores on a die these days, I only build single CPU servers. One reason is price; the other reason is that clock speed declines proportionally to the number of cores on a die (this is for the Broadwell Xeon V4 series):

cores GHz
E5-1630 4 3.7 $406
E5-1650 6 3.6 $617
E5-1680 8 3.4 $1723
E5-2680 12 2.4 $1745
E5-2690 14 2.6 $2090
E5-2697 18 2.3 $2702

Yes, there are server CPUs with even more cores, but if you have to ask how much they cost, you definitely can’t afford them … and they’re clocked even slower. What we do is serviced better by a smaller number of super fast cores than a larger number of slow cores, anyway.

With that in mind, consider these two Intel Xeon server CPUs:

As you can see from the official Intel product pages for each processor, they both have a TDP of 140 watts. At this point I’m looking at the specs, thinking maybe this is an OK tradeoff.

Here’s what I actually measured with my trusty Kill-a-Watt for each server build as I performed my standard stability testing, with completely identical parts except for the CPU:

  • E5-1630: 40w idle, 170w mprime
  • E5-1650: 55w idle, 250w mprime

I am here to tell you that Intel’s TDP figure of 140 watts for the 6 core version of this CPU is a terrible, scurrilous lie!

This caused a little bit of a problem for me as our standard 1U server build now overheats, alarms, and throttles with the 6 core CPU — whereas the 4 core CPU was just fine. Hey Intel! From my home in California, I stab at thee!

But, you know..

Better Heatsink

The 1.75″ maximum height of the 1U server form factor doesn’t leave a lot of room for creative cooling of a CPU. But you can switch from an Aluminum cooler to a Copper one.

Copper is not usually all that necessary; it is significantly more expensive than aluminum, so it’s usually cheaper to throw a larger mass of aluminum at the cooling problem when you can. But copper dissipates more heat in the same form factor when space is a constraint, which it definitely is in a 1U case.

The famous “Ninja” CPU cooler came in copper and aluminum versions which means we can compare apples to apples. At 12v (max fan speed):

  • Aluminum Ninja had 24C rise over ambient
  • Copper Ninja had 17C rise over ambient

You can scale the load and the resulting watts of heat by spinning up MPrime threads for the number of cores you want to “activate”, so that’s how I tested. And each run has to be overnight to be considered successful!

  • Aluminum heatsink — stable at 170w (mprime threads=4), but heat warnings with 190w (mprime threads=5).
  • Copper heatsink — stable at 190w (mprime threads=5) but heat warnings with 230w (mprime threads=6).

This helped, noticeably. But we need more.

Better Thermal Interface

When it comes to server builds, I stick with the pre-applied grey thermal interface pad that comes on the heatsinks. But out of boredom and a desire to experiment, I …

  • Removed the copper heatsink.
  • Used isopropyl alcohol to clean both CPU and heatsink.
  • Applied fancy “Ceramique” thermal compound I have on hand, using an X shape pattern.

I wasn’t expecting any change at all, but to my surprise with the new TIM applied it took about 2-3x as long to reach throttle temps with mprime threads=6. Before, it would thermally throttle within a minute of launching the test, and after it took ~10 minutes to reach that same throttle temp. The difference was noticeable.

That’s a surprisingly good outcome, and it tells us the default grey goop that comes pre-installed on heatsinks is … not great. Per this 2011 test, the difference between worst and best thermal compounds is 4.3°C.

But as Dan once bravely noted while testing Vegemite as a thermal interface material:

If your PC’s so marginal that a CPU running three or four degrees Celsius warmer will crash it [or, for modern CPUs, cause the processor to auto-throttle itself and substantially reduce system performance], the solution is not to try to edge away from the precipice with better thermal compound. It’s to make a big change to the cooling system, or just lower the darn clock speed.

So we’re not done here.

Ducted Airflow

Most, but not all, of the SuperMicro cases I’ve used have included a basic fan duct / shroud that lays across the central fans and the system. Given that the case fans are pretty much directly in front of the CPU anyway, I’ve included the shroud in the builds out of a sense of completeness more than any conviction that it was doing something for the cooling performance.

This particular server case, though, did not include a fan duct. I didn’t think much about it at the time, but given the overheating problem this 6-core CPU and its 250 watt heat generation was putting on our 1U build, I decided I should build a quick card stock duct and test it out.

(I know, I know, it’s a super janky duct! But I was prototyping!)

Sure enough, this duct, combined with the previous heatsink and TIM changes, enabled the server to remain stable overnight with a full MPrime run of 12 threads.

I think we’ve certainly demonstrated the surprising (to me, at least) value of fan shrouds. But before we get too excited, let’s consider one last thing.

Define “CPU Load”

Sometimes you get so involved with solving the problem at hand that you forget to consider whether you are, in fact, solving the right problem.

In these tests, we defined 100% CPU load using MPrime. Some people claim MPrime is more of a power virus than a real load test, because it exerts so much heat pressure on the CPUs. I initially dismissed these claims since I’ve used MPrime (and its Windows cousin, Prime95) for almost 20 years to test CPU stability, and it’s never let me down.

But I did more research and I found that MPrime, since 2011, uses AVX2 instructions extensively on newer Intel CPUs:

The newer versions of Prime load in a way that they are only safe to run at near stock settings. The server processors actually downclock when AVX2 is detected to retain their TDP rating. On the desktop we’re free to play and the thing most people don’t know is how much current these routines can generate. It can be lethal for a CPU to see that level of current for prolonged periods.

That’s why most stress test programs alternate between different data pattern types. Depending on how effective the rotation is, and how well that pattern causes issues for the system timing margin, it will, or will not, catch potential for instability. So it’s wise not to hang one’s hat on a single test type.

This explains why I saw such a large discrepancy between other CPU load programs like BurnP6 and MPrime.

MPrime does an amazing job of generating the type of CPU load that causes maximum heat pressure. But unless your servers regularly chew through zillions of especially power-hungry AVX2 instructions this may be completely unrepresentative of any real world load your server would actually see.

Your Own Personal Inferno

Was this overkill? Probably. Even with the aluminum heatsink, no change to thermal interface material, and zero ducting, we’d probably see zero throttling under normal use. But I wanted to be sure. Completely sure.

Is this extreme? Putting 140 TDP of CPU heat in a 1U server? Not really. Nick at Stack Overflow told me they just put two 22 core, 145W TDP Xeon 2699v4 CPUs and four 300W TDP GPUs in a single Dell C4130 1U server. I’d sure hate to be in the room when those fans spin up. I’m also a little afraid to find out what happens if you run MPrime plus full GPU load on that box.

Servers are an admittedly extreme example of CPU heat and size tradeoffs, one of the few left. It is fun to play at the extremes, but the CPU inside your phone makes these very same tradeoffs on a much smaller scale. Tiny infernos in our pockets, each and every one.

[advertisement] At Stack Overflow, we put developers first. We already help you find answers to your tough coding questions; now let us help you find your next job.
Categories: Others, Programming Tags:

Let’s Encrypt Everything

November 23rd, 2016 No comments

I’ll admit I was late to the HTTPS party.

But post Snowden, and particularly after the result of the last election here in the US, it’s clear that everything on the web should be encrypted by default.

Why?

  1. You have an unalienable right to privacy, both in the real world and online. And without HTTPS you have zero online privacy – from anyone else on your WiFi, from your network provider, from website operators, from large companies, from the government.

  2. The performance penalty of HTTPS is gone, in fact, HTTPS arguably performs better than HTTP on modern devices.

  3. Using HTTPS means nobody can tamper with the content in your web browser. This was a bit of an abstract concern five years ago, but these days, there are more and more instances of upstream providers actively mucking with the data that passes through their pipes. For example, if Comcast detects you have a copyright strike, they’ll insert banners into your web contentall your web content! And that’s what the good guy scenario looks like – or at least a corporation trying to follow the rules. Imagine what it looks like when someone, or some large company, decides the rules don’t apply to them?

So, how do you as an end user “use” encryption on the web? Mostly, you lobby for the websites you use regularly to adopt it. And it’s working. In the last year, the use of HTTPS by default on websites has doubled.

Browsers can help, too. By January 2017, Google Chrome will show this alert in the UI when a login or credit card form is displayed on an unencrypted connection:

But there’s another part of this ecosystem required for encryption to work on websites – the HTTPS certificate. Historically these certificates have been issued by certificate authorities, and they were at least $30 per year, sometimes hundreds of dollars per year. Without that required cash every year, without the SSL certificate that you must re-purchase every year in perpetuity – you can’t encrypt anything.

That is, until Let’s Encrypt arrived on the scene.

Let’s Encrypt is a 501.3(c)(3) non-profit organization supported by the Linux Foundation. They’ve been in beta for about a year now, and to my knowledge they are the only reliable, official free source of SSL certificates that has ever existed.

However, because Let’s Encrypt is a non-profit organization, not owned by any company that must make a profit from each SSL certificate they issue, they need our support:

As a company, we’ve donated a Discourse hosted support community, and a cash amount that represents how much we would have paid in a year to one of the existing for-profit certificate authorities to set up HTTPS for all the Discourse websites we host.

I urge you to do the same:

  • Estimate how much you would have paid for any free SSL certificates you obtained from Let’s Encrypt, and please donate that amount to Let’s Encrypt.

  • If you work for a large company, urge them to sponsor Let’s Encrypt as a fundamental cornerstone of a safe web.

If you believe in an unalienable right to privacy on the Internet for every citizen in every nation, please support Let’s Encrypt.

[advertisement] Find a better job the Stack Overflow way – what you need when you need it, no spam, and no scams.
Categories: Others, Programming Tags:

Your Digital Pinball Machine

November 2nd, 2016 No comments

I’ve had something of an obsession with digital pinball for years now. That recently culminated in me buying a Virtuapin Mini.

OK, yes, it’s an extravagance. There’s no question. But in my defense, it is a minor extravagance relative to a real pinball machine.

The mini is much smaller than a normal pinball machine, so it’s easier to move around, takes up less space, and is less expensive. Plus you can emulate every pinball machine, ever! The Virtuapin Mini is a custom $3k build centered around three screens:

  • 27″ main playfield (HDMI)
  • 23″ backglass (DVI)
  • 8″ digital matrix (USB LCD)

Most of the magic is in those screens, and whether the pinball sim in question allows you to arrange the three screens in its advanced settings, usually by enabling a “cabinet” mode.

Let me give you an internal tour. Open the front coin door and detach the two internal nuts for the front bolts, which are finger tight. Then remove the metal lockdown bar and slide the tempered glass out.

The most uniquely pinball item in the case is right at the front. This Digital Plunger Kit connects the 8 buttons (2 on each side, 3 on the front, 1 on the bottom) and includes an analog tilt sensor and analog plunger sensor. All of which shows up as a standard game controller in Windows.

On the left front side, the audio amplifier and left buttons.

On the right front side, the digital plunger and right buttons.

The 27″ playfield monitor is mounted using a clever rod assembly to the standard VESA mount panel on the back, so we can easily rotate it up to work on the inside as needed.

If you need the monitor all the way out, detach the power cord and the HDMI connector. Then you have complete access to the interior.

Notice the large down-firing subwoofer mounted in the middle of the body, as well as the ventilation holes. The PC “case” is just a back panel, and the power strip is the Smart Strip kind where it auto-powers everything based on the PC being powered on or off. (The actual power switch is on the bottom front right of the case.)

Powering it up and getting all three screens configured in the pinball sim of your choice results in … magic.

It is a thoroughly professional build, as you’d expect from a company that has been building these pinball rigs for the last decade. It uses real wood, real glass, and authentic metal pinball parts throughout.

I was truly impressed by the build quality of this machine. Paul of Virtuapin said they’re on roughly version four of the machine and it shows. Due to all the wood, metal parts, and tempered glass, it’s over 100 pounds fully assembled and arrives on a shipping pallet. I can only imagine how heavy the full size version would be!

That said, I do have some tweaks I recommend:

  • Make absolutely sure you get an IPS panel as your 27″ playfield monitor. As arrived, mine had a TN panel and while it was playable if you stood directly in front of the machine, playfield visibility was pretty dire outside that narrow range. I dropped in the BenQ GW2765HT to replace the GL2760H that was in there, and I was golden. If you plan to order, I would definitely talk to Paul at VirtuaPin and specify that you want this IPS display. The 23″ backglass monitor appears to be IPS already so no need to change there.

  • The improved display has a 1440p resolution compared to the 1080p originally shipped, so you might want to upgrade from the GeForce 750 Ti video card to the just-released 1050 Ti. This is not strictly required, as I found the 750 Ti an excellent performer even at the higher resolution, but I plan to play only fully 3D pinball sims and the 1050 Ti gets excellent reviews for $140, so I went for it.

  • Internally everything is exceptionally well laid out, the only very minor improvement I’d recommend is connecting the rear exhaust fan to the motherboard header so its fan speed can be dynamically controlled by the computer rather than being at full power all the time.

  • On the Virtuapin website order form the PC they provide sounds quite outdated, but don’t sweat it: I picked the lowest options thinking I would have to replace it all, but they shipped me a Haswell based quad-core PC with 8GB RAM and a 256GB SSD, even though those options weren’t even on the order form.

I realize $3k (plus palletized shipping) is a lot of money, but I estimate it would cost you at least $1500 in parts to build this machine, plus a month of personal labor. Provided you get the IPS playfield monitor, this is a solidly constructed “real” pinball machine, and if you’re into digital pinball like I am, it’s an absolute joy to play and a good deal for what you actually get. As Ferris Bueller once said:

If you’d like to experiment with this and don’t have three grand burning a hole in your pocket, 90% of digital pinball simulation is a widescreen display in portrait mode. Rotate one of your monitors, add another monitor if you’re feeling extra fancy, and give it a go.

As for software, most people talk about Visual Pinball for these machines, and it works. But the combination of janky hacked-together 2D bitmap technology used in the gameplay, and the fact that all those designs are ripoffs that pay nothing in licensing back to the original pinball manufacturers really bothers me.

I prefer Pinball Arcade in DirectX 11 mode, which is downright beautiful, easily (and legally!) obtainable via Steam and offers a stable of 60+ incredible officially licensed classic pinball tables to choose from, all meticulously recreated in high resolution 3D with excellent physics.

As for getting pinball simulations running on your three monitor setup, if you’re lucky the game will have a cabinet mode you can turn on. Unfortunately, this can be weird due to … licensing issues. Apparently building a pinball sim on the computer requires entirely different licensing than placing it inside a full-blown pinball cabinet.

Pinball Arcade has a nifty camera hack someone built that lets you position three cameras as needed to get the three displays. You will also need the excellent x360ce program to dynamically map joystick events and buttons to a simulated Xbox 360 controller.

Pinball FX2 added a cabinet mode about a year ago, but turning it on requires a special code and you have to send them a picture of your cabinet (!) to get that code. I did, and the cabinet mode works great; just enable cabinet mode with your code, specify the coordinates of each screen in the settings and you are good to go. While these tables definitely have arcadey physics, I find them great fun and there are a ton to choose from.

Pro Pinball Timeshock Ultra is unique because it’s originally from 1997 and was one of the first “simulation” level pinball games. The current rebooted version is still pre-rendered graphics rather than 3D, but the client downloads the necessary gigabytes of pre-rendered content at your exact screen resolution and it looks amazing.

Timeshock has explicit cabinet support in the settings and via command line tweaks. Position each window as necessary, then enable fullscreen for each one and it’ll snap to the monitor you placed it on. It’s “only” one table, but arguably the most classic of all pinball sims. I sincerely hope they continue to reboot the rest of the Pro Pinball series, including Big Race USA which is my favorite.

I’ve always loved pinball machines, even though they struggled to keep up with the arcade games of their day. In some ways I view my current project, Discourse, as an analog to classic pinball machines attempting to bridge the gap to the modern day:

The fantastic 60 minute documentary Tilt: The Battle to Save Pinball has so many parallels with what we’re trying to do for forum software.

Pinball is threatened by Video Games, in the same way that Forums are threatened by Facebook and Twitter and Tumblr and Snapchat. They’re considered old and archaic technology. They’ve stopped being sexy and interesting relative to what else is available.

Pinball was forced to reinvent itself several times throughout the years, from mechanical, to solid state, to computerized. And the defining characteristic of each “era” of pinball is that the new tables, once you played them, made all the previous pinball games seem immediately obsolete because of all the new technology.

The Pinball 2000 project was an attempt to invent the next generation of pinball machines:

It wasn’t a new feature, a new hardware set, it was everything new. We have to get everything right. We thought that we had reinvented the wheel. And in many respects, we had.

This is exactly what we want to do with Discourse – build a forum experience so advanced that playing will make all previous forum software seem immediately obsolete.

Discourse aims to save forums and make them relevant and useful to a whole new generation.

So if I seem a little more nostalgic than most about pinball, perhaps a little too nostalgic at times, maybe that’s why.

[advertisement] Building out your tech team? Stack Overflow Careers helps you hire from the largest community for programmers on the planet. We built our site with developers like you in mind.
Categories: Others, Programming Tags:

A new serverless adventure at Auth0

September 20th, 2016 No comments

Last week was my last of a great ride at Splunk. I have now joined Auth0 working on a new developer-focused offering around Serverless compute, with Webtask. I’ve also started a new blog to discuss more broader topics on tech, startups etc.

Read more on what I am doing now here!

Categories: Others, Programming Tags:

Can Software Make You Less Racist?

August 25th, 2016 No comments

I don’t think we computer geeks appreciate how profoundly the rise of the smartphone, and Facebook, has changed the Internet. It’s something that really only happened in the last five years, as smartphones and data plans dropped radically in price and became accessible – and addictive – to huge segments of the population.

People may have regularly used computers in 2007, sure, but that is a very different thing than having your computer in your pocket, 24/7, with you every step of every day, integrated into your life. As Jerry Seinfeld noted in 2014:

But I know you got your phone. Everybody here’s got their phone. There’s not one person here who doesn’t have it. You better have it … you gotta have it. Because there is no safety, there is no comfort, there is no security for you in this life any more … unless when you’re walking down the street you can feel a hard rectangle in your pants.

This is a an addiction that is new to millions – but eerily familiar to us.

From “only nerds will use the Internet” to “everyone stares at their smartphones all day long!” in 20 years. Not bad, team :-).

— Marc Andreessen (@pmarca) January 16, 2015

The good news is that, at this moment, every human being is far more connected to their fellow humans than any human has ever been in the entirety of recorded history.

Spoiler alert: that’s also the bad news.

Nextdoor is a Facebook-alike focused on specific neighborhoods. The idea is that you and everyone else on your block would join, and you can privately discuss local events, block parties, and generally hang out like neighbors do. It’s a good idea, and my wife started using it a fair bit in the last few years. We feel more connected to our neighbors. But one unfortunate thing you’ll find out when using Nextdoor is that your neighbors are probably a little bit racist.

I don’t use Nextdoor myself, but I remember Betsy specifically complaining about the casual racism she saw there, and I’ve seen it mentioned several times on Twitter by people I follow. They’re not the only ones. It became so epidemic that Nextdoor got a reputation for being a racial profiling hub.

Social networking historically trends young, with the early adopters. Facebook launched as a site for college students. But as those networks grow, they inevitably age. They begin to include older people. And those older people will, statistically speaking, be more racist. I apologize if this sounds ageist, but let me ask you something: do you consider your parents a little racist? I will personally admit that one of my parents is definitely someone I would label a little bit racist. It’s … not awesome.

The older the person, the more likely they are to have these “old fashioned” notions that the presence of black people on your block is inherently suspicious, and marriage should probably be defined as between a man and a woman.

In one meta-analysis by Jeffrey Lax and Justin Phillips of Columbia University, a majority of 18–29 year old Americans in 38 states support same sex marriage while in only 6 states do less than 45% of 18–29 year olds support same-sex marriage. At the same time not a single state shows support for same-sex marriage greater than 35% amongst those 64 and older

The idea that regressive social opinions correlate with age isn’t an opinion; it’s a statistical fact.

Support for same-sex marriage in the U.S.

18 - 29 years old    65%
30 - 49 years old    54%
50 - 64 years old    45%
65+ years old        39%

Are there progressive septuagenarians? Sure there are. But not many.

To me, failure to support same-sex marriage is as inconceivable as failing to support interracial marriage. Which was not that long ago, to the tune of the late 60s and early 70s. If you want some truly hair-raising reading, try Loving v. Virginia on for size. Because Virginia is for lovers. Just not those kind of lovers, 49 years ago. In the interests of full disclosure, I am 45 years old, and I graduated from the University of Virginia.

Anyway, the good news is that you’re more connected with your neighbors than ever before. But you may also find out some regressive things about your neighbors that you’d never have discovered in years of traditional daily routine of polite waves, hellos from the driveway, and casual sidewalk conversations.

To their immense credit, rather than accepting this status quo, Nextdoor did what any self-respecting computer geek would do: they changed their software.

Now, when you attempt to post about a crime or suspicious behavior …

… you get smart, just in time nudges to think less about race, and more about behavior.

The results were striking:

Nextdoor claims this new multi-step system has, so far, reduced instances of racial profiling by 75%. It’s also decreased considerably the number of notes about crime and safety. During testing, the number of crime and safety issue reports abandoned before being published rose by 50%. “It’s a fairly significant dropoff,” said Tolia, “but we believe that, for Nextdoor, quality is more important than quantity.”

I’m a big believer in designing software to help nudge people, at exactly the right time, to be their better selves. And this is a textbook example of doing it right.

Would using Nextdoor and encountering these dialogs make my aforementioned parent a little bit less racist? Probably not. But I like to think they would make that parent stop for at least a moment and consider the importance of focusing on the behavior that is problematic, rather than the person. This is a philosophy I promoted on Stack Overflow, I continue to promote with Discourse, and I promote daily to my three kids. You never, ever judge someone by what they look like. Look at what they do.

If you were getting excited about the prospect of validating Betteridge’s Law yet again, I’m sorry to disappoint you. I believe software, properly designed software, can not just help people generally be more civil to each other, but can also help people – maybe even people you love – behave a bit less like racists online.

[advertisement] At Stack Overflow, we help developers learn, share, and grow. Whether you’re looking for your next dream job or looking to build out your team, we’ve got your back.
Categories: Others, Programming Tags:

20 Best New PHP Frameworks

July 29th, 2016 No comments
1-Fuel- PHP framework

Choosing the right PHP framework is very important for web developers. A good PHP framework will help you build websites faster and easier and also provides a feature-rich environment for a smooth web development process.

PHP frameworks are always evolving and new updates are released often, that is why we decided to share with you today, some of the best, new PHP frameworks web developers can use to ease their work.

Do you use any of these? Or maybe we missed one PHP framework you like? Let us know in the comment section below.

P.S. Take a look at these Best Layers WP Themes and Templates with Framework Features and Popular Premium WordPress Framework Themes.

Fuel PHP


Fuel PHP is an MVC framework, designed to have full support for HMVC. This is a modular and secure framework, ideal for beginner web developers as well as more advanced users.

CakePHP


This framework makes building web applications simpler, faster, while requiring less code. It also offers improved session management, ORM improvements, good code generation and scaffolding features.

Zend


Zend Server has many useful features for developers. It helps them create quality apps faster, automates the delivery of those apps from code to production, and provides the best back-end platform to ensure your apps perform at scale.

3-Zend PHP frameworks

CodeIgniter


CodeIgniter is easy to learn and use and it is packed with useful features like easy configuration, no large libraries, and more.

4-CodeIgniter PHP framework

Slim


Slim is a lightweight templating engine that can be used as a micro-framework. It’s loaded with features and has an incredible routing system.

5-Slim PHP framework

Flight PHP


Flight is a fast, simple, and extensible PHP framework that enables you to quickly and easily build RESTful web applications.

6-Flight-PHP PHP framework

Laravel


This is one of the most popular frameworks for PHP developers. It has an amazing ORM, painless routing, powerful queue library, simple authentication, and more awesome features.

7-Laravel PHP framework

PHPixie


PHPixie is easy to learn. It started as a micro framework and has gradually grown to be one of the most popular full stack PHP frameworks.

8-PHPixie

Medoo


Medoo is the lightest framework in this list and it is extremely easy to use. The great thing about it is that it also supports various SQL databases.

9-Medoo PHP framework

Nova Framework


Nova Framework is a simple but powerful MVC PHP Framework for building web applications.

10-Nova-Framework

Nette


Nette is a popular tool for PHP web development. It also uses revolutionary technology that eliminates security holes and their misuse.

11-Nette PHP framework

Phalcon


Phalcon is extremely fast and very easy to learn. Its innovative architecture makes Phalcon the fastest PHP framework ever built!

12-Phalcon PHP frameworks

POPPHP


POPPHP is a simple, lightweight, and powerful framework. It has many useful components that can be used within an application or as standalone components as well.

13-POPPHP PHP framework

Fat-Free


Fat-Free weighs in at under 50KB. It is a powerful yet easy-to-use PHP micro-framework designed to help you build dynamic and robust web applications – fast!

14-Fat-Free PHP framework

Symfony


Symfony can be a great foundation on which you can build some of the best PHP applications. It lets you choose from any of the 30 stand-alone components available for your own applications.

15-Symfony PHP framework

YiiFramework


YiiFramework isn’t for beginners, as it is a high-performance PHP framework best for developing Web 2.0 applications. It is packed with rich features: MVC, DAO/ActiveRecord, I18N/L10N, caching, authentication and role-based access control, scaffolding, testing, etc.

16-YiiFramework

Aura


Aura is a framework that provides independent library packages. Each library is self-contained and has only the things it needs for its core purpose.

17-Aura PHP framework

Silex


Silex is a PHP micro-framework that was built on the shoulders of Symfony and Pimple.

18-Silex PHP framework

Agavi


Agavi is a powerful, scalable PHP5 application framework that follows the MVC paradigm. It focuses on long-term quality over short-term solutions.

19-Agavi PHP framework

Zikula


Zikula is based on Symfony and Doctrine and it is an open source framework, perfect for small projects.

20-Zikula PHP framework

The post 20 Best New PHP Frameworks appeared first on Web Design Blog | Magazine for Designers.

Categories: Others, Programming Tags: