Discussions (53)


The Meat at ApacheCon

Today really was my day at ApacheCon. Four of the five talks were on things I’m truly interested in – mostly PHP (see previous post). Rasmus gave an interesting talk about using PHP at Yahoo!. He gave some particulars about making high-performance, scalable systems. The other portion of his talk focused around XML support in PHP 5, as well as SOAP and REST services at Yahoo! (including a pretty cool Yahoo! Maps demonstration). There’s a similar demo on his toys blog: http://toys.lerdorf.com/. There were times, however, when he went a little to deep into the details, though I don’t think they detracted from the quality of the talk.

There was another good talk called “Consuming Web Services using PHP 5” by Adam Trachtenberg (eBay). For the amount of time allotted I think it was a pretty good discussion on what to expect when working on REST and SOAP clients.

Scalable Web Architectures: decent. It’s one of those that really got me thinking about how German and I are going to design the DFL system (fewer hits, but extremely high bandwidth per user).

Now for the fun part of this post: Ruby on Rails (RoR). “Cheap, fast, and Good. You can have it all with Ruby on Rails.” It seems like every RoR demonstration I’ve seen fails to really capture a whole lot of attention from the average web developer, including this one. When the presenter, who I believe is one of the main developers of RoR, says that a lot of it is “magic” that scares him because he doesn’t really know what’s going on, what are we supposed to think? Yeah – it’s great that they can make these easy to install frameworks, but you can’t deny that some amount of programming has to go into developing the framework, and after that, the consumer developers still have to figure it all out (or in many cases, practice some kind of voodoo automagical programming methods). Put it this way – it didn’t seem like a lot of those people were very excited after the talk. It appears RoR will remain a novelty for some time to come.




ApacheCon day 3

I’m in the company of celebrities in the world of PHP.

I just finished listening to a talk by Andrei Zmievski on Unicode character support in the upcoming PHP 6. Though I don’t know much about supporting multiple character sets (I’ve had not reason just yet to internatiionalize my code), I do know the problem/difficulty that PHP has with internationalization. Andrei did a very good job of explaining not only what the problems are in the current 5.1.x release, but also how PHP 6 is going to address these items specifically. Without going into any detail here, I can safely say that our jobs are going to be much easier.

The next talk is by Rasmus Lerdorf, the father of PHP. Why is this a big deal? PHP is not only an easy dynamic language to learn, but it’s also currently the most popular, and fastest growing, language on the web (according to sourceforge and other code repositories). His talk is going to be on large-scale PHP. Not quite where I’m at … YET, but these kinds of things are great because they tend to be very concerned with optimization and scaling.

Oh yeah – Christian Wenz and Chris Shiflett are also at these talks. Reminder: Talk to Chris and Christian about securing files w/ Denying access to directories and files via Apache, but reading through PHP if user has appropriate privs. Oh yeah – and the book, maybe.

Link: http://talks.lerdorf.com/show/acon05




ApacheCon

And thus the second day of ApacheCon is over. It’s been a great conference so far, and I’ve learned quite a bit. My favorite talk thus far was the one on Web App Security by Christian Wenz. He’s one of Chris Shiflett’s buddies (who I also had a chance to meet this morning after the talk) over at PHPSec. I already knew what sorts of things went into breaking into sites, XSS, etc, but what I saw today was quite jaw-dropping at how easy it really is to do all these things. I suppose what’s been a great benefit to PHP will also be the downfall for many sites out there whose programmers haven’t been careful enough to check for tainted input.

Here’s a good start for those of you interested in more PHP security: http://www.phpsec.org/

Thanks to German, the DFL story is getting around a bit. A lot of people really don’t know what to think when they hear about it, and understandably so. Then again, we’re also among the very few who belong to academic/non-profit organizations (FOSS aside). In essence, it’s an odd data processing web app built with Java and PHP. It’s a pretty original idea, and there have been very few, if any, projects to come before us doing similar things (none quite to this extent).