Archive for February, 2008

ACM General Meeting #3 – Yahoo Presents: PHP Inventor, Rasmus Lerdorf

See http://talks.php.net/show/calpoly08

Overall an exciting tech talk by Rasmus Lerdorf, the inventor of PHP, who discussed how PHP came about, and a general discussion of how to take advantage of the Yahoo API, optimization techniques and how broken and insecure the web is.

He runs a website which displays statistics collected from the Nike + Apple running contraption.  see slowgeek.com

Lerdof does not like generalized frameworks.   One of them being RoR which his main critisizm is that the framework is not scalabe.  When developing with PHP and other tools, you can have multiple points of entry.  RoR you’re limited to one point of entry to a framework which must be aware of all the different services avaliable.  He claims this makes it very difficult (if not impossible) to scale your applications.

Yahoo has a useful tool called yslow for optimizing your webpages.  It is an extension for a firefox extension called firebug which is mainly used to debug javascript on webpages.  see http://developer.yahoo.com/yslow

Cool little way to allow browsers to cache files such as CSS (and yet use your latest versions when you make changes to them) is simply appending version numbers at the end of your filenames.  That way when you make a major change the chaced version does not matter because you’re looking at a new filename now.

Siege is a neat tool to measure the efficiency of your web services.  see http://www.joedog.org/JoeDay/Siege

APC is a PHP package which allows the server to cache opcode optimizing your PHP app.  (essentially skips the compile step)

valgrind is a tool to help optimize at the c-level.  Presented visually in kcachegrind.

xdebug is valgrind at the PHP level.  Generates output similar to valgrind which can be interpreted by kcachegrind.

Major exploits of the internet include cross-site scripting.  This allows hackers to essentially hook on to your current session (say in bofa) and perform “clicks” on your behalf.  Which is why you should NEVER have an online banking page (or anything of significant importance –with personal information, etc) open in the same browser you use for general browsing.

URL Handlers are a security risk as well.  Given that mailto had a buffer-overflow (written by a trusted developer)… many less-well-written applications present a major security risk.  “mailto:%0%0…” exploit.

References to XSS about how to hook on to a browser.

php.net/filter — firewall-like protection for PHP against stuff like sql-injection

sla.ckers.org/form/list.php?3 – where exploits get posted.

, , , , , , , , , , ,

No Comments