About the Author

Chris Shiflett

Hi, I’m Chris: entrepreneur, community leader, husband, and father. I live and work in Boulder, CO.

All posts for Nov 2003

On Being Quoted

I don't think I've ever been quoted before. While at ApacheCon, I went to see if there were any free Cokes left from lunch for Casey and I, and my quest was briefly interrupted by someone from Linux Today who wanted to ask me a question. I agreed, thinking she was going to ask some insightful question about Apache, open source, or something relevant. Nope, she asked me about SCO. How boring.

I basically expressed my lack of interest and indicated that the news from Slashdot was about all that I knew of SCO's actions. What ended up in the article was quite a bit different. The statements attributed to me aren't necessarily things that I disagree with (although I have no idea what four things in Linux I could possibly be talking about), but it is weird having quotes made up and attributed to me. I know a lot of open source developers are quoted pretty often. Is this pretty much the way it goes?

I wonder if Tim really said the things attributed to him in a similar article by the same writer.

I never did find any Cokes. Sorry, Casey. :-)

ApacheCon Wrapup

ApacheCon is over. When trying to think of all of the people that I hung out with or met for the first time (or both), I came up with the following list: Stas Bekman, Marcus Boerger, Rich Bowen, Philippe Chiasson, John Coggeshall, Rael Dornfest, Sterling Hughes, Rasmus Lerdorf, Theo Schlossnagle, Greg Stein, Nathan Torkington, Adam Trachtenberg, Casey West, and Geoff Young.

Adam and I went to see Geoff's talk, mod_perl 2.0 sucks; mod_perl 2.0 rocks, on Wednesday morning. As expected, this was an excellent talk, and I found a complimentary review shortly after that declared Geoff to be a star. Of course, I already knew that. After his talk, Geoff, Adam, and I went back to Mary's for a burger, and we all had the Hawaiian burger (since I had been raving about it since Sunday). My talk, PHP Attacks and Defense, was after lunch. The room was extremely large, which had good and bad points. More people were able to attend than when I spoke at OSCON (my talk there was very overcrowded, which prevented a lot of people from being able to get in), but the large room makes everything less intimate. I think the talk went pretty well, and those who filled out the comment cards had very nice things to say.

I took a nap before going to dinner at the Stratosphere, courtesy of Pair Networks (thanks Casey!). The restaurant was very nice, and it provided a great view of the city. It was one of those revolving restaurants (and located at the very top), so we got to see pretty much everything. One interesting thing about Las Vegas is how the city is in the middle of the desert, and this is clearly visible from atop the Stratosphere, because the city lights don't stretch very far in any direction. Dinner conversation was interesting, and we talked about pretty much everything. The dinner party consisted of Casey (the host), Nat, Geoff, Philippe, Rasmus, and myself. Rasmus had some interesting stories about Yahoo. I was particularly interested in the types of Web-based attacks that they have to deal with. There are some very creative and malicious people out there with way too much time on their hands, and Yahoo is a popular target.

Casey and I rode the Big Shot, which was the most thrilling ride I have ridden. As you can tell from the picture, we didn't play it very cool. There are a lot of funny captions that could go along with this picture, but "This thing is powered by Microsoft?!?!?!" was the best thing I could think of. That would be scary indeed. :-) As frightening as it was, I don't think it's the worst ride there. One new ride is a mechanical arm that extends far over the edge. It is basically a segment of track from a roller coaster, and you ride in a car that propels toward the end of the arm at very high speeds (the arm itself also moves up and down during this process), braking just at the brink of death. Nat cleverly described its motion as someone trying to shake a "boogie" from their finger. Once you've seen it, you will never ride it.

After dinner, we walked down the entire strip and all the way back to the Alexis. Everyone was too tired to do anything else after that, so we all went to bed.

I shared a cab to the airport with Marcus, and I wrote this blog on the plane. All in all, ApacheCon was a great experience, and I feel like I've learned a lot as well as made some good friends. Bye bye, Las Vegas.

Tuesday at ApacheCon

Today was as busy as yesterday, and I've realized that it's impossible to give an accurate account of a day at ApacheCon. This is especially true when I try to remember everything that happened late at night or sometime the following day.

I spent much of the day hacking and was able to meet and hang out with more people - Geoff, Stas, Theo, John, Adam, and Casey are the people whose faces (and names) come to mind. Nat was speaking opposite Rasmus at some PHP versus Perl (versus Java, but who cares about Java?) talk at Comdex. Casey and I took the shuttle over there to listen in, but we discovered that it would cost $1600.00 to watch the talk. That idea was quickly canned.

I went to dinner with Sams. Others in the party were Geoff, Stas, John, Rich, Greg, Shelley (an editor at Sams - the host), and a few other people. After dinner, we all headed to a bar to hang out but got separated in the process. Several of us walked over to the Luxor, and Geoff and I watched a haunted house movie on IMAX, which was very cool (it was in 3D).

Tomorrow is my talk (already available here, with all examples disabled, because they demonstrate security vulnerabilities), so I plan to go over my slides, and possibly do some last minute tweaking, before I get some sleep.

Monday at ApacheCon

I met up with Nat and went to see Adam's talk on XML in PHP 5. I then spent much of the afternoon with Nat, Adam, John, and a few other PHP and Perl guys.

I went to dinner with O'Reilly and spoke a lot with Stas about his work with mod_perl. I also met Rael.

Geoff, Stas, and I walked to the strip and watched the fountain show, visited the Venetian (which has recreated Venice indoors - very cool), saw a volcano erupting at the Mirage, and saw the pirate ships at Treasure Island. We didn't get to see the pirate show, but maybe another night.

Sunday at ApacheCon

My flight left JFK at 8:00 AM. That was not cool, but at least everything was on time. After arriving in Las Vegas, I met up with Geoff to go grab a burger and met one of his coworkers and Casey in the process. It was also the best burger I've ever eaten, so I expect to return there at least once this week.

I took a much needed nap after lunch. Adam got in a couple of hours later, and we had dinner at Lucky's in the Hard Rock Hotel and Casino (on Geoff's recommendation).

Tomorrow is the first day of sessions. I plan to go see Adam's XML talk, but that's the extent of my plans.

PHP Security Handbook

For all of the security-conscious PHP professionals who are starving for information, help is on the way. I'm pleased to announce my latest writing project, the PHP Security Handbook to be published by O'Reilly and Associates.

There are many steps to securing a Web application, including the security of the network, the Web server, and other related software. This book will focus on application security - the topics that are of concern to those who actually write the code.

mod_perl Sucks

And, mod_perl rocks. :-)

Thus was the lesson taught by Geoff in his wonderful presentation given to NY.pm last night.

He was specifically speaking about mod_perl 2.0, and the approach was very nice. The presentation began with a detailed step-by-step account of his first experiences with 2.0, including the problems he ran into and the steps he took to resolve those problems. This was the most refreshing thing about the sucks/rocks approach, in my opinion. Not only were the solutions to these problems given, but Geoff explained the approaches he took to find those solutions (rather than only explaining the steps involved in the solutions themselves). If everyone could do this, it sure would be a neat thing. I think too many people are concerned with wanting everyone to think that it all comes easily or naturally. The truth is that some things are just not intuitive, and even the things that are to some people, aren't for others.

At dinner, many topics were discussed, including PHP (which made me feel somewhat like a foreign diplomat), Perl, mod_perl, ApacheCon, OSCON, books, publishers, and even a lot of non-technical topics.

The really interesting thing about mod_perl, especially 2.0, is that the focus is in exposing Apache's C API in Perl. This grants a lot of power and flexibility to the developer. After seeing some of Geoff's examples, I am more motivated than ever to research PHP's apache_hooks SAPI, which has a similar goal. I am sure that George would appreciate having a bit more community interest in the project, and certainly there are some advanced PHP developers that could make good use of such a thing.

Though they're not there yet, I assume the slides for Geoff's talk will appear here. If not, you can try these, which are probably exactly the same, or you can come see Geoff (and me) at ApacheCon.