About the Author

Chris Shiflett

Hi, I’m Chris: entrepreneur, community leader, husband, and father. I live and work in Boulder, CO.


All posts for 2007

PHP Advent Calendar 2007

Thanks very much to everyone who participated in this year's PHP Advent Calendar. The entire calendar is available at the following URL: http://shiflett.org/blog/2007/dec For reference, the complete list of entries is below. (See also Chris Cornutt's l…

PHP Advent Calendar Day 24

Today's entry is provided by Nate Abele. Name Nate Abele Blog cake.insertdesignhere.com Biography Nate Abele of OmniTI has been a core developer of the CakePHP web framework for over two years. He is known in…

PHP Advent Calendar Day 23

Today's entry is provided by Jay Pipes. Name Jay Pipes Blog jpipes.com Biography Jay Pipes is the North American Community Relations Manager at MySQL. Coauthor of Pro MySQL (Apress, 2005), Jay regularly assis…

PHP Advent Calendar Day 22

Today's entry is provided by Derick Rethans. Today also happens to be Derick's birthday, so I hope you'll join me in wishing him a very happy birthday. (Because I'm a little late posting this, and Derick lives in Norway, I'm afraid this is a belated birt…

PHP Advent Calendar Day 21

Today's entry, provided by Luke Welling, is entitled Following the Big Dogs on Web Application Security. Name Luke Welling Blog lukewelling.com Biography Luke Welling is from Melbourne, Australia, but current…

PHP Advent Calendar Day 20

Today's entry, provided by Adam Trachtenberg, is entitled User-Defined Functions in SQLite. Name Adam Trachtenberg Blog trachtenberg.com Biography Adam Trachtenberg is the Senior Manager of Platform Evangelis…

PHP Advent Calendar Day 19

Today's entry is provided by Marcus Börger. Name Marcus Börger Blog marcus-boerger.de Biography Marcus Börger is a specialist in C, C++, databases, UML, XML, and of course PHP. To the PHP community, …

PHP Advent Calendar Day 18

Today's entry, provided by Christian Wenz, is entitled WSDL Despite PHP 5. Name Christian Wenz Blog hauser-wenz.de/blog/ Biography Christian Wenz got hooked on PHP when he introduced it to one of the largest web sites back in …

PHP Advent Calendar Day 17

Today's entry is provided by Ilia Alshanetsky. Name Ilia Alshanetsky Blog ilia.ws Biography Ilia Alshanetsky is an active member of the PHP development team and is the current release manager for PHP 5.2. Ilia is also the prin…

PHP Advent Calendar Day 16

Today's entry, provided by Jeff Moore, is entitled What We Can Learn about Software Development from a Failing Restaurant. Name Jeff Moore Blog procata.com/blog/ Biography Jeff Moore is a columnist for …

PHP Advent Calendar Day 15

Today's entry, provided by Paul Reinheimer, is entitled Channels and Output. Name Paul Reinheimer Blog blog.preinheimer.com Biography Born in Vancouver, raised in Ontario, educated in Windsor, currently roami…

PHP Advent Calendar Day 14

Today's entry, provided by David Sklar, is entitled Timing and Profiling. Name David Sklar Blog sklar.com/blog/ Biography David Sklar is a Software Architect at Ning, author of Learning PHP 5 (O'Reilly), PHP …

PHP Advent Calendar Day 13

Today's entry, provided by Terry Chay, is entitled Filter Input; Escape Output: Security Principles and Practice. Name Terry Chay Blog terrychay.com/blog/ Biography When Zend puts your face on a trading card,…

PHP Advent Calendar Day 12

Today's entry is provided by Ed Finkler. Name Ed Finkler Blog funkatron.com Biography Ed Finkler is the Web and Security Archive Administrator for CERIAS at Purdue University. As a member of the PHP Security …

PHP Advent Calendar Day 11

Today's entry is provided by Ben Ramsey. Name Ben Ramsey Blog benramsey.com Biography Ben Ramsey is a software architect at Schematic and the founder of the Atlanta PHP user group. He is the co-author of php|…

PHP Advent Calendar Day 10

Today's entry is provided by Chris Cornutt. Name Chris Cornutt Blog blog.phpdeveloper.org Biography Chris Cornutt is the senior editor of PHPDeveloper.org, a popular PHP news site, as well as a lead PHP devel…

PHP Advent Calendar Day 9

Today's entry, provided by Ivo Jansch, is entitled Design Patterns. Name Ivo Jansch Blog jansch.nl Biography Ivo Jansch is CTO of Ibuildings, a UK and Netherlands based PHP service company. Ivo is an active b…

PHP Advent Calendar Day 8

Today's entry, provided by Matthew Weier O'Phinney, is entitled Don't Reinvent the Wheel. Name Matthew Weier O'Phinney Blog weierophinney.net/matthew/ Biography Matthew Weier O'Phinney is currently a PHP deve…

PHP Advent Calendar Day 7

Today's entry, provided by Elizabeth Smith, is entitled SPL to the Rescue. Name Elizabeth Smith Blog elizabethmariesmith.com Biography Elizabeth Smith is a PHP Windows geek, lover of all things PECL, PHPWome…

PHP Advent Calendar Day 6

Today's entry, provided by Davey Shafik, is entitled APIs, UIs, and Other Underused Acronyms. Name Davey Shafik Blog pixelated-dreams.com Biography Davey Shafik is an author, speaker, and developer with 10 ye…

PHP Advent Calendar Day 5

Today's entry, provided by Cal Evans, is entitled Five Resources Every PHP Developer Should Know About. Name Cal Evans Blog blog.calevans.com Biography Cal Evans is currently the Editor-in-Chief of the Zend D…

PHP Advent Calendar Day 4

Today's entry is provided by James McGlinn. Name James McGlinn Blog blog.phpdeveloper.co.nz Biography James McGlinn is the CTO of Eventfinder (a major New Zealand entertainment site) and founder of the NZ PHP…

PHP Advent Calendar Day 3

Today's entry is provided by Sebastian Bergmann. Name Sebastian Bergmann Blog sebastian-bergmann.de Biography Sebastian Bergmann is a long-time contributor to various PHP projects, including PHP itself. He is…

PHP Advent Calendar Day 2

Today's entry, provided by Elizabeth Naramore, is entitled Writing Code is Like Doing the Dishes (5 Reasons Why Documenting Your Code Makes You a Better Coder). Name Elizabeth Naramore Blog naramore.net/blog/ Biograph…

PHP Advent Calendar Day 1

Welcome to the PHP Advent Calendar. If you are unfamiliar with the format of an Advent calendar, Wikipedia has a pretty good description. The PHP Advent Calendar is similar in spirit to the Perl Advent Calendar, a tradition the Perl community has sustain…

PayPal Groks Security?

Via Jeremiah, I see that PayPal's new vulnerability disclosure policy includes an amnesty clause for well-intentioned security researchers: To encourage responsible disclosure, we commit that - if we conclude that a disclosure respects and meets all the…

Remember, Remember

The 5th of November. Just kidding. No, remember tonight's PHP Meetup, starring Andrew van der Stock of OWASP: Andrew van der Stock, Executive Director of OWASP (Open Web Application Security Project) will be speaking about upgrading the security of old …

PHP Comes to DC

The DC PHP Conference is right around the corner, and it looks like it's going to be great. (It's not too late to register.) Not only is this conference inexpensive ($450 for both days, $250 for one, and $150 for students), it boasts an impressive lineup…

The Internet is the New Unix

Tim O'Reilly has described the Internet as the new OS. Recent observations lead me to believe it's new the new Unix. Consider the following philosophy: Write programs that do one thing and do it well. Write programs to work together. Write programs to…

Delicious PHP

Much ado was made of Derek Sivers's choice to migrate CDBaby from Ruby to PHP. Although I think CDBaby itself is noteworthy, this particular decision isn't. A similar decision was made when Friendster migrated from Java to PHP. Derek's motivation seems t…

I Almost Get Twitter

For the past few weeks, I've been trying Twitter. (If you use Twitter yourself, you can follow me.) I'm only following a few people at the moment, because I'm primarily using the mobile interface (particularly nice on the iPhone), and I don't want to get…

The Unexpected SQL Injection

Alexander Andonov (Mordred) has written an articled called The Unexpected SQL Injection for the Web Application Security Consortium: We will look at several scenarios under which SQL injection may occur, even though mysql_real_escape_string() has been u…

Paul Jones Joins OmniTI

As you may have heard, Paul Jones is joining us at OmniTI. We're very excited to have him, and you can meet him in person by attending the Columbia PHP Meetup Monday night (please RSVP), where he'll be speaking about framework and application benchmarkin…

OmniTI Turns 10

Earlier this month (on the 4th, to be exact), OmniTI celebrated its 10th birthday. From humble beginnings in Theo's basement to a company of almost 50 employees, things have certainly changed. We now have an entire division devoted to email (Message Syst…

Logic

I often get distracted when following discussions online due to the abundance of flawed logic. It's distracting enough that I sometimes find myself tending to disagree with someone whose argument is illogical, even if I agree with the conclusion. (I can …

php|works Recap

Another conference has come and gone. As always, the folks at php|architect hosted a good conference, and it was nice to meet some new people and see old friends. There weren't even any hotel snafus this time. :-) I really enjoyed my keynote. Not only…

Catching Up and Keeping Up

I've been very busy since OSCON, so my blog pipeline is full. Hopefully I can properly catch up on some topics I've been meaning to discuss in the next few weeks. If you've been busy like me, you might be wondering how to catch up and keep up with the th…

Women in Technology

Earlier today, my editor and friend Tatiana Apandi launched Women in Technology, a series on the O'Reilly Network that she describes as follows: This series is comprised of articles written by women on the topic of "Women in Technology," which will run …

Upcoming Conferences

My schedule for the remainder of 2007 is mostly solidified, and I wanted to take a moment to mention the conferences I'll be attending. (I have been cutting back on conferences this year, but there are always a few that I don't want to miss.) php|works …

CSRF Redirector

Inspired by the XSS POST Forwarder, I just created the CSRF Redirector. It's a simple tool that makes it easy to test CSRF using POST, hopefully demonstrating how prevalent CSRF vulnerabilities are as well as reducing the misconception that forging a POS…

iPhone Security Concern

Nitesh Dhanjani just posted a reminder of an AT&T/Cingular vulnerability he first mentioned over a year ago. If you've recently purchased an iPhone, here's the scary part: The AT&T/Cingular voicemail system is configured by default not to ask for a pass…

Planet Web Security

If you want to keep up with the latest in web application security, you might want to add Planet Web Security to your reading list. In his announcement, Christian Matthies offers this brief description: I am pleased to announce the launch of Planet Web …

HTML Purifier

I've been focusing on work and neglecting my blog lately, but I want to take a moment to highlight HTML Purifier, a tool developed by Edward Yang. Edward contacted me a few days ago to let me know that he has just released version 2.0, and because this p…

Character Encoding and XSS

While lamenting Ronaldinho's red card and writing an overdue column for php|architect this weekend, I took a break to read Kevin Yank's latest post, Good and Bad PHP Code. In the post, he provides a few useful PHP interview questions, including some que…

Terry Chay on Rails

Terry Chay's latest post is a work of art. This is why I read his blog. (If you're easily offended, you shouldn't.) He gives a quick slap in the face to those with more ego than intelligence (an issue highlighted by Jeremy Privett), then launches into a …

Back from php|tek

php|tek was another well-organized event from the folks at php|architect. Just like my previous experience traveling to a conference, I arrived at JFK to discover that my flight had been cancelled. (This is becoming an unwelcome tradition.) A few more ca…

In Chicago for php|tek

After a very long and eventful day filled with multiple cancellations, delays, and overbooked hotels, I'm finally in Chicago (well, Schaumburg) and ready for php|tek. I'm fighting a cold (and currently losing; the travel problems haven't helped), so I mi…

Learning from Digg (DeCSS 2.0)

As I write this, Digg is offline after being overrun with stories about the HD DVD key that was recently leaked. Why are such stories so popular? Primarily because the original story about the leak was removed, which itself was a reaction to recent thre…

Ajax Is Not an Acronym

And it never was. In the original article about Ajax, the author states: The name is shorthand for Asynchronous JavaScript + XML, and it represents a fundamental shift in what's possible on the Web. Although he never calls it an acronym and never uses…

Luke Welling Joins OmniTI

I'm proud to welcome Luke Welling to OmniTI. Luke is a prominent member of the open source community, probably best known as the co-author (along with Laura) of one of the best selling open source books of all time, PHP and MySQL Web Development. Those w…

Anurag Agarwal's Reflections

Anurag Agarwal (whose blog is part of my planet) has been interviewing members of the web application security community for the past few weeks. As part of each interview, he has been providing a pretty thorough list of each person's contributions. The r…

Upcoming PHP and Open Source Conferences

There are a number of quality PHP and open source conferences each year. Here are a few that are taking place in the next month or two: php|tek 16 - 18 May Chicago, Illinois eLiberatica 18 - 19 May BraÅŸov, …

JavaScript Hijacking

A few readers have asked for my opinion regarding the recent fuss over a "new kind of web-based attack" that's being called JavaScript hijacking: Security researchers have found what they say is an entirely new kind of web-based attack, and it only targ…

My First CSS Naked Day

I'm a bit late for CSS Naked Day, but since I finally have a blog that respects web standards, strives for accessibility, and produces logically-ordered markup, I decided to give it a go. What is CSS Naked Day? The idea behind this event is to promote …

Digg's Eli White Speaks at PHP Meetup

The April meeting of the Columbia PHP Meetup will feature Eli White, Digg's PHP guru: For our April PHP meetup, Eli White of Digg will be giving an insider's tour of Digg, including what they're up to and how they're using PHP. We've got a great meeting…

My Amazon Anniversary

Today I am revealing an exploitable security vulnerability in Amazon. Before I do, I want to provide some history and context. On this day last year, I informed Amazon about a pretty serious vulnerability and demonstrated it with a few examples and a de…

Allowing HTML and Preventing XSS

One of the most common problems faced by web developers is allowing some HTML without creating XSS vulnerabilities in the process. This problem comes up more and more often due to the rise of social networking and other Web 2.0 properties that embolden u…

A New Beginning

I began my blog with a post entitled A New Beginning. For the first time since that post, the title seems appropriate again. A few months ago, I decided to put more effort into my blog, starting (but not ending) with a new design. I'm very picky about d…

Paying for Answers

I've been subscribed to the general PHP mailing list for many years. I used to be very active, answering hundreds of questions a month, but lately my participation has dropped. While scanning through my backlog of email earlier, one subject caught my eye…

OWASP Spring of Code 2007

During the lightning talks at tonight's PHP Meetup, Andrew van der Stock (executive director of OWASP) announced the Spring of Code 2007, an effort that will distribute $100,000 to worthy projects, divided approximately as follows: $20,000 for one…

Columbia PHP Meetup

I just created the Columbia PHP Meetup Group, something we have been wanting to do for a while. The inaugural meeting is going to be held at our headquarters on Mon, 05 Mar 2007: For our first PHP meetup in Columbia, we're going to be hosting lightning …

Ambient Signifiers

I've recently returned from a trip to Australia and New Zealand, during which I participated in Kiwi Foo Camp. Over the next few days, I plan to blog about some of the interesting discussions in an attempt to bring them to a larger audience. One of my f…

Consulting Rates

I'm subscribed to a lot of mailing lists - PHP, mod_perl, MySQL, web application security, etc. This week, there was an interesting conversation on the NYPHP mailing list - consulting rates. It all started with an email from Edward Potter. He had previo…

URL Vanity

I'm a perfectionist. As a web architect, I tend to obsess about URLs. I want them to be simple, user-friendly, and descriptive. I want them to be beautiful. I dislike underscores, file extensions, and superfluous characters. I hate the www subdomain, avo…

Adobe PDF XSS Vulnerability

I've been concentrating on work this past week, but I wanted to quickly mention the Adobe PDF XSS vulnerability discovered by Stefano Di Paola and Giorgio Fedon. This is being called UXSS (universal cross-site scripting) due to the fact that it can affec…

2006 Highlights

For the fourth consecutive year, I'm going to try to record my personal highlights from the previous year. To get things started, here are a few memories from 2006 off the top of my head: I had an amazing surprise 30th birthday party featuring th…