Hi, I'm Chris, a web developer and a founding member of Analog. I live and work in Brooklyn, NY.
Thanks very much to everyone who participated in this year's PHP Advent Calendar. The entire calendar is available at the following URL: http://shiflett.org/blog/2007/dec For reference, the complete list of entries is below. (See also Chris Cornutt's...
Today's entry is provided by Nate Abele. Name Nate Abele Blog cake.insertdesignhere.com Biography Nate Abele of OmniTI has been a core developer of the CakePHP web framework for over two years. He is known ...
Today's entry is provided by Jay Pipes. Name Jay Pipes Blog jpipes.com Biography Jay Pipes is the North American Community Relations Manager at MySQL. Coauthor of Pro MySQL (Apress, 2005), Jay regularly ass...
Today's entry is provided by Derick Rethans. Today also happens to be Derick's birthday, so I hope you'll join me in wishing him a very happy birthday. (Because I'm a little late posting this, and Derick lives in Norway, I'm afraid this is a belated bi...
Today's entry, provided by Luke Welling, is entitled Following the Big Dogs on Web Application Security. Name Luke Welling Blog lukewelling.com Biography Luke Welling is from Melbourne, Australia, but curre...
Today's entry, provided by Adam Trachtenberg, is entitled User-Defined Functions in SQLite. Name Adam Trachtenberg Blog trachtenberg.com Biography Adam Trachtenberg is the Senior Manager of Platform Evangel...
Today's entry is provided by Marcus Börger. Name Marcus Börger Blog marcus-boerger.de Biography Marcus Börger is a specialist in C, C++, databases, UML, XML, and of course PHP. To the PHP community, he i...
Today's entry, provided by Christian Wenz, is entitled WSDL Despite PHP 5. Name Christian Wenz Blog hauser-wenz.de/blog/ Biography Christian Wenz got hooked on PHP when he introduced it to one of the largest web sites back i...
Today's entry is provided by Ilia Alshanetsky. Name Ilia Alshanetsky Blog ilia.ws Biography Ilia Alshanetsky is an active member of the PHP development team and is the current release manager for PHP 5.2. Ilia is also the pr...
Today's entry, provided by Jeff Moore, is entitled What We Can Learn about Software Development from a Failing Restaurant.
I like to cook. I especially like to cook for the holidays. Four or five times a year, I get to go hog wild and spend most of a day just cooking. (This Christmas, the menu is shaping up to be roast pork loin with cranberry apple sauce, roasted Brussels sprouts, scalloped potatoes, and a yam dish of some sort with maple syrup.) People sometimes tell me that I should cook professionally, but I'm really not that good at it. I just smile and say that I wouldn't want to ruin my enjoyment by making a job out of it. You see, I've never really worked in the food industry. There's not even a "do you want fries with that" in my past. I do have one guilty pleasure: a way to live vicariously in the restaurant trade.
You may have shared my indulgence. It's called reality TV. I like to watch shows that are not specifically about the preparation of food, but rather the restaurant business in general. I first got hooked on a show called The Restaurant. Then, I discovered Gordon Ramsay's Kitchen Nightmares, the British version followed by the American one. Don't forget the Canadian Restaurant Makeover. My TiVo doesn't. Drama and show business aside, I think there are things that we as programmers can learn from these shows. I'd like to focus on Gordon Ramsay's show.
The premise of each show is similar. There is a restaurant that is in trouble, and it needs to be fixed. Surprisingly, although each restaurant is different, each has problems that share similar patterns, and the same solutions are applied. (Watching these shows reminds me quite a bit of MBA case studies.)
The first segment of these shows is usually a review of the menu. Gordon Ramsay is a natural performer, with a face that was born to show disgust. He winces at strange flavor combinations, picks apart the dishes, and waves his hand up and down complicated menus lamenting the lack of focus.
This seems to be a common problem for restaurant owners. They don't want to leave any possibility unexploited. The menu expands to include any dish that anyone has ever asked for. The customers are overwhelmed by variety. The kitchen can't maintain quality across the array of choices. The restaurant is unremarkable because it does not excel at any one thing.
We can see this at work in the software industry. Have you ever worked on a bloated project? Have you worked on a project where no core feature stood out for its value, and where the feature list was all over the map? I have.
Many of these restaurant owners have a vision about the kind of restaurant they want to run. But, that vision doesn't always match what the customers in their community want. They open a fine dining restaurant in a working class neighborhood, or when they can barely cook without the help of prepackaged food and a microwave.
Sometimes, the restaurant staff has a hard time reconciling their vision with reality. The cognitive dissonance makes for good television. The chefs' assessment of their own food may not have any basis in reality. For the owners, hard times and failure breeds a conservative reluctance to change. They don't want to alienate that last meager customer base they have. Ramsay sometimes has to resort to extraordinary measures to realign the stake holders' conception of the restaurant, the menu, and themselves.
Ramsay uses a variety of techniques. If the chef produces foul tasting food, Ramsay blindfolds him and makes him taste it. If the chef thinks people like the lousy food, Ramsay takes the dish on the street and does taste comparisons. If the owner has no idea why his restaurant is empty, Ramsay goes out into the community and asks people why they don't go there. Anyone familiar with the principles of agile development should recognize the power of introducing feedback into the process.
This part of the show that interests me the most. The owner's vision has to be aligned with the community's needs. The menu has to be aligned with the staff's ability. Software projects require the same goal alignment.
Many of these establishments have suffered an overall decline in standards. Ramsay sets out to instill a pride in one's work among the staff. If the kitchen is messy, he makes them clean it. If there is bad or rotten food, he gets rid of it. If something isn't right, he makes them do it over again. Low standards beget lower standards. Along the same lines, I think sloppy code encourages more sloppy code. Ramsay says the food represents the cooks. Your code represents you. Take pride in your work.
Sometimes, the cook just wants to get the food done, and doesn't care what the customer thinks of it. In one episode, a chef drops a chicken wing on the floor and then tosses it in the fryer and intends to serves it. The grease cleans it, he claims! Have you witnessed the software equivalent of serving chicken wings off the floor? This attitude stems from a lack of empathy with the customer. Do you make fun of your users? Do you care what they think? Gordon Ramsay cares.
There are two versions of Ramsay's show. I prefer the British version, mostly because of the follow-up visit that shows whether the changes have stuck. The American version also includes an Oprah-inspired giveaway; the restaurant gets a new stove or new dishes. To me, this only confounds the social aspects of the show that I find so interesting.
Others have written about this show from a software development viewpoint. Watch the show yourself to see what you can get out of it.
Today's entry, provided by Paul Reinheimer, is entitled Channels and Output. Name Paul Reinheimer Blog blog.preinheimer.com Biography Born in Vancouver, raised in Ontario, educated in Windsor, currently roa...
Today's entry, provided by David Sklar, is entitled Timing and Profiling. Name David Sklar Blog sklar.com/blog/ Biography David Sklar is a Software Architect at Ning, author of Learning PHP 5 (O'Reilly), PH...
Today's entry, provided by Terry Chay, is entitled Filter Input; Escape Output: Security Principles and Practice. Name Terry Chay Blog terrychay.com/blog/ Biography When Zend puts your face on a trading car...
Today's entry is provided by Ed Finkler. Name Ed Finkler Blog funkatron.com Biography Ed Finkler is the Web and Security Archive Administrator for CERIAS at Purdue University. As a member of the PHP Securit...
Today's entry is provided by Ben Ramsey. Name Ben Ramsey Blog benramsey.com Biography Ben Ramsey is a software architect at Schematic and the founder of the Atlanta PHP user group. He is the co-author of ph...
Today's entry is provided by Chris Cornutt. Name Chris Cornutt Blog blog.phpdeveloper.org Biography Chris Cornutt is the senior editor of PHPDeveloper.org, a popular PHP news site, as well as a lead PHP dev...
Today's entry, provided by Ivo Jansch, is entitled Design Patterns. Name Ivo Jansch Blog jansch.nl Biography Ivo Jansch is CTO of Ibuildings, a UK and Netherlands based PHP service company. Ivo is an active...
Today's entry, provided by Matthew Weier O'Phinney, is entitled Don't Reinvent the Wheel. Name Matthew Weier O'Phinney Blog weierophinney.net/matthew/ Biography Matthew Weier O'Phinney is currently a PHP de...
Today's entry, provided by Elizabeth Smith, is entitled SPL to the Rescue. Name Elizabeth Smith Blog elizabethmariesmith.com Biography Elizabeth Smith is a PHP Windows geek, lover of all things PECL, PHPWo...
Today's entry, provided by Davey Shafik, is entitled APIs, UIs, and Other Underused Acronyms. Name Davey Shafik Blog pixelated-dreams.com Biography Davey Shafik is an author, speaker, and developer with 10 ...
Today's entry, provided by Cal Evans, is entitled Five Resources Every PHP Developer Should Know About. Name Cal Evans Blog blog.calevans.com Biography Cal Evans is currently the Editor-in-Chief of the Zend...
Today's entry is provided by James McGlinn. Name James McGlinn Blog blog.phpdeveloper.co.nz Biography James McGlinn is the CTO of Eventfinder (a major New Zealand entertainment site) and founder of the NZ P...
Today's entry is provided by Sebastian Bergmann. Name Sebastian Bergmann Blog sebastian-bergmann.de Biography Sebastian Bergmann is a long-time contributor to various PHP projects, including PHP itself. He ...
Today's entry, provided by Elizabeth Naramore, is entitled Writing Code is Like Doing the Dishes (5 Reasons Why Documenting Your Code Makes You a Better Coder). Name Elizabeth Naramore Blog naramore.net/blog/ Biogra...
Welcome to the PHP Advent Calendar. If you are unfamiliar with the format of an Advent calendar, Wikipedia has a pretty good description. The PHP Advent Calendar is similar in spirit to the Perl Advent Calendar, a tradition the Perl community has susta...
Via Jeremiah, I see that PayPal's new vulnerability disclosure policy includes an amnesty clause for well-intentioned security researchers: To encourage responsible disclosure, we commit that - if we conclude that a disclosure respects and meets all t...
The 5th of November. Just kidding. No, remember tonight's PHP Meetup, starring Andrew van der Stock of OWASP: Andrew van der Stock, Executive Director of OWASP (Open Web Application Security Project) will be speaking about upgrading the security of ol...
The DC PHP Conference is right around the corner, and it looks like it's going to be great. (It's not too late to register.) Not only is this conference inexpensive ($450 for both days, $250 for one, and $150 for students), it boasts an impressive line...
Tim O'Reilly has described the Internet as the new OS. Recent observations lead me to believe it's new the new Unix. Consider the following philosophy: Write programs that do one thing and do it well. Write programs to work together. Write programs ...
Much ado was made of Derek Sivers's choice to migrate CDBaby from Ruby to PHP. Although I think CDBaby itself is noteworthy, this particular decision isn't. A similar decision was made when Friendster migrated from Java to PHP. Derek's motivation seems...
For the past few weeks, I've been trying Twitter. (If you use Twitter yourself, you can follow me.) I'm only following a few people at the moment, because I'm primarily using the mobile interface (particularly nice on the iPhone), and I don't want to g...
Alexander Andonov (Mordred) has written an articled called The Unexpected SQL Injection for the Web Application Security Consortium: We will look at several scenarios under which SQL injection may occur, even though mysql_real_escape_string() has been...
As you may have heard, Paul Jones is joining us at OmniTI. We're very excited to have him, and you can meet him in person by attending the Columbia PHP Meetup Monday night (please RSVP), where he'll be speaking about framework and application benchmark...
Earlier this month (on the 4th, to be exact), OmniTI celebrated its 10th birthday. From humble beginnings in Theo's basement to a company of almost 50 employees, things have certainly changed. We now have an entire division devoted to email (Message Sy...
I often get distracted when following discussions online due to the abundance of flawed logic. It's distracting enough that I sometimes find myself tending to disagree with someone whose argument is illogical, even if I agree with the conclusion. (I ca...
Another conference has come and gone. As always, the folks at php|architect hosted a good conference, and it was nice to meet some new people and see old friends. There weren't even any hotel snafus this time. :-) I really enjoyed my keynote. Not on...
I've been very busy since OSCON, so my blog pipeline is full. Hopefully I can properly catch up on some topics I've been meaning to discuss in the next few weeks. If you've been busy like me, you might be wondering how to catch up and keep up with the ...
Earlier today, my editor and friend Tatiana Apandi launched Women in Technology, a series on the O'Reilly Network that she describes as follows: This series is comprised of articles written by women on the topic of "Women in Technology," which will ru...
My schedule for the remainder of 2007 is mostly solidified, and I wanted to take a moment to mention the conferences I'll be attending. (I have been cutting back on conferences this year, but there are always a few that I don't want to miss.) php|work...
Inspired by the XSS POST Forwarder, I just created the CSRF Redirector. It's a simple tool that makes it easy to test CSRF using POST, hopefully demonstrating how prevalent CSRF vulnerabilities are as well as reducing the misconception that forging a P...
Nitesh Dhanjani just posted a reminder of an AT&T/Cingular vulnerability he first mentioned over a year ago. If you've recently purchased an iPhone, here's the scary part: The AT&T/Cingular voicemail system is configured by default not to ask for a pa...
If you want to keep up with the latest in web application security, you might want to add Planet Web Security to your reading list. In his announcement, Christian Matthies offers this brief description: I am pleased to announce the launch of Planet We...
I've been focusing on work and neglecting my blog lately, but I want to take a moment to highlight HTML Purifier, a tool developed by Edward Yang. Edward contacted me a few days ago to let me know that he has just released version 2.0, and because this...
While lamenting Ronaldinho's red card and writing an overdue column for php|architect this weekend, I took a break to read Kevin Yank's latest post, Good and Bad PHP Code. In the post, he provides a few useful PHP interview questions, including some q...
Terry Chay's latest post is a work of art. This is why I read his blog. (If you're easily offended, you shouldn't.) He gives a quick slap in the face to those with more ego than intelligence (an issue highlighted by Jeremy Privett), then launches into ...
php|tek was another well-organized event from the folks at php|architect. Just like my previous experience traveling to a conference, I arrived at JFK to discover that my flight had been cancelled. (This is becoming an unwelcome tradition.) A few more ...
After a very long and eventful day filled with multiple cancellations, delays, and overbooked hotels, I'm finally in Chicago (well, Schaumburg) and ready for php|tek. I'm fighting a cold (and currently losing; the travel problems haven't helped), so I ...
As I write this, Digg is offline after being overrun with stories about the HD DVD key that was recently leaked. Why are such stories so popular? Primarily because the original story about the leak was removed, which itself was a reaction to recent th...
And it never was. In the original article about Ajax, the author states: The name is shorthand for Asynchronous JavaScript + XML, and it represents a fundamental shift in what's possible on the Web. Although he never calls it an acronym and never us...
I'm proud to welcome Luke Welling to OmniTI. Luke is a prominent member of the open source community, probably best known as the co-author (along with Laura) of one of the best selling open source books of all time, PHP and MySQL Web Development. Those...
Anurag Agarwal (whose blog is part of my planet) has been interviewing members of the web application security community for the past few weeks. As part of each interview, he has been providing a pretty thorough list of each person's contributions. The...
There are a number of quality PHP and open source conferences each year. Here are a few that are taking place in the next month or two: php|tek 16 - 18 May Chicago, Illinois eLiberatica 18 - 19 May Braşov, ...
A few readers have asked for my opinion regarding the recent fuss over a "new kind of web-based attack" that's being called JavaScript hijacking: Security researchers have found what they say is an entirely new kind of web-based attack, and it only ta...
I'm a bit late for CSS Naked Day, but since I finally have a blog that respects web standards, strives for accessibility, and produces logically-ordered markup, I decided to give it a go. What is CSS Naked Day? The idea behind this event is to promot...
The April meeting of the Columbia PHP Meetup will feature Eli White, Digg's PHP guru: For our April PHP meetup, Eli White of Digg will be giving an insider's tour of Digg, including what they're up to and how they're using PHP. We've got a great meeti...
Today I am revealing an exploitable security vulnerability in Amazon. Before I do, I want to provide some history and context. On this day last year, I informed Amazon about a pretty serious vulnerability and demonstrated it with a few examples and a ...
One of the most common problems faced by web developers is allowing some HTML without creating XSS vulnerabilities in the process. This problem comes up more and more often due to the rise of social networking and other Web 2.0 properties that embolden...
I began my blog with a post entitled A New Beginning. For the first time since that post, the title seems appropriate again. A few months ago, I decided to put more effort into my blog, starting (but not ending) with a new design. I'm very picky about...
I've been subscribed to the general PHP mailing list for many years. I used to be very active, answering hundreds of questions a month, but lately my participation has dropped. While scanning through my backlog of email earlier, one subject caught my e...
During the lightning talks at tonight's PHP Meetup, Andrew van der Stock (executive director of OWASP) announced the Spring of Code 2007, an effort that will distribute $100,000 to worthy projects, divided approximately as follows: $20,000 for o...
I just created the Columbia PHP Meetup Group, something we have been wanting to do for a while. The inaugural meeting is going to be held at our headquarters on Mon, 05 Mar 2007: For our first PHP meetup in Columbia, we're going to be hosting lightnin...
I've recently returned from a trip to Australia and New Zealand, during which I participated in Kiwi Foo Camp. Over the next few days, I plan to blog about some of the interesting discussions in an attempt to bring them to a larger audience. One of my...
I'm subscribed to a lot of mailing lists - PHP, mod_perl, MySQL, web application security, etc. This week, there was an interesting conversation on the NYPHP mailing list - consulting rates. It all started with an email from Edward Potter. He had prev...
I'm a perfectionist. As a web architect, I tend to obsess about URLs. I want them to be simple, user-friendly, and descriptive. I want them to be beautiful. I dislike underscores, file extensions, and superfluous characters. I hate the www subdomain, a...
I've been concentrating on work this past week, but I wanted to quickly mention the Adobe PDF XSS vulnerability discovered by Stefano Di Paola and Giorgio Fedon. This is being called UXSS (universal cross-site scripting) due to the fact that it can aff...
For the fourth consecutive year, I'm going to try to record my personal highlights from the previous year. To get things started, here are a few memories from 2006 off the top of my head: I had an amazing surprise 30th birthday party featuring ...
The article is really very good and the users comments and external links to another articles jus...
I realy like hiphop music, but this is very crazy! We'll use it in user group PHP conference at ...
Having used smarty for many years, this has never been a problem for me, but after building a web...
Thanks for the info. I have posted the news here on my page: http://www.facebook.com/pages/Web-Sc...
Oh, you need to press "save your password".
