About the Author

Chris Shiflett

Hi, I’m Chris: entrepreneur, community leader, husband, and father. I live and work in Boulder, CO.

All posts for Aug 2009

South by Southwest

I was in Austin for SXSW earlier this year to discuss Fontdeck with some of the Clearlefties and to socialize with friends. Because I was staying in a hotel room with Jon and Elliot (SXSW typography panelists), I was also hoping to gain some design talent through osmosis. I don't think my cunning plan worked, but I did walk away inspired, and I really enjoyed the positive, creative vibe of the conference.

Next year, I'm hoping to return as a panelist. As SXSW veterans know, part of the selection process involves voting via the PanelPicker, where you can vote for the panels you'd like to see. (Voting is open now and closes Fri, 04 Sep 2009.) I know getting a panel accepted is a long shot, but I want to try. I'd really appreciate you taking a moment to register (if you haven't already), and kindly voting for my panels if they sound interesting. Anyone can vote; you don't have to have been to SXSW before or even be planning to attend this year.

The first panel is entitled Travelog With Maps: When 1000 Photos Aren't Enough:

They say photos are worth a thousand words. Is that enough to describe a trip? We don't think so. Learn how a GPS device, a dash of code, and a bit of creativity combine to tell the story of your travels. We did it in the land of fire and ice, and so can you.

This panel includes my good friend Andrei and is inspired by our trip to Iceland with Helgi, where we spent a few hours every evening importing and interpreting GPS logs, geotagging and uploading photos, writing code, and aggregating various other assets, like videos and tweets. We wanted to create a travelog that our friends and family could use to follow along with our trip, and to tell our story to those who may be considering a similar trip of their own. In this panel, we want to share what we learned along the way and inspire others to share their own travel stories without having to overcome as many obstacles.

The other panel is entitled Social Web Security: From Psychology to Programming:

The user-generated, interconnected Social Web is ripe for the plucking by criminals and other malicious users. We'll demonstrate how psychology and user experience have as much to do with security as coding and sysadmin skills, and how to apply all of them to protect your users.

This panel includes Ed, Simon, and Alex, and explores the security implications of emerging trends in social apps as well as some innovative, nontraditional techniques you can use to help keep people and their data safe. This panel is one part web application security, one part design, and one part psychology. If you like my talk on security-centered design, I think you'll like this panel. I've been talking to Ed about this for quite some time, and we're really excited about it.

I appreciate you taking the time to vote. If you also want to be kind enough to share this on Twitter or elsewhere, I've created some short links you can use:

Here's hoping I see you in Austin. :-)

PHP Quick Reference

While cleaning out my desk, I found an old copy of a PHP Quick Reference I helped make a few years ago. On the front page are a few performance and security tips that I thought I'd share. (Performance tips are from George Schlossnagle.)

Top 5 Performance Tips

  1. Use a Compiler Cache. Completely transparent to your application, a compiler cache is the closest you'll get to a fast = true ini setting.
  2. Profile Early; Profile Often. Big and small systems alike can behave in unexpected ways. Quantitative tools help you understand where your bottlenecks are. This is critical for targeting your tuning efforts.
  3. Cache Whenever Possible. The vast majority of performance optimizations involve caching data in one form or another. Whether caching content or just intermediate data during complex procedures, intelligent use of caching techniques can dramatically improve your performance.
  4. Be Mindful of Using External Data Sources. The top performance bottleneck in almost every application we analyze is making too many (or too complex) database queries. Always optimize your queries, and structure your most frequently accessed data to be efficiently fetched.
  5. Don't Over-Optimize. As Donald Knuth said, "Premature optimization is the root of all evil." Optimization is (at least after the initial stages) a matter of trading flexibility for performance. By over-optimizing your code, you can render it brittle to future functionality changes.

Top 5 Security Tips

  1. Trust Nothing. Most security vulnerabilities can be traced back to a misplaced trust in suspect data, primarily input provided by third parties. When in doubt, verify your assumptions to be sure.
  2. Filter Input. Inspect any data you receive from a third party to be sure it meets your expectations, rejecting anything that doesn't. Don't try to massage input in order to be accommodating, and err on the side of caution by allowing only what you know is safe rather than rejecting only what you know is not.
  3. Escape Output. When outputting data, be sure your data is represented in such a way that it is preserved in its new context. In PHP, we often mix data with HTML, SQL, and the like. Escaping helps preserve the distinction and prevent misinterpretation.
  4. Use Prepared Statements. By using prepared statements, you can preserve the distinction between an SQL query and the data to be bound to it. This offers strong protection against SQL injection.
  5. Reduce, Reuse, Recycle. Use mature, existing solutions. Not only are they likely to be more thorough than your own, but you can also simplify your code, making it easier to understand and less error-prone.

Got anything you'd add to these lists? Please share in the comments. :-)