I'm a web architect / security analyst living in Brooklyn, NY. When not Professional Biography
Chris Shiflett is the Chief Technical Officer of OmniTI, where he leads the web application security practice. Prior to joining OmniTI, he was the founder of Brain Bulb, a PHP consulting company specializing in web application security services.
Chris is a thought leader in the PHP and web application security communities – a popular speaker at industry conferences worldwide, the founder of the PHP Security Consortium, a contributor to the Zend Framework, and an author of the Zend PHP Certification.
A prolific writer, he is the author of the critically-acclaimed Essential PHP Security (O'Reilly) and HTTP Developer's Handbook (Sams). His writing has also appeared in numerous articles for php|architect and PHP Magazine, as well as a number of other popular books including Programming PHP (O'Reilly) and PHP Cookbook (O'Reilly).
Interviews
- Reflection on Chris Shiflett (06 Apr 2007)
- Picking Brains with Chris Shiflett (03 Feb 2007)
- Interview: Chris Shiflett of Essential PHP Security (14 Dec 2005)
Books
- Essential PHP Security (O'Reilly)
- HTTP Developer's Handbook (Sams)
Please see books for more details and reviews.
Book Contributions
- Programming PHP (O'Reilly)
- PHP Cookbook (O'Reilly)
- PHP in Action (Manning)
Publications
The full list of published articles, with some useful and current discussion in the comments, is also available.
About This Web Site
Design and Markup
By interface designer Jon Tan:
The logo is a play on the letters "C" and "S" combined to form three incomplete but connected circles. Other elements were also created specifically for shiflett.org, including the byline typeface and the icons used throughout. Arial is used for headers and Verdana for the main body text.
The design was inspired by musings on the idea that personal web sites should be user-centered but also the author's web GUI. The most intensely discussed subject was information architecture; both Chris and I share the opinion that good design starts with structure. Hopefully the final result streamlines a lot of useful features in to a clean, simple interface.
The design loves all common screen resolutions from 800px x 600px and up, but it is particularly enamored with the most popular: 1024px x 768px. The container does not stretch beyond that, in order to retain reasonable line lengths for comfortable reading. However, it does stretch if you raise the default text size in your browser. In that instance, the main container expands with the text size until there's no more viewport space to fill, at which point the content will wrap.
Accessibility was a baseline design ethic. The markup is ordered logically. The contrast should be sufficient for most users, and text resizing is accommodated as far as possible in the default style; relative values are used for everything. There's an additional single-column "light" style (linked via the utilities menu above the search form). The site has been manually checked to Priority 2 plus conformance to the WCAG 1.0 with extra screen reader checks for critical objects like the calendar. Please send feedback if you have any accessibility issues.
A special mention goes to Jon Gibbins for his JavaScript and accessibility contributions, without which the code view, comments form, and calendar would not have existed in their final form.
Valid XHTML 1.0 Strict markup is used throughout with valid CSS. Although the CSS validates, the single exception is an IE6-specific conditional comment, included separately to work around non-existent support for the
max-widthproperty, a fairly important property in a semi-fluid layout. The pages are served as MIME typetext/htmlusing the UTF-8 character encoding.You may be aware of the debate surrounding XHTML served as
text/htmlversus HTML 4.01, but I consider the former to be a solid interim. At some point, IE.Next (or even IE.Next.Next) might supportapplication/xml+xhtmlcontent, but currently it does not. Content negotiation is an option, but not one that was chosen at this time.
Architecture and Code
By web architect Chris Shiflett:
The architecture is driven by URL vanity, the perfectionist tendency that drives me to create an elegant, concise, and user-friendly URL structure with no regard to how easy or complicated development may be as a result. URLs form the foundation of the interface and the organization of the content, and I take their structure seriously. If you visit a URL with superflous characters such as
www, you are redirected to the correct, beautiful URL that I have chosen.The code has been written from the ground up using the MVC design pattern and open source technologies such as PHP, MySQL, and the Zend Framework. Although the site itself is not open source, features such as code highlighting, comment filtering and formatting, and other random tidbits have been discussed in my blog. Some components have also been donated to Axi, the open source blog software being developed by Grow Collective.
I use del.icio.us to manage my links and Flickr to manage my photos. My feeds redirect to Feedburner, which provides subscription statistics. Each of these services provide an API that I use to integrate their features into the custom interface.
I make extensive use of caching, including full-page, partial-page, and algorithmic caching. This is achieved with a combination of custom code and
Zend_Cache.OpenID provides authentication, so you don't have to trust me with your password or bother remembering one just for this site. Anonymous comments are still allowed to keep the barrier of entry low. You can read more about OpenID, and if you don't want to manage your own OpenID server (I don't), you can sign up with a service such as MyOpenID or VeriSign's Personal Identity Provider.
Ajax has been used to enhance some features, such as comment previewing, but all features function with or without JavaScript for maximum accessibility.
