ZendCon Day Three22 Oct 2005
As expected, I wasn't able to keep up with blogging during the conference very well. I do want to mention Michael Radwin's talk, PHP at Yahoo. It was a nice mixture of business and technical content, and there were some key points that I wanted to note:
- Yahoo gets some obscene traffic - 411,000,000 unique visitors per month, 191,000,000 active registered users, 11,400,000 paying customers, and a boggling 3,400,000,000 page views per day.
- Yahoo organizes code into four categories - HTML templates (95% HTML, 5% PHP), template helpers (50% HTML, 50% PHP), business logic (100% PHP), and core code written in C and C++.
- Yahoo uses a very basic mod_php and loads extensions as necessary with php.ini.
- For security, they use open_basedir, disable allow_url_fopen, and use the input_filter hook.
Michael made some interesting points regarding security. For example, they use libcurl rather than enable allow_url_fopen, because (among other things) this makes auditing code easier - you have something to search for. For a similar reason, they use the input_filter hook, but they also provide developers with ways to access raw data - this also gives them something to search for during audits. I think this general approach has a lot of merit, particularly for companies with very large development teams (Yahoo employs several hundred PHP developers).
I'll fill in a few gaps and post a conference summary over the weekend. The short summary is that it was a very successful conference - organized, well-attended, and valuable.