php|works Toronto Conference 2006: Day 1
I just went through day 1 of the php/db works 2006 conference here in Toronto at the Holiday Inn Yorkdale. The conference continues tomorrow and Friday, with lots of interesting talks to come. I’ll link to slides below when they become available. Surprisingly, one of the main sponsors is Microsoft… I actually got wind of something I never thought I’d hear: php.net?
9:00am – 10:00am: Opening Keynote by Rasmus Lerdorf
This was by far the best talk/presentation today. If you don’t know about Rasmus, from his website:
Rasmus Lerdorf is known for having gotten the PHP project off the ground in 1995, the mod_info Apache module and he can be blamed for the ANSI92 SQL-defying LIMIT clause in mSQL 1.x which has now, at least conceptually, crept into both MySQL and PostgreSQL. Prior to joining Yahoo!…..
His talk was called Getting Rich with PHP 5, joking about how to make money with Web 2.0:
1. Build tagged, socially networked, Web 2.0ish, Ajaxy thing
2. Get 500,000 users quickly (and have it actually work)
3. Profit
All kidding aside, his talk was great — packed with good information including why the web is broken and examples of the risk it causes. PHP 5 has great XML (and WebServices) support, along those lines Rasmus talked about libxml2, SimpleXML and showed examples of using Yahoo! APIs(including Geo-tagging and Yahoo! widgets).
A large portion of his presentation was devoted to the following: He had a simple pre-made PHP app ready and wanted to tune his server, code, anything really, to maximize the number of fetches/second and to minimize the mean time to first response. For his example, he assumed:
500,000 users at an average of 100 front/backend requests daily = 578 requests/second. x 3 (because your traffic won’t be evenly distributed) = ~1700 requests/second.
Tests for throughput were done using http_load. I had never heard of this program, but from the talk I was really impressed. It runs multiple fetches on a single process of the server, displaying back to the user useful information without bogging down the server. Initial tests of his application brought back 17.2 fetches/second 284 mean millisecond to first response. 284 milliseconds might not sound like a lot, but when comparing to large scale sites these days, anything above 50-100 milliseconds is bordering unacceptable. Anyways, based on these results Rasmus would need 100 servers to makeup 1700 requests/second!
To tune his server and application he investigated how the server was handling the entire process (in % of CPU), using another program called Callgrind. This application can create output like the one seen below (taken from his slides):
Eventually, using Callgrind, he noticed that 40% of his CPU time was being spent on parsing and compiling the PHP. This led him nicely into his latest development of APC or Alternative PHP Cache. Currently a PECL package, APC is an opcode cache with a lot of cool features you can use to optimize your server. After all his optimizing, using http_load he was up to 1100 fetches/second and 3.6 mean millisecond to first response! His server wasn’t even that crazy, an AMD 1.8 with 1 GB RAM.
Rasmus’s slides
10:15am – 11:15am: Scaling with AJAX by Josh Eichorn
One complaint I have about conferences that have 1 hour sessions, is that due to time constraints, content remains high-level and a lot of important details are left out. This causes potentially great ideas for talks, to focus on general recommendations or pointers on how to do something.
In all fairness to Josh, he was told extremely last minute that they needed him to present, and didn’t have a lot of time to prepare. Overall though, the talk was good and gave a lot of great ideas on how to use AJAX effectively. I do wish though there was some discussion on Comet — Then again, nothing was stopping me from asking a question.
Josh’s slides
11:30am – 12:30pm: High Volume PHP & MySQL Scaling Techniques by Elliott White III
Randomly a little while ago, I managed to make my way to the Digg.com blog and saw a post about Eli White and his new PHP book (PHP 5 in Practice). The post went on to say that Eli would be giving talks at PHP works and other PHP conferences in the coming months. As fate would have it, I sat through 2 of his presentations today, this one and Top PHP Tricks (see below).
Eli’s talk referred back often to his experiences working at the Hubble Space Telescope, but if you ask me, he really meant Digg. He was also using Macromedia Dreamweaver for his examples, and I could see in his project explorer various folders for Digg, each for a different version.
Eli started off by talking about load balancers and MySQL master/slave set-ups one could use today. He touched on static servers, pre-generating/caching content and also focused on APC (see above). Most of his time was spent talking about two specific things though, memcached and Sharding. memcached is a distributed memory caching system used to improve the performance of dynamic websites, by caching data (instead of reading from a db) into memory. It’s used by a lot of sites these days including Livejournal (which it was made originally for), Slashdot and Digg. The second focus was Sharding, which is basically methods on distributing a single database across multiple servers. He concentrated on four main type of sharding, these included Table, Range, Date and Interlaced.
1:30pm – 2:30pm: New (and Old) Trends in Web Security by Christian Wenz
I always had an affinity for security and recognized the importance of putting the time into developing secure code. I went so far at times to store copies of the users cookies and sessions in the database, to make sure no tampering occurred when logging into the system.
Christian focused on five main topics, these included:
XSS (Cross-site scripting)
SQL Injections
New types of Injection
Hacking Blogs
Avoiding Automation
The talk was packed numerous examples about what could happen if you didn’t filter your input. A creative (I thought) example of an XSS Injection I saw was:
<script>(new Image()).src = 'http://abc.com/code.php'</script>
Imagine a simple form, you don’t filter input, and you output the contents of the form back to the user. By entering the above code in the form, a user could execute external code on your server. Christian even showed new types of Injections he came up with using XPath, which followed along the same lines as an SQL Injections.
The basic lesson learned here is filter your input.
2:45pm – 3:45pm: Top PHP Tricks by Elliott White III
This was Eli’s second talk today; the first was about Scaling PHP and MySQL. In this talk, he essentially presented the useful features/abilities of PHP that we could potentially use in the future. He talked about various functions and extensions, including:
range() – creating an array of a range of elements
PHP SpellCheck – A spell checking extension available in PHP
The @ – For checking whether a value is set or not
ignore_user_abort() – If the user aborts a script, have the server finish execution
set_time_limit() – Force a limit on the amount of time a script can take
There were others I can’t remember right now.
4:00pm – 4:45pm: Organize Your Projects by Paul M. Jones
In this talk Paul focused on the all important issue of project planning and organizing development efforts. From his blog post on his talk:
The talk will consist of a one-sentence lesson for you to remember when deciding how to organize your PHP project, whether it’s a library, an application, a CMS, or a framework. I’ll then explain how to apply the One Lesson in your project, and the various follow-on effects the One Lesson will have on your project organization.
The one sentence was basically don’t pollute the namespace — use a top level identifier for your classes and functions.
