Federico Feroldi: PHP in Yahoo!
-
Upload
francesco-fullone -
Category
Technology
-
view
11.387 -
download
3
description
Transcript of Federico Feroldi: PHP in Yahoo!
PHP at Yahoo!
Federico Feroldi
Senior Architect Engineer
Yahoo! Europe
This presentation
Yahoo! numbers and values
Yahoo! and PHP: a brief history
PHP at Yahoo! today
Final notes, QA
Yahoo! Some numbers
Some numbers about Yahoo!
20Countries & Languages
Some numbers about Yahoo!
500MUnique visitors per month
238MActive registered users
source comScore March 2007
Some numbers about Yahoo!
3,5BAverage daily pageviews
source comScore March 2007
Our Mission
Our Mission
To connect people to their passions, their communities, and the world’s knowledge
Our values as a Engineers
Security and Privacy
High Availability
Performance
Flexibility and Innovation
Yahoo! and PHP
A brief history…
Yahoo! and PHP: a brief history
We started in 1994 withcustom C/C++ software
Because at the time, free technologieswere considered too “immature” torun large, complex destinations.
Yahoo! and PHP: a brief history
Then we moved to theOpen Source software
The growth of the Open Sourcemovement has spurred a change inthinking because languages like PHPaid performance and integration.
Yahoo! and PHP: a brief history
Circa 1996
The Filo* Web Server was replaced bythe Apache web server
* David Filo, one of the Yahoo! founders, coded this simple, programmable, high performance web server that powered the first Yahoo! web site.
Yahoo! and PHP: a brief history
Circa 1999
We replaced custom flat binary files with the Open Source MySQL database
Yahoo! and PHP: a brief history
Circa 2001
We needed to replace our custom scripting languages with a modern language designed for the Web.
Custom scripting languages became a “pain in the neck tomaintain and use” and was difficult to integrate them withthird-party software.
Yahoo! and PHP: a brief history
What we needed
High PerformanceRobust, sand boxed environmentModern language featuresC/C++ extensionsRuns on FreeBSDInternationalization supportLow training costs
Yahoo! and PHP: a brief history
Why we picked PHP
Designed for Web scriptingHigh PerformanceLarge Open Source CommunityCode-in-HTML paradigmIntegration, libraries, extensibilityTools: IDE, debugger, profiler
PHP at Yahoo! today
PHP at Yahoo! today
Development Methodology
Server ArchitectureApplication LayoutDependency ManagementSecurityPerformanceGlobalizationOpen Source Frameworks
Yahoo! PHP: Server Architecture
Users
Load Balancers
Apache
PHPAPC, PEAR, PECL, Custom Extensions
Custom ApacheExtensions
FreeBSD 4.x/6.x, Linux 2.6.x
MySQL Web Services Ad API User API
Yahoo! PHP: Application Layout
HTML Templates/usr/local/share/htdocs/*.php
Template Helpers/usr/local/share/htdocs/*.inc
Business Logic/usr/local/share/pear/*.inc
Data Access, Networking, CryptoC/C++ core code
HTML PHP
Yahoo! PHP: Dependency Management
Light base PHP package
Basic PHP install includes only XML parser.All extensions disabled by default:
./configure --disable-all
+ Avoids unnecessary dependencies+ Smaller Apache memory footprint
Yahoo! PHP: Dependency Management
Self contained extension packages
Extensions can be installed separately with the package management tool.
Required dependencies are included in the installation process.
Yahoo! PHP: Security
php.ini settings
Always set open_basedirInsurance against /etc/passwd exploits.
Set allow_url_fopen = OffUse libcurl instead, avoid open proxy exploits.
Set display_errors = OffHowever, set log_errors = On
Yahoo! PHP: Security
Input Filtering
XSS and SQL Inj. most common attacksNever trust the data coming from the browser.
Use input_filter hookSanitize all user-submitted data on each request.
Use PECL filter packageDerived from our filtering library.
Yahoo! PHP: Performance
Opcode Caches
Easiest performance boostCache parsed PHP scripts in shared memory.Runtime optimizations without code modifications.
Several products availableAPC*Zend Performance SuiteTurck MMCache
* that’s what we use
Yahoo! PHP: Performance
Custom PHP Extensions in C/C++
Yahoo! Develops its own extensionsFast and optimized execution speed.Access to custom client libraries.
but
Longer development (edit, compile, link, debug)Manual memory management (and related issues)
Yahoo! PHP: Performance
Applications architecture
Avoid PHP sessions (they’re slow)Use cookies to store the user data thatyou most often need (like userid, profiletimestamp, etc…) in an encrypted andsigned format.
Yahoo! PHP: Globalization
Unicode
Yahoo! contributed to PHP Unicode ext.Andrei Zmievski (Yahoo!), Andi Gutmans (Zend)and many members of PHP community.
Yahoo! PHP: Globalization
I18N support
Generate per intl PHP templates (r3 TMT)Yahoo! has donated to the Open Source hishomegrown Template Management Tool (r3 TMT).r3 allows developers of web applications tocustomize and translate their UI for differentlanguages, markets and uses.
http://sourceforge.net/projects/rthree
Yahoo! PHP: PHP Frameworks
Smarty
Not widely used at Yahoo!.
Written in user-space PHP.
Caching lowers but does not eliminate the run-time overhead on each request.
With Yahoo!'s level of traffic, this overhead can be considerable.
Yahoo! PHP: PHP Frameworks
Symfony
We began to use Symfony! (recently)
Good for integrated development, testing.
Factors out common patterns.
Encourages good design.
Yahoo! PHP: PHP Frameworks
Symfony (what we kept)
Core MVC Architecture
Configuration system
The View Layer
User Security
Yahoo! PHP: PHP Frameworks
Symfony (what we replaced)
Model Layer and ORMDoesn’t scale to our needs
Configuration system (extended)More flexible, I18N support
InternationalizationIntegrated with r3 TMT
Yahoo! PHP: PHP Frameworks
Drupal
Usage investigations going on.
Excellent application framework.
Not tested yet on Yahoo! production.
Final notes
Yahoo! Developer Network
PHP Developer Center
Using PHP with Yahoo! Web Services API
HowTo Articles and Code Samples.
Active community.
http://developer.yahoo.com/php/
Yahoo! Developer Network
Yahoo! Web Services
Yahoo! Mail APIIntegrate your application with Yahoo! Mail.
Yahoo! Maps APIEasily build advanced map based mashups.
Flickr APIGet access to milion of pictures.
del.icio.us APIThe number one tagging and bookmarking tool.
Thank you! - Questions?
Yahoo! Developer Network
http://developer.yahoo.com/
Federico [email protected]