Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

shiflett (3841)

  (email not shown publicly)

I own a small PHP consultancy located in New York. I just finished writing my first book for O'Reilly, entitled Essential PHP Security. Yes, I'm a PHP guy hanging out on a Perl site.

Journal of shiflett (3841)

Monday June 21, 2004
12:59 AM

A PHP Guy at YAPC: Part II

Day 3: The last day of the conference came too quickly. I slept in a little (missed Geoff's Apache-Test talk), then walked over to campus. I overloaded on those tasty banana muffins before checking in on Jeff after his 85 minute talk on extproc_perl.

We went to Fuddruckers yet again for lunch with a large group and got back in time to catch a large part of Damian's talk, which was pretty entertaining. Town Hall seemed pretty useless, but I guess it's a tradition. There seemed to be too many people complaining about dumb stuff, like the guy who was upset that he didn't know about the trip to Niagra falls on Saturday morning. Of course, it's been on the wiki for a long time. There were some funny comments on the #yapc IRC channel about that particular guy.

After Town Hall, we (Geoff, Jeff, Mike, and I) went to the speaker's dinner, which was nice. I met Jon Orwant and got to hang out a bit more with Nat. Jim Brandt was there with his whole family. He seems like a really nice guy, and he did a super job with the conference. Other people I recall seeing include Damian Conway, Andy Lester, and James Duncan.

After failing to talk Nat into joining us for a movie, we went to see Dodgeball, which was hysterical. Geoff and I got the souvenir barrels of Coke on purpose, so I now have three of those (Geoff didn't want his).

Back at the hotel, Geoff and Jeff went to bed, and Mike and I hung out at the bar until 5:00 or so. There, we chatted with James and Katrien before they went to bed, and I met Gavin Estey.

Day 4: I woke up feeling extremely tired (and thirsty, thanks to the half dozen pints of Guiness), but managed to get packed up and out by 10:30 or so. We went to Niagra falls, which I had never seen, and that was really cool. We ate the Hard Rock Cafe for lunch, and Mike came up with a true gem of an idea (I'll keep the idea a secret for now). He jokingly mentioned the idea as a Lightning Talk, and we all decided it would work best as a 5 minute movie that we plan to have ready by OSCON in Portland. Now I need to learn how to use iMovie.

I thought the conference was great, and as always, it was good to get to hang out with friends. It's too bad I only see them a few times a year at conferences. Being mostly a PHP guy, YAPC was particularly fun, because my primary goal was to hang out, so there wasn't even any underlying pressure to have a more legitimate reason to be there. It was a nice way to enjoy a conference.


Friday June 18, 2004
12:35 AM

A PHP Guy at YAPC: Part I

Day 0: I took a train from Penn Station to Philadelphia to stay at Geoff's house Monday night (Day -1). We then drove to Buffalo on Tuesday (Day 0) with Jeff and Mike (a former co-worker of Geoff and Jeff). Everyone is staying at the University Inn, but since I had just decided to tag along at the last minute, I didn't have a reservation. I arrive to learn that they're booked, so I end up rooming with Geoff.

The four of us had dinner at the hotel restaurant, then sought out Main Street (at the waitress's recommendation) to have some fun. We quickly learn that Main Street is dead, so we drive to Sean Patrick's to see if anyone is left from the arrival dinner. There were a few people there, including Nat, so we chatted over a few beers, then headed back to the hotel to sleep.

Day 1: We made our way to campus, got registered, and listened in on the last of Allison's keynote. Geoff then spent quite a while trying to get his laptop to play nice with the facility's AV equipment, which was finally successful. Lunch was at Fuddruckers, courtesy of Scott Meyers (of Sams Publishing). Perrin and a few other people joined us.

I listened to Damian Conway speak (my first time hearing him) at his Perl 6 talk. He is a very good speaker, even with his quirky pronunciations of words like data and cache. What surprised me the most about the upcoming Perl 6 features are the non-ASCII characters in the language syntax. The Yen symbol is a zip operator ("it looks sort of like a zipper"), while "naughty French brackets" and "naughty German brackets" are two others. These each have ASCII equivalents, but this decision seems really odd to me. Apparently Perl people aren't very happy either. On the other hand, the coolest syntactical sugar I learned about was the semi-infinite yada (...), which has all sorts of handy uses, all of which are mostly intuitive (which is not how I would describe many of Perl's operands). All in all, I was impressed with Damian's speaking talent as well as what I can best describe as a solid theoretical foundation upon which language design decisions seem to be made in the Perl world.

After going back to the hotel for a bit (I went for a short run), we (Geoff, Jeff, Mike, Perrin, and I) joined other YAPC people at the Anchor Bar, which is where Buffalo wings were invented. Geoff has a picture somewhere of two college girls who apparently didn't notice that the whole room was reserved for the large crowd of computer geeks. Nat's choice for a caption: "One of these things is not like the other."

We finished the night with a trip to the IMAX cinema to watch the new Harry Potter movie (sponsored by O'Reilly). When Mike, Perrin, and I went to get some concessions, Geoff gave me $5 and asked for a large Coke. Well, it turns out that $5 gets you a lot of Coke, so we brought back this enormous souvenir barrel of Coke that required its own special straw. It made for a pretty funny scene when we returned. The movie itself was pretty good, although the YAPC crowd is very unforgiving of all the lame parts and would laugh mercilessly at them. I think the highlight was the IMAX introduction that described how the speakers were laser-pointed at us.

Day 2: Geoff gave his Why mod_perl 2.0 Sucks, Why mod_perl 2.0 Rocks talk at 9, which marked its final showing. The idea will live on at OSCON this summer with Adam's similarly-titled talk, Why PHP 5 Sucks! Why PHP 5 Rocks!.

I watched Andy Lester speak about Perl testing before heading to the Lightning Talks. For some of those speakers, I'm glad they only spoke for 5 minutes. Nat, on the other hand, was excellent (and hysterical).

There was a nice dinner held at the hotel prior to the Perl Foundation auction (I found a picture with Perrin, Mike, Jeff, Scott, and I). The most memorable moment was hearing Uri say something like "who's ever heard of the Developer's Library?" (in a rhetorical manner, suggesting that no one has) while sitting near Scott Meyers, the creator of the series. I think Geoff has a picture of Scott's expression.

Tomorrow is the last day of the conference. I'll give another update once I get back to New York over the weekend.

Wednesday February 11, 2004
03:26 AM

MySQL Licensing

It's been a week since he wrote this (I've been busy with, but Theo has written a nice testimonial about the problems developers are facing with MySQL's licensing.

Zak has been hosting an open license review recently. Hopefully good things will happen as a result. I encourage everyone to voice any concerns you have; MySQL AB seems very willing to listen and to try to resolve and/or clarify any legitimate concerns.

Sunday December 07, 2003
02:33 AM


I just discovered Localfeeds, a search engine for feeds where the searches are based on geographic location. This seemed interesting enough, so I typed in my ZIP (10001) and was shown the most recent blogs within 50 miles of 10001 (New York City). Sure enough, there are a lot of people talking about the big snow storm we're having here. Neat.

The current trend seems to be that people interested in a particular topic tend to read the same blogs. While this can be good in that you explore the perspectives related to a particular topic from people all around the world, it is pretty fun to see what random people who live near you are talking about. I would never think of writing about the current snow storm, for example, because most people who read my blog are interested in PHP or Web development, but it was cool to read blogs of people who did just that.

Not wanting to be left out, I went back to the first page to see how to get added to such a thing. Is your site ready for Localfeeds? I typed in to find out. I was shown the checklist for, which was much different than what you will see now. I did not properly indicate the coordinates for where I live, which I learned must be expressed in a meta tag:

<meta name="ICBM" content="40.750422,-73.996328" />

After adding this and returning to the checklist, I found everything to be in order, and I was told to click a link to notify Localfeeds and GeoURL. I then visited GeoURL, out of curiosity, and I saw my site listed:

Chris Shiflett: Home (near New York, USA. see neighbors)

Very cool. Of course, I feel like the last to know about this stuff, but maybe this will introduce it to someone new.

Monday November 24, 2003
10:48 PM

On Being Quoted

I don't think I've ever been quoted before. While at ApacheCon, I went to see if there were any free Cokes left from lunch for Casey and I, and my quest was briefly interrupted by someone from Linux Today who wanted to ask me a question. I agreed, thinking she was going to ask some insightful question about Apache, open source, or something relevant. Nope, she asked me about SCO. How boring.

I basically expressed my lack of interest and indicated that the news from Slashdot was about all that I knew of SCO's actions. What ended up in the article was quite a bit different. The statements attributed to me aren't necessarily things that I disagree with (although I have no idea what four things in Linux I could possibly be talking about), but it is weird having quotes made up and attributed to me. I know a lot of open source developers are quoted pretty often. Is this pretty much the way it goes?

I wonder if Tim really said the things attributed to him in a similar article by the same writer.

I never did find any Cokes. Sorry, Casey. :-)

Thursday November 20, 2003
11:11 PM

ApacheCon Wrapup

ApacheCon is over. When trying to think of all of the people that I hung out with or met for the first time (or both), I came up with the following list: Stas Bekman, Marcus Boerger, Rich Bowen, Philippe Chiasson, John Coggeshall, Rael Dornfest, Sterling Hughes, Rasmus Lerdorf, Theo Schlossnagle, Greg Stein, Nathan Torkington, Adam Trachtenberg, Casey West, and Geoff Young.

Adam and I went to see Geoff's talk, mod_perl 2.0 sucks; mod_perl 2.0 rocks, on Wednesday morning. As expected, this was an excellent talk, and I found a complimentary review shortly after that declared Geoff to be a star. Of course, I already knew that. After his talk, Geoff, Adam, and I went back to Mary's for a burger, and we all had the Hawaiian burger (since I had been raving about it since Sunday). My talk, PHP Attacks and Defense, was after lunch. The room was extremely large, which had good and bad points. More people were able to attend than when I spoke at OSCON (my talk there was very overcrowded, which prevented a lot of people from being able to get in), but the large room makes everything less intimate. I think the talk went pretty well, and those who filled out the comment cards had very nice things to say.

I took a nap before going to dinner at the Stratosphere, courtesy of Pair Networks (thanks Casey!). The restaurant was very nice, and it provided a great view of the city. It was one of those revolving restaurants (and located at the very top), so we got to see pretty much everything. One interesting thing about Las Vegas is how the city is in the middle of the desert, and this is clearly visible from atop the Stratosphere, because the city lights don't stretch very far in any direction. Dinner conversation was interesting, and we talked about pretty much everything. The dinner party consisted of Casey (the host), Nat, Geoff, Philippe, Rasmus, and myself. Rasmus had some interesting stories about Yahoo. I was particularly interested in the types of Web-based attacks that they have to deal with. There are some very creative and malicious people out there with way too much time on their hands, and Yahoo is a popular target.

[img src="" /]

Casey and I rode the Big Shot, which was the most thrilling ride I have ridden. As you can tell from the picture, we didn't play it very cool. There are a lot of funny captions that could go along with this picture, but "This thing is powered by Microsoft?!?!?!" was the best thing I could think of. That would be scary indeed. :-) As frightening as it was, I don't think it's the worst ride there. One new ride is a mechanical arm that extends far over the edge. It is basically a segment of track from a roller coaster, and you ride in a car that propels toward the end of the arm at very high speeds (the arm itself also moves up and down during this process), braking just at the brink of death. Nat cleverly described its motion as someone trying to shake a "boogie" from their finger. Once you've seen it, you will never ride it.

After dinner, we walked down the entire strip and all the way back to the Alexis. Everyone was too tired to do anything else after that, so we all went to bed.

I shared a cab to the airport with Marcus, and I wrote this blog on the plane. All in all, ApacheCon was a great experience, and I feel like I've learned a lot as well as made some good friends. Bye bye, Las Vegas.

Wednesday November 19, 2003
04:01 AM

Tuesday at ApacheCon

Today was as busy as yesterday, and I've realized that it's impossible to give an accurate account of a day at ApacheCon. This is especially true when I try to remember everything that happened late at night or sometime the following day.

I spent much of the day hacking and was able to meet and hang out with more people - Geoff, Stas, Theo, John, Adam, and Casey are the people whose faces (and names) come to mind. Nat was speaking opposite Rasmus at some PHP versus Perl (versus Java, but who cares about Java?) talk at Comdex. Casey and I took the shuttle over there to listen in, but we discovered that it would cost $1600.00 to watch the talk. That idea was quickly canned.

I went to dinner with Sams. Others in the party were Geoff, Stas, John, Rich, Greg, Shelley (an editor at Sams - the host), and a few other people. After dinner, we all headed to a bar to hang out but got separated in the process. Several of us walked over to the Luxor, and Geoff and I watched a haunted house movie on IMAX, which was very cool (it was in 3D).

Tomorrow is my talk (already available here, with all examples disabled, because they demonstrate security vulnerabilities), so I plan to go over my slides, and possibly do some last minute tweaking, before I get some sleep.

Monday November 17, 2003
01:28 AM

Sunday at ApacheCon

My flight left JFK at 8:00 AM. That was not cool, but at least everything was on time. After arriving in Las Vegas, I met up with Geoff to go grab a burger and met one of his coworkers and Casey in the process. It was also the best burger I've ever eaten, so I expect to return there at least once this week.

I took a much needed nap after lunch. Adam got in a couple of hours later, and we had dinner at Lucky's in the Hard Rock Hotel and Casino (on Geoff's recommendation).

Tomorrow is the first day of sessions. I plan to go see Adam's XML talk, but that's the extent of my plans.

Thursday November 13, 2003
03:52 PM

PHP Security Handbook

For all of the security-conscious PHP professionals who are starving for information, help is on the way. I'm pleased to announce my latest writing project, the PHP Security Handbook to be published by O'Reilly and Associates.

There are many steps to securing a Web application, including the security of the network, the Web server, and other related software. This book will focus on application security - the topics that are of concern to those who actually write the code.

Thursday November 06, 2003
01:14 AM

mod_perl Sucks

And, mod_perl rocks. :-)

Thus was the lesson taught by Geoff in his wonderful presentation given to last night.

He was specifically speaking about mod_perl 2.0, and the approach was very nice. The presentation began with a detailed step-by-step account of his first experiences with 2.0, including the problems he ran into and the steps he took to resolve those problems. This was the most refreshing thing about the sucks/rocks approach, in my opinion. Not only were the solutions to these problems given, but Geoff explained the approaches he took to find those solutions (rather than only explaining the steps involved in the solutions themselves). If everyone could do this, it sure would be a neat thing. I think too many people are concerned with wanting everyone to think that it all comes easily or naturally. The truth is that some things are just not intuitive, and even the things that are to some people, aren't for others.

At dinner, many topics were discussed, including PHP (which made me feel somewhat like a foreign diplomat), Perl, mod_perl, ApacheCon, OSCON, books, publishers, and even a lot of non-technical topics.

The really interesting thing about mod_perl, especially 2.0, is that the focus is in exposing Apache's C API in Perl. This grants a lot of power and flexibility to the developer. After seeing some of Geoff's examples, I am more motivated than ever to research PHP's apache_hooks SAPI, which has a similar goal. I am sure that George would appreciate having a bit more community interest in the project, and certainly there are some advanced PHP developers that could make good use of such a thing.

Though they're not there yet, I assume the slides for Geoff's talk will appear here. If not, you can try these, which are probably exactly the same, or you can come see Geoff (and me) at ApacheCon.