1993 - Mosaic
Working for Brazilian company in Mountain View CA
Quit and went back to consulting.
Back in 1993 cgi counters.
Build CGI in C
1994 the beginnings of PHP
A template parser that replaced html comments
ifless + endif
I got tired of this syntax.
No braces. while to endwhile.
Contained withing <? and >
I knew nothing about building a programming.
I hate programming with a passion.
I like problem solving.
By 1997 I was getting tired of this. Personal Homepage Tools was being used by more and more people. They kept asking for more tools.
I felt like I was the development arm of loads of small websites.
I turned it into an open source project. Bug fixers took on some of the responsibility of writing the code.
I handed off everything. And then thought I have nothing to work on. So I took some of it back.
Has it progressed?
It's moved away from being a quick and dirty programming tool. I find it bizarre to have to teach people procedural programming.
Why do people contribute?
Self interest - For me it was purely self interest.
Self expression - people who wanted to communicate with their peers. You want people to see you code.
Hormones - oxytocin - natures trust hormone. Secreted during orgasm between male and females. It makes people feel connected. People stuck in the basement get human interaction through WoW
Improve the world. - Freaks! Php has done that in some sense. Allowing people to take their ideas and put them on the web.
It's not about what people think about you, but rather what they think about themselves.
Web 2.0 systems that harness network effeects and get better the more people use them in a way that caters to their own self-interest.
PHP give CVS access away like candy.
I don't have to write all of the code. like these apps you don't need to write all of the content.
imagine flickr without any user contributed photos.
Why do people contribute to web 2.0 apps
Self interest - Show my pics to my brother
Self expression - Show off my photos to other photographers
You can have the best idea but a crap execution someone else will take over.
If your site can't handle it you're dead in the water.
Your site has to be fast.
Benchmark your stuff
I built http_load to tell me how many requests per sec and the latency.
Bad latency you need to fix something
Callgrind. Emulates the CPU and works out what CPU resources are being used and where.
Put this output into cachegrind. It will display what CPU time is taken up and where.
This info shows the bottlenecks and can be used to debug the code. Instead of looking at the code first.
284ms reduced to 3.5ms in this example.
17 requests per secs to 1100 requests per sec.
A yahoo we can throw servers at something. We regularu throw 120 servers at something. As a start-up your going to be stuck.
a lot of people blame php for this.
Maybe I could have built-in better security from the start.
there was no such thing as XSS in 1995
$GET, $POST, $Cookie $_SERVER Expect header stupidity in Apache
Charset detection in APache...
You cannot trust any unfiltered data.
The web is broken you can all go home now.
Example of exploiting a form.
remote script adds an onload. Which then changes the form action to post the users credentials to my site.
I could redirect back to the original site.
You do have to trick people to clicking on the malformed url.
E.g phishing sites for banking if there's a XSS hole the attacker can use the real URL.
Most people are really easy to trick. You can spoof headers through the flash plugin in IE.
built for yahoo.
Filters various types of data built into php 5
PHP 5 has great support for XML and take it an do something.
Geocoded photos available in Flickr.
Avoid participation gimmicks
Get their oxytocin flowing
Solve one problem
Clean and Intuitive UI
Make it work!
Make it fast!
make it go!