federico feroldi: php in yahoo!

PHP at Yahoo!

Federico Feroldi

Senior Architect Engineer

Yahoo! Europe

This presentation

Yahoo! numbers and values

Yahoo! and PHP: a brief history

PHP at Yahoo! today

Final notes, QA

Yahoo! Some numbers

Some numbers about Yahoo!

20Countries & Languages

Some numbers about Yahoo!

500MUnique visitors per month

238MActive registered users

source comScore March 2007

Some numbers about Yahoo!

3,5BAverage daily pageviews

source comScore March 2007

Our Mission

Our Mission

To connect people to their passions, their communities, and the world’s knowledge

Our values as a Engineers

Security and Privacy

High Availability

Performance

Flexibility and Innovation

Yahoo! and PHP

A brief history…

Yahoo! and PHP: a brief history

We started in 1994 withcustom C/C++ software

Because at the time, free technologieswere considered too “immature” torun large, complex destinations.

Yahoo! and PHP: a brief history

Then we moved to theOpen Source software

The growth of the Open Sourcemovement has spurred a change inthinking because languages like PHPaid performance and integration.

Yahoo! and PHP: a brief history

Circa 1996

The Filo* Web Server was replaced bythe Apache web server

* David Filo, one of the Yahoo! founders, coded this simple, programmable, high performance web server that powered the first Yahoo! web site.

Yahoo! and PHP: a brief history

Circa 1999

We replaced custom flat binary files with the Open Source MySQL database

Yahoo! and PHP: a brief history

Circa 2001

We needed to replace our custom scripting languages with a modern language designed for the Web.

Custom scripting languages became a “pain in the neck tomaintain and use” and was difficult to integrate them withthird-party software.

Yahoo! and PHP: a brief history

What we needed

High PerformanceRobust, sand boxed environmentModern language featuresC/C++ extensionsRuns on FreeBSDInternationalization supportLow training costs

Yahoo! and PHP: a brief history

Why we picked PHP

Designed for Web scriptingHigh PerformanceLarge Open Source CommunityCode-in-HTML paradigmIntegration, libraries, extensibilityTools: IDE, debugger, profiler

PHP at Yahoo! today

PHP at Yahoo! today

Development Methodology

Server ArchitectureApplication LayoutDependency ManagementSecurityPerformanceGlobalizationOpen Source Frameworks

Yahoo! PHP: Server Architecture

Users

Load Balancers

Apache

PHPAPC, PEAR, PECL, Custom Extensions

Custom ApacheExtensions

FreeBSD 4.x/6.x, Linux 2.6.x

MySQL Web Services Ad API User API

Yahoo! PHP: Application Layout

HTML Templates/usr/local/share/htdocs/*.php

Template Helpers/usr/local/share/htdocs/*.inc

Business Logic/usr/local/share/pear/*.inc

Data Access, Networking, CryptoC/C++ core code

HTML PHP

Yahoo! PHP: Dependency Management

Light base PHP package

Basic PHP install includes only XML parser.All extensions disabled by default:

./configure --disable-all

+ Avoids unnecessary dependencies+ Smaller Apache memory footprint

Yahoo! PHP: Dependency Management

Self contained extension packages

Extensions can be installed separately with the package management tool.

Required dependencies are included in the installation process.

Yahoo! PHP: Security

php.ini settings

Always set open_basedirInsurance against /etc/passwd exploits.

Set allow_url_fopen = OffUse libcurl instead, avoid open proxy exploits.

Set display_errors = OffHowever, set log_errors = On

Yahoo! PHP: Security

Input Filtering

XSS and SQL Inj. most common attacksNever trust the data coming from the browser.

Use input_filter hookSanitize all user-submitted data on each request.

Use PECL filter packageDerived from our filtering library.

Yahoo! PHP: Performance

Opcode Caches

Easiest performance boostCache parsed PHP scripts in shared memory.Runtime optimizations without code modifications.

Several products availableAPC*Zend Performance SuiteTurck MMCache

* that’s what we use

Yahoo! PHP: Performance

Custom PHP Extensions in C/C++

Yahoo! Develops its own extensionsFast and optimized execution speed.Access to custom client libraries.

but

Longer development (edit, compile, link, debug)Manual memory management (and related issues)

Yahoo! PHP: Performance

Applications architecture

Avoid PHP sessions (they’re slow)Use cookies to store the user data thatyou most often need (like userid, profiletimestamp, etc…) in an encrypted andsigned format.

Yahoo! PHP: Globalization

Unicode

Yahoo! contributed to PHP Unicode ext.Andrei Zmievski (Yahoo!), Andi Gutmans (Zend)and many members of PHP community.

Yahoo! PHP: Globalization

I18N support

Generate per intl PHP templates (r3 TMT)Yahoo! has donated to the Open Source hishomegrown Template Management Tool (r3 TMT).r3 allows developers of web applications tocustomize and translate their UI for differentlanguages, markets and uses.

http://sourceforge.net/projects/rthree

Yahoo! PHP: PHP Frameworks

Smarty

Not widely used at Yahoo!.

Written in user-space PHP.

Caching lowers but does not eliminate the run-time overhead on each request.

With Yahoo!'s level of traffic, this overhead can be considerable.

Yahoo! PHP: PHP Frameworks

Symfony

We began to use Symfony! (recently)

Good for integrated development, testing.

Factors out common patterns.

Encourages good design.

Yahoo! PHP: PHP Frameworks

Symfony (what we kept)

Core MVC Architecture

Configuration system

The View Layer

User Security

Yahoo! PHP: PHP Frameworks

Symfony (what we replaced)

Model Layer and ORMDoesn’t scale to our needs

Configuration system (extended)More flexible, I18N support

InternationalizationIntegrated with r3 TMT

Yahoo! PHP: PHP Frameworks

Drupal

Usage investigations going on.

Excellent application framework.

Not tested yet on Yahoo! production.

Final notes

Yahoo! Developer Network

PHP Developer Center

Using PHP with Yahoo! Web Services API

HowTo Articles and Code Samples.

Active community.

http://developer.yahoo.com/php/

Yahoo! Developer Network

Yahoo! Web Services

Yahoo! Mail APIIntegrate your application with Yahoo! Mail.

Yahoo! Maps APIEasily build advanced map based mashups.

Flickr APIGet access to milion of pictures.

del.icio.us APIThe number one tagging and bookmarking tool.

Thank you! - Questions?

Yahoo! Developer Network

http://developer.yahoo.com/

Federico Feroldiferoldi@yahoo-inc.com