« 6 Months of U2 | Main | The Hidden Cost of Social Sites »

November 16, 2009

Rasmus Lerdorf - Simple is Hard

I'm at Web 2.0 Expo NYC this week, listening to Rasmus Lerdorf talking about site performance and security (slides are here). Rasmus left Yahoo! last week!

Starts with a bit of history, story about mom, internet, how PHP started etc. Some nice stuff in the latest version of PHP.

Scalibility

Essential to have share nothing architecture for scaling. Build modular. Rasmus is *not* a fan of MVC, particularly the front controller that processes all incoming requests. The browser is a better controller, let the user specify what they are going to do.

There are front-end and back-end performance metrics. Front end is often more of an issue than people think. Use YSlow or Google's Page Seed to see how you're doing.

First byte checks is good for back end, how long between the time that the webserver gets the request until it spits out the first byte. Use Siege for pounding on server. Shows a few examples, Megento performs terrible (which I found a year or so ago when trying to find a full-featured shopping cart).

First thing to do for backend is enable an APC cache. It's a single install and you have to change no code. Revisit the few examples he cited earlier, the APC made a huge difference. You can get a little extra performance by turning off stats in APC, it won't check for changes in the files.

Use strace (strace -p processid -o sys1.txt) on a single apache instance running to get information about what system calls are being made. Two examples of lots of extra unnecessary calls. First is the search for index.php/index.html/index.cgi. Put the one you're actually using in the Apache directive so there's not a bunch of searching. Second is include files having to search through the lib path to find a module or include (look for ENOENT messages in the strace output).

valgrind and callgrind working together are good tools for profiling, fairly complex set of data to dig through.

If you're using PHP, there's a profiler called xdebug that dumps out a better summary.

Digs into profiler for laconica, some crazy numbers of calls just to generate the page header and tons of calls to generate a simple SQL query. Talks about using frameworks and that you should make an educated decision about the performance implications of building a complex system if you aren't doing complex stuff.

A quick comparison between different frameworks. Rasmus has written a simple "hello world" page that he generates using a wide arrange of programming frameworks.

[This part of the presentation seems like it would fit better at OSCON or Velocity, but I'm glad it's here because I prefer a nice mix of low-level and front-end stuff.]

Security

Rasmus likes digging at sites and attempting to do cross-site scripting. Is able to find a hole on almost any site.

Posted by mike at November 16, 2009 8:55 AM