Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Abstract: In 2002, Yahoo selected PHP for Web site development and began to phase out its own proprietary server-side scripting language. Three years later, Michael Radwin reflects on how the switch to PHP offered both technical challenges and productivity increases. The first part of the presentation offers a look inside Yahoo's decision-making process to adopt an open-source scripting language. Radwin addresses why Yahoo selected PHP over other languages, focusing on the performance and stability required to serve billions of page views a day. In the second part, Radwin discusses Yahoo's PHP development methodology, which has enabled its engineers to rapidly implement features while still creating software that is maintainable over long periods of time. Biography: Michael J. Radwin is an engineering manager for Yahoo's Infrastructure Software group. His team develops and supports Web platform technologies such as Apache, PHP, and MySQL, and more recently SOAP/REST toolkits. Radwin has been hacking on Apache since 1998 in high-performance environments and his team has been instrumental in helping Yahoo migrate from proprietary to open source software.
  • Numbers from Q3 2005 Yahoo! Earnings October 18, 2005
  • Compared PHP 4.1.2, mod_perl, yScript (Yahoo proprietary) Pentium III 800Mhz, 512M RAM, FreeBSD 4.3 (average for early 2002) Sample app: 33K input script, 41K output Included and evaluated 3 other files Header, navbar, footer Arithmetic, regex, echo variables Pseudo-personalization (“Hello, mradwin”) A few calls to C++ extension Fetch user profile from profile server Insert advertisements from adserver
  • Yahoo property (sports, finance, personals, etc…) Load balancer - which server can most handle requests coming in based on algorithm (round robin, least connections, etc..) Running on server are bunch of PHP scripts. Can make remote calls to relational databases, or to other web services.
  • Web pages go regular Apache htdocs dir /usr/local/share/htdocs/dk/login.php Business logic goes in PEAR directory /usr/local/share/pear/HTML/Form.php /usr/local/share/pear/Yahoo/Sports/Teams.php
  • Profile with APD to see where your hot spots are. If you see a function being called 8,000 times on one page, that might be a good candidate to port to C Focus on scripts (or include files) that get hit a lot Don’t bother optimizing a script that only gets called once in a while Examples of candidates for extensions Distributed locking i18n Advertisements UDB (user database) Cookies DBM-like flat files Security Input Filtering
  • Phpyahoo

    1. 1. PHP at Yahoo! Michael J. Radwin October 20, 2005
    2. 2. Outline <ul><li>Yahoo!, as seen by an engineer </li></ul><ul><li>Choosing PHP in 2002 </li></ul><ul><li>PHP architecture at Yahoo! </li></ul>
    3. 3. The Internet’s most trafficked site
    4. 4. 25 countries, 13 languages
    5. 5. Yahoo! by the Numbers <ul><li>411M unique visitors per month </li></ul><ul><li>191M active registered users </li></ul><ul><li>11.4M fee-paying customers </li></ul><ul><li>3.4B average daily pageviews </li></ul><ul><li>October 2005 </li></ul>
    6. 7. Engineering Values <ul><li>Security & Privacy </li></ul><ul><ul><li>We must protect our customers’ information </li></ul></ul><ul><li>High Availability </li></ul><ul><ul><li>If the site is offline, we’re missing the opportunity to serve our customers </li></ul></ul><ul><li>Performance </li></ul><ul><ul><li>We serve billions of pageviews a day </li></ul></ul><ul><li>Flexibility & Innovation </li></ul><ul><ul><li>Customize site for each market </li></ul></ul><ul><ul><li>Rapid development of new features </li></ul></ul>
    7. 8. From Proprietary to Open Source 94 95 96 97 98 99 00 01 02 03 04 05 Web Server Apache “ Filo Server” Web Lang yScript DB Flat Files
    8. 9. Choosing a Language How and Why We Selected PHP
    9. 10. Choosing PHP: brief history <ul><li>October 2001: 3 proprietary languages </li></ul><ul><ul><li>Costly to continue to maintain each </li></ul></ul><ul><ul><li>Limited features (no subroutines!) </li></ul></ul><ul><li>Committee began researching </li></ul><ul><ul><li>Compare features, performance </li></ul></ul><ul><ul><li>Build vs. Buy vs. Open Source </li></ul></ul><ul><li>PHP selected May 2002 </li></ul>
    10. 11. Ideal Language Criteria <ul><li>High performance </li></ul><ul><li>Robust, sand-boxed </li></ul><ul><li>Language features </li></ul><ul><ul><li>Loops, conditionals </li></ul></ul><ul><ul><li>Complex data-types </li></ul></ul><ul><li>C/C++ extensions </li></ul><ul><li>Runs on FreeBSD </li></ul><ul><li>Interpreted or dynamically compiled </li></ul><ul><li>i18n support </li></ul><ul><li>Clean separation of presentation/content/app semantics </li></ul><ul><li>Low training costs </li></ul><ul><li>Doesn’t require CS degree to use </li></ul>
    11. 12. Top 10 Language Choices XSLT yScript mod_include
    12. 13. Performance: Requests mod_perl yScript
    13. 14. Performance: Memory mod_perl yScript
    14. 15. Why we picked PHP <ul><li>Designed for web scripting </li></ul><ul><li>High performance </li></ul><ul><li>Large, Open Source community </li></ul><ul><ul><li>Documentation, easy to hire developers </li></ul></ul><ul><li>“ Code-in-HTML” paradigm </li></ul><ul><ul><li><html> </li></ul></ul><ul><ul><li><?php echo &quot;Hello World&quot; ; ?> </li></ul></ul><ul><ul><li></html> </li></ul></ul><ul><li>Integration, libraries, extensibility </li></ul><ul><li>Tools: IDE, debugger, profiler </li></ul>
    15. 16. PHP at Yahoo! Today
    16. 17. Yahoo!’s Development Methodology <ul><li>Server Architecture </li></ul><ul><li>File Layout </li></ul><ul><li>Dependency Management </li></ul><ul><li>Security </li></ul><ul><li>Performance </li></ul><ul><li>Globalization </li></ul>
    17. 18. Server Architecture User Profile Server web server web server Web Server Scripts Load Balancer Ad Server Web Services Apache
    18. 19. File Layout <ul><li>HTML Templates </li></ul><ul><ul><li>/usr/local/share/htdocs/*.php </li></ul></ul><ul><li>Template Helpers </li></ul><ul><ul><li>/usr/local/share/htdocs/*.inc </li></ul></ul><ul><li>Business Logic </li></ul><ul><ul><li>/usr/local/share/pear/*.inc </li></ul></ul><ul><li>C/C++ Core Code </li></ul><ul><ul><li>Data access, Networking, Crypto </li></ul></ul>50% HTML 50% PHP 0% HTML 100% PHP 0% HTML 0% PHP 95% HTML 5% PHP
    19. 20. Dependency Management <ul><li>Base PHP package depends only on XML parser </li></ul><ul><ul><li>./configure --disable-all </li></ul></ul><ul><li>Self-Contained Extensions </li></ul><ul><ul><li>mysql, dba, curl, ldap, pcre, gd, iconv </li></ul></ul><ul><ul><li>To enable </li></ul></ul><ul><ul><ul><li>Install /usr/local/lib/php/20020429/ </li></ul></ul></ul><ul><ul><ul><li>Add “ extension = ” to php.ini </li></ul></ul></ul><ul><ul><li>Avoids unnecessary dependencies </li></ul></ul><ul><ul><li>Smaller Apache memory footprint </li></ul></ul>
    20. 21. Security: INI Settings <ul><li>open_basedir </li></ul><ul><ul><li>Insurance against /etc/passwd exploits </li></ul></ul><ul><li>allow_url_fopen = Off </li></ul><ul><ul><li>Use libcurl extension instead </li></ul></ul><ul><ul><li>Avoid open proxy exploits </li></ul></ul><ul><li>display_errors = Off </li></ul><ul><ul><li>However, log_errors = On </li></ul></ul><ul><li>safe_mode = Off </li></ul><ul><ul><li>Intended for shared hosting environment </li></ul></ul>
    21. 22. Security: Input Filtering <ul><li><script+src=> </li></ul><ul><li>Cross Site Scripting (XSS) most common attack </li></ul><ul><ul><li>Also “SQL Injection” </li></ul></ul><ul><li>Normal approach </li></ul><ul><ul><li>strip_tags() </li></ul></ul><ul><ul><li>mysqli_escape_string() </li></ul></ul><ul><ul><li>Examine every line code </li></ul></ul><ul><ul><li>Tedious and error-prone </li></ul></ul><ul><li>Use input_filter hook </li></ul><ul><ul><li>Sanitize all user-submitted data </li></ul></ul><ul><ul><li>GET/POST/Cookie </li></ul></ul>
    22. 23. Performance: Opcode Caches <ul><li>Easiest performance boost </li></ul><ul><ul><li>Cache parsed .php scripts in shared memory </li></ul></ul><ul><ul><li>Optimizations </li></ul></ul><ul><ul><li>No code modifications! </li></ul></ul><ul><li>Several products available </li></ul><ul><ul><li>Zend Performance Suite </li></ul></ul><ul><ul><li>APC </li></ul></ul><ul><ul><li>Turck MMCache </li></ul></ul>
    23. 24. Performance: PHP Extensions in C++ <ul><li>PHP ships with 80 extensions written in C/C++ </li></ul><ul><li>Yahoo! develops its own proprietary extensions </li></ul><ul><ul><li>Fast execution speed </li></ul></ul><ul><ul><li>Access to client libraries </li></ul></ul><ul><li>Longer development cycle </li></ul><ul><ul><li>Edit, compile, link, debug </li></ul></ul><ul><ul><li>Manual memory-management </li></ul></ul>
    24. 25. Globalization: PHP Unicode <ul><li>Native Unicode support in 2006 </li></ul><ul><li>Collaborative effort </li></ul><ul><ul><li>Andrei Zmievski (Yahoo!) </li></ul></ul><ul><ul><li>Andi Gutmans (Zend) </li></ul></ul><ul><ul><li>Many members of PHP Community </li></ul></ul>+ + = 6 ICU