PHP at Yahoo! Federico Feroldi Senior Architect Engineer Yahoo! Europe

Yahoo! Some numbers

Some numbers about Yahoo! 20 Countries & Languages

Some numbers about Yahoo! 500M Unique visitors per month 238M Active registered users source comScore March 2007

Some numbers about Yahoo! 3,5B Average daily pageviews source comScore March 2007

Our Mission

Our Mission To connect people to their passions , their communities , and the world’s knowledge

Our values as a Engineers Security and Privacy High Availability Performance Flexibility and Innovation

Yahoo! and PHP A brief history…

Yahoo! and PHP: a brief history We started in 1994 with custom C/C++ software Because at the time, free technologies were considered too “immature” to run large, complex destinations.

Yahoo! and PHP: a brief history Then we moved to the Open Source software The growth of the Open Source movement has spurred a change in thinking because languages like PHP aid performance and integration.

Yahoo! and PHP: a brief history Circa 1996 The Filo* Web Server was replaced by the Apache web server * David Filo, one of the Yahoo! founders, coded this simple, programmable, high performance web server that powered the first Yahoo! web site.

Yahoo! and PHP: a brief history Circa 1999 We replaced custom flat binary files with the Open Source MySQL database

Yahoo! and PHP: a brief history Circa 2001 We needed to replace our custom scripting languages with a modern language designed for the Web. Custom scripting languages became a “pain in the neck to maintain and use” and was difficult to integrate them with third-party software.

Yahoo! and PHP: a brief history What we needed High Performance Robust, sand boxed environment Modern language features C/C++ extensions Runs on FreeBSD Internationalization support Low training costs

Yahoo! and PHP: a brief history Why we picked PHP Designed for Web scripting High Performance Large Open Source Community Code-in-HTML paradigm Integration, libraries, extensibility Tools: IDE, debugger, profiler

PHP at Yahoo! today

PHP at Yahoo! today Development Methodology Server Architecture Application Layout Dependency Management Security Performance Globalization Open Source Frameworks

Yahoo! PHP: Server Architecture Users Load Balancers Apache PHP APC, PEAR, PECL, Custom Extensions Custom Apache Extensions FreeBSD 4.x/6.x, Linux 2.6.x MySQL Web Services Ad API User API

Yahoo! PHP: Application Layout HTML PHP HTML Templates /usr/local/share/htdocs/*.php Template Helpers /usr/local/share/htdocs/*.inc Business Logic /usr/local/share/pear/*.inc Data Access, Networking, Crypto C/C++ core code

Yahoo! PHP: Dependency Management Light base PHP package Basic PHP install includes only XML parser. All extensions disabled by default: ./configure --disable-all + Avoids unnecessary dependencies + Smaller Apache memory footprint

Yahoo! PHP: Dependency Management Self contained extension packages Extensions can be installed separately with the package management tool. Required dependencies are included in the installation process.

Yahoo! PHP: Security php.ini settings Always set open_basedir Insurance against /etc/passwd exploits. Set allow_url_fopen = Off Use libcurl instead, avoid open proxy exploits. Set display_errors = Off However, set log_errors = On

Yahoo! PHP: Security Input Filtering XSS and SQL Inj. most common attacks Never trust the data coming from the browser. Use input_filter hook Sanitize all user-submitted data on each request. Use PECL filter package Derived from our filtering library.

Yahoo! PHP: Performance Opcode Caches Easiest performance boost Cache parsed PHP scripts in shared memory. Runtime optimizations without code modifications. Several products available APC* Zend Performance Suite Turck MMCache * that’s what we use

Yahoo! PHP: Performance Custom PHP Extensions in C/C++ Yahoo! Develops its own extensions Fast and optimized execution speed. Access to custom client libraries. but Longer development (edit, compile, link, debug) Manual memory management (and related issues)

Yahoo! PHP: Performance Applications architecture Avoid PHP sessions (they’re slow) Use cookies to store the user data that you most often need (like userid, profile timestamp, etc…) in an encrypted and signed format.

Yahoo! PHP: Globalization Unicode Yahoo! contributed to PHP Unicode ext. Andrei Zmievski (Yahoo!), Andi Gutmans (Zend) and many members of PHP community.

Yahoo! PHP: Globalization I18N support Generate per intl PHP templates (r3 TMT) Yahoo! has donated to the Open Source his homegrown Template Management Tool (r3 TMT) . r3 allows developers of web applications to customize and translate their UI for different languages, markets and uses. http://sourceforge.net/projects/rthree

Yahoo! PHP: PHP Frameworks Smarty Not widely used at Yahoo!. Written in user-space PHP . Caching lowers but does not eliminate the run-time overhead on each request . With Yahoo!'s level of traffic, this overhead can be considerable .

Yahoo! PHP: PHP Frameworks Symfony We began to use Symfony ! (recently) Good for integrated development , testing . Factors out common patterns . Encourages good design .

Yahoo! PHP: PHP Frameworks Symfony (what we kept) Core MVC Architecture Configuration system The View Layer User Security

Yahoo! PHP: PHP Frameworks Symfony (what we replaced) Model Layer and ORM Doesn’t scale to our needs Configuration system (extended) More flexible , I18N support Internationalization Integrated with r3 TMT

Yahoo! PHP: PHP Frameworks Drupal Usage investigations going on. Excellent application framework . Not tested yet on Yahoo! production .

Final notes

Yahoo! Developer Network PHP Developer Center Using PHP with Yahoo! Web Services API HowTo Articles and Code Samples . Active community . http://developer.yahoo.com/php/

Yahoo! Developer Network Yahoo! Web Services Yahoo! Mail API Integrate your application with Yahoo! Mail . Yahoo! Maps API Easily build advanced map based mashups . Flickr API Get access to milion of pictures . del.icio.us API The number one tagging and bookmarking tool .

Thank you! - Questions? Yahoo! Developer Network http://developer.yahoo.com/ Federico Feroldi [email_address]