1. We all grow up

    A friend of mine sent me a message on Facebook, yesterday. "Never thought that I'd see Microsoft and your name together at the same place," she said, referring to posted (and tagged) photos of me at the Microsoft Web Developers Summit 2007.

    "Me either. Long story..." I replied. The story dates back 5 years, when I had conversations with my aforementioned friend's husband–who happened to be a Microsoft guy, professionally–about the things MS was doing that were hurtful to not only open source, but the software community in general, and ultimately Microsoft's bottom line (if they were willing to look past "next quarter's" earnings projections).

    In the past 5 years, a number of things have happened to change my solid and negative opinion of Microsoft to one that is more fluid and better reflects reality. The first of those is that I've grown to accept that things often look better on paper than "in the field." Another notable change to my behaviour is a realization that herd mentality had set in, and that part of my dislike for all things Redmond was due to that being the socially correct thing to do (I've since mostly stopped reading Slashdot).

    Without a doubt, though, if asked to identify a single factor that has most significantly changed my frigid opinion of Microsoft, I would immediately identify the Web Developer Summits.

    Last year (in 2006), I was invited to attend the first of these summits, partially due to a logistical problem that left open seats that needed to be filled. I was excited to visit Seattle for the first time, and MS was footing the entire bill, so who was I to say "no"?

    Joe Stagner, Microsoft's Opinionated Misfit Geek (and yes, his business cards DO say that, I've seen it), who has worked with us at php|architect, speaking at and sponsoring conferences, was my "sponsor" for last year's summit (and again this year). Joe's contributions to our conferences have been honest and forthcoming. He does a good job of balancing Microsoft's agenda with a fair dose of self deprecation that tends to engage our attendees, and (discarding the troll comments) I hear overwhelmingly positive comments after each time Joe speaks.

    Coming away from last year's summit, it dawned on me that Microsoft simply isn't the same company that it was five years ago. Based on the candid information that Microsoft has shared in the past two Web Developers' summits, it's obvious to me that not only has MS' business strategy toward open source changed dramatically in the past few years, but there is a seemingly fundamental change in their actual philosophy toward software they haven't written, themselves.

    Their corporate attitude–that is, at least from the sector that's focused on Web development–has swayed from a nearly-violent and extremely arrogant position of dominance, to one that is more open and dare I say even humble? Their recent offerings seem to be standards compliant (or at least standards-savvy) and more open than ever. Their past position of embrace and extinguish seems to have died with a past generation of middle management.

    After seeing demos of some of their upcoming web-centric technologies such as IIS 7, Silverlight, and Expressions, I'm left re-evaluating my current preferred platforms.

    Don't get me wrong, I'm unlikely to place a Windows box into production when not absolutely necessary (thank you Flash Media Server), but one of the things that I keep catching myself saying to colleagues when discussing the summit is "Doubtful I'll be using Expressions, but it does seem like the perfect Frontpage replacement for my Father-in-Law."

    Even after being shown IIS 7, and having in-depth technical discussions with core developers, such as Rick James, the developer behind the IIS 7 FastCGI implementation, when asked "What do we need to add to IIS to make you use it?" my half-serious reply is "Make it run on Linux!" I say half-serious because I'm almost certainly not going to switch my production boxes from Linux, but if IIS 7 did, in fact, run on Linux, I'd be giving it some serious thought (that is, if it didn't end up having a high per-CPU cost, as an anonymous colleague pointed out).

    IIS can pull some sweet integration tricks that more loosely coupled stacks like LAMP struggle with, such as deep kernel/filesystem hooks to determine when the IIS equivalent of .htaccess files have actually changed, giving them a serious performance advantage. There's also an integration point with Silverlight (the "Flash killer"), where the httpd can analyze, in realtime, the bitrate of the served video file and scale allocated bandwidth appropriately to maximize user experience, while saving on bandwidth (think: user watches 2 minutes of a 2 hour video file, and only actually downloads 3 minutes of the file, instead of up to the full 2 hours).

    Maybe I'm just drinking the kool-aid. I'm usually more paranoid than that, but I guess it's possible. Or perhaps, if you put the Microsoft-hating tendencies aside for just a moment, you might agree with me that they're up to something different. They've certainly got an uphill battle, but at least they're trying, and I really do think that's what counts.

    Thanks, Eric, Joe, Drew, Sanjoy, Tanya and everyone else who was involved in bringing us out to Redmond. I hope, no matter how hard to correlate to actual sales, it was worth it for you. It was definitely worth my time.

  2. My "other" hobby

    To get away from my computer (sort of) and refresh my mind, I like to spend some time every couple weeks (or more often) brewing my own beer. It's a cool hobby, and there's lots of overlap with software development. And I get beer out of it, which is a nice bonus (-:

    Anyway, a while back I wrote an article for uC Hobby, a site about microcontrollers, on my custom-built kegerator (keg refrigerator) and it was published, today. I didn't focus on the PHP side of the project (the part that collects data from the kegerator and turns it into usable data), but when the October issue of php|architect comes out, take a peek at the /etc column on rrdtool.

    Here's the article: Arduino Beer Thermostat.

    And a link to our brewing club's web site: MontreAlers.

    Feel free to ask any questions you might have, I'd love to discuss it, beer, or brewing.

    ((Update: Cool. It got linked from the Make blog.))

  3. Let's play a little game...

    Called "Ben Ramsey, or Kevin Lynch (Chief Software Architect at Adobe)":

    Comments to guess. (-:

  4. Short Date Formats Suck

    When I'm traveling, I often like to sample beer that's unavailable here in beer-wasteland-Quebec (local microbreweries not withstanding).

    For some reason, I often get asked for ID... especially in near-airport bars and restaurants. I noticed that in Orlando, last year, everyone in every group was carded each time anyone ordered any sort of alcohol. I guess they have a low-tolerance for under age drinking, there, or perhaps their waiters are just well-trained to ask everyone for ID.

    Anyway, the first piece of ID I usually have on-hand is my Quebec driver's license. Quebec is messed up in many ways, but one that they're particularly oblivious about is that our driver's licenses don't explicitly show the holder's birth date. It's abstracted into the license number, and isn't obvious to anyone who's never seen one before.

    (note: yes, there is a PHP (or at least code) related component to this piece, if you feel like reading on. It has to do with idiotic short date formats.)

    I get a kick out of handing my driver's license to bouncers/bartenders/waitresses and watching their faces as they try to find the birth date. It must be there... right?

    My license has a number similar to the following, at the top (changed in case there's any "private" information in there, but the format is the same): C6401-090280-01.

    Now that I've pointed it out, you can probably pick out my birth date: September 2nd, 1980. Or perhaps it's February 9th, 1980... and I'm only sure about the year because there's no month for "80". The practice of displaying an abstracted birth date on a piece of identification that is normally used much more often as... identification... than as an actual license to drive, but I digress.

    Let's get get to the real issue: ambiguous date formats. Can we stop this, please? I realize that each country is different, but it's really annoying. Take my example above: you have no idea which month I was born in.

    On top of that, why should the YEAR–read: the most significant digits–ever be last? Today's date should be denoted 2007.09.27. Choose your own punctuation for all I care, but please, PLEASE, use a little bit of sense, here.

    Don't even get me started on 24h date formatting.

    Rant over. Sorry about that.

    Anyway, IF you must represent dates in a messed up format like 090507 (which what?), then at LEAST let your users choose their own format.

    S (changing the world one reader at a time.... (-; )

  5. How to [not] get fired

    Marco already posted on this, but I thought I'd pitch in our side of the story.

    At php|works, this year (a couple weeks ago), our /fear(some|ful)/ leader was absent. He had some personal stuff that conflicted with the conference's schedule, so he left it in our (Paul, Arbi and myself) mostly-capable hands.

    I think we did a good job, even without him, but to deter him for deserting us at our [bigger!] spring conference, we came up with an idea... a good idea (-:

    Tradition states that Marco should give the closing keynote at our conferences. This time around, we had excellent internet connectivity–thanks to the nice folks at OneRing Networks and a little experience (read "don't trust the hotel's AV company for networking needs) on our part–we (Marco and I) decided that he could reliably give his keynote via iChat. The idea had not yet been conceived...

    We try very hard to make our conferences professional but not uptight. Some ideas works, some don't. This one did (-:

    We devised a way that we could harness the audience to "caption" Marco's closing keynote. It involved 15 minutes of coding, 2 laptops, 2 projectors and an unsuspecting boss.

    Here, this probably helps:

    The first projector displayed the output from my laptop's iChat window, so everyone could see Marco's lovely mug. The 2nd projector ran a web browser that displayed the audience-sourced caption (updated every 5 seconds).

    Oh, and as I alluded, he had absolutely no idea we'd done it until a few days later when I let the cat out of the bag–I figured it best that he hear it from one of us than read about it on someone else's blog.

    We had fun, and I distinctly remember hearing "Best Closing Keynote EVER" after we logged off. Hope you had fun, too (-:

    UPDATE: Oops. Almost forgot to link the video.

  6. AndyMcKee++ (Late is better than never, right?)

    As you may or may not remember, at php|tek this year (not the most recent conference, but the one in Chicago, last May), guitarist Andy McKee played at our Facebook cocktail party.

    I know this is late, and it's not a ploy to promote a conference that happened in the past (obviously), but I was thinking a couple days ago what a pleasure it was to work with Andy and his manager Rob, and that I never blogged about it. They were extremely easy-going, accommodating, helpful and came off as genuinely really good people (in addition to the excellent musical part of the show, of course (-: ).

    So, publicly, thank you for playing our show, Andy. I would highly recommend you to anyone seeking a reference.

  7. PHP Dashboard Widget

    *blows the dust off his blog*

    Hi everybody!

    I've (yet again) let my blog become stagnant. I just can't seem to find the time/ambition to update it, regularly.

    Brief news: I switched to a Mac, a few weeks ago (more on this below), php|tek was awesome, and the latest podcast is up (thanks Sara).

    As I mentioned, I made the switch to Mac, a few weeks ago. It was relatively painless for me. There were a few things I needed to do to make it functional (set up pseudo-virtual-desktops, for example). I've been tinkering with all-things-Mac for a while, now, which leads to this post.

    I've created a dashboard widget that I find really useful, and I figured I might as well share it.

    Here's the link, but more after the jump: http://www.phpdoc.info/widgets/php.wdgt.zipI found myself using php -r on the command line to test some simple code snippets, and it occurred to me that this isn't "The Mac Way."

    So, following the excellent documentation at Apple, I managed to come up with something pretty useful in an afternoon.

    Note: you'll need to flip the widget over and set the proper PHP path, if it doesn't work out of the box.

    Let me know if you run into any trouble, and I'll attempt to fix it.

    Hope this helps someone. I find myself using it all the time.

  8. Handling Downtime: Job Well Done

    Yesterday, if you tried to call me (either at work, or at home, or even my mobile), you were probably unable to reach me.

    The telephone (VOIP) wholesaler I use, Unlimitel, was down for around 9 hours. Normally, 9h of downtime would really bother me, but I can honestly say I've never been happier with their service.

    Read on for some background info on why.Let me list a few points:

    • This is the first significant downtime we've had in 2 years (since I started using Unlimitel)
    • We pay 1.1¢/min for on-net service (local calls in a number of Canadian cities) and 2¢ for the rest of North America. Low rates for most of the rest of the world, too. $2.50/month for our DIDs. I don't expect completely flawless service for this price.
    • Stephan, the president, emailed customers to explain the problem. The first mail was before we even noticed that calls weren't working.
    • The actual cause of the accident was a screwup at Rogers (NOT Unlimitel's fault):
      • A truck accident somehow caused a bundle of fiber at Rogers to be cut. (Initial reports were that the lines were cut by a backhoe.)
      • Rogers' redundancy somehow failed. The actual cut was 25KM away from Unlimitel's datacenter.
    • Throughout the downtime, Stephan kept us well-informed of the situation, relaying ETA data from Rogers whenever possible.
    • Unlimitel routed all possible traffic to non-Rogers circuits as soon as possible. (Outbound calls started working, but inbound lines are on Rogers, and Rogers' redundancy failed, as mentioned.)
    • The few times that Unlimitel has actually made mistakes, they've kept us well-informed, and owned up to these mistakes quickly (they implemented CallerID poorly, a while back, and quickly fixed it, for example).

    All told, I'm very happy with them. I can understand why some people would be upset over ~9h of unplanned downtime, but all things considered, I think Unlimitel did an excellent job of handling the crisis.

    For what we pay, I couldn't expect better. Kudos to the team over at Unlmitel.

  9. Five nines? Two eights would be nice.

    If, you couldn't get to some of your servers today, or email was overwhelmingly slow, or more probably: servers worked from one location, and not another, here's why:

    net b0rked

    Those red outlines indicate that the network availability dropped below 90% at cogent.

    I didn't notice until late into the outage (well, I did notice, but I didn't know why the net was sucking so much), this grab was of a 4-hour period, at ~18:00 EDT, and some of those points are reading 82%. That means that over the course of the past 4 hours, the cogent network was only available 82% of the time.

    This makes approx. 43 minutes of downtime in the past 4 hours.

    So much for five nines. At least it seems to be working now.

  10. Essential PHP Security

    Essential PHP SecurityQuite a while ago, O'Reilly sent me a copy of my friend and colleague, Chris Shiflett's book, Essential PHP Security.

    When I received it, I read through it quickly, and knew it was a good book, but didn't have much else to say about it (lest I join the ranks of the me too!ers (everyone was saying it's a good book)).

    Today, I was wondering about session ID regeneration. I know it's important, but I was looking for a "best practice," or opinion on an appropriate level of session ID regeneration.

    After a few quick Web searches, I remembered that I have a copy of the aforementioned book. I respect Chris' opinion on such matters, so I pulled it out of my pile.

    A glance at the index shows:

      session identifier
      obtaining, 43
      regenerating at session,  46
      regenerating for change in privilege, 46
      regenerating on every page, 47
    

    Turns out page 47 contains exactly what I was looking for. It's too long to quote here, but the gist is Regenerate only on privilege escalation, not on every page. Every page works for the most part, but causes problems with the back/forward buttons, and needlessly annoys users.

    Thanks, Chris!