Posted by Suw Charman-Anderson

Started in 1993 with the Mosaic web browser.

Loves solving problems, but hates coding. But, like flying, one has to endure discomfort to get to interesting places.

But developing PHP was such a big job he gave a lot of it away to other people. Why do people contribute to an open source project?

- self-interest
- self-expression
- hormones, oxytocin which is ‘nature’s trust hormone’
- improve the world, has done that to some extent.

When you know you are dealing with a human on the other end, oxytocin is produced. Encouraging people to interact with each other, to trust each other, and open source is one way of interacting with people and thus producing oxytocin which makes them then feel good.

Lots of people feel like they ‘own’ PHP because they’ve put so much into it.

Relates to Web 2.0 stuff, because a lot of those sites harness network effects and get better the more people use them in a way that caters to their own self-interest. PHP is not a website, but PHP users tend to also be PHP developers.

Benefit to Lerdorf is that if other people are writing PHP then he doesn’t have to do it all. Flickr and WIkipedia would be useless without people’s contributions, and PHP is the same.

Why do users contribute to a website?

- self-interest
- self-expression
- hormones, lots of hormones on Flickr
- improve the world, not the major focus for many [although think of Wikipedia]

Two major hurdles
- Performance
- security

Performance
If you have a good idea but your site can’t handle the attention and users then it’s dead in the water. It’s easy to clone an idea so you have to out-perform your competition. Need to benchmark how fast your stuff goes. Latency needs to be 20-40ms range. Use tools like Callgrind to find out what’s going on in your application. Look at how your application actually works, what are the calls? Look at CPU load. Does it make sense how your app is using resources?

This is purely performance, not scalability. Scalability comes on top of this. You can scale but still be slow.

Security
Security on the web today is awful. There are some valid criticisms of PHP in terms of security. Should have built security into PHP in the early days, but it was hard in 1995 to know what was going to happen, the problem didn’t exist.

There are some common problems in PHP, in Apache, IE - it’s impossible to secure anything in IE6 or older. In short, the web is broken and you can all go home now. But we have to muddle on, because it’s the only one that we have.

Key problem is clicking on links. Unless you understand exactly what’s in the link you’re clicking, it’s really not safe to click on it. Relatively easy to get people to trick people into giving you their login details. Flash movies can be doing things behind the scenes that can talk to any site you’re logged into, e.g. your banking site.

Filter via PHP all content coming into Yahoo! and filter out anything that could possibly cause a problem. Sort of like a network firewall.

Machine tags geocoding photos in Flickr, can specify area and pull out all geocoded photos from that, without specifying a tag.

In conclusion
- avoid participation gimmicks, don’t pay your users to use your site
- get their oxytocin flowing
- solve one problem
- clean and intuitive UI
- APIs
- make it work

Technorati Tags: fowa07, fowalondon07