Friday, September 18th, 2009
at 12:37pm
With all the TechCrunch50 chatter earlier this week, it's easy to see how entrepreneurs feel that if they're not putting on a great showing at an event like TC50, they're missing a golden opportunity. That notion was craftily compounded by the announcement of the sale of the first TechCrunch40 winner's (Mint.com) to Intuit for $170M. Well played PR, folks.
All the buzz was then followed by Sarah Lacy's parade-drenching "Memo to Start-ups: You're Supposed to Be Changing the World, Remember?", which gripes about this year's TC50 crop playing it safe.
I didn't attend TC50, but I have attended these start-up launch binges before. It's never clear who benefits the most from these events, but my gut tells me it's most often the event organizers, and not the start-ups themselves. Sometimes the commentary is good, but there are other ways to get that kind of honest feedback. In some cases, the launch binge meat markets don't even offer commentary or criticism -- they just give you a five minute slot.
To me, these kinds of events aren't necessary for entrepreneurial success. By the end of the event, no one remembers who's launching what, and instead of gaining momentum naturally, all an entrepreneur's efforts are bet on the hope that everything will go off without a hitch with the presentation, the people watching won't be bored or distracted, etc. Despite what start-up bloggers and event organizers want you to think, you just don't need the meat market for a successful launch.
Look at the esteemed judges of TechCrunch 50:
Also, consider the other world-changing companies that Lacy mentions, such as Google, Facebook and Twitter.
Now ask yourself: How many of these world-changing companies launched their start-up selves at a meat market?
I'm not questioning the value of "normal" TechCrunch publicity, nor am I even saying that I'll never launch a start-up at one of these events someday (as hard as it is to imagine, never say never). I'm merely suggesting that many of the real game-changers of the next wave may have decided their companies are worth more than 15 minutes of pseudo-fame at a launch binge.
We'll know them when we see them.
Sunday, August 12th, 2007
at 6:07am
Facebook experienced a technical glitch over the weekend. The nature of the glitch was that the source code for the Facebook homepage was displayed instead of the result of the execution of that source code. Widespread news of the glitch first broke in this TechCrunch article by TechCrunch writer and OmniDrive founder Nik Cubrilovic.
I agree with Cubrilovic that the inadvertent delivery of source code instead of the result of that source code is certainly a horrific situation, with potentially serious ramifications for any company that experiences such a problem on a large scale basis.
That a company like Facebook, currently a hot ticket for searches, articles and blog posts, would experience this kind of problem is noteworthy.
Unfortunately, the updates appended to the article imply that PHP is somehow responsible for this leakage. In the first article update, Cubrilovic states:
It seems that the cause was apache and mod_php sending back un-interpreted source code as opposed to output, due to either a server misconfiguration or high load (this is a known issue).
On the first of Cubrilovic’s suggested causes, server misconfiguration: well, duh.
Of course servers will behave strangely if they are misconfigured. The world of a system administrator is one of details, and when it comes to managing load balanced web servers for an extremely high-traffic destination like Facebook, it’s a world of a large number of details. Miss one of them and things will predictably start breaking in unpredictable ways.
On Cubrilovic’s second allegation: It’s “a known issue” that PHP barfs out source code under high load? I’ve been writing PHP code for some very, very high traffic websites for over 10 years, and this is the first I’ve heard of this.
Surely we in the PHP community would have heard from someone like Rasmus if PHP were prone to puking source at a high load. As an infrastructure architect at Yahoo!, Rasmus has likely seen how PHP behaves under load levels most of us only fantasize about. If PHP coders were building their applications on a platform pre-destined for Twitter-like failures, no doubt we’d have heard about it by now.
Can anyone provide links to articles or posts indicating that PHP will eject application source under a heavy load?
It’s infinitely more likely that Facebook’s problems were caused by a system administrator breaking some web server configuration (possibly not even PHP-specific configuration), or a new installation of a mod_php build that hadn’t been tested properly in a non-production environment.
Cubrilovic’s second amendment to his article links to an article on his own blog, Learning from Facebook: Preventing PHP Leakage.
Given the likelihood of this issue’s cause being server misconfiguration, it is disturbing that Cubrilovic’s first tip for avoiding this kind of problem is to install and correctly configure the powerful and complex Apache module mod_security. After all, if the a sysadmin can’t get Apache and PHP configured properly, how likely is it that they’ll be able to get two modules configured properly?
The rest of Cubrilovic’s tips also relate largely to web server configuration, such as making certain files inaccessible from direct requests.
The disappointing part of the FUD that Cubriolovic is spreading is that anything more than decent release practices are necessary to address and avoid the problem Facebook experienced.
I can only imagine why Cubrilovic has invested this weekend in undermining people’s faith in PHP’s reliability under heavy load. What I can tell you, though, is this:
PHP doesn’t cause website problems and inadvertent code leaks. People making mistakes while using PHP and other powerful tools do.
However, that fact isn’t worthy of two articles, so perhaps that’s why Cubrilovic went with the PHP-as-boogeyman-that-must-be-defended-against approach instead.
What’s the take-away from all this? Servers are powerful, and can be complicated. Tread carefully. Don’t roll untested configurations of web servers and related modules out on production without testing them in an identical staging environment.
Know what you’re doing, and do it carefully.
