---
The cacua project (John "maddog" Hall)
----
- Number one reason for pursuing FOSS is creating jobs (though the other
benefits ar enice also)
- Everyone cares about children
- 80% of the people in south america live in a n urban environment
=> internet is not so far away -- maybe only 50 feet away
- "digital inclusion" in Blazilian, "digital divide" in US
- And he's a business man:
- Gviing a 7yr old a laptop has a ten year payback
- Retraining an adult by giving him a laptop is only a 2 year laptop
- Goals
- Create milliaons of new, private sector high-tech jobs in Latin
America, many millions more worldwide
- High-tech, well-paid, LOCAL jobs
- Make computers easier to use
- Make computers more environmentally friendly
- Decrease cellular wireless contention (interesting...)
- Create gratis WiFi bubble over urban areas
- Create low-cost or gratis SuperComputing capability
- Using sustainable, privaet sector funding ("that's the Republican
inside of me coming out . . . because money coming form the
government is not sustainable")
- Creating millions of new jobs for system administrators and entrepreneurs
- enable systems adiminstrators to start own business
- Business plans
- Marketing materials
- Training/ Certification/Guild
- Vertical Markets:
- Show people how to borrow money to finace a new business
- Not having a boss
- Provide courses, training, apprenticeships, and get licensed
- Making computers easier to use
- People waste a lot of time with current technology (losing files,
computers being slow because of viruses, and because most people
hate computers)
- 1,250,000,000 desktop comptuers x 15 minutes lost per day @ $5 =
$6,250,000,000 a day _because software dosen't work the way it's
supposed to_
- ^ also equivalent of 9 out of 300 people not showing up to work
without notice
=> let's make one of those people a systems administrator!
- and magically the other 8 people would show up
- Thin Client/Server Computing: Timesharing
- Always had experts around you, either to help or to install programs
etc... but then Bill Gates put mainframes on the desktop, yet no one
was _trained_ to use those. Support is now very far away.
- So:
- High-avalibility servers in basement of tall buildings in
community centers of clusters of bulidings
- Thin clients connected to server with high-speed networking (1gbit/sec or
higher), with no programs/files stored there
- FAT client/Mac OSX support, but will be charged for it
- 30% of software in the US is pirated, in Vietnam, 96%
=> charge people money to have MS Windows/Mac OSX (to be
legal)
- Sysadmin duties
- Maintain server software (monitor usage/integrity, updates, virus
elimination, SPAM, backups)
- Teach classes and give support to end users
- Negatiate and sell software to end users
- Vertical Markets
- Small/Medium Business in large office bulidings, typically no
sysadimn (this group produces 90% of the wealth in the US))
- produce 90% of the wealth in the US
- 86% of the people in the US work for these small companies
- Usually cannot afford a sysadmin... but they could SHARE one
- Also, apartments, hospitality services (hotels), and Point Of Sale
terminals (cash registers)
- These are all the vertical markets that could be treated
- Specifically: Apartments
- TV over the internet (more accessible)
- telephone calls through VoIP
- security with webcams
- could all be done in one router, instead of separate units that are
expensive, and use a lot of energy
- Hospitality
- Different units for reservations, room allocation, accounting, ERB,
website, POS
- Could have one unit, to do these and more
- Could do all of this with envirnomentally- friendly computing
- Power consumption is huge
- Bad chemicals
- "If you threw away every computer in the world today you'd create a
mountain higher than the Swiss Alps"
- Long life, "always on" thin client
- multi-funciotn (with virtualization)
- USB3.0/eSATA
- 60GHz Wireless Ethernet, bc up to 7gbit/sec within 30 feet away (and
powered through internet)
- backhaul/heatbeat/power
- "Femtocel" GSM modem (OpenBTS) because not enough bandwidth, which
changes signal from your phone and changes it to TCP/IP
- OTA Digital TV (cheap, and can use spare channels for downloading
porn)
- All boxes have no moving parts (quiet, no fans, up to 70*C with
proper chips) -> long lifetime 9-10 years
- What happens when I need more CPU power? That's what the server
for
- example of Invenio, who sells phones in Africa
- Sells low power chargeable internet/phone systems
- can be powere by solar panel or by bicycle, and people always choose
bicycle
- easily replaced
- cheaper
- *provide job for person to pedal bicycle*
- Computers are useless when they are off, so we should always keep them on
- "Good for security" to have no data stored on thin client
- Servers
- Industry standard - low power
- HA with redundant disks, multiple (10) gbit cabling to thin clients
- Three sizes, small one is just two thin lients (12 V... because
everything in the world actually runs on 12V)
- "12V is where God intended electricity to be" :)
- "baby bear" (small version) could be run off of anything,
stored in a cabin
- Networking
- Aggregation of telephone feeds, not "1.5Mbits/sec/apartment",
instead 300Mbits/sec/apartment house
- Actually doesn't hurt business, because you only have to sell to one
person, lowers support cost
- Reduced latency over traditional "wireless mesh"
- Free wifie througout urban areas
- People can use your internet, you can use their internet
- This model already works (British telecom, Beijing)
- Privacy and stability: everything vrtualized and ecrypted
- Start punishing people who are actually trying to do bad things, not
the ISPs
- Flexible resources, data can optionall ybe stored on server, cloud,
etc
- already possible through virtualization
- Large servers in basements are used for extra CPU power. Depending on
location, servers can be idle (university servers on a weekend, for
example), but because these are hooked together with high speed internet,
servers can borrow CPU power from other servers
- Thin clients will have open circuit design (currently univ in Brazil is
creating the box)
- Box will have to be certified
- Manufacturing is "grunt work", so design is carried out by
university, and manufacturing is outsourced to other small companies
in Brazil
- If you want to do this in Greece, sure yo ucan do it, and
you can alter the circuit board as you wish
- Example for numbers of servers/clients
- Brasil: 192 million Brasilians, 80% in urban environment, 2 thin
clients per person (home and work/school), plus POS terminals
=> 400 million
- avg 300 thin clients per server (1.3 million HA servers, 2.6 million
"CPUs"
- How much will this cost?
- thin client, ~200 USD, but made back within about 3 years
- Pay for high quality, long-life equipment over time (start small and
expand as needed)
- cost will decline over time
- Digital inclusion
- cheap wifi wireless devices allow aaccess to internet
- "gratis" and "cloud" computing
- Train unemployed to be SA/Es
- single parents
- physically challenged
- Takes people off welfare and makes them taxpayers
- How does SA/E affford to buy business
- Create an underwriting program to guarantee no risk (for each loan
contributes a little to the underwriting fund, so load is equally
shared)
- SA/E salary will be 1800 base, for support for 300 thin clientsx$6 per thin
client per month
- Could make more money by side jobs (web programming etc)
- Job should not be too hard, and a lot of tools could be automated (web admin
tools, etc)
- Also will be given training
- Through a guild program (apprenticeship)
- How do you become a Caua entrepreneur
- Learn FOSS systems administration, get certified, licensed (by
government, ge letters of intent from potential customers to gie to
bank, get underwritten loan
- "The harder you work, the more money you make" ("sorry socialist people out
there")
- Timeline
- Immediate start
- Next year, starting courses etc
- Project board consists primarily of Brasilians
- www.projectcaua.org
- "Do not undertake a project unless it is manifested in importance and almost
impossible"
---
Conference welcome (Robert Lemke and Benjamin Mack)
---
- Rob describing the login process for TYPO3 Phoenix (the early release of v5.0).
Currently "the password is just 'password'. You can't change it yet, but he thinks at
some point before the release, they will have that feature.
-TYPO3 association
- daily scrum
- good for companies to become memebrs
- Rob mentions that some people are impressed by a CMS supporting two sites in one
installation. Try 500 languages with different dialects and being able to choose the
logo for one version. (Or having 500 sites in one installation)
- TYPO3 Conference Connector: advanced HTML5 form to help gather information about people
experencied or interested in TYPO3 (actually just notecards with our names/expertise/needs :)
---
The radically new interface for TYPO3 5.0! (Jens Hoffman)
---
- Creative director at a Bjorn user experience agency in Frakfurt
- For this project, the goal was to reinvent the wheel, because the feature
set is currently unwiedly
- 5.0's interface developed in Copenhagen over the course of a year
- Using Scrum sprints, so kickoff meeting was a scrum meeting at the end of
the UI brainstorming
- Defined goals for each month
- Aim to be more agile/transparent
- Split and assigned tasks
- Looked through about 300 other CMSs for inspiration
- Mobile me (pretty clean, easy to use)
- Action method (collaboration)
- Wapjam (FE editing, handling plugins)
- Concrete 5 (FE editing)
- SoupIO (aggregation web app [tweets, blog posts, etc] with a reduced interface)
- MicroSoft something (nice, but expensive)
- Mac OS X (iScript :)
- Yahoo Pipes (organizing classes very nice)
- Quicksilver/Launchy (keyboard actions and autocompletion)
- photoshop.com (no visual noise, very nice UI style)
- Guiding Principles: "Move the spliit of the old", so retain flexbility,
scalability, etc
- "user-centered design"
- Reduce abstraction: if you had really good FE editing, you wouldn't
need a BE and a page module
- "visual taxonomy"?
-Ideas
- Workspaces
- No live workspace
- Check out to personal workspace (no editing in live
workspace)
- If there is a group or staging workspace, push into there
before merging back into "live" workspace
- View Styles: custom views for data visualization
- pages, lists, thumbnails, vcards, google maps, olap, Gant,
etc
- Moves list module to a new level
- Rootlines to make navigation more natural
- Guided by Apple's file browser
- Dashboard with communications, tasks and workflows, widgets and
scripts, history of edited elements
- Browser tab integration for some actions
- Autosaving for elements
- Personas to help categorize needs
- 3-6 personas
- System sections: content, management, report, layout, system
- Aside: automatic security updates
- New BE with all modules on top (sort of like current
feedit_advanced)
- Create snapshot functionality
- Chat UI (though not a high priority for early releases)
- Online users can chat with eachother
- Replaying chats
- Showing specific locations by dropping markers on a page ("I
need help with this content _here_")
- Ability to switch views, mentioning the ability to edit flash
content, etc)
- Edit icons now appearing only elements you _can't_ edit, to reduce
clutter
- Better integration with DAM (drap-drop, etc)
- Ubiquity input action UI for advanced users (like command line
tools)
- http://tr.im/t35ui (abstract and channels, structure, wireframes)
- Wireframes handed out on a nice notecard handout with images
- extJS to be used
- Need for UX designers (currently only 4 people)
--
The Agile Future of a Ponderous Project (Karsten Dambekalns)
---
- Second member of FLOW3 development team (after Robert)
- Last decade's TYPO3 history
- Prototype developed in 1999, and is what is still used today, but was not
necessarily intended to be used for ten years
- Aside: all of the people using TYPO3 back in 2001 were technical
- 2002 First non-beta version of typo3 (3.5, extension manager introduced,
almost the same as what we are still using)
- 2003 first extensions are written and CVS access granted to others
- TYPO3 4.0 released in 2006 (already behind schedule, exclusive community)
- 2008 FLOW3 announced as a separate product (important because there was a strange
lack of overlap between the PHP and TYPO3 communities)
- 2009 extbase ports FLOW3 to TYPO3 4.3
- 2010 first sprint results from TYPO3 v5.0
- Making the project grow
- +1 system used to help with community commits: when someone submits a patch,
two other ppl must come and test it and give it a +1 before it is committed.
- Clean code is very important for quality assurance (for this they have produced Coding
Guidelines in one page)
- Unit testing is one of the reasons v5 has been delayed, because they wanted to rewriete
all of v4, but there were no tests for v4
- Test Driven Development is _highly_ encouraged, as well as *Continuous Integration*
(ex with *Hudson*)
- Previously the review system was all manual, but it is impossible to keep up to
date with all 4000 extensions
- Will be switching from svn to git, using garret (works as a gatekeeper system)
- Hard to provide a roadmap for FLOW3/v5 because we don't know where the roads are
- To plan, then, there are lists of features, but it can't be said when they'll be there
- Small steps are key
- *Scrum*
- Problem here is that not eveyrone is in the same place
- Has not been a lot of research with Scrum with distributed teams
- Also problems with planning (holidays, etc) (he seems a little upset that for the
first sprint, which is just finishing, that the other guys didn't finish very much, heh)
- Phing used for automated releases
- Links
- FLOW3 Coding Guidlines http://flow3.typo3.org/documentation/coding/guidelines/
- QA in PHP PRojects http://qualityassuranceinphpprojects.com/
- Hudson http://macosx.ci.typo3.org
- Literature
- Real-World Solutions for Developing High-Quality PHP Frameworks and Applicatios
(S. Bergmann and . Priebsch, Jon Wily and Sons)
- Test-Driven Development By Example (Kent Beck, Addison-Wesley)
- Not really any books on "how to run a huge, distributed, open-source project"
- Questions
- Do you still have daily scrums, and if so, how?
- afternoon
- Have tried skype with voice, phone conferencing, teamspeak
- skype and teamspeak seem best, and it's ok if some people miss meetings occasionally
- important: have proper headsets for everyone
- Best to have a moderator, people must be very disciplined (because you
can't talk at the same time)
- Can you provide any help for TDD, especially with extbase?
- For the domain models, phpunit suffices
- Sebastian for Fluid has written some integration tests
- Also, never write the tests afterwards
- They have probably spent 3-4 months just maintaining unit tests
- Jochen Crau (extbase), though, encourages unit testing but not necessarily TDD
---
Cleaner Coding with Dependency Injection (Robert Lemke)
---
- Dependency is a design pattern (not unique to PHP), related to OOP
- Helps to encapsulate functionality and modularize programs
- TYPO3 still isn't properly object oriented
- Related patterns
- Singleton pattern
- Only one instance of the object on a system at a time
- ex: Phone directory, want to programmaticalyl enusre that only one instance exists
class PhoneDirectory {
static $instance;
static public function geInstance(){
if(self::$instance === NULL){
self::$instance = new self;
}
return self::$instance;
}
}
$phoneDirectory = PHoneDirectory::getInstance();
- This is bad because what if you want to use an advanced phone directory
(ex: PhoneDirectoryPlus), but the classname is hardcoded here
- So, it would be best to use a ServiceLocator
- ServiceLocator pattern
class PhoneDirectory )
}
class ServiceLocator {
protected $instances = array();
public function getInstance($className) {
if (isset($this->instances[$className])){
...
}
}
}
//USER CODE:
$phoneDirectory = ServiceLocator::getInstance('Phone...');
- still bad because it depends on the ServiceLocator
- So: dependency injection
class MyClass {
protected $phoneDirectory;
public function __contsruct(PhoneDirectoryInterface $yd) {
$this->phoneDirectory = $pd;
}
}
- this is called dependency injection, because the control is now from outside the
class (well-decoupled)
- Instead, to MyClass, we add setters, so that you don't have to pass lots of
arguments to constructor. But, then you have to remember to set the phoneDirectory
- These are all examples of dependency injection
- Hard to use dependency injection without a framework,
because it's hard to figure out the correct order to inject
each dependency
- ONe solution would be to not use DI for every class,
but that's hard, and DI is nice
- ex of DI in FLOW3
- Injecting a PHP logger in a controller
/**
* @var \F3\FLOW3\Log\SystemLoggerInterface
**/
protected $logger;
/**
* @param \F3\FLOW3\Log\SystemLoggerInterface $logger
**/
public function injectLogger(\F3\FLOW3\Log\SystemLoggerInterface $logger) {
$this->logger = $logger;
}
public function indexAction(){
$this->logger->log('aoeu');
}
- This uses the reflection API
- OR, use parameter injection
/**
* @inject
* @var \F3\FLOW3\Log\SystemLoggerInterface
**/
protected $logger;
- Note that we are injecting an interface. If there is exactly one class implementing the
interface, then it uses that. Otherwise, you must configure it in the Configuration
directory, objects.yaml
- To help with speed, we have the temporary/StaticObjectContainer, which is like a compressed
file that has a list of every object with it's attrs (constructor and reconstitutor)
- works well with accelerators
- Even without FLOW3, you can use the above techniques to achieve dependency injection
---
Effective SEO with TYPO3 (Benjamin Mack)
---
- Benjamin Mack, runs his own business called b13 in Germany, working for ad
agencies and Christian organizations
- Google has 65% of the US marketshare, with 400million search requests per
day
- 10 things to do about SEO
1. HTML Code
- Don't use tables
- Avoid Flash
- Make your site work without JS (crawlers can't access pages only
accessible by JS)
- Validation, because it's easier to scan by search engines (though
not THAT important)
- Use h1 carefully, only once per page
- Use strong/em instead of b/i tags
- Remove inline CSS/JS
2-3. Keywords
- Must think about the things that someone will search for when
looking for the site
- Should match words that are actually used on the page (search
engines can tell)
- The title tag is more important than keywords
- Keywords don't matter for Google, but it's actually starting to come
back into play with semantic web
4. URLs
- URLs are even more important than the title tag
5. Domains
- Probably the strongest part is the domain (domain is often more important than content)
6. Images
- Image and document filenames and alt/title tags
7. Duplicate Content
- Avoid it, because search engines notice that sites are copying
eachother
- Must have proper 301 redirects (page moved permanently)
- Use the canonical tag to tell
google that this is the main website, and Google will only list one
8. Block content
- robots.txt to tell search engines where NOT to look (disallow
templates, t3lib, typo3, typo3_src, typo3conf)
- meta tag robots , or "index",
"nofollow", "all"
9. XML Sitemap
- like a regular sitemap, but just for search engines
- submit a list of all your sites, with dates. With this you can also
tell google to update your pages more or less often
- Can be done automatically with TYPO3's sitemap
- You submit this file to the search engines (search for google
webmaster tools)
10. Content
- Should contain keywords
- Use proper language and word diversity
- Link to other pages
- Summary of most important: domain and URL naming, title tag and metatags,
content structure, XML sitemap
- Canonical tags are preferred over 301s ,becaause they were come up
afterwards
- Using TYPO3
1. Ext: CSS Styled Content, proper HTML template
2-3. Out of the box, EXT: seo_basics
4. EXT: RealURL
5. Domains
6. EXT: fl_realurl_image
7. EXT: realurl, EXT: canonical
8. Do it yourself
9. EXT: fl_seo_sitemap, EXT: seo_basics
10. Do it yourself "unfortunetaly no plugin in TYPO3 to create the content for
you". Maybe see pmk_autokeywords, which can generate keywords by content.
- * spyfoo.com to tell you what keywords your competitors are
buying, with reports. You can go through there, take those keywords, and
use it to build content.
- What's next?
- Search engine marketing: Google adWords
- Linking / Viral marketing (tell ten ppl to write about your product
and link to your site)
- Write good content
- Keep your websites up-to-date
- Questions
- Only the first 11 keywords are most important (though again, the title tag
is still more important)
- Speed can matter, but less important than content
- If you have access to a Content Distribution Network (CDN) network, Google
knows that, and it's good for you (but expensive)
- Check google webmaster tools, and it will show you the speed of your website
---
Sharepoint connector for TYPO3 (Hans Olthoff, Frank Fischer)
---
- Both presenters members of TYPOTYCOON, a TYPO3 partner network
- Focus on business
- Share knowledge ad solutions
- Good for you, if you want to offer your customers our products, can
help with marketing products for you
- examples of partnerships: CCDS-Konzept (developed the SP connector),
alterNET, Mediatech (make special TYPO3 distros in US), Optimon
- Frank Fischer is a primary developer of SP Tools
- SP Tools in an extension to exchange data and files between MS SP and TYPO3
- Designed for companies that are running SP and TYPO3 simultaneously
- You can share docs and images, show custom lists like events, news, or
product sheets in TYPO3 FE, or synchronize them for TYPO3 BE access
- You can also upload docs/images from TYPO3 to SP and fill out forms etc and
send it to SP
- Cost effectvie because you can use the SP basic version (no license costs)
- USed to eliminate redundant data, and allows data exchange between systems.
Ex: event registrations done on TYPO3 that must be put into SP
- Why not using SP as WCMS? Because it's 50keuros, no image processing, not as
flexible or easier to develop in
- Why not use TYPO3 as the intranet? Not as good at document management.
- Can share user privileges between the two (set them only in SP)
- Demo
- Editing content and seein the change on TYPO3 site (for instance
adding an event)
- Uploading a file in TYPO3 and seeing it in SP (job offer
application)
- Sysfolders in TYPO3 BE to store Servers, Lists, Forms, and
Synchronizations
- Can view the news item created earlier in SP as a BE record
- Synchronizing lists between SP and TYPO3 databases
- SP running on Windows, TYPO3 on linux, keep connection (can be secure) open
---
Creating Rich Internet Applications with TYPO3 driven Flex/AS3-application
(Reimar Kosack)
---
- EXT: t3flex: flex/AS library for TYPO3 extensions
- Small company in Germany: Wash with similar colours
- Motivation
- modern, fast responsive UI
- Display huge amounts of data
- Low time to market
- SEO
- Flash enabled on 99% of internet enabled PCs (77% Java)
- Sony is going to collaborate with Google's TV project, and will have
opportunities to play flash on TV
- Goal: Provide fast access to TYPO3 datastructures and ValueObjects
- SUpport important extensions out of the box
- ActionscriptMessageFormat (AMF) for fast and effectvie messaging
- Use:
- Install and set up user rights
- SWC library communicates through XML/AMF
- AS3-Classes
- public class T3Flex (t3configuration, t3flexforms, bulkloader,
dataservice >DB Helper), which is all extendable/modular
- t3Standards (t3DbElement, and extensions of common classes, like
tt_content, fe_user, pages, etc)
- extensions
- Basic syntax:
T3obj.getChildren(callBack:Function);
T3obj.updateRecord(callBack:Function)
- also handles MM records
- Examples:
- Large multitouch interactive map (interactive whiteboard)
- Client came and said "we are bored of using ppt"
- Want something to use as material to talk advertise our area
- Now creates presentations with TYPO3
- No need to train the editors, all content/media through TYPO3
- Media iplemented through media links, so if you update the
media in one page, it updates on all
- *Available offline* Hook available in t3flex to allow
exporting to offline
- Apps and Widgets (TYPO3 without a browser)
- Created a small application (without BE)
- Phonebook app, can update user info from fe_users through
desktop app
- These ppl were fed up with intranets (easy, because making
forms with flex is very fast)
- Catalog extension with page flips
- Content for each page from tt_content
- You can double click on a page to edit it through Flex (very
nice little editor)
- Tool to square/format pictures within the flex
- Google optimizitation
- Also render an HTML page with the content from the pages
- Not done through "cloaking" (to fool Google)
- All done through TYPO3
- Integration with social networks
- Flash based apps within Facebook (ex: Job advertisements)
- Code
-ex: Time machine, you can click on buttons "load tt_news" or "load
tt_content"
- Presents records in a fancy way, with movement between them
private function initT3Flex(){
var t3Site:T3Flex = T3Flex.getInstance();
t3Site.config.baseUrl = 'http://typo3.t3fex.com";
t3Site.config.baseSitePid = 36;
//feature: enableOfflineCache, where it will cache images
}
...
contentLoader.getChildren(contentsLoadedHandler);
- Very fast approach, development
- iScript syntax
t3Site = Update FeUser-Images via Webcam
t3Site.activeSocialMediaWhatever();
- This project will be published on forge
- Data is compressed (and can be secure), and air has this storage built in to
store DB dataa
---
pt_list - The Definitive List Generator (Joachim Mathes)
---
- Generates lists (with filters) based on some data source
- Pager implemented as two plugins ("same plugin with two different modes")
- Easy to do sums/aggregators
- List, filters, paging
- Could have calendar filter and form filter
- Ex of something like a gantt chart
- And single view
- Installation
- pt_mvc (like extbase) (really?)
- pt_tools
- smarty
- Supports exports (with some added extensions)
- Select a table and "table identifier"
- Define sql queries (TCA-like information) for chosen table identifier
- Define table fileds in TS also
- Then define the column identifiers (labelling) (also includes a
renderObject configuration, which allows for stdWrap, images etc,
run user functions)
- Filter mode with properties: filterIdentifier, dataDescription, mode (ex: "select"), etc
- Future: pt_extlist will be based on extbase
- Filters also depend on eachother, eliminating impossible options (like ebay,
not ajax though, must refresh)
- Also as a "structured" list feature, which displays grouped lists
---
Extbase in Real Life - a Case Study (Christian Jul Jensen)
---
- Working with TYPO3 for ten years, in steering committee
- Works for moc in Copenhagen, creating TYPO3 websites
- Large project to "digitalize" an art gallery museum, and extend
functionality (Natinoal Art Gallery of Denmark)
- Contract was 1800 hrs
- 45,000 Artworks, 20,000 artists, with related records, etc.
- Complicated copyright (like access settings), and must ensure that images
always shown in context
- Why extbase?
- Future-proof
- Complex domain warrants good model
- Project built with extbase version shipped with 4.3 (first)
- Kickstarting
- efempty can be used instead of extbase_kickstarter, to copy extensions (and
creates dummy content)
- rename extension (used to rename/copy extensions)
- We can contact the presenter to get a copy of "generator", used with
UML formatting (not yet public)
- Large problem with extbase is the level of error reporting
- AJAX
- Character sets! Set inside of dispatcher
- Loading the TCA not being loaded
- Always use pageTypes
- Not possible to tell extbase to SAVE with a specific language (only retrieve
is transparent)
- No performance problems, except during import with 65,000 records (would
take 18 hours), loading too many objects (ended up writing an sql script)
- In his experience, development was not faster, but maintenance seems to be
- Advice: be pragmatic, even if it's not as beautiful
---
Extbase and beyond (Jochen Rau)
---
- Employed now working with TYPO3, used to be a mech. engineer
- Most important reason for extbase is the smooth transition for _developers_
into v5
- Extensions are very maintainable
- Very nice diagram color-coding the 3,000 lines of code inside tt_news, based
on what is used for domain logic, templating, business logic, etc.
- Planned for next version of extbase (1.2, with TYPO3v4.4)
- performance in SQL queries, object tracking, and caching
- Speaking exceptions
- Documentation
- Kickstarter (hopefully reworked within 6 months)
- Dispatcher will probably be reworked
- Could create an Abstract dispatcher, and then plugin in your own (FE
disatcher, BE, Ajax, etc)
- Process for patches same now as Core development
- Beyond extabes:
- Generic Domain Models
- WRUVI => William Street Rajan United States Virginia Indian,
following with a couple of examples of trying to input this name
(and how different records havedifferent ways of handling names)
- So what to do? Create generic models to accommodate common entities
(organizations, date, event, locations, articles)
- This is to prevent reinventing the wheel
- Standrards
- For persons, organizations, addresses, names, using OASIS CIQ 3.0,
originally for XML
- BMEcat for product, suppliers, catalogs, prices
- iCalendar for calendar, events, dates
- EXT: generic
- Using IRRE, you select lots of field types to define exactly
what that field is to be used for (ex: first name)
- Currently, BE editing is confusing (though it's nice with
extbase on the FE, or could be done in a BE module)
- Supports many formats
- Syntax to further alter format:
{party->g:format.party(format: 'nameONly')}
- Implemented as s within a template to get correct
segment format.
- Example with addressses, using a firefox plugin that
recognizes the microformats built into page to look up the
hotel name
- Challenges (XML2PHP, interoperability, consistent semantics)
- Think about how to implement a generic Event model
- In his opinion, the future of TYPO3, generic models and viewHelpers will be core
features. On top of that, you add packages, which customize your
installation of TYPO3
- Can be used to create Product Lines of TYPO3 (ex:
Enterprise TYPO3, Blog TYPO3)
- Developers could focus on these Product Lines, instead of
standalone extensions or the core
- Semantic Web
- Currently Google can't differentiate between "golf" the sport and
"golf" the car
- Can give google more information: websciencetrust.org, specifies
context for each piece of data
- This allows google to relate words in the correct context
- Semantic and TYPO3
- Drupal tries to implement semantic web for 2-3 years, but requires
lots of configuration
- In flow3, though, we have semantic models, so can just add
annotations at the top of classes and properties (@semantic) to
specify semantic meanings
- Can even indicate semantic relations with annotations
- Display complicated relations, semantic (not necessarily technical),
which could be used by the kickstarter and TYPO3
- Semantic queries with SPARQL
SELECT $person $article
FROM
WHERE {
$erson rdfs:type generic:Person .
$person core:authorOf $article .
$article rdfs:type coreNewsArticle .
$article core:isPlaceDOn $page .
$page core:title "Welcome"@en .
}
- [TYPO-dev] The state of support for the Semantic Web / RDFA / Web 3.0 in TYPO3
- Hard part: integration of semantic web technology in the movement of the
community
---
TYPO3 Scalability for hgih traffic sites (Dan Osipov)
---
- Worked with TYPO3 since 2007, some high traffic news sites
- DAM team leader, author of *TYPO3 4.3 Multimedia Cookbook from Packt
- Scalability from experience
- 500k page views per day, 100k unique users per day (phillyburbs.com)
- New content every 5-10 minutes
- Above all in one TYPO3 instance (to allow for content sharing)
- Vertical scaling: add faster disks, better processors, etc
- Horizontal scaling: add more servers
- How to build a scalable system
- Develop benchmarks with measurable goals
- Optimize the site
- Find bottlenecks with benchmarks
- Experiment, be creative (not one way to do it)
- Benchmark tools
- ab
- Jmeter (hard to learn, but can be used to simulate users, very
powerful)
- Profiling: figuring out the bottlenecks
- Monitoring
- Caching
- Cache everyhing that can be cached in memory
- TYPO3 cache allows different backends in 4.3
- Optimize the MySQL Query Cache (give it just enough memory, not too
much)
- PHP Bytecode cache (eaccelerator, APC, X-Cache)
- Turn off the file-modification checks, but then you must
remember to flush the cache every time you update your PHP
Files
- Use reverse proxies if you can
- Sepraate processing and DB (install MySQL on a different host)
- Allows you to optimize servers for their function
- Multiple processors for processingserver
- fast disks and RAM for DB server
- Compress data between processing an dDB serer (TYPO3_CONF_VAR
dbClientCompress)
- To add more processing servers, you will need a load balancer (this is where it gets
complicated)
- Load balancers
- Round robin DNS
- Hardware load balancer
- Session must be on a common server
- Filesystems must be on a shared drive, or even a SAN solution or
ISCSI
- NFS
- For database bottlenecks, scale your DB
- Cluster setup, with master slave replication (EXT: t3p_scalable)
- SELECT requests go to slave servers
- Write requests go to the master
- Sharding (not as well supported in TYPO3), used by social sites, to
store for instance users across different servers
- For replication lag problems, cache onto a non DB cache (like
memcache, can be done with TYPO3 4.3)
- You can add more slaves
- You want to put most static stuff onto a CDN
- Amazon S3/Cloudfront
- EXT: cdnfiles
- Relpcaes fileadmin/, uploads/, typo3temp/, pics/ links to
CDN equivalents
- Isn't responsible for dynamic uploading of files to CDN (maybe could
do it through DAM, contact him if interested)
- If your web server goes down, the load balancer will pick that up, and go to
one that's up
- Similarly with t3cdn
- If your master DB server fails, you can promote a slave to a mester and reconfigure
TYPO3 to use the new master (limitation with Single Master DB)
- Cloud computing
- Scalablity on demand, use servers when you need them (certain times
of year, etc)
- EC2
- Joyent
Here be ELectric Dragons: Prepraing for the Emancipaition of Machines
Lorenz G Lechner - Helsiniki University
-BitBang Rays to the Future: what the tech future would look like in 2025, how affects economy
-started thinking machines were to augment our capabilites ("we have been cyborgs since we started using fire")
-new machines, combinations of mechanic and processing abalities
-"The future is here, just unevertly distributed"
-We differentiate between machines and animals because we look at the world using difgferent senses
-the machines that are market savvy are those that will prevail
-ex: robot hamster that is silghtly more action than a real hamster
-"There is no physical task in which a human can outperform a robot"
Adanced microcontroller programming: Getting deeper into AVR programming
iwesen@ruinwesen.com, http://ruinwesen.com/, http://github.com/wesen, htpt://tiwtter.com/wesen
-Becaus all unit tests don't fit on the AVR, substititue mock objects
-Uses C++ on the 8 bit microcontroller, because you have enough control to
allocate the program flow that it is almost as efficient as if it were written
in Assembly
-does not use any dynamic allocation (no creation of "new" objects), just
static
-uses muliple inheritance, method overloading "virtual methods", no templates
-biggest advantage is Object Orientation
, so entire hardware element of controller can be wrapped in objects
-can subclass for different defatures using multiple inheritance
-can use linked lists, other high level data structures
-con: bloated, code size is huge (mostly because C++ and pointer arithmetic)i,
and gcc is not very good and using extra registers of AVR
-if you use 32bit interegers, int operations will be something like 12 times
as slow because it has to slpti into 8 bit operations
-Measuring with Profiler? timing tool
-important to undrestand compiler (assembly( output, even if you aren't
writing in assembly
-code refactoring
-avoid big switch statements
-available in a book called Small Memeory Software
-most effective tool for hardwar edubgging is an oscilloscope
-peizo allows you to observe states through auibal frequences
-sends out midi notes instead of logging text
-Can use JTAG with GDB or Kavascript (the latter is much faster/lightweight),
custom debugging environment
Fuzzing your phone from your phone
-SMS
-why attack SMS?
-received and processed by almsot all phones, no firewalls, can be
targeted with just a phone, server side without firewall
-life of SMS: message sent to device to the short message service center SMSC,
forwarded to rciptient, in a qSMSC queue messages if not aaliable, delivers
-SMS arrives and the modem dumps 2 lines of text (PDU)
-Take existing input and mutate it, or create input from scratch
-sending test cases best done by adding a man in the middle channes between
the application and the modem, because it's free, no special equipment, etc.
Just results have to be verified over the carrier network
-layes: modem : virtual serial lines : injector, userspace telphony
applicaiton
-SMS acts bteween user and injector layer
-for iphone, crashdumps are generated so you can send your SMS and check for a
new crashdump file, and then finally send a text SMS to make sure app not
hanging
-harder on android because processing done in Java, so have to create a new
interface to replace the java
-logcat -d gives you the logdump, where stars indicate a crash
-motivation is that you can first lock/crash iphone by crashing springboard,
but also interrupt
-with android, you can kick phone off network, make it no longer register with
the network by forgetting the pin for unlocked phones
-windows mobile, makes phone unusable until mallicious SMS is deleted
-somenoe else got remote code execution working for the iphone
-send SMS to port 2948, get java.lang.ArrayOutOfBoundsException (doesn't work
on AT&T)
-on windows mobile, send "%n" seems to crash it (has update now)
-SMS is a great attack method against smart phones
-reported all bugs, and android/iphone has fixed most of them
-http://www.mulliner.org/security/sms
Defending the poor: Defending against Flash exploints
-motivation: project initiated in 2008 by german federal offic efor
infromation securit
-germany is one of the only countries who has a govt dept that is partiall
yresponsible for computer security
-web sites that host flash banners are susceptible to these attacks, or
websites that allow others to upload files to their sites
-RIAs are implemenetd sa plugins for webbrowsers (functionality that
the browser intentianlly did not provide)
-flash security model relies on code that runs inside a VVM, and tries to
make sure nothing escapes int othe native system
-two sandboxes, one for communicating with the network, and another that can
access to filesystem
-flash is not very configurable, and has no signatures to tell where a swf
came from
-vulnerabilities: copying data to clipboard, FLV intereger overflow,
-attacks using flash include"exploit characters" bc flash has lots of info
about OSs etc
, clickjacking (USer Intferface Redressing", sending additioal HTTP header in
requests, simply redirecting the web browser (most common)
-1. redirecting 2. binary exploints 3. web attack vehicle
-SWF Adjack/Gnida, which stores campaign information in a local shared object
(in other campaigns, not techincally malware)
-AV companies are not very effective protecting against flash exploits
-everythnig is very dependent on versions
-flash has two VMs, one programmed in ActionScript 1 and 2, most apps. AVM2
is programmed ActionScript 3, which is more OOP, which would have bene good,
but most flash developers generaly don't understand OOP
-important: all versions of flash are backward compatible
-includes versions of actions/objects, like DefineButton2, etc.
-VM includes function declarations in the bytecode inline, as well as allowing
byte offsets in branch instructions
-can jump into another code block,
-if you write a really long if statement, it will validate, but an
only jump 16 bits of code, because that's the branch offset size
-also, objects at larger depth levels' code is executed last
-open source version is called "Tamarin"
-two types of attacks to be handled: malformed SWF files that cause memory
corrucption in the lpaye, and wellformed swf files that use the playe'rs API
for evilness
-because flash plaers ar e"fragile", a file is analyzed before it's played,
original is deleted, and then recreated using what was understood from te file
-ACtioGetURL2 is the most widely used action to forard browsers to potentially
dangerous targets
-Blitzableiter implements patches in the VM, which supporsts AVM1 exploits
-avg code inflation is 224%, 82% of those swfs patched, flash also went slower
-http://blitzableiter.recurity.com--
-Microsoft Silverlight is a good example
