Rasmus Lerdorf invented one of the primary Web programming languages used at Yahoo, but for a long time he tried to fend off another.
"But it does complicate things," he adds. "It means that half your application runs in one environment and half runs in another."
Lerdorf, who is also a core development team member for the Apache Web server, joined Yahoo in 2002 as an infrastructure architecture engineer and helped the company standardize on PHP in place of the hodgepodge of Web scripting languages it had been using. His experience applying PHP to Yahoo's extreme scale of operations and defending it against hackers also influenced the development of features, such as filtering untrusted input, in the current release, PHP 5.
Like any open source technology, PHP is the work of many contributors, but back in 1994 Lerdorf came up with what he called the "personal home page" (PHP) programming toolkit, and he continues to exert major influence on its development.
Like Java Server Pages, Cold Fusion and many other Web programming languages, PHP lets snippets of programming code embedded in a Web page run on a server and perform actions such as database lookups. Yahoo's servers run code written in other languages, including C and Java, for core data management and content aggregation tasks, but PHP is Yahoo's standard for application development.
Google is widely credited with dramatizing the potential of AJAX with Google Maps and Gmail, but Yahoo has also embraced the technology. The new Yahoo Mail, for example, uses AJAX to load e-mail messages into a viewing area at the bottom of the screen rather than having each message displayed as a separate Web page.
"Once you see something like this, you just can't fight it," Lerdorf says.
In contrast with the AJAX code in Microsoft's developer tools or the open source world's Ruby on Rails, the YUI is not part of a broad Web development framework. Lerdorf says he discouraged the YUI team from trying to create a framework because he is generally suspicious of cure-all solutions to software development problems. "Sure, you should have a framework," he says, "but the question is, whose framework should it be? In most cases, I believe you should write it yourself."
The YUI's piecemeal approach appeals to engineers who want what they want and no more, Sha says. "You don't have to take the whole package. You can pick and choose what you need."
Developers should be judicious about picking the libraries they use in their applications and recognize their limits, Sha says. "If you're working with the animation library, use it for simple effects. Don't try to create a movie."
Along with new possibilities, AJAX brings hazards that are "just destroying the Web right now," Lerdorf says.
"Once you move half the application to the front end, the back end gets very simple," he says, but it also takes away control because that front-end code is released onto the Internet, where hackers can manipulate it. "So you have to ask yourself, what could they send us to trip us up? The answer is, a lot."
Defending against such attacks is not easy, particularly for startups too busy creating applications and going after market acceptance to worry about security, Lerdorf says. "When the news hits that they're about to be bought by Yahoo or Google, the hackers descend in droves."Write to author David F. Carr.
Related Story: Yahoo's Performance Guru: 14 Tenets for Speeding Up Sites