Porn's Lessons on the Plentiful Possibilities of Perl and PHP
Regardless of your personal feelings toward Internet porn, the sysadmins overseeing adult websites know a thing or two about scripting and scalability. For example, keep your database clean, embrace open source for as many commodity components as possible, and only use the latest technology if it adds actual value to your site, not just for the sake of using it.
Love it or loathe it, there's no arguing that the adult entertainment industry has been at the forefront of technology throughout the growth of the Internet. The adult industry operates on a shoestring and has figured out how to deploy secure and scalable sites on the cheap. We'll take a cue from the system administrators of smut to get five easy lessons on managing uptime, security and lowering TCO (total cost of ownership) -- and all with a G rating.
Why porn? Well, about 12 percent of the sites on the Web contain adult content. The online adult industry pulls in nearly US$5 billion a year worldwide. Most of the world's adult entertainment sites, a.k.a. porn sites, operate on a relatively thin budget, and almost all of them run on open source. There's plenty of adult content available online, so sites can't count on scarcity to drive business. There's money to be made, but only if a company is smart about its IT setup. Probably sounds a lot like your business, doesn't it? Aside from the actual content, it is.
So what can we learn from the folks in the adult industry?
1. Use Open Source, and Lots of It
Anything that drives costs down is a win, and open source is the best and most cost-effective tool you'll find in most cases for infrastructure. Take any given adult site and use Netcraft to query the site and see what its hosting infrastructure is. You'll probably find that it's a typical LAMP stack, and almost certainly not a Windows Server environment. And when we say LAMP, that means lots and lots of Perl.
Find any way to reduce licensing costs, re-use components, and embrace open source for as many commodity components as possible. This doesn't mean proprietary software is "bad," it just means that when it comes to providing infrastructure for successful and robust websites, open source rules the roost. One favorite is the Catalyst Web Framework, which is easy to use and extend, and runs on pretty much any operating system and any major Web server. This framework got a boost when adult site YouPorn went looking to hire developers familiar with Catalyst and DBIC. Catalyst also handles the more family-friendly BBC iPlayer site that gets something like 9 million page views daily. If it can handle that, it can handle your site just as easily.
2. Stick With Tried and True
It's true that adult sites have ridden the wave of technology and have helped push the envelope for the rest of the Web in some ways. For instance, few sites are successful by requiring non-mainstream browser plug-ins. Plenty of companies have embraced Flash because it's everywhere, or use standard media codecs that are likely to be available on the majority of computers.
However, there's no advantage in embracing the cutting edge when it provides nothing compelling for the user. Case in point, frameworks and Web development techniques that were current five years ago are just fine for sites that only need to serve up images and movies. Few webmasters are rushing to rip and replace their site designs and templates just to be using the newest technology.
Perl is still extremely popular with adult sites due to performance, but PHP is also pretty well-represented. You're not going to find a bunch of Ruby on Rails or Django sites because it's harder to find Python and Ruby developers on the cheap. Perl developers can fall back on CPAN, PHP developers have PEAR and many resources to get started or overcome hurdles. Ruby and Python have strong communities as well, but the talent bench isn't quite as deep yet.
3. Caching Rules
Find ways to cache content so that your server is spending as little time as possible generating dynamic pages or reading data off disk. Using Memcached or other caching technologies ensure that the site can serve data as quickly as possible.
This goes back to using tried and true frameworks as much as possible. Most CMS platforms and development frameworks already have caching technologies that work well with them. No need to reinvent the wheel, just find the right plug-in or caching technology that suits your framework/CMS. Spend as little development time as possible reimplementing features that can be found elsewhere.
4. Good Database Design
If your site depends heavily on a database back-end, it's crucial that the database design be as efficient as possible. With an off-the-shelf CMS, this usually is not a problem. However, in-house applications need to be optimized to hit the database as little as possible (see point 3).
Developers need to do extensive testing before deployment and ensure that they're not making unnecessary (and resource-intensive) database queries. Remember the rule about optimization. In the adult entertainment world, nobody likes things premature, and in the development world, premature optimization is to be avoided. Only spend time optimizing code if it's likely to have a real-world impact.
Otherwise, spend your time elsewhere. Guess what? Optimizing your database design is one of the areas where it will pay off, guaranteed. Leading up to the last tip, be sure that you're protected against SQL injection attacks. Check all user input for problems to avoid SQL injection attacks. Also, use best practices to ensure that even if an attacker manages to insert a malicious SQL statement, the changes are undone when the transaction is finished.
5. Security First
Be sure to keep security in mind above all else. This is particularly true for adult sites, which are attractive targets for attackers. But just because your organization's Web presence may be less prone to attack doesn't mean it's safe.
Treat your site like you're always under attack and storing thousands of credit card numbers -- which may well be true. Perform security audits on a regular basis. Make sure you have intrusion detection and monitoring set up. It should go without saying that you should be tracking security advisories and updating your systems accordingly. Any pages or parts of your site that require authentication should be accessed over secure connections. OpenSSL doesn't cost extra, and the dynamic languages all have mature bindings that leverage it.
A security breach is not just a cost in terms of the money and time lost in recovering from the attack. It also could cost your business your customers' trust. That's deadly no matter what line of business you're in. It's easy to feel complacent if you haven't experienced a successful attack, but the first one is always around the corner.
Really, all of these tips apply to any site. It's not just the adult industry that has the lock on good, scalable designs. We've kept this list family-friendly -- but it made you want to look, didn't it?
Jeff Hobbs is director of engineering at ActiveState, overseeing development of all ActiveState products from language distributions to development tools and Web-based solutions.