Tonight at BrightonPHP we welcomed down Michael Cullum to speak to the group on “How we build phpBB: The Next Generation”. Michael is part of the core team for phpBB as well as a back-end Symfony2 developer and organiser of the PHP Surrey user group. I used phpBB a fair while ago and hadn’t had a good introduction to it, so I was interested to see how far it had come in that time.
The last time I used phpBB was around the middle of 2003 - a small freelance job, where an existing phpBB installation had been compromised, and my task was to clean it up and upgrade it to the latest stable version of everything, to hopefully mitigate any further attacks. I remember clearly opening up the project (over FTP naturally) and seeing a ton of changed files from the core defaults, with the various amends in, and thinking “great, I wonder how this is going to pan out in the future”.
Thankfully the site was pretty small and as such didn’t have too many users on it, so the details that were potentially compromised didn’t affect too many people (although more than 0 people is too many). But it was my first experience with phpBB as a forum software, and so too easily I formed the opinion that phpBB was easy to inject exploits into. So then subsequently whenever I needed forum software, I shyed away from it. I didn’t want my reputation and my clients’ sites to be easily compromised.
Fast-forward 12 years - yes, 12 years - and I guess I still had the same opinion. Michael approached me back in February about speaking at BrightonPHP, and his talk list included the above talk. I’m really happy I went with this talk now.
Tonight’s talk made me realise that having that preformed opinion and idea about how phpBB performed in the wild, from 12 years ago, was indicative of how closed my mind could be to certain topics. I’d liken it to the same way I felt about Ruby, based on “hipsters” (ugh, I hate that term) and the plethora of “ninja rockstar guru” developer positions. And then having taken time to play with Ruby, I realised it was quite nice for some stuff. It’s also akin (in my mind) to people who hate on PHP, having last used it in 2003 as well and not realising that the language has evolved a fair bit. Tonight I realised I still held the “insecure and outdated” opinion of phpBB, despite not having touched it since back then - and that saddened me, that I hadn’t taken time to be more aware of where it was at.
Preformed ideas, opinions, conclusions can be incredibly damaging - whether it be towards a language, a framework, a small library, an individual person. After my Ruby experience a couple of years ago, I resolved to be more open-minded about topics on which I had little experience. Michael’s talk this evening made me resolve to do that more.
Also - Michael is a really engaging speaker, and knows his stuff - I really enjoyed this talk. Go see him speak!