Liferay for your ears - Meeting Michael Han, Liferay's Vice President of Operations, at the european symposium, I used the opportunity to record an episode on some of his working areas, namely security and performance. He gives some good background on these issues.
Among other topics, we spoke about:
* His background, how he came to Liferay and what he's mainly working on
    * Mike is with Liferay since 4 years - helped setting up the international offices and business.
    * "Follow the sun" support: International offices required for support around the clock
    * Performance gains from version to version, sampling with logging in.
    * Mike's involvement in performance tuning, how the performance whitepaper is built and what you need to understand about your system in order to expect the correct results based on the performance whitepaper's numbers.
    * The different ways that the "number of users" can be interpreted and how to find out the required number of servers.
    * 3-4 man-years of effort go into performance-tuning enterprise edition
    * How to read security reports: Why 50 deep-red issues might show up to not be as bad as they look initially
    * Black-box and White-box testing for security issues
    * Circumstances under which a possible SQL-injection is not a problem
    * Security of Open Source software - with an example
    * How to report security issues: File an issue in Jira, set the component to "security" and the visibility to "private", so that only you and Liferay staff can see this issue. Enterprise customers just file an issue in their account and flag it as security issue.
    * How to set up a performing system, what parameters should you care for - along with some numbers we see on garbage collections etc. and why you can have too much memory.
    * There used to be a Sun/Oracle blog about every single JVM option since version 1.3, as we found out preparing these notes, this is no longer available. But there are alternative links
    * Other documentation for other vendor's JVMs
    * How we determine which server architecture to build the performance testing environment on.