PHP an idiot's tool (was OT: Web page source code )
Fairlight
fairlite at fairlite.com
Tue Aug 12 16:14:24 PDT 2008
Is it just me, or did Jose Lerebours say:
> >From little-dot-ville, Mark exploded and revealed:
If I explode, you'll know it. :)
> >Actually, PHP's very model makes it worse-off than perl. The tighter
> >binding to the web server -by nature- gives it more exposure in terms of
> >risk and repercussions. Perl doesn't have that working against it unless
> >you use mod_perl, which I refuse to do.
>
> So I guess you have figured out how to keep your perl apps secured but
> this is not possible in PHP at all - Interesting
I didn't say it was impossible, I said the nature of the platform, combined
with the lack of proper community education, combined with the "idiots can
use it" factor, all conspire to make it highly less probable.
> I do not read these as you do, but do not think you present a valid point
> to rank PHP as a worthless development tool. I am sure that the flaws,
> however many, are related to specific extensions which you can include or
> exclude just as you do with mod_perl.
I don't use mod_perl. I said as much in the last post, and in fact said
that I -refuse- to use mod_perl. My reasons are threefold: 1) it adds
complexity integrating programs into mod_perl and apache, 2) it makes your
code less portable, since to my knowledge there's no mod_perl for IIS and I
need to support all platforms with a web server, and 3) for the exact same
reason I think PHP is a higher security risk--you're rolling your
application, with any and all of its faults, -directly- into the httpd
daemon. Thus, if your application gets cracked, or the engine upon which
it's written gets cracked, the damage exposure is that much higher because
it's become part of a trusted system. Apache and mod_ssl flaws are far
fewer between than PHP flaws. And by flaws, I mean exploits that require
patching.
> >PHP is like AOL: So easy to use, any idiot can--and too many do. The
> >fact that the community isn't even remotely as self-policing as the perl
> >community (which has really stringent standards, despite the freeform
> >nature Perl is capable of using) doesn't help matters.
>
> I happen to be one of those idiots, except that I never used AOL. It
> feels that you are very biased and one cannot argue with a person who has
> locked himself in such a way.
I didn't say you were an idiot. Just like I've run into the occasional AOL
user that isn't an idiot. I implied it's more likely than not--especially
given the relatively high percentages of idiots in the general populace and
the high percentages of those idiots using PHP because it's "accessible"
compared to Perl--at least it's more "accessible" in the perceptions of
people that haven't bothered to look seriously at Perl's ease of use. We
won't even bring Python into this until Bill Campbell or Jay Ashworth bring
it up. :)
> One could argue that filePro is easier than PHP - So are there too many
> idiots in the filePro community?
Do you want the honest answer to that, or the polite one? Let's just say
that the easier something is to use, the higher percentage of people you
get using it that haven't a clue on how or why to do even the most basic
things, much less do complex things properly. That goes for -any- product
that's easy to use. That doesn't make everyone that uses it an idiot, it
just means the likelyhood of a user of 'x' is higher that they're not
competent to run a 4-function calculator, much less something as complex as
a RAD toolkit or any other development language.
> I do not think that the tool defines the quality of the end-product;
> this is the responsibility of the developer behind it. If you are a
> weak developer, your applications will be weak or at least show your
> weaknesses. Of course, an even weaker developer will drawn under the
> tools inherent weaknesses.
>
> Take for example filePro itself, with all its weaknesses, lots of solid
> applications have been written. In the same token, there is a flood of
> poorly written applications. This is not the fault of filePro itself,
> but the developers.
The point is that certain aspects of a product's design lend themselves
towards how attractive or not it is towards people of certain skill levels
and dispositions. Apple knows this -quite- well--they appeal (at least
pre-OS/X, it's changing slowly) more to artists, writers, musicians...the
creative types that don't want or can't be bothered to know what the hell
they're doing. They've parlayed that into a fortune, even if it took ages
to recover from the shortsightedness of being a closed hardware
architecture. (Don't start me there, I go back to the Apple ][+ days.)
If something is easier to "learn" on the surface, but harder or just plain
unintuitive to learn the finer points of (and has p1$$-poor
documentation!), you get crappy programs from the majority, and some really
good stuff from the few that bother to learn it--but who probably bother to
learn -anything- they do just as well.
> You are ahead of me here, I have not meat a "new" filePro user in well
> over a decade. I have never meat any one outside this list ... Every one
> I have ever spoken, work with or exchange anything filePro related was
> through this list or a member of this list.
I have a few. One locally that uses the same ISP, but I haven't talked to
them in years since I stopped going to the net socials. The other guy I
referred to in my previous post. That'd be -almost- it since 1993.
> >I respect yours. I disagree with it, but you're entitled to hold and
> >defend it. :)
>
> Not defending, simply find it interesting to hear other put down any
> development tool and rank it as you have PHP. At my age, I do not have
> the time nor the inclination to read every article printed, care for
> every criticism, and bother with anything that does not have a direct
> impact in my personal life or those I care for.
Me either. I watched a Web 2.0 presentation a year ago from the guys at
ZEND that was put on YouTube, as well as a PHP seminar clip. I was -not-
impressed. Either those were very entry level meetings, or they simply
didn't grasp some fundamentals. It was mostly glitz, very little
substance.
What little I've bothered to look at of outside opinion besides my own
investigations into PHP has not impressed me. The security side is just
plain daunting. I've had the misfortune of having had to build it multiple
times to fix glaring issues--and I've had a linux -kernel- developer tell
me point blank that he'd rather reinstall the whole OS than patch or
upgrade PHP. This is a guy that hacks the kernel source code, ok? What's
that tell you about how well-engineered it isn't, if he doesn't think it's
worth the hassle? (Probably tells me more, since I know his
personality...you might draw a different conclusion, but I know the guy
personally and have done for years.)
Heck, I don't even keep up with the linux kernel development anymore,
barring security issues or what I need to know to obtain 'x' functionality
du jeur that someone wants that the last major tree didn't offer. I
stopped having the time and inclination to roll every kernel, development
and stable, -years- ago. It was a great learning experience, but I find
life much more pleasant if I let the kernel devs do their job and I do mine
and have fun with my remaining free time. I'm with you there.
But don't think I haven't looked into PHP. I have. I've even fixed
people's PHP applications that they couldn't even fix themselves. I kid
you not. (Yes, I can read it, and even modify it...I just don't design
from scratch in it. Check for Satan walking behind a Toro snowblower
before you see me do that.)
> Like filePro, PHP has given me all that I need to develop the
> applications that have been given for me to write: Dynamic Charting
> Application, Warehouse and Inventory Management, Online Document
> Management, Exam & Grading System, Trucking System, etc. To mention a
> few over the past year. I am in the process of converting my filePro
> Accounting Application into a PHP based application.
Sure, it's given you a lot. The question is, what has it given you that
you're not aware of. filePro has given people a lot as well--but the
uninitiated to the fine gift of DKNF errors might be blissfully ignorant of
what's under the hood until it bites them on the hand. Likewise with PHP,
you might not even be aware of what may or may not bite you.
Just so you're not thinking I'm completely biased, I ran up against a bug
in the Tk::Widget::Popup module yesterday that's outstanding from 2007,
which was easier to code around than to use directly anyway. You run into
stuff like this in anything. I'm saying that it's out there, but some
things have a higher percentage than others. And a lot of people are (if
you read the security digests) woefully undereducated about development,
-especially- in web environments.
> Like you said, it is so easy, any idiot can ... and we should. I am sure
> that if Perl were as popular and widely used as PHP, it would have its
> fare share of problems. When Perl was at it peak in popularity, I am
> sure you can go back and find other posting comments such as your about
> PHP.
Perl has been around since before PHP. LONG before. And I highly doubt
that it ever had quite the same problems, given its pedigree. Larry Wall
is highly regarded, and no mere amateur. I personally think these guys
over at ZEND, if their development and release methodology -alone- is
anything to go by, are fly-by-night developers by comparison. Who in
their right mind swaps out a major component on a third-point-level bugfix
release that is fixing another bugfix release, "just because it was done"?
They did that in a patch they release a week after -another- patch. The
patch was to fix the first patch, and yet they thought they should entirely
change the pcre engine for a x.x.XX maintenance release. Amateurs, in my
book, sorry. That alone speaks volumes.
If you want to know why Perl is past its peak in popularity, it's because
people went where they didn't have to know what they were doing to get
results. End result: 90%+ lousy coding practises, 10% acceptable. Maybe
75/25. I wouldn't put it much higher, because most people with a clue
would do enough research to know which tool was better in the first place.
Besides, PHP is -almost- useless for non-web applications. I know it -can-
be used for non-web stuff, but how many times is that put to practical use?
You can write pretty much anything in Perl. The portability is another
HUGE bonus.
PHP is "Meh, okay..." for its intended use. All things considered, I
wouldn't rate it higher than that. And I actually -have- worked with it.
Wouldn't be my first choice, that's for sure.
Only reason I'm not looking at Python more seriously is because I have too
much invested in Perl and I'm not looking to go through another migratory
transitional period. Bill Campbell's glowing recommendations alone are
enough to make me second-guess that decision, but I'd rather stay focused
and hang onto my time investment for now.
mark->
More information about the Filepro-list
mailing list