The Guru

Bill Campbell bill at celestial.com
Wed May 28 09:34:24 PDT 2008 

On Wed, May 28, 2008, Fairlight wrote:
>>From inside the gravity well of a singularity, Jay Ashworth shouted:
>> On Tue, May 27, 2008 at 07:16:13PM -0400, Fairlight wrote:
>> > Y'all catch dis heeyah?  Jay Ashworth been jivin' 'bout like:
>> > > Python has it's own, much smaller, library called (I think) PEAR -- or
>> > 
>> > PEAR is part of PHP, and it's actually the regex parsing engine, if I
>> > remember correctly.
>> 
>> 	http://pear.php.net/
>
>Yeah, I just figured out I confused PEAR with PCRE.  Hey, they both
>start with 'P', gimme a break!  We have too many bloody acronyms in this
>industry.
>
>PCRE was actually the cause of a headache during a minor patchlevel (third
>number) release.  They released a security fix one week, and a week later
>released a xx.yy.zz where zz=zz+1 to fix the bug they introduced in the
>previous week's fix.  But lo and behold, some brainiac decided that this
>kind of release was a perfect opportunity to release PHP with a completely
>new version of the PCRE subsystem.  Which point actually -broke- the SRPM
>build from a week prior, I might add.
>
>This is one of the many reasons I really deplore PHP.  A perusal of the
>weekly SANS security digest week after week points out yet another.  I know
>seasoned linux kernel hackers that say they'd rather reinstall an entire
>new OS than replace just PHP.  I think that's overkill, but they -have-
>said it.

That's one of the reasons we install all our own server stuff
built under the OpenPKG portable package management systems.  It
makes dealing with things like php, beserkeley db, etc. easy as
they are totally independent of the underlying system.

As for php as a language, IHMO it combines the worst features of
perl and BASIC (Beginners ....) in having a plethora of modem
noice characters along with the ability to obfuscate everything
by mixing display and processing in a single file.  Granted that
it is possible to write reasonably secure things in php, but it's
far too easy for clueless ``developers'' to write insecure garbage.

Bill
-- 
INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
Fax:            (206) 232-9186

The whole aim of practical politics is to keep the populace alarmed (and
hence clamorous to be led to safety) by an endless series of hobgoblins.
   -- H.L. Mencken, 1923

More information about the Filepro-list mailing list