[BangPypers] [OT] language fanaticism

Noufal Ibrahim noufal at gmail.com
Thu Jul 14 06:33:37 CEST 2011 

Sidu Ponnappa <lorddaemon at gmail.com> writes:

>> many bitter experiences - security is a nightmare for php apps. Take a
>> look at the number of security updates wordpress has per *month* - more
>> than django has had in 6 *years*.
> That is based on strong correlation between PHP applications and poor
> engineering.
>
> If we're having a philosophical debate, the question then is 'What if
> there was a hypothetical, well engineered open source PHP
> application?'
>
> I'm torn. Purely philosophically, I would be fine dealing with it
> assuming I had the time to spare to learn PHP idioms, and that time
> was otherwise spent solving real issues and not problems caused by
> rubbish code. Practically though, PHP as a language makes my teeth
> ache, and from what I've seen well factored PHP programs spend a lot
> of time working around the limitations of the language. It's turing
> complete, but pretty much the only other language that I've used that
> I like less is XSLT.

It has more than a fair share of rough spots but it also has it's own
advantages. 

I think PHP is like english in the sense, it's easy to speak/write even
when ones control over the language is minimal. YOu can get a whole web
site up and running quickly without knowing much. THis has spawned a
series of poorly engineered apps which (because worse is better) have
hit the net. 

However, there are really large deployments of PHP out there which are
quite stable. archive.org, facebook, wikipedia and (as I heard from the
recent PHPCloud conference here), Flipkart. So, given a good team, you
can get things right. 

This whole thing is a digression though. 

My basic point is that if there's a tool written already that *does* the
job you want done, would you stay away from it purely because its not in
your favourite language?

My outlook is that code is liability. If I can get the job done without
"writing" code, that's probably what I'll do. 

Wordpress is probably the poster boy for poorly engineered PHP apps but
I'd prefer using it (and applying security patches when they come out)
rather than writing (and more importantly spending time maintaining) my
own blogging app in the latest and greatest Python framework. 

As for Kenneth's points on the LUG sites, they're simply poorly
maintained. A lot of high profile secure sites run on PHP so it's a moot
argument. 



[...]


-- 
~noufal
http://nibrahim.net.in

Our similarities are different. -Dale Berra, son of Yogi

More information about the BangPypers mailing list