[Dailydave] The Correct Amount

Moses Hernandez moses at moses.io
Mon Aug 15 21:36:50 EDT 2016


PHP is … well it just is, and that happens to be the problem. There is no good way around it, it’s far too much in use to quickly deprecate and back out of, and it’s also very far from being well designed, or just designed at all. If you don’t believe anyone just Google “Why is PHP Such a horribly designed language” for all the fun references to the developers just magically patching this thing in real time to cobble the language. 

The problem with these kinds of things, is that PHP allowed us all to have stuff on the web very quickly, which we all liked. Facebook has no choice at this moment but to try and “correct” PHP the best it can, because stating over on a new Facebook is more than likely out of the question by now.

I don’t however see us going from better to best in the choices we are making. While we have some interesting languages like rust, what we are now seeing is migration away from PHP with people running (frantically) to Javascript frameworks. Ahh, Javascript, A language that was more or less designed in about 2 weeks time and that it’s only marketing was to use the ‘java’ in it. If you want to lol over Javascript, a co-worker pointed this out (https://www.destroyallsoftware.com/talks/wat <https://www.destroyallsoftware.com/talks/wat>)

To make matters worse than anything PHP has done, the javascript developers have decided that inside of javascript (which mostly runs on the client side inside a C++ compiled binary that we know as a browser) they will enable web assembly (https://brendaneich.com/2015/06/from-asm-js-to-webassembly/ <https://brendaneich.com/2015/06/from-asm-js-to-webassembly/>). This way you can run all those awesome native C and C++ apps inside of javascript inside your browser.

Or maybe on the server side as well. Who knows the possibilities here are endless, but then again we can all run Quake in our browser at the same speed as the native app so .. there’s that.

- at mosesrenegade

> On Aug 2, 2016, at 4:12 PM, Kristian Erik Hermansen <kristian.hermansen at gmail.com> wrote:
> 
> Do you feel the same way about FaceBook PHP? Or general PHP v7? It sounds like everyone has cancer, smokes, and is pregnant...
> 
> 
> On Aug 2, 2016 8:59 AM, "dave aitel" <dave at immunityinc.com <mailto:dave at immunityinc.com>> wrote:
> Last week I did the technical review of one of our deliverables. Super secure website, run by smart people. They'd limited their exposure to one PHP file. But a good security services company provides strategic advice, along with individual tactical recommendations. In this case, the consultant found two critical vulnerabilities in just that one lonely PHP file. Our strategic recommendation is always this: Use as much PHP on your website as cigarettes you would allow a pregnant woman to smoke per day. 
> 
> Everyone knows they should stop smoking. But sometimes it takes a doctor to pull up the X-Ray of your lungs and look at them sadly for a brief second for you to invest in that first pack of nicotine gum. I'm not saying PHP is cancer, I'm just saying that when I see Uber write up a long post <https://hackerone.com/uber> about how they're trying to use Bug Bounties to help them secure their WordPress plugins it makes me think maybe they should go to the doctor instead.
> 
> -dave
> 
> 
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com <mailto:Dailydave at lists.immunityinc.com>
> https://lists.immunityinc.com/mailman/listinfo/dailydave <https://lists.immunityinc.com/mailman/listinfo/dailydave>
> 
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160815/4b20191c/attachment.html>


More information about the Dailydave mailing list