Why PHP is still an immature language

Tags: 

A thread came up on Slashdot today about the security problems of PHP and software written using it. Given that this is as much of a major problem today as it was five years ago when version 4 was released (that was supposed to start fixing the security problems), and given how bad most PHP code still is today, I added in my own $0.02:

From my experience the main cause of insecure PHP software is developers not turning the error validation to the highest during development, so when an unsuspecting user downloads the software little do they know that their system can and often is wide open to stupid bugs and security problems. When you leave error_reporting to the default setting you miss lots of important details, like array keys being passed as constants, variables being referenced before they're created (especially with arrays), incorrect return types, etc, etc, yet people wonder why their code is so buggy? I was installing vtiger, which is a pretty comprehensive CRM that has lots of potential to hit it big, the other night for a client and was slamming my had against the wall at the sheer number of stupid syntax bugs that were in the system.

How many programs out there tell you to turn on the old register_globals that everyone knew was a huge security problem?

How many programs tell you to turn down the error_reporting level to hide their development incompetence?

I was actually considering starting a movement to have the PHP community clean up their act, we'll see if its still needed after the dust settles from this.

Personally I think that with PHP 5 they should have stopped supporting deprecated coding practices, like accepting invalid variables and invalid array keys, so that this stupidity could finally stop.

That's why I don't do much with PHP anymore, a large portion of the open source projects that clients want you to "make work" are riddled with utterly stupid mistakes that you spend days if not weeks cleaning it up before you can actually start doing any work.

WP-Cache + password-protected pages = problems

Tags: 

I have discovered that, despite recommendations, it is not advised to use the Wordpress plugin WP-Cache if you use password-protected pages as it stops them working correctly. If you turn on WP-Cache and view a password protected page that you have not previously viewed it will cache a copy of the login page and never let any visitors access the content; if you view a page that you have previously viewed before enabling the cache it will cache the full page, letting everyone who views your site see the page. This is not a good way to work, so I recommend simply not enabling this plugin.

SVN+SSH problems on Mac OSX

Tags: 

I was trying to get SVN set up as a daemon on my OSX 10.4 (Tiger) machine when I started running into this error upon connection:

bash: line 1: svnserve: command not found
svn: Connection closed unexpectedly

Some searching later I really couldn't find anything that might have been causing the problem, other than the obvious notion that the path was not working correctly. A little fiddling later I discovered the problem - the ssh daemon was by default configured to not load any user environment files (which are used to set the command path, etc). To fix the problem I had to first enable the option PermitUserEnvironment and then restart the service:

sudo nano /etc/sshd_config

Search (control-w) for the string "PermitUser" then uncomment the line (remove the # sign) and change the the "no" to "yes". Then all I had to do was restart the ssh daemon and it was good to go:

sudo SystemStarter -v restart SSH

Et voila!

Entourage won't start? Try option-start

Tags: 

Today at work Entourage 2004 decided it had enough of life and didn't want to start. Not having had this happen before I did a quick Google to discover that if you hold down the option key while double-clicking it (or single-clicking the dock icon) to start it will pop up a database repair utility which will hopefully be able to fix any problems. Cool!

Pages

Subscribe to Front page feed