Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • I like to point to my experience with PHP [perl.org] as why I shy away from it. But that's simply not good enough - I mean, anyone can write insecure code with any language.

    I'm not sure this is a worthy project. IMO, we need to get programmers good at what they do. KISS (Keep It Secure, Stupid!). Converting them to a new language resets their capabilities instead of getting them closer to writing that killer app.

    Peace,

    Jason
    • I mean, anyone can write insecure code with any language.

      Although Perl makes it very easy to NOT write insecure code by using taint mode. That's a huge bonus over PHP.

      We'll be sure to put taint mode on the list.

      --

      --
      xoa

      • Yeah, that was my initial thought, too, but put yourself in the shoes of a PHP programmer. They just want to hack something quick to get the job done. Taint mode adds complexity to the task at hand.

        And I'm sure there's something similiar that can be done in PHP (register_globals, etc).

        IMHO, the clincher is CPAN (though PHP has PEAR -- odd their latest news [php.net] is >1y old, though -- maybe PHP uses something else?). With CPAN, a Perl Web programmer can design/code from a high level and look for CPAN modules
        • put yourself in the shoes of a PHP programmer. They just want to hack something quick to get the job done.

          That's far too broad of a brush. Just in the room of a dozen PHP folks last night, there were two camps. There were the people in the "I just want something quick to get it done" group, as you suspect, and there was the "PHP was what I learned years ago, and I've never seen a reason to change" group. It's this latter group that I'm most concerned with.

          --

          --
          xoa

          • by ziggy (25) on 2005.10.20 12:18 (#44049) Journal
            ... there was the "PHP was what I learned years ago, and I've never seen a reason to change" group. It's this group that I'm most concerned with.

            Should they change because we want more people at our dinner party, or because they can get more stuff done? Every argument I've heard over the years has been on the dinner party side -- whether the targeted hacker uses Java, PHP, Python, Ruby, Tcl, or C++.

            Paraphrasing one of my favorite Twilight Zone episodes from the 1980s, the one thing that will get any programmer to switch languages is the realization that his current languages paints him in a corner with "a question I cannot answer, or a task I cannot perform."[*] Everything else is just too Turing-equivalent to be bothered with. Sure, PHP has annoying little quirks, but so do Perl and Befunge. And, if the time comes, that the PHP programmer needs to do a little Perl, he'll limp along doing the smallest amount possible until he comes across a task that's easier for him to do in PHP, at which point he switches back.

            Even a minor 5%-25% increase in productivity isn't really worth bothering with, especially when you consider that Perl is a very rich language which takes years to master all of the nuances. So if I were a PHP programmer who wanted a compelling reason to change, I'd be looking for something that allowed me to do things that are simply impossible in PHP, or make me >33% more productive.

            *: This includes the ever-present "getting a job" task.

            • So if I were a PHP programmer who wanted a compelling reason to change, I'd be looking for something that allowed me to do things that are simply impossible in PHP, or make me >33% more productive.

              Yes, I agree. That's exactly what I'm aiming for on this.

              --

              --
              xoa