[Info-vax] OT: Elephants Can't Dance

Bill Gunshannon billg999 at cs.uofs.edu
Wed Mar 25 09:45:30 EDT 2009 

In article <49c98e4f$0$90271$14726298 at news.sunsite.dk>,
	Arne Vajhøj <arne at vajhoej.dk> writes:
> Bill Gunshannon wrote:
>> In article <49c6e70f$0$90268$14726298 at news.sunsite.dk>,
>> 	Arne Vajhøj <arne at vajhoej.dk> writes:
>>> Bill Gunshannon wrote:
>>>> I deal in the Open Source world at work (due mostly to budget constraints)
>>>> and nothing annoys me more than having students and faculty come to me
>>>> with a request that we run out and grab (and install int he middle of the
>>>> semester!) the latest and greatest version of a product who's update
>>>> cycle is measured in days.  Why do the want the new one?  Does it fix a
>>>> problem they were having?  Does it offer a feature they absolutely need?
>>>> Of course not, but it's the newest version and we should be running it.
>>>> I am working on a new web server right now.  They want it to include the
>>>> latest version of PHP.  Which breaks every one of their PHP based web
>>>> pages!!
>>> Learn them to write better PHP.
>> 
>> There is no such thing as "good PHP".
> 
> If it delivers good functionality for low cost then most people would
> consider it good.

Of course they would.  Even when someone outside their organization uses it
to load and run a PHP Telnet Daemon so they can get into their machine they
will consider it good.  That's the difference between a User and an IT Pro.

> 
>>                                        It is a major security problem and
>> the antithesis of Software Engineering.
> 
> There has been relative few security bugs in PHP itself.

Excuse me???  The basic security model is there is no security.  It makes
Windows look like an NSA product.

> 
> And dynamic typed languages is rather popular in software
> engineering today.

Don't get me started on the state of "software engineering" today....

> 
>>> Newer versions of PHP is relative good compatible with
>>> older versions.
>> 
>> Real world experience would seem to contradict that.  Every time we have
>> had to move to a newer version of PHP is has broken pretty much all the
>> code the faculty use on their web pages.
> 
> That sounds very weird.
> 
> That does not reflect my experience.
> 
> Could you give examples of code that broke from a specific PHP
> version to another PHP version ?

No, cause none of it is my code.  I just have to support it.
The faculty have a system that may of them use for student
assignment submissions.  It Borke.  One faculty member (our
biggest dynamic content and PHP advocate.  He actually teaches
it!) has a totally dynamic PHP generated homepage.  It returns
nothing under the current version of PHP as installed by the
FreeBSD Ports.

> 
> PHP code should run fine unless the code relied on magic_quotes_gpc
> or register_globals being on.
> 
>>> What breaks is when code relied on features that has been declared
>>> problematic security wise for years and finally get disabled
>>> system wide by an upgrade.
>>>
>>>> What ever happened to "If it ain't broke, don't fix it!"
>>> It still exist.
>>>
>>> But there is also "There only two types of systems: those
>>> being actively developed and those declared dead".
>> 
>> I would think people in this group might disagree with that sentiment.
> 
> Possible.

bill

-- 
Bill Gunshannon          |  de-moc-ra-cy (di mok' ra see) n.  Three wolves
billg999 at cs.scranton.edu |  and a sheep voting on what's for dinner.
University of Scranton   |
Scranton, Pennsylvania   |         #include <std.disclaimer.h>

More information about the Info-vax mailing list