[Info-vax] OS implementation languages

[Arne Vajhøj]

On 9/8/2023 10:03 AM, Dan Cross wrote:
> In article <km0l0iF8emlU3 at mid.individual.net>,
> bill  <bill.gunshannon at gmail.com> wrote:
>> On 9/7/2023 9:18 AM, Dave Froble wrote:
>>> [snip]
>>> My moment of enlightenment was the day I was told I wasn't a "real
>>> programmer" since I didn't know or use PHP.  Guy didn't even know what
>>> assembly language was.  It's actually a bit scary.
>>>
>>
>> I'm a real programmer.  I know PHP and that's why I don't use it.
> 
> This seems apropos:
> https://eev.ee/blog/2012/04/09/php-a-fractal-of-bad-design/

I think this is a typical example of internet whining.

He doesn't like PHP and have a very long list of "issues".

But it is a very mixed bag of:
- misunderstandings
- so what
- real issues

A few examples.

"Namespaces use \."

Yes. A period is what other languages use. But so what. You use what
the language prescribe.

"The new array syntax results in [key => value], unique among every
language with hash literals."

Scala use:

Map(1 -> "A", 2 -> "BB", 3 -> "CCC")

C# use:

new Dictionary<int, string> { [1] = "A", [2] = "BB", [3] = "CCC" };

Each language is slightly different, but same concept.

"There is no threading support whatsoever. (Not surprising, given the 
above.) Combined with the lack of built-in fork (mentioned below), this 
makes parallel programming extremely difficult."

PHP is designed to be run by a web-server and the web-server
will do the thread start or fork.

It is generally considered a big no no to have web application
code start threads (or fork).

"In PHP, these functions return false. If you use FALSE as an index, or 
do much of anything with it except compare with ===, PHP will silently 
convert it to 0 for you. Your program will not blow up; it will, 
instead, do the wrong thing with no warning,"

I don't like that either.

But PHP was designed like that a few decades ago and too late to change.

"There is no way to declare a variable. Variables that don’t exist are 
created with a null value when first used."

And gives a warning. So if someone configure the script to die at
warning, then it dies when it happens.

Should it have been an error? I think so.

"There’s no such thing as a nested or locally-scoped function or class. 
They’re only global."

It is not that unusual for languages to not to allow functions inside 
functions.

And even though many of the well-known OO languages support nested
classes, then some of them come with complications that does not
fit well with PHP philosophy.

"Appending to an array is done with $foo[] = $bar."

Other languages use:

a.append(b)

or

a.push(b)

But does it really matter much if is brackets or append or push or 
something fourth?

"echo is a statement-y kind of thing, not a function."

Yes. It is like Python 2.x print. And?

"E_STRICT is a thing, but it doesn’t seem to actually prevent much and 
there’s no documentation on what it actually does."

It is documented:

https://www.php.net/manual/en/errorfunc.constants.php

"PHP errors and PHP exceptions are completely different beasts. They 
don’t seem to interact at all."

The errors are typical stuff that would have been caught during
compilation if it had been a compiled language while exceptions
are runtime conditions.

I am not so convinced that they should be treated identical.

"Closures require explicitly naming every variable to be closed-over. 
Why can’t the interpreter figure this out? Kind of hamstrings the whole 
feature."

It is unusual, but it actually provides safer and more readable
code, so ...

"“Variadic” functions require faffing about with func_num_args, 
func_get_arg, and func_get_args. There’s no syntax for such a thing".

It is messy.

But PHP is not the only language where that stuff is messy.

"Built-in types are not objects"

True. But lot of OO languages got that problem.

"PHP has first-class support for “abstract classes”, which are classes 
that cannot be instantiated. Code in similar languages achieves this by 
throwing an exception in the constructor."

So PHP chose their OO to be more Java'ish/C#'ish. It is a choice.

"Subclasses cannot override private methods. Subclass overrides of 
public methods can’t even see, let alone call, the superclass’s private 
methods. Problematic for, say, test mocks."

WTF

That is how private works. If the subclass need access to the methods
they need to be declared protected.

"Methods cannot be named e.g. “list”, because list() is special syntax 
(not a function) and the parser gets confused."

Every language has some reserved words. It seems like list is reserved
in PHP.

"Chunks of the library are wildly inconsistent from one another."

Yes. It is a mess.

PHP is very much bazaar.

https://en.wikipedia.org/wiki/The_Cathedral_and_the_Bazaar

"Way too many XML packages."

Actually not that different from other large technologies like
Java and .NET. Different needs leads to different solutions.

"Warts like mysql_real_escape_string, even though it has the same 
arguments as the broken mysql_escape_string, just because it’s part of 
the MySQL C API."

mysql_real_escape_string has 2 arguments - mysql_escape_string only got
1 argument.

"strtok is apparently designed after the equivalent C function, which is 
already a bad idea for various reasons."

The bazaar strikes again. Someone liked C strtok and added it
to PHP. Noone vetoed it.

I don't like strtok either. But if you go bazaar then you go bazaar.

"No Unicode support. Only ASCII will work reliably,"

Single byte charsets work fine - not just 7 bit ASCII.

But this is a known problem.

PHP 6.x was supposed to add unicode support. And PHP 6.x was
never released. Hard problem to add unicode support in a
backwards compatible manner.

"Negative indexing doesn’t work,"

That is not unusual.

:-)

"A single shared file, php.ini, controls massive parts of PHP’s 
functionality and introduces complex rules regarding what overrides what 
and when."

A lot of servers has a single config file for everything running on the 
server.

"PHP basically runs as CGI."

No. PHP rarely runs as CGI. Apache module or FastCGI.

"Blank lines before or after the <?php ... ?> tags, even in libraries, 
count as literal text"

Of course. That is how template systems that is based on mixing literal
text and code inside markup works.

"PHP is naturally tied to Apache."

No. Apache is probably the most widely PHP server. But nginx and IIS
are also used for PHP. And in the VMS world then both OSU and WASD
can run PHP.

"No CSRF protection. You get to do it yourself."

That comes with the MVC framework used on top of PHP not
with PHP.

"Making this worse is the common cry for “sanitizing your inputs”. 
That’s completely wrong; you can’t wave a magic wand to make a chunk of 
data inherently “clean”. What you need to do is speak the language: use 
placeholders with SQL, use argument lists when spawning processes, etc."

Sanitizing input is something that all good web frameworks do.

"The original built-in MySQL bindings, still widely-used, have no way to 
create prepared statements."

The mysql extension was superseded by mysqli in 5.0 (19 years ago) and 
removed in 7.0 (8 years ago).

And it was not really a PHP issue. It was a C issue.

The original MySQL C API did not support prepared statement
(parameters).

So obviously the PHP wrapper around it did not either.

When MySQL added support for prepared statement
(parameters) in C then PHP added as well.

"register_globals. It’s been off by default for a while by now,"

21 years is indeed "a while".

Arne