Anyone who has had to work on a single system for many years may be interested (even entertained) by this talk.
One thing I appreciated about the video was how one of the biggest complaints against PHP isn't quite accurate: Inconsistencies of needle/haystack parameter order in functions. (there is a consistency there, but I didn't know it)
And the fact that PHP was developed over time and in dramatically different eras of the internet that heavily influenced it's features. He admits where mistakes were made, but also where people misunderstood the source/reasoning behind some of the decisions in PHP. (though he seems to sidestep some of them completely)
Magic quotes, globals, register globals, etc... he has really good reasons for why and how these things came about. I found this talk fascinating, especially since I build a system that has morphed over time as well.
Sorry I haven't watched the video (don't have headphones) but I can understand why php changes the order or function params sometimes like array_filter wants the array first and callback second and array_map wants it in reverse.
But if you think about it array_filter expects an array first and function second because the callback is optional and it compares to false if left out. OTOH with array_map there is only one function callback and there can be N number of arrays so the function needs to be the first and the arrays second.
It makes perfect sense to me but for a lot of people it may look like inconsistencies.
It's not an either/or. Those signatures are inconsistent and there's a reason they were made that way. It could be done another way. (detecting the type of parameters or having a different name for the callback version)
Not necessarily. Unless someone is intentionally trying to be confusing, the parameter order will be consistent for a specific instantiation.
I mean that if it's array,function at line X this time, it will be next time - again, unless you are trying to intentionally break this rule through a coding acrobatics exercise.
Since it's now known (with relative confidence), it can be optimized.
If someone truly is doing wacky things then we are left exactly where we were beforehand, with a broken system. Most of the time, however, it'd be better
> One thing I appreciated about the video was how one of the biggest complaints against PHP isn't quite accurate: Inconsistencies of needle/haystack parameter order in functions. (there is a consistency there, but I didn't know it)
A lot of these things came about because they allowed people to bypass harder aspects of programming for the web. This was great for ease of entry but introduced tons of problems.
I think it's a little unfair to not refer to his responses to these allegations in the video.
He never intended PHP to last longer than 6 months. He kept waiting for someone to make something better so he could shut it down... it just didn't happen. Also, he admits he's not a great programmer.
As a counter point doesn't every language "introduce problems" of some kind?
The video was interesting and he comes across as a very reasonable and pragmatic guy who had good reasons for designing it the way he did. But those reasons and that design resulted in a not very excellent language - as the parent post (and Rasmus himself!) said. Convenient but problematic, intended to be replaced by something better.
That said, the improvements in version 7 look impressive. I still prefer a language that's not quite as ugly though.
Again, I don't think this is his fault in this regard. I also think he's humble about his capabilities and I'm sure this long project matured his chops across the board.
But a lot of the choices were short sighted, and a devotion to backwards compatibility has limited the ability to clean up.
PHP is now a super fast, relatively mature web programming language that carries a lot of its baggage.
I'd really recommend you watch the video to understand how long term development of a hugely popular system isn't as easy as it may seem. Especially if the environment is as dynamic as the internet.
He addresses your issues about "short sighted" choices and backwards compatibility.
I had watched it and comments like yours are generally frowned upon here.
> Please don't comment on whether someone read an article. "Did you even read the article? It mentions that" can be shortened to "The article mentions that."
Sorry, I forgot about that rule. I really wasn't being critical of you not watching it. (There is no tone in writing to convey that extra meaning.)
I was trying to suggest it as a helpful way to understand Rasmus' perspective and a very complex history of development that has real logic to the choices he made that so many people have been critical of over the years. And that I think if someone heard him out would realize they would likely have made the same choices he did if they were in the same situation.
I just felt there wasn't a need for me to quote the video, but I suppose that was a little lazy of me.
I was a maturing young programmer back then. The leading alternative was Perl, which was still pretty lively but had a lot of the same complaints at the time that it does now (readability). Perl's what I was primarily using; it took me a bit to adopt PHP, but once I did, I never looked back.
Some folks were also compiling C and gluing it together with a CGI module, and a lot of others in the Microsoft world were using Frontpage and its brethren. But, the Microsoft stack only ran on Windows servers, and Windows web servers had a reputation (deserved, imo) for kinda sucking.
PHP's killer feature was mod_php. It was dead simple to integrate into any shared hosting environment, and so pretty much every shared host did. mod_php magically knew how to spit out html when reading html, and execute php when encountering php tags, so that gave us the html-mixed-with-php pattern that was wonderful at the time but considered bad practice now.
But also scope has changed a lot. At the time, people were mostly looking for hit counters, contact forms, and "guestbook" forms. For all those things, PHP excelled, so it gobbled up the market fast.
Remember Matt's Script Archive? That was all Perl and covered a lot of the hit counter, contact/guestbook and forum software pre-PHP.
My first website back in `96 also had some compiled C via cgi. No database. I've said this before but using compiled Go with the web brought back memories of those good old days.
I spent about 4 years doing classic ASP before .Net arrived and had a hand in building a lot of big sites some of which still exist (and still use ASP): Most corporate jobs seemed to use the Microsoft stack then (or Java), where PHP was the what you did on the side because it didn't require server licensing.
It's often overlooked that many of the cheap hosting companies who provided the environment for PHP's phenomenal growth only offered PHP as a CGI. You often had to pay a lot more if you wanted mod_php because it was harder to secure and required more resources. PHP/CGI was the way to max out the number of users on a server even it was slower.
The big alternatives were: Perl if you had the technical chops and a host who'd basically let you have root access to the hosting machine (C/C++ worked this way too through CGI), ColdFusion which isn't really an alternative, ASP using VBScript which was wordy, complicated, slow, and gave almost no help to the developer (Provider error '80004005': Unspecified error) when a bug appeared unless it was during object initialization.
Once you could get Apache with mod_php set up, PHP felt like something you could use to actually get stuff done.
Yup, those were the two web "stacks" I had tried before PHP - around 1999 or so. At the time PHP did feel amazing compared to Classic ASP in VBScript (shudder), and I never really felt comfortable with Perl.
There were other things like Zope and Roxen/Pike around back then, but I never used them. Ah and OpenACS/AOLServer which was TCL from memory.
ColdFusion was terribly expensive, like all the other stuff like WebObjects or Netscape. The Microsoft stuff was expensive AND insecure. CGI (i.e. Perl) was cheap but annoying to learn, setup, and maintain. Java was sluggish and unusable in shared-host environments (i.e. expensive, again).
PHP hit an optimum equilibrium between usability, features, and price. This only changed when virtualization changed the hosting game. Arguably PHP is still very close in terms of usability - deployment is fundamentally trivial - it's just lagging elsewhere.
Perl was the most comparable but CGI was limiting and I don't recall a lot of strong, simple frameworks. Also, it was Perl.
I was primarily a Perl programmer at the time, responsible for writing CGI apps that were slow and unreadable to anyone I worked with who didn't know Perl.
I think vbasic was around but that required IIS and was an unmitigated disaster in every way. I sadly had to work in that a lot too.
I never messed with coldfusion but it seemed to get the job done for people who did.
Most Perl web development was done with Lincoln Stein's CGI.pm in the late 90s. HTML::Mason was Perl's answer to PHP but it relied on mod_perl which most hosting companies were not prepared to let you have on the cheap. You could do CGI.pm procedural style or OO style with $obj->method() calls similar to PHP. "MySQL and Perl for the Web" by Dubois was a pretty good web primer at the time based on CGI.pm. This and "Programming Perl" got me started after I became intrigued by regular expressions which led to a deep interest in Perl. It's easy to forget that Perl was VERY cool back in the early 2000s. Reading "Programming Perl" for me was like reading great literature. Larry Wall the linguist really comes through strongly in the book.
This is tangential but this channel frustrates me to no end. They shamelessly rip other people's content, stripping their videos of author information, conference information etc, AND add their own title card so that it appears like they are the publishers of the video. Why is this acceptable!
Anyway, here is the original source [1], that this time was NOT in their video description.
This is a very old problem on YT, there are many, many content thiefs. It would be very nice to have a good toolset available that helps with finding these videos, however it does not help if YT team does nothing.
Of course for every content producer more viewers is a good thing, but the platform should redirect all profits to the original authors.
The same goes for SSWolf or whatever on YouTube as well, just giving a banal commentary on the weeks top posts/gifs/videos on reddit without permission or attribution. I think content like that can come under the radar for repetitive clause.
This. It frustrates me to no end. I've read somewhere that they explicitly ask for permission to put videos on their channel but I still cannot get over how they edit the video and try to make it look as if it was their own.
I've been coding for 30 years and I've always considered programming just a means to an end. It's the tool you use to create that vision you have.
I was so happy to see that Rasmus feels exactly the same way. In the video he states that PHP alpha was created as a way to make his life easier to build dynamic websites rather than coding in C CGI.
I started out coding C in CGI and then moved to PERL. When I saw the PHP mail() function I was hooked. It enabled me to send an email with one line of code vs the 30+ it took in C or PERL.
Rasmus states himself, that he expected someone else to create a better competitor to PHP, and in his mind he was only going to use it for another 6 months until that new awesome project was released.
I felt exactly the same way!
But they kept updating PHP just as I was starting to think about new tools. Then Laravel came along and they also improved core performance of PHP.
So, now, PHP and Laravel are an absolutely beautiful (and comfortable) tool to work with and the performance is awesome.
Additionally, Laravel and PHP updates keep flowing freely and I can see no end in site of innovation from the amazing people behind these projects.
Great to see this. Well said Justin. Love Laravel and it’s ecosystem. Also: almost 20 years ago I played session guitar for you. Great days! Hope you’re well. PG
Hey I remember you! Great to hear from you again. Awesome that you are into Laravel. Feel free to ping me on jv at vip dot ie let's chat and catch up :)
There is literally a slide titled: `What was we thinking` where Rasmus goes through the most controversial decisions he made while doing PHP.
I recommend this talk for anyone, specially because most of us, if we are lucky, will have to deal with a 25 year system at some time during our career.
"Arguing about the color of the hammer used to build that thing is just moronic. And all these flames about technologies and stuff... We can't lose track of what we are doing here; why we are programming. We are programming to solve a problem." --Rasmus (video 1:07:09)
Wish people would start treating their dev tools as tools rather than objects of worship. The web today feels less robust than those simple tools of the past.
I don't know what's your problem. I built PHP pages 10-15 years ago and without a single modification of the code, they are still rock-solid today on a modern LAMP stack. I wish people would learn to use the tools at their disposal properly.
I vouched for your flagged-to-death comment, on the basis that you should edit your comment & remove the first sentence. Without that, what you said is fine. No need to project at the parent.
Really interesting talk and for the first time ever, I gotta say I really loved the youtube comments. On the first page (at least) there isn't a single negative comment.
I have the a lot of respect for Rasmus and I love the PHP community as it was my first language. I love how PHP and the community around is so practical.
And I still think PHP is the easiest language to deploy of all the languages I have tried.
I found it interesting but didn't quite grasp the explanation.
If mod_perl was too powerful and had access to too many of Apache's internals, why not just create a lighter version or make it configurable?
> If mod_perl was too powerful and had access to too many of Apache's internals, why not just create a lighter version or make it configurable?
The perl people didn't want to? My recollection of mod_perl was that you really needed to have everything about the server configured around the perl system, and it was quite a pain to get configured and working properly. My sysadmin skills weren't all that great 20+ years ago, but I did get it eventually working, but anything you wrote would only be able to be run on another mod_perl system, which were relatively uncommon (compared to the shared perl/cgi setups).
PHP was really more powerful and easier to read for many common scenarios compared to perl in those early days.
And while there were some scenarios where mod_perl was indeed more powerful... my experience was 1) those scenarios were relatively rare and 2) the community of people who had that experience was small, and never grew much (even when perl usage was on an uptake).
The problem with mod_perl for hosting companies was that it was much harder to protect global variables from being visible from other accounts on the same machine. It also consumed a lot more memory than mod_php from what I remember so it never became a part of the shared hosting scene which enabled PHP to flourish. Mod_perl was also a lot more complicated than CGI Perl which is why Perl remained only a CGI option on cheap hosts. Some very big sites ran on mod_perl but they were running on dedicated hosts, not shared.
He mentions how mod_php allowed web hosts to support thousands of users on a single server, but doesn't that run all the different users' scripts under the same Unix user account, letting everyone mess with each other's stuff?
A single server has many Unix accounts! That’s how all servers worked before the cloud and VMs and containers.
The isolation isn’t perfect, but it’s good enough for good sys admins to manage.
File system permissions work, etc. It's much simpler than the cloud.
For a historical perspective, MS-DOS was a single user OS, while Unix was always multi-user. Windows NT / 2000 / XP was more like Unix since networking (LAN and Internet) became more important.
I still run my blog on shared hosting [1] and it works great. (Several of my posts have been on the HN front page and it always handles the load fine. Including one at the #1 or #2 spot.)
I'm aware, but maybe I didn't phrase my question well. CGI scripts, including PHP when run in that mode, fork a new process as the appropriate user - as you say.
But mod_php runs in the Apache process instead, for better performance. What I'm not sure about is whether it changes the user somehow when handling the request or just runs everything as the Apache user. I believe it's the latter since I've seen various modules that claim to address the problem.
Everything was/is run as the apache user. PHP tried to make it secure by restricting the folders a script was allowed to access but over the years so many ways to break had been found that a fastcgi process per user showed its the best solution.
I think the system was called basedir restriction.
He did mention in the talk that mod_perl was infeasible for this use case because it gave the user too much control. One user could override the Apache base_dir and redirect another user's traffic to his pages!!!
He said that as a result, hosting providers in the 90's would charge 100x the price for mod_perl hosting on a dedicated bare metal box, vs mod_php which could be shared. Didn't know that.
So I guess the answer is that mod_php has to be careful and not expose too many Apache hooks to the user.
The PHP interpreter does seem to have some unique qualities that make it good for embedding, compared with Perl, Python, Ruby.
Not really, you were able to run everything inside a virtual host under a specific user+group. That was key for cPanel which is what you would usually get when purchasing a shared hosting account in the 2000s until "the cloud" became a thing. https://cpanel.net
From hazy memory there were two ways of configuring apache/mod_php.
1) The web server ran with a common account (eg www-data), and only had read access to users files.
2) The web server could be configured to run each site in the context of the file owners.
The advantages of 1) were that your website didn't have write access to your files. The advantages of 2) were that other peoples websites didn't have read access to your files, but your own site could overwrite them.
I only felt "safe"(ish) on a dedicated server, using option 1).
This means that everyone can read each other's configuration files, though, and thus connect to each other's databases, doesn't it? (Edit: Ah, that's why you had a dedicated server.)
Mess with each other's stuff in what regard? Sites could be sandboxed but yes everything was running under some web server user account, and it was a single machine so you could ddos anyone.
I don't like the language but the execution model is unbeatable. Not having to worry the whole server goes down if your code breaks or runs for too long, is nice. I'd like to know if there is some way to run JS code just like that.
There is. It's called CGI and works with any language and many web servers. It was around before PHP and still works fine if your program is small and starts quickly.
One thing I appreciated about the video was how one of the biggest complaints against PHP isn't quite accurate: Inconsistencies of needle/haystack parameter order in functions. (there is a consistency there, but I didn't know it)
And the fact that PHP was developed over time and in dramatically different eras of the internet that heavily influenced it's features. He admits where mistakes were made, but also where people misunderstood the source/reasoning behind some of the decisions in PHP. (though he seems to sidestep some of them completely)
Magic quotes, globals, register globals, etc... he has really good reasons for why and how these things came about. I found this talk fascinating, especially since I build a system that has morphed over time as well.