Php invented by a former DECcie ? - VMS

This is a discussion on Php invented by a former DECcie ? - VMS ; Bill Gunshannon wrote: > In article , > Arne Vajh°j writes: >> Bill Gunshannon wrote: >>> I work in a school with a graduate program in Software Engineering. >>> It's all based on the supposed model devloped by SEI. I ...

+ Reply to Thread
Page 2 of 3 FirstFirst 1 2 3 LastLast
Results 21 to 40 of 42

Thread: Php invented by a former DECcie ?

  1. Re: Php invented by a former DECcie ?

    Bill Gunshannon wrote:
    > In article <47fc244e$0$90268$14726298@news.sunsite.dk>,
    > Arne Vajh°j writes:
    >> Bill Gunshannon wrote:
    >>> I work in a school with a graduate program in Software Engineering.
    >>> It's all based on the supposed model devloped by SEI. I haven't seen
    >>> anything that even begins to approach the "Software Engineering" we
    >>> were doing 30 years ago before the term was even foisted on the IT
    >>> industry.

    >> My impression is that software engineering has advances quite a bit
    >> the last 20 years. But different universities, different students
    >> and different criteria s may explain the difference.

    >
    > What they teach as the SE methodology does not even come close to the
    > amount of "engineering" we put into projects back in my applications
    > programming days (late 70's early 80's). And we won't even go into
    > the fact that the teaching is all lip service because none of the
    > students actually apply it to their coursework and none of the
    > professors seem to care.
    >
    >>> And languages like PHP and Perl are based on a paradigm
    >>> that is the antithesis of SE. The people using them make the old
    >>> BASIC programmers look like consumate professionals!! I wonder what
    >>> Dijkstra would have said about these languages as compared to his
    >>> "love" of BASIC. :-)

    >> I am not good enough in Perl to comment on that.
    >>
    >> PHP support well structured procedural and object oriented
    >> programming.
    >>
    >> PHP does not even have a goto statement.

    >
    > Just like one can write good programs even with GOTO, the lack of one
    > does not magically make programs written in a language structured,
    > elegant or proper. "Rapid prototyping" languages by their very nature
    > and the paradigm they espouse are the antithesis of SE.
    >
    >> I doubt that Dijkstra would have anything bad to say about
    >> that.

    >
    > Based on all the things wrong with the underlying paradigm of the
    > language, the least of which is a non-existant security model, I
    > would hope you were wrong. Sadly, we will never know.
    >
    > bill
    >


    Ummm.... Just how do you build "security" into a programming language?
    Does "C" have security? Macro-32?? Fortran? PL/1? DCL?

    I've never actually used some of the newer languages like PERL, PHP, and
    doubtless others I've either not heard of or have forgotten. If I can't
    do it in DCL, Fortran, C, Macro-32, sh, or ksh I can't do it! Someday
    maybe I'll encounter a problem which none of the tools I'm accustomed to
    can handle. Then I'll learn a new tool.

    I've always thought of security being a function of the O/S which does,
    or should, control who can access files with intent to change them, who
    can execute a program, who can peek into memory that does not belong to
    him, etc, etc.

  2. Re: Php invented by a former DECcie ?

    In article <47fc2231$0$90268$14726298@news.sunsite.dk>, =?ISO-8859-1?Q?Arne_Vajh=F8j?= writes:
    >
    > Security is not a feature in programming languages. Security depends
    > on how the code is written.


    In some languages the programmer has to do extra work to prevent
    buffer overruns. In some languages the programmer has to do extra
    work to allow buffer overruns.

    How the code is written may be up to the programmer, but the above
    is a feature of the language.


  3. Re: Php invented by a former DECcie ?

    In article ,
    "Richard B. Gilbert" writes:
    > Bill Gunshannon wrote:
    >> In article <47fc244e$0$90268$14726298@news.sunsite.dk>,
    >> Arne Vajh°j writes:
    >>> Bill Gunshannon wrote:
    >>>> I work in a school with a graduate program in Software Engineering.
    >>>> It's all based on the supposed model devloped by SEI. I haven't seen
    >>>> anything that even begins to approach the "Software Engineering" we
    >>>> were doing 30 years ago before the term was even foisted on the IT
    >>>> industry.
    >>> My impression is that software engineering has advances quite a bit
    >>> the last 20 years. But different universities, different students
    >>> and different criteria s may explain the difference.

    >>
    >> What they teach as the SE methodology does not even come close to the
    >> amount of "engineering" we put into projects back in my applications
    >> programming days (late 70's early 80's). And we won't even go into
    >> the fact that the teaching is all lip service because none of the
    >> students actually apply it to their coursework and none of the
    >> professors seem to care.
    >>
    >>>> And languages like PHP and Perl are based on a paradigm
    >>>> that is the antithesis of SE. The people using them make the old
    >>>> BASIC programmers look like consumate professionals!! I wonder what
    >>>> Dijkstra would have said about these languages as compared to his
    >>>> "love" of BASIC. :-)
    >>> I am not good enough in Perl to comment on that.
    >>>
    >>> PHP support well structured procedural and object oriented
    >>> programming.
    >>>
    >>> PHP does not even have a goto statement.

    >>
    >> Just like one can write good programs even with GOTO, the lack of one
    >> does not magically make programs written in a language structured,
    >> elegant or proper. "Rapid prototyping" languages by their very nature
    >> and the paradigm they espouse are the antithesis of SE.
    >>
    >>> I doubt that Dijkstra would have anything bad to say about
    >>> that.

    >>
    >> Based on all the things wrong with the underlying paradigm of the
    >> language, the least of which is a non-existant security model, I
    >> would hope you were wrong. Sadly, we will never know.
    >>
    >> bill
    >>

    >
    > Ummm.... Just how do you build "security" into a programming language?
    > Does "C" have security? Macro-32?? Fortran? PL/1? DCL?


    Does "C" run under an interpretor that let's outsiders run random
    pieces of code (or even just available comands) on the machines
    where it's programs are installed? Does Macro32? Fortran? Get
    the picture? The people who developed PHP built this "wonderful"
    feature into their system.

    >
    > I've never actually used some of the newer languages like PERL, PHP, and
    > doubtless others I've either not heard of or have forgotten. If I can't
    > do it in DCL, Fortran, C, Macro-32, sh, or ksh I can't do it! Someday
    > maybe I'll encounter a problem which none of the tools I'm accustomed to
    > can handle. Then I'll learn a new tool.
    >
    > I've always thought of security being a function of the O/S which does,
    > or should, control who can access files with intent to change them, who
    > can execute a program, who can peek into memory that does not belong to
    > him, etc, etc.


    With the exception of ksh I see no scripting languages in your list.
    That's a good thing. I also none of the so called "rapid prototyping"
    languages. That is also a good thing. Nice to see there are still a
    few real profesional programmers left, but I fear we are a rapidly
    dying breed.

    bill

    --
    Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
    billg999@cs.scranton.edu | and a sheep voting on what's for dinner.
    University of Scranton |
    Scranton, Pennsylvania | #include

  4. Re: Php invented by a former DECcie ?

    In article <9U4cIDdua6FF@eisner.encompasserve.org>,
    koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes:
    > In article <47fc2231$0$90268$14726298@news.sunsite.dk>, =?ISO-8859-1?Q?Arne_Vajh=F8j?= writes:
    >>
    >> Security is not a feature in programming languages. Security depends
    >> on how the code is written.

    >
    > In some languages the programmer has to do extra work to prevent
    > buffer overruns. In some languages the programmer has to do extra
    > work to allow buffer overruns.


    And, if it was such a bad thing, why would they even include a way to
    do it, unless there actually are times when it is necessary. I was
    always amazed at how much the Profs here stressed things in Ada (back
    when that was the undergraduate language du jour) like strong type
    casting and array and bounds checking while using a text that devoted
    an entire chapter at the back of the book to how one got around all
    of this!!

    >
    > How the code is written may be up to the programmer, but the above
    > is a feature of the language.


    You should have stopped at the first sentence. The second just bring
    up the old adage, "It's a poor workman who blames his tools." again.

    bill


    --
    Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
    billg999@cs.scranton.edu | and a sheep voting on what's for dinner.
    University of Scranton |
    Scranton, Pennsylvania | #include

  5. Re: Php invented by a former DECcie ?

    Bill Gunshannon wrote:
    > In article ,
    > "Richard B. Gilbert" writes:
    >> Bill Gunshannon wrote:
    >>> In article <47fc244e$0$90268$14726298@news.sunsite.dk>,
    >>> Arne Vajh°j writes:
    >>>> Bill Gunshannon wrote:
    >>>>> I work in a school with a graduate program in Software Engineering.
    >>>>> It's all based on the supposed model devloped by SEI. I haven't seen
    >>>>> anything that even begins to approach the "Software Engineering" we
    >>>>> were doing 30 years ago before the term was even foisted on the IT
    >>>>> industry.
    >>>> My impression is that software engineering has advances quite a bit
    >>>> the last 20 years. But different universities, different students
    >>>> and different criteria s may explain the difference.
    >>> What they teach as the SE methodology does not even come close to the
    >>> amount of "engineering" we put into projects back in my applications
    >>> programming days (late 70's early 80's). And we won't even go into
    >>> the fact that the teaching is all lip service because none of the
    >>> students actually apply it to their coursework and none of the
    >>> professors seem to care.
    >>>
    >>>>> And languages like PHP and Perl are based on a paradigm
    >>>>> that is the antithesis of SE. The people using them make the old
    >>>>> BASIC programmers look like consumate professionals!! I wonder what
    >>>>> Dijkstra would have said about these languages as compared to his
    >>>>> "love" of BASIC. :-)
    >>>> I am not good enough in Perl to comment on that.
    >>>>
    >>>> PHP support well structured procedural and object oriented
    >>>> programming.
    >>>>
    >>>> PHP does not even have a goto statement.
    >>> Just like one can write good programs even with GOTO, the lack of one
    >>> does not magically make programs written in a language structured,
    >>> elegant or proper. "Rapid prototyping" languages by their very nature
    >>> and the paradigm they espouse are the antithesis of SE.
    >>>
    >>>> I doubt that Dijkstra would have anything bad to say about
    >>>> that.
    >>> Based on all the things wrong with the underlying paradigm of the
    >>> language, the least of which is a non-existant security model, I
    >>> would hope you were wrong. Sadly, we will never know.
    >>>
    >>> bill
    >>>

    >> Ummm.... Just how do you build "security" into a programming language?
    >> Does "C" have security? Macro-32?? Fortran? PL/1? DCL?

    >
    > Does "C" run under an interpretor that let's outsiders run random
    > pieces of code (or even just available comands) on the machines
    > where it's programs are installed? Does Macro32? Fortran? Get
    > the picture? The people who developed PHP built this "wonderful"
    > feature into their system.
    >
    >> I've never actually used some of the newer languages like PERL, PHP, and
    >> doubtless others I've either not heard of or have forgotten. If I can't
    >> do it in DCL, Fortran, C, Macro-32, sh, or ksh I can't do it! Someday
    >> maybe I'll encounter a problem which none of the tools I'm accustomed to
    >> can handle. Then I'll learn a new tool.
    >>
    >> I've always thought of security being a function of the O/S which does,
    >> or should, control who can access files with intent to change them, who
    >> can execute a program, who can peek into memory that does not belong to
    >> him, etc, etc.

    >
    > With the exception of ksh I see no scripting languages in your list.


    How did you miss DCL. Don't you think of DCL as a "scripting language".
    Unix people seem to have a little difficulty distinguishing it from
    COBOL. I've been writing DCL for twenty-four years now. It's not the
    perfect scripting language but it has gotten a lot better over the
    years. Adding the ELSE clause to the IF statement was a giant step forward.

    > That's a good thing. I also none of the so called "rapid prototyping"
    > languages. That is also a good thing. Nice to see there are still a
    > few real profesional programmers left, but I fear we are a rapidly
    > dying breed.


    Sometimes speedy development is "of the essence"! The boss needs
    something and he needs it right now! If Perl or PHP will get it done
    faster that's what you use. The error is not in using PHP, or Perl or
    some other scripting language. The error is putting the PHP, Perl, etc,
    into production and leaving it there.

    I recall such a job. On one of our clusters something was creating
    files. The existence of the files interfered with something else. I've
    forgotten the details but the above is close enough for government work!

    I was tasked with writing a script that would find and delete these
    troublesome files before they caused a problem. It took me an hour or so
    with my boss's boss hovering and asking "Isn't it done yet?" . . .
    "Isn't it done yet?". . . . DCL was all I had to work with. It's
    possible that, had I had Perl or PHP, it could have been done faster.
    I don't know because I have only a slight acquaintance with Perl and
    none at all with PHP.

    My DCL script was only fifteen or twenty lines of code but every line of
    it had to be RIGHT! It had to delete the right files and not delete
    anything else and it had to run every thirty seconds (or something like
    that).

    Initially it would simply write a message "I think I should delete
    ". I as soon as we were satisfied that it was selecting the
    proper files to be deleted, I added the actual delete statement and
    turned it loose.

  6. Re: Php invented by a former DECcie ?

    In article <664vncF2gd4t8U2@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes:
    >
    > You should have stopped at the first sentence. The second just bring
    > up the old adage, "It's a poor workman who blames his tools." again.


    It is indeed a poor workman who uses the wrong tools for the job.


  7. Re: Php invented by a former DECcie ?

    On 7 Apr, 20:39, Didier_Toulouse wrote:
    > Hello Pals,
    >
    > Long time no noise :-)
    >
    > I'm learning Php, and I find a lot of similarities (is that a genuine
    > English word ???) with DCL.
    >
    > Does anyone know if the Folk who created this language used to work
    > for DEC before?
    >
    > Just to ask.
    >
    > Bye for know, I'm studying variables substitution...
    >
    > DTL


    Rasmus Lerdorf the origional creator of PHP never worked for DEC.
    Lerdorf did briefly work for IBM he currently works for Yahoo!

    I don't think Zeev Suraski or Andi Gutmans two other PHP luminaries
    worked of DEC either they are probably too young.

    Regards
    Andrew Harrison

  8. Re: Php invented by a former DECcie ?

    Simon Clubley wrote:
    > On 2008-04-08, Arne Vajh°j wrote:
    >> Simon Clubley wrote:
    >>> AIUI, it's not so much the fact that it's a easy to use language for
    >>> beginners that's the problem, but the fact that it's a easy to use
    >>> language with security tacked on afterwards that's the problem.

    >> Security is not a feature in programming languages. Security depends
    >> on how the code is written.
    >>

    >
    > Strictly speaking, you are correct.
    >
    > However, I would argue that design decisions within the programming
    > language can help with how secure that code is by default.
    >
    > For example, looking at traditional languages, I would suggest that,
    > for programmers of equal capability, code written in Ada is more likely
    > to be secure than code written in C.


    I guess you are more talking about robustness than about security.

    A language like Ada prevents various array index out of bounds
    and wild pointers problems resulting in garbage data being
    read, data being overwritten or crashes.

    But PHP has none of those problems !

    (the dynamically typed characteristics of PHP then creates
    new types of potential programming bugs, but they are difficult
    to compare with C)

    Arne




  9. Re: Php invented by a former DECcie ?

    Bill Gunshannon wrote:
    > In article <47fca857$0$90267$14726298@news.sunsite.dk>,
    > Simon Clubley writes:
    >> For example, looking at traditional languages, I would suggest that,
    >> for programmers of equal capability, code written in Ada is more likely
    >> to be secure than code written in C.

    >
    > No argument from me. I have used both C and Ada (and more than a dozen
    > other languages over the years) and they all have their place. While I
    > always argue that there is nothing inherently wrong with the C language
    > I am also a very strong supporter of choosong the right language for
    > the job. I wouldn't write an Accounts Receivable program in C and I
    > wouldn't write an OS in COBOL. :-)
    >
    > Oh yeah, and I wouldn't write anything in PHP. :-)


    I think you would find that writing a web based discussion forum
    in PHP would be much faster to do in PHP than in C or COBOL.

    Arne

  10. Re: Php invented by a former DECcie ?

    Bob Koehler wrote:
    > In article <47fc2231$0$90268$14726298@news.sunsite.dk>, =?ISO-8859-1?Q?Arne_Vajh=F8j?= writes:
    >> Security is not a feature in programming languages. Security depends
    >> on how the code is written.

    >
    > In some languages the programmer has to do extra work to prevent
    > buffer overruns. In some languages the programmer has to do extra
    > work to allow buffer overruns.
    >
    > How the code is written may be up to the programmer, but the above
    > is a feature of the language.


    That is true.

    Even though I would tend to consider that more robustness than security.

    And the point is not very good anyway since PHP does not suffer from
    that problem.

    Arne

  11. Re: Php invented by a former DECcie ?

    Bill Gunshannon wrote:
    > In article <47fc244e$0$90268$14726298@news.sunsite.dk>,
    > Arne Vajh°j writes:
    >> Bill Gunshannon wrote:
    >>> I work in a school with a graduate program in Software Engineering.
    >>> It's all based on the supposed model devloped by SEI. I haven't seen
    >>> anything that even begins to approach the "Software Engineering" we
    >>> were doing 30 years ago before the term was even foisted on the IT
    >>> industry.

    >> My impression is that software engineering has advances quite a bit
    >> the last 20 years. But different universities, different students
    >> and different criteria s may explain the difference.

    >
    > What they teach as the SE methodology does not even come close to the
    > amount of "engineering" we put into projects back in my applications
    > programming days (late 70's early 80's). And we won't even go into
    > the fact that the teaching is all lip service because none of the
    > students actually apply it to their coursework and none of the
    > professors seem to care.


    Where I come from students have to deliver some software.

    >>> And languages like PHP and Perl are based on a paradigm
    >>> that is the antithesis of SE. The people using them make the old
    >>> BASIC programmers look like consumate professionals!! I wonder what
    >>> Dijkstra would have said about these languages as compared to his
    >>> "love" of BASIC. :-)

    >> I am not good enough in Perl to comment on that.
    >>
    >> PHP support well structured procedural and object oriented
    >> programming.
    >>
    >> PHP does not even have a goto statement.

    >
    > Just like one can write good programs even with GOTO, the lack of one
    > does not magically make programs written in a language structured,
    > elegant or proper.


    PHP has about the same control structures as all the other major
    languages invented after 1970.

    > "Rapid prototyping" languages by their very nature
    > and the paradigm they espouse are the antithesis of SE.


    Neither Perl nor PHP are prototyping languages.

    And use of prototypes can be very good software engineering-

    >> I doubt that Dijkstra would have anything bad to say about
    >> that.

    >
    > Based on all the things wrong with the underlying paradigm of the
    > language, the least of which is a non-existant security model, I
    > would hope you were wrong. Sadly, we will never know.


    PHP does not have a security model.

    Neither has Fortran, Cobol, Pascal, C or C++.

    Security model exist in languages like Java, .NET and JavaScript.

    For good reasons - a security model only makes sense in environments
    like browser.

    Arne

  12. Re: Php invented by a former DECcie ?

    Richard B. Gilbert wrote:
    > Sometimes speedy development is "of the essence"! The boss needs
    > something and he needs it right now! If Perl or PHP will get it done
    > faster that's what you use. The error is not in using PHP, or Perl or
    > some other scripting language. The error is putting the PHP, Perl, etc,
    > into production and leaving it there.
    >
    > I recall such a job. On one of our clusters something was creating
    > files. The existence of the files interfered with something else. I've
    > forgotten the details but the above is close enough for government work!
    >
    > I was tasked with writing a script that would find and delete these
    > troublesome files before they caused a problem. It took me an hour or so
    > with my boss's boss hovering and asking "Isn't it done yet?" . . .
    > "Isn't it done yet?". . . . DCL was all I had to work with. It's
    > possible that, had I had Perl or PHP, it could have been done faster.
    > I don't know because I have only a slight acquaintance with Perl and
    > none at all with PHP.
    >
    > My DCL script was only fifteen or twenty lines of code but every line of
    > it had to be RIGHT! It had to delete the right files and not delete
    > anything else and it had to run every thirty seconds (or something like
    > that).
    >
    > Initially it would simply write a message "I think I should delete
    > ". I as soon as we were satisfied that it was selecting the
    > proper files to be deleted, I added the actual delete statement and
    > turned it loose.


    DCL probably was the best language for the task.

    Arne

  13. Re: Php invented by a former DECcie ?

    Bill Gunshannon wrote:
    > Does "C" run under an interpretor that let's outsiders run random
    > pieces of code (or even just available comands) on the machines
    > where it's programs are installed? Does Macro32? Fortran? Get
    > the picture? The people who developed PHP built this "wonderful"
    > feature into their system.


    In that sense PHP is exactly like C, Macro-32 and Fortran. If the
    application gets input from the user and execute it as a command, then
    it does just that.

    >> I've never actually used some of the newer languages like PERL, PHP, and
    >> doubtless others I've either not heard of or have forgotten. If I can't
    >> do it in DCL, Fortran, C, Macro-32, sh, or ksh I can't do it! Someday
    >> maybe I'll encounter a problem which none of the tools I'm accustomed to
    >> can handle. Then I'll learn a new tool.
    >>
    >> I've always thought of security being a function of the O/S which does,
    >> or should, control who can access files with intent to change them, who
    >> can execute a program, who can peek into memory that does not belong to
    >> him, etc, etc.

    >
    > With the exception of ksh I see no scripting languages in your list.
    > That's a good thing. I also none of the so called "rapid prototyping"
    > languages. That is also a good thing. Nice to see there are still a
    > few real profesional programmers left, but I fear we are a rapidly
    > dying breed.


    Not at all.

    Languages as Java, C#, C, C++, VB.NET etc. are still very widely
    used and will likely continue to be so for decades.

    Languages as Perl, Python, PHP, Ruby etc. are gaining popularity
    though.

    Google just announced their Google Application Engine with
    Python as their first language supported.

    Arne


  14. Re: Php invented by a former DECcie ?

    Arne Vajh°j wrote:
    > Simon Clubley wrote:
    >> On 2008-04-08, Arne Vajh°j wrote:
    >>> Simon Clubley wrote:
    >>>> AIUI, it's not so much the fact that it's a easy to use language for
    >>>> beginners that's the problem, but the fact that it's a easy to use
    >>>> language with security tacked on afterwards that's the problem.
    >>> Security is not a feature in programming languages. Security depends
    >>> on how the code is written.
    >>>

    >>
    >> Strictly speaking, you are correct.
    >>
    >> However, I would argue that design decisions within the programming
    >> language can help with how secure that code is by default.
    >>
    > > For example, looking at traditional languages, I would suggest that,
    > > for programmers of equal capability, code written in Ada is more likely
    > > to be secure than code written in C.

    >
    > I guess you are more talking about robustness than about security.
    >
    > A language like Ada prevents various array index out of bounds
    > and wild pointers problems resulting in garbage data being
    > read, data being overwritten or crashes.
    >
    > But PHP has none of those problems !
    >
    > (the dynamically typed characteristics of PHP then creates
    > new types of potential programming bugs, but they are difficult
    > to compare with C)
    >
    > Arne
    >
    >
    >


    ISTR that ADA is also strongly typed. It is not easy to store an int
    into a float. It can be done but you have to first explain to the
    compiler yes, I really, really, mean that. If a function takes two
    arguments, you had better supply exactly two. And so on.

    It makes most of the most common screwups extremely difficult. You can
    still write bad code in Ada but you really have to work at it. I have
    seen exactly one shop that used it! I did a little little work for them
    fourteen or fifteen years ago; installing some software


  15. Re: Php invented by a former DECcie ?

    On Thu, 10 Apr 2008 20:33:38 -0700, Richard B. Gilbert
    wrote:

    > Arne Vajh°j wrote:
    >> Simon Clubley wrote:
    >>> On 2008-04-08, Arne Vajh°j wrote:
    >>>> Simon Clubley wrote:
    >>>>> AIUI, it's not so much the fact that it's a easy to use language for
    >>>>> beginners that's the problem, but the fact that it's a easy to use
    >>>>> language with security tacked on afterwards that's the problem.
    >>>> Security is not a feature in programming languages. Security depends
    >>>> on how the code is written.
    >>>>
    >>>
    >>> Strictly speaking, you are correct.
    >>>
    >>> However, I would argue that design decisions within the programming
    >>> language can help with how secure that code is by default.
    >>>
    >> > For example, looking at traditional languages, I would suggest that,
    >> > for programmers of equal capability, code written in Ada is more

    >> likely
    >> > to be secure than code written in C.

    >> I guess you are more talking about robustness than about security.
    >> A language like Ada prevents various array index out of bounds
    >> and wild pointers problems resulting in garbage data being
    >> read, data being overwritten or crashes.
    >> But PHP has none of those problems !
    >> (the dynamically typed characteristics of PHP then creates
    >> new types of potential programming bugs, but they are difficult
    >> to compare with C)
    >> Arne
    >>

    >
    > ISTR that ADA is also strongly typed. It is not easy to store an int
    > into a float. It can be done but you have to first explain to the
    > compiler yes, I really, really, mean that. If a function takes two
    > arguments, you had better supply exactly two. And so on.
    >
    > It makes most of the most common screwups extremely difficult. You can
    > still write bad code in Ada but you really have to work at it. I have
    > seen exactly one shop that used it! I did a little little work for them
    > fourteen or fifteen years ago; installing some software
    >

    PL/I is the same in this respect, although a bit more liberal in allowing
    aliasing and making bounds checking programmer's choice as opposed to
    making it inherent. And yes you can write bad code in any language.


    --
    PL/I for OpenVMS
    www.kednos.com

  16. Re: Php invented by a former DECcie ?

    In article <47feca98$0$90264$14726298@news.sunsite.dk>,
    Arne Vajh°j writes:
    > Bill Gunshannon wrote:
    >> Does "C" run under an interpretor that let's outsiders run random
    >> pieces of code (or even just available comands) on the machines
    >> where it's programs are installed? Does Macro32? Fortran? Get
    >> the picture? The people who developed PHP built this "wonderful"
    >> feature into their system.

    >
    > In that sense PHP is exactly like C, Macro-32 and Fortran. If the
    > application gets input from the user and execute it as a command, then
    > it does just that.


    No, it's not. If you put something as inocuous as "hello world" in PHP as
    a CGI on your website (assuming FreeBSD as the host for simplicity) I can
    use the PHP intertpretor to execute the "fetch" command to download an
    arbitrary file (I have seen many PHP and Perl telnetd programs used this
    way) to your web server into any writable directory (like /tmp) and then,
    unless you have been smart enough to make that writebale directory "no execute",
    I can run the program using the exact same "hole" in the PHP interpretor.
    It's not a bug, it's a feature!!

    >
    >>> I've never actually used some of the newer languages like PERL, PHP, and
    >>> doubtless others I've either not heard of or have forgotten. If I can't
    >>> do it in DCL, Fortran, C, Macro-32, sh, or ksh I can't do it! Someday
    >>> maybe I'll encounter a problem which none of the tools I'm accustomed to
    >>> can handle. Then I'll learn a new tool.
    >>>
    >>> I've always thought of security being a function of the O/S which does,
    >>> or should, control who can access files with intent to change them, who
    >>> can execute a program, who can peek into memory that does not belong to
    >>> him, etc, etc.

    >>
    >> With the exception of ksh I see no scripting languages in your list.
    >> That's a good thing. I also none of the so called "rapid prototyping"
    >> languages. That is also a good thing. Nice to see there are still a
    >> few real profesional programmers left, but I fear we are a rapidly
    >> dying breed.

    >
    > Not at all.
    >
    > Languages as Java, C#, C, C++, VB.NET etc. are still very widely
    > used and will likely continue to be so for decades.
    >
    > Languages as Perl, Python, PHP, Ruby etc. are gaining popularity
    > though.
    >
    > Google just announced their Google Application Engine with
    > Python as their first language supported.


    And the industry goes one more step downhill. :-(

    bill

    --
    Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
    billg999@cs.scranton.edu | and a sheep voting on what's for dinner.
    University of Scranton |
    Scranton, Pennsylvania | #include

  17. Re: Php invented by a former DECcie ?

    Bill Gunshannon wrote:
    > In article <47feca98$0$90264$14726298@news.sunsite.dk>,
    > Arne Vajh°j writes:
    >> Bill Gunshannon wrote:
    >>> Does "C" run under an interpretor that let's outsiders run random
    >>> pieces of code (or even just available comands) on the machines
    >>> where it's programs are installed? Does Macro32? Fortran? Get
    >>> the picture? The people who developed PHP built this "wonderful"
    >>> feature into their system.

    >> In that sense PHP is exactly like C, Macro-32 and Fortran. If the
    >> application gets input from the user and execute it as a command, then
    >> it does just that.

    >
    > No, it's not. If you put something as inocuous as "hello world" in PHP as
    > a CGI on your website (assuming FreeBSD as the host for simplicity) I can
    > use the PHP intertpretor to execute the "fetch" command to download an
    > arbitrary file (I have seen many PHP and Perl telnetd programs used this
    > way) to your web server into any writable directory (like /tmp) and then,
    > unless you have been smart enough to make that writebale directory "no execute",
    > I can run the program using the exact same "hole" in the PHP interpretor.
    > It's not a bug, it's a feature!!


    It is possible that, since I rarely read the forum any more, I may be
    coming to this discussion a little late. Still, I feel the need to
    rebut some claims...

    You seem to have an antipathy towards any scripting languages. You also
    seem to be confusing poorly written scripts with a poorly implemented
    language.

    I'm willing to put it to the test.

    Go to www.theberrymans.com/php/hello.php and show me what you can do.

    Mark Berryman


  18. Re: Php invented by a former DECcie ?

    Richard B. Gilbert wrote:
    > Arne Vajh°j wrote:
    >> A language like Ada prevents various array index out of bounds
    >> and wild pointers problems resulting in garbage data being
    >> read, data being overwritten or crashes.

    >
    > ISTR that ADA is also strongly typed.


    Ada is very strongly typed.

    > It is not easy to store an int
    > into a float. It can be done but you have to first explain to the
    > compiler yes, I really, really, mean that.


    Correct.

    > If a function takes two
    > arguments, you had better supply exactly two. And so on.


    Most languages support that.

    Arne

  19. Re: Php invented by a former DECcie ?

    Bill Gunshannon wrote:
    > In article <47feca98$0$90264$14726298@news.sunsite.dk>,
    > Arne Vajh°j writes:
    >> Bill Gunshannon wrote:
    >>> Does "C" run under an interpretor that let's outsiders run random
    >>> pieces of code (or even just available comands) on the machines
    >>> where it's programs are installed? Does Macro32? Fortran? Get
    >>> the picture? The people who developed PHP built this "wonderful"
    >>> feature into their system.

    >> In that sense PHP is exactly like C, Macro-32 and Fortran. If the
    >> application gets input from the user and execute it as a command, then
    >> it does just that.

    >
    > No, it's not. If you put something as inocuous as "hello world" in PHP as
    > a CGI on your website (assuming FreeBSD as the host for simplicity) I can
    > use the PHP intertpretor to execute the "fetch" command to download an
    > arbitrary file (I have seen many PHP and Perl telnetd programs used this
    > way) to your web server into any writable directory (like /tmp) and then,
    > unless you have been smart enough to make that writebale directory "no execute",
    > I can run the program using the exact same "hole" in the PHP interpretor.
    > It's not a bug, it's a feature!!


    Any evidence of that ?

    You tried around Christmas in:

    http://groups.google.com/group/comp....72cb4452e5cf9a

    but I did not find HTTP requests for GIF file a particular
    good indication of a problem with PHP:

    http://groups.google.com/group/comp....bc66c009886e12

    Arne

  20. Re: Php invented by a former DECcie ?

    Arne Vajh°j wrote:
    > Richard B. Gilbert wrote:
    >> Arne Vajh°j wrote:
    >>> A language like Ada prevents various array index out of bounds
    >>> and wild pointers problems resulting in garbage data being
    >>> read, data being overwritten or crashes.

    >>
    >> ISTR that ADA is also strongly typed.

    >
    > Ada is very strongly typed.
    >
    >> It is not easy to store an int
    >> into a float. It can be done but you have to first explain to the
    >> compiler yes, I really, really, mean that.

    >
    > Correct.
    >
    >> If a function takes two
    >> arguments, you had better supply exactly two. And so on.

    >
    > Most languages support that.
    >
    > Arne


    Support? Maybe! Enforce? No!

    The last time I looked, DEC/Compaq/HP had not provided C function
    declarations for the LIBR$ routines. I had to roll my own! If anyone
    wants them I may be able to find a copy. . . .

    C people might think of it as "creative freedom". I think it's an
    invitation to trouble someday.


+ Reply to Thread
Page 2 of 3 FirstFirst 1 2 3 LastLast