← Back to context

Comment by chasil

8 hours ago

I like PHP because it allows access to core system calls on any platform.

I see runtime interpreters as constraining when a system call is needed, but proscribed.

7 comments

chasil

Reply
boomskats  6 hours ago

> I like PHP because it allows access to core system calls on any platform.

Lots of people _love_ PHP precisely because of the size of its attack surface.

Do you have any examples of something you've built in PHP which benefitted from direct syscall access?

  • dilawar  6 hours ago

    I keep hearing about this. I occasionally use PHP8 and so far I'm pretty happy with it. Is there any resource that teaches about security issues with modern PHP (version 8.x)?

haykuro  8 hours ago

You don't want to use PHP (a server-sided language) to solve a client-side problem.

  • vbezhenar  4 hours ago

    I know a person who wrote Linux X Desktop Environment using PHP. Worked for them. It is general purpose programming language.

    • xpe  2 hours ago

      > [PHP] is general purpose programming language.

      To be charitable, yes — PHP has access to low-level system details like the file system, sockets, and processes.

      > I know a person who wrote Linux X Desktop Environment using PHP. Worked for them.

      However: (a) "Worked for them" is an anecdote, not evidence of comparative suitability; (b) Don't confuse possibility with empirical fitness for purpose. Virtually all decisions are relative to alternatives [1]; (c) Even PHP describes itself as only a "general purpose scripting programming language" [2].

      Note that "scripting language" itself can hide important differences. PHP 8 introduced JIT compilation [3] which helps.

      [1] In negotiation terms, your BATNA (Best Alternative to a Negotiated Agreement). When evaluating technologies, don't forget the human cost, so consider your BATSHIT: Best Alternative To Shackling Humans In Tedium (or whatever expansion you prefer).

      [2] https://www.php.net/

      [3] https://upsun.com/blog/php-just-in-time-compiler/

  • folkhack  7 hours ago

    PHP devs: "hold my beer."

    • moron4hire  17 minutes ago

      'Member when a major crypto exchange, which had original been a market place for Magic the Gathering cards (so it was not a mountain named Gox), was hacked and everyone's crypto stolen because the owner had implemented his own SSH server in PHP?