
Creator of PHP talks to Digg about performance and security - ecaron
http://about.digg.com/blog/rasmus-lerdorf-php-performance
======
jolan
I really like his rant that starts at the ~62 minute mark and ends with this:

"PHP is just a damn tool. It's just a hammer; it's boring. It's not that
interesting. I'm not that interested in it. But I need a working tool to solve
problems. I'm really, really interested in problems. The tool itself; if it
works great. If it's broken I fix it. But I don't spend my entire life fixing
it. PHP is damn ugly. It'll always be ugly because we're not going to spend
the time to sit and make it pretty. We're spending our time building actual
solutions and fixing problems. And the tool works. You can build really,
really fast things with PHP. And yes, it's not pretty. If you're a CS major or
if all sort of for the purity of coding; PHP is not for you. But then you're
not probably not interested in building things for end users."

~~~
cheald
I'm not much a fan of that sentiment. It's the same sentiment espoused by
people who don't have time to design software properly, or test it, or do
exception handling. The tool is an important part of solving problems, but
having an elegant tool helps keep the tool itself from becoming a problem.
There seems to be subtext in that rant which says "prettier languages are
inferior because they're written by academic snobs who don't have any
experience actually writing real software", which is just patently false.

~~~
mdg
You are missing the point. The end user does not need to know, and more
importantly, doesnt even care what language you use. Just solve their problem.

~~~
kingkilr
I may not care, but I end up knowing every time I see one of those PHP/MySQL
error traces in a website. Apparently one of their problems isn't proper
exception handling.

~~~
mdg
So writing my app in <your preferred language> automatically ensures my
database will be up and all exceptions are handled correctly?

~~~
kingkilr
No, it does, however, ensure that my errors don't randomly get dumped on the
page, and that instead an exception is raised and a proper 500 page can be
returned.

------
thomasfl
After 3 minuts Rasmus says this:

"I never taken any classes in computer science. I should have taken classes in
computer science".

So it was never designed to be a state of the art language. Just a tool to get
things done. From 1997 to 2001 I really enjoyed solving problems in PHP. But
things have changed. I have learned more and now certainly prefer using Ruby.

------
davidw
Rasmus is a former colleague at Linuxcare, and as far as I'm concerned, is a
really cool guy, and very worth talking with. His story is pretty interesting,
too. That said, I've encountered too much ugly PHP code to really want much to
do with the language these days.

------
baddox
Regarding his anecdote of the company porting a client's application from PHP
to Rails: Maybe the fact that completely _rewriting_ an application in Rails
is preferable to maintaining their PHP application is telling.

~~~
pornel
Rewriting is always more fun than maintenance.

------
nphase
I'd be willing to bet the Digg engineers were bored by this talk. Most of this
isn't new and is already PHP best practice (minus the HipHop stuff, I
suppose).

~~~
smokinn
I saw him give the talk at the Confoo conference (formerly PHP Quebec that got
renamed when Ruby + Python tracks were added) and I was bored as well.

You can pretty much boil his talk down to use a profiler and make sure you run
as little lines of code as possible. (AKA: Extra indirection always adds extra
cost which is why generic web dev frameworks are always slow)

The HipHop part of his talk isn't really useful because _extremely_ few sites
are resource constrained enough at the web server level for it to make sense
to complicate your deployments that massively.

~~~
jolan
He made a good point about using HipHop for static analysis though. The weird
code he found in WordPress via HipHop was a bit disconcerting considering how
many copies of it are running.

The performance stuff was pretty boring. 30 minutes of talking to go from 9 to
34 reqs/s. My VPS provider can increase my resources by an order of magnitude
in 1 minute.

~~~
code_duck
You don't need to analyze WordPress via HipHop to determine that it is truly
dangerous total crap written by morons, and given that, it's been apparent for
a long time that it is disturbing how many copies of it are running.

If you take a look at any community of designers who consider themselves
'developers', its scary - most of them build on WordPress as a platform.
Clearly this is somewhat like putting up a tent on the Deepwater Horizon
drilling platform. I can't believe how terrible the innards of wordpress are.
That said, the outtards work pretty well, somehow.

------
Lorin
Felt like I was watching an old school cracktro with the rainbow effect going
on there (a DLP projector issue?).

Most of Rasmus's talk is the same as it was for years in regards to
optimization. If you've seen one of his older presentations take a look at the
slides directly (<http://talks.php.net/show/digg/1>) rather than watching the
video.

------
ck2
I look forward to one day having real php compilers instead of just opcode
caches.

If I am not mistaken there are a couple of projects already working on that.

~~~
ahupp
Check out <http://wiki.github.com/facebook/hiphop-php/>

~~~
ck2
For some reason I didn't consider HipHop as a native compiler since it's
really converting into another language to get outside of PHP entirely.

Also, it's supposedly REALLY difficult to build.

I was thinking more like PHC but more evolved.

~~~
pbiggar
I think it's fair to call HipHop a native compiler, since it can generate
native executables. phc generates C code, which is admittedly lower-lever, but
it's roughly the same idea.

I'm interested in how you'd like phc to be more evolved. I've had lots of
ideas (I'm the author) but I'm curious what others would like. Thanks!

------
cosmok
Wow! I saw some actual code/command that I could use at work. Like PHP itself,
his talk was very practical. Thanks for the link!

------
chrischen
I see php as a lightweight web framework. And it works well for that. I
wouldn't use it for general purpose scripting though.

------
c00p3r
_Creator of PHP talks about security_ it is already funny.. ^_^

~~~
mdg
He drops knowledge quite frequently on the subject.

~~~
c00p3r
People who are really concerned about security starts from a clear design with
security in mind.

PHP lacks any kind of design, it was just an rapidly evolved toolchan. ^_^

~~~
noodle
i guess that means that assembly, C, etc are all terrible languages because
they don't have a clear design with system security in mind.

~~~
kingkilr
From a security perspective, kind of... it's not like for a decade or so every
other security hole was a buffer overrun (or underrun, as the case may be) or
others of that ilk. That's not to say they don't serve a purpose, but it's
pretty easy to see that higher level languages have eliminated an entire class
of security concerns in our code (at obvious costs).

~~~
noodle
> (at obvious costs)

i suppose thats my point. languages are just tools. some languages are
hammers, where you can accidentally hit your thumb. some languages are like an
automatic electric hammer where its all safe, but its heavy and you have to
keep it plugged into the wall.

