Hacker News new | past | comments | ask | show | jobs | submit login

I'm not convinced that security is actually that much higher. I agree with your examples, but the complexity of most environments now is such that you almost have to know what you're doing in order to attempt to stay secure.

How often do people leak things via S3 because they couldn't set the permissions properly? Same thing as you mention, except it's yet another layer that has to be maintained.

I went from Perl to PHP, and my productivity definitely improved, and the speed of execution also improved significantly. mod_perl was available, but I was pretty well switched to PHP by the time I really looked into that.




> How often do people leak things via S3 because they couldn't set the permissions properly? Same thing as you mention, except it's yet another layer that has to be maintained.

I think the fact that it's another layer and not essential for anything is a pretty good reason why it's not necessarily the same.

What I'm talking about is the default or minimal install complexity and how that affected what was to come. I'm not sure anyone considers S3 a default or minimal config for a website or code execution on the web.

I do agree it's much easier to add complexity these days though, and there are plenty of resources that probably encourage it.

> mod_perl was available, but I was pretty well switched to PHP by the time I really looked into that.

You didn't miss much. While mod_perl was first released within a year or two of the first version of PHP, it works in a fundamentally different way, as wasn't really suitable for shared hosting, so it was never going to have the same popularity. mod_perl keeps a perl interpreter persistent per Apache thread, but it doesn't (can't) really completely separate one request from the next, and given's the prevalence of globals that Perl lets you tweak that affect how many built-ins function (and the ability to redefine portions of the symbol table), it wasn't really suitable for shared environments, just for applications which were mostly the sole purpose of the webserver.

In fact, the way it works is sort of to just take any file set to be handled by it, and eval the content of it in a sub (to deal with some scoping issues), and display the output. As you might imagine, this required special care to not accidentally create closures and pollute subsequent request handling with data in variables from prior requests.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: