PHP.net Compromised 189
An anonymous reader writes "The open source PHP project site was compromised earlier today. The site appears to have been compromised and had some of its Javascript altered to exploit vulnerable systems visiting the website. Google's stop-badware system caught this as well and flagged php.net as distributing malware, warning users whose browsers support it not to visit the site. The comment by a Google employee over at the hacker news thread (official Google webmaster forum thread) seems to suggest that php.net wasn't incorrectly flagged."
Re: It was already a dangerous site to visit ... (Score:4, Interesting)
It makes sense. The implode function can readily detect the difference between a string and an array through simple type introspection, but the explode function cannot do the same with two strings. Indeed, I would argue that for any function, if the parameters must be of a specific type that can be readily distinguished from the type of other parameters, there's no reason for the parameter order to matter.
Then again, I would argue that the entire notion of programming languages in which the order of arguments is significant is arcane and archaic. IMO, an ideal programming language should require that each parameter be explicitly tagged so that the parameter order never matters, or at a minimum that the order is never implied merely by position. Perl can sort of do this with a hash, Python et al sort of do this with named parameters, etc.
Such a design pattern makes it relatively simple to add additional optional parameters, because the order ceases to matter. It means that you can insert those new parameters in an order that makes logical sense, rather than having to add them at the end of the parameter list with an explicit check to see if the parameter list is empty before shifting off the next item so that you don't break backwards compatibility with existing clients. And so on.
Unfortunately, most programming languages still force you to choose between strict compile-time type checking and mandatory tagging. If you take parameters in a varargs stype, you can force mandatory tagging, but you lose any compile-time checks. If you take parameters individually in the function, somebody can still pass parameters positionally, at which point you lose the readability advantages of being able to reorder the parameter names as you add new parameters.
I get the impression that Python 3 allows you to force explicit tagging by adding "*" as the first parameter. It would be great to see similar functionality in all other programming languages; it just makes a lot more sense than trying to extract meaning out of order.
Re:It was already a dangerous site to visit ... (Score:5, Interesting)
It's not that hard to be careful - just avoid the com.sun.* and sun.* namespaces. Eclipse even filters those out (of autocomplete and Organize Imports) in the default configuration.
Re:It was already a dangerous site to visit ... (Score:4, Interesting)
I was on the internet, er, before it was the internet. -_- That doesn't mean anything as far as statements made about today.
Agreed. But you came screaming out of the gates with a hard core ad-hominem attack (Troll!) in response to what amounts to little more than a joke. Touchy much?
That said, I was on the internet-before-it-was-the-internet back in 1980. Just out of curiosity, what's your magic date?
I've spent considerable time since regretting my early advocacy and plenty of time fixing PHP driven sites or migrating away from PHP to better platforms. Plenty of other people over the years have explained why PHP is a 'fractal of bad design', so I won't make that attempt here. I agree with them.
I calmly stand by my snark, perched atop the mountain of experience.
And I stand by my statements, that PHP would be one of my top picks for back-end design and dynamic pages. It is easy to read, has reasonably good performance, and reasonable security. But no language can stop people from shooting their own foot off if they're so determined, and your grevance seems to be not with the language itself, but with the fact that so many people shoot their own foot off while using it. The only problem I have with PHP is that the designers seem utterly incapable of understanding OOP concepts and the result is half-baked objects. But then, I say the same thing about Java.
You're reading a lot into my jokey original one-sentence post. Grievance (grevance)? I've used PHP. Found it wanting. Moved on. End of story. What's driving your zealous PHP advocacy?