Path: csiph.com!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed4a.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.000 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'python,': 0.02; 'scripts': 0.03; 'yet.': 0.04; 'tree': 0.05; 'subject:Python': 0.06; 'php.': 0.07; 'string': 0.09; '22,': 0.09; 'derived': 0.09; 'frameworks,': 0.09; 'php,': 0.09; 'ruby,': 0.09; 'scripts,': 0.09; 'whichever': 0.09; 'cc:addr:python-list': 0.11; 'jan': 0.12; "wouldn't": 0.14; 'at.': 0.16; 'compares': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'implies': 0.16; 'lengths': 0.16; 'personally,': 0.16; 'readable': 0.16; 'sad': 0.16; 'wrote:': 0.18; 'bit': 0.19; 'cheap': 0.19; "python's": 0.19; 'things.': 0.19; 'thu,': 0.19; 'version.': 0.19; 'cc:addr:python.org': 0.22; 'frameworks': 0.24; 'unicode': 0.24; 'versions': 0.24; 'file.': 0.24; 'cc:2**0': 0.24; "i've": 0.25; 'define': 0.26; 'push': 0.26; 'defined': 0.27; 'header:In-Reply- To:1': 0.27; 'idea': 0.28; 'point': 0.28; 'am,': 0.29; 'message- id:@mail.gmail.com': 0.30; 'code': 0.31; 'usually': 0.31; 'cgi': 0.31; 'directory,': 0.31; 'restricted': 0.31; 'secondly': 0.31; 'file': 0.32; 'languages': 0.32; 'run': 0.32; 'community': 0.33; 'framework': 0.33; 'actual': 0.34; 'maybe': 0.34; "i'd": 0.34; "can't": 0.35; 'equal': 0.35; 'point.': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'there': 0.35; 'version': 0.36; 'doubt': 0.36; 'entry': 0.36; 'system,': 0.38; 'problems': 0.38; 'rather': 0.38; 'bad': 0.39; 'users': 0.40; 'ensure': 0.60; 'even': 0.60; 'future': 0.60; 'free': 0.61; 'new': 0.61; 'skip:* 10': 0.61; 'simply': 0.61; "you're": 0.61; 'complete': 0.62; 'become': 0.64; 'great': 0.65; 'within': 0.65; 'world': 0.66; 'grow': 0.77; 'gain': 0.79; '2015': 0.84; 'etc,': 0.84; 'malicious': 0.84; 'points,': 0.84; 'to:none': 0.92 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=gFevJBzCwEcNREN1pIy8xz8UYJRP3hvapb6Bx/M2eEM=; b=jRRPjFdL0eyhHgEZIMLy2MAAD8aK14BQFIDmuF9HKwVBSWzu01zmmEUl1wIz/8PlXN aclL41pg66DwEWEqo3HxstnT3KGVkXfbkXkfmYaXu8QV96mbL1E6ZTU40oLVYEvrbGZx SwOwc5i2eJ2Ieq/7yR4qIn+sTVnTQTlvlu8PApsryuCwleLUq3eqYqn3w8QOQXRjbdQl jFrZLn4hQqzH8nEkH7CzQxCbcKc4H7XEWH84M3oUMrZ5BhB9nTilY9MNpgflwVYheS6y BrmvMsv3ZxcntvUPKllBD2q13zD0rsq2x/SkbBnfFtHqj6xUufVxbdBxX32ePrPzWJu2 kB1w== MIME-Version: 1.0 X-Received: by 10.224.23.133 with SMTP id r5mr74558771qab.88.1421883679718; Wed, 21 Jan 2015 15:41:19 -0800 (PST) In-Reply-To: <54C033F5.6080405@cajuntechie.org> References: <54bfd513$0$12978$c3e8da3$5496439d@news.astraweb.com> <54C033F5.6080405@cajuntechie.org> Date: Thu, 22 Jan 2015 10:41:19 +1100 Subject: Re: What killed Smalltalk could kill Python From: Chris Angelico Cc: "python-list@python.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 42 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1421884057 news.xs4all.nl 2917 [2001:888:2000:d::a6]:54132 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:84159 On Thu, Jan 22, 2015 at 10:19 AM, Anthony Papillion wrote: > To be fair, PHP has come a long way in the last few years and, I hear, > there's movements within the community to make it better. Namespaces > were a bit deal as were a few other things. Personally, while I am > LOVING Python, I'd be sad to see PHP die. It's got a lot of potential if > the community can get its crap together and take off the ruby coloured > glasses. The huge advantage of PHP over other languages is that it comes free with any cheap web host. That's also a huge *dis*advantage when it comes to "movements... to make it better", because you can't know when the new version will become sufficiently prevalent to depend on it. I've seen PHP 4 compatibility code in current versions of some big frameworks, although I've no idea whether that implies actual support or just that nobody's removed it yet. But there are a few fundamental problems with PHP, which are derived directly from its philosophies. One of them is that any file in some directory tree is automatically an entry point - specifically, an *executable* entry point. PHP frameworks that accept file uploads have to go to great lengths to ensure that malicious users can't upload code and run it. Every web framework I've seen for Python, Ruby, Pike, etc, has URL routing defined by the application, not the file system, and if you define a readable uploads directory, all you're going to do is allow people to re-download the same file. Even old CGI scripts, where file system presence defined entry points, weren't as bad as PHP - firstly because they were usually restricted to /cgi-bin/ (and you simply wouldn't allow world writing to that directory), and secondly because the scripts had to be marked executable, which PHP scripts don't. Maybe PHP will grow true Unicode support in a future version. Maybe it'll gain a nice object model that compares well to Python's or Ruby's or whichever other you want to look at. Maybe there'll be a complete reworking of string comparisons so that "12e2" is no longer equal to "1200". But I doubt it'll ever shift away from file-system entry points. And that's why I will continue to push people to Python+Flask rather than PHP. ChrisA