[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Which webmail do you prefer? Why?

Jeremy Zawodny <Jeremy@Zawodny.com> writes:

> On Tue, May 06, 2003 at 02:23:58PM +0100, Matthew King wrote:
>> SquirrelMail. Webmail for nuts. Sounds weird, but it rocks.
>> It's in PHP (I'd personally prefer perl) but it still works.
> Why does the implementation language matter?  Do you care if your
> system binaries are written in C vs C++?

Yes.  Certainly, I care whether they're written in a systems
programming language (C, C++), a good stable interpreted language
(Python, Perl), or somebody's favorite toy language with semantics
resembling a language best left on the dustheap of the eighties (Copy
on read?  What were they thinking?).

I'd rather have an SSH server written in a garbage-collected language
with mandatory bounds checking, for example: on those machines which
aren't terminal servers, OpenSSH's has about ten times as much code as
I'd like.

> I always wonder what people really mean when they say things like
> that--especially in this sort of context.  Can you clarify why it
> matters?  Are you trying to imply that PHP software is less likely to
> work?

Yes.  PHP's not Ultimate Evil, it's just kind of chintzy:

* It's a special-purpose language, but used to write large
  applications.  General purpose languages tend to pick up more
  mindshare, attract better programmers, and pick up more eyeballs
  skimming for bugs.  Their code's more maintainable, too.

* The language was never planned.  PHP is still at the stage Perl was
  with Perl 4: a bunch of Neat Features without any idea of what
  happens when you use them all at once.

* Because of its niche, it picks up an unusually high proportion of
  poor programmers.  This doesn't affect any *particular* program -- I
  use SquirrelMail myself, and love it -- it's just that "PHP" is as
  much of a warning sign to me when looking at a programmer's resume
  as seeing one published piece of software, an IRC client.

* It's very easy to use PHP insecurely.  This is compounded by the PHP
  engine's security record.

So what does this mean for you, as an ISP considering two
web-interface applications, one written in PHP, and the other in Perl
(say, with Mason)?  You have reason to be more nervous about the machine
the PHP app is on, and you'll have to search more widely and examine
candidates more closely when finding maintenance programmers.


Brian T. Sniffen                                        bts@alum.mit.edu

Reply to: