Email or username:

Password:

Forgot your password?
Frost, Wolffucker 🐺:therian:'s posts Post Back to profile
Top-level
Glyph

@IceWolf @jalefkowit because of the profusion of design errors like this, php is quantitatively the most insecure high-level language still in use.

I acknowledge that its accessibility is something other languages and hosting environments need to aspire to, and that many people have found that accessibility empowering. but its prevalence is a real problem, complicit in some of the biggest breaches. “Wordpress sharing critical infra” is a cliché at this point

18 January at 5:09 | Wall-to-wall | Open on mastodon.social
5 comments
Glyph
Glyph

@IceWolf @jalefkowit As far as “SSR is good”, I am a python guy who has been doing web dev in various capacities since 2001, no need for argument there :)

18 January at 5:09 | Open on mastodon.social
Frost, Wolffucker 🐺:therian:

@glyph @jalefkowit Wordpress is also Wordpress. When you run 40% of the internet, of course you're gonna get whacked with a crapton of hacking effort. (See also Windows.)

18 January at 5:11 | Open on masto.brightfur.net
Frost, Wolffucker 🐺:therian:

@glyph @jalefkowit From what we hear, it's also often Wordpress plugins getting hacked - I don't know how often it's the core of Wordpress itself. (We've never used Wordpress and don't know much about it.) Plugins that for all we know, might be written by those newbie programmers that PHP lets actually program instead of just staring at an impenetrable wall, getting daunted, and walking away.

Should the stuff be secure? Absolutely! But the way to fix that is good tutorials and stuff that teach people how to write good code, as well as potentially giving PHP better defaults if those are bad, not "throw PHP in a ditch, use Python or whatever, it's Inherently Better". (I personally don't jive with Python because of its whole "personal style is bad, you MUST use the ONE TRUE WAY for everything" culture. It's not anywhere near as bad as Rust in that respect, though.)

@glyph @jalefkowit From what we hear, it's also often Wordpress plugins getting hacked - I don't know how often it's the core of Wordpress itself. (We've never used Wordpress and don't know much about it.) Plugins that for all we know, might be written by those newbie programmers that PHP lets actually program instead of just staring at an impenetrable wall, getting daunted, and walking away.

18 January at 5:15 | Open on masto.brightfur.net
Glyph

@IceWolf @jalefkowit I acknowledge that that's a factor, but it's definitely not the only factor.

Anyway I don't need to yuck your yum; if you like it, and you don't agree with my take, that is your option. And while I don't mind putting that idea out there, I am not going to yell at you about it, if I am going to put effort into something, I will go make my own rickety pile of infrastructure more appealing and accessible, not just put down PHP 🙂

18 January at 5:17 | Open on mastodon.social
Go Up