@kboyd This is also a very interesting discussion over on Bluesky. It seems that Bluesky is really just a proof-of-concept for the protocol, and it’s not Jack’s intention that the service stick around but that other services take its place.
@justin@ramsey@kboyd you can generate a lot of media buzz with a “decentralized” protocol that has a suspicious amount of centralized single points of failure
Folks, if you parrot opinions like "PHP is an insecure language" or "PHP has inherent security flaws" in 2024, and you can't point to specific issues with modern, current versions of PHP to back it up, all you are doing is demonstrating your ignorance.
The fact is, modern #PHP is every bit as secure, solid and performant a server-side #programming platform as #Node, #Python, or many other popular languages.
Yes, it's got a history. We know the history well. We know the painful ways of old. Yes, there is unpatched and otherwise insecure legacy code out there in the wild. Yes you can find examples of terrible code in old blog posts. But if you haven't updated your opinion since that time, you are running on outdated intel.
We learned the hard way. We hardened our language, our knowledge and our practices as a community over decades of experience making popular and profitable web applications.
#PHP is a living language with a vibrant, thriving and extremely knowledgeable community. Is PHP the best language? That's subjective. Is it a solid and trustworthy option for a modern web app or back end service in 2024? Absolutely.
You may hate the language and that's your prerogative. Everybody has their preferences & they are valid. But if you want to accuse PHP of general vague badness or insecureness, you better have specifics to back it up. Specifics that apply to PHP in 2024, not 2012.
@dseguy some under 300, some under 1k, and 3 under 5k for my OSs projects.
For website parts, it depend of complexity of projects (~5k for my wife website and ~ 30k for my Mtg website, with lots of domain complexity and some duplicated parts without cleaning of old parts 😅)
@dseguy Holy crap I can't even begin to imagine what it must be like to work with a 4.9MLOC project, and what kind of organisational issues you might stumble upon.
The only reliable protection against timing attacks is using operations that are inherently constant time based on their construction. hash_equals() would be an example that is included in PHP itself. You should always use hash_equals() to compare strings that are secret / sensitive.
@heiglandreas For non-DMARC p=reject domains the From header will be the original one. That's why Gina's email was marked as spam, as DMARC mangling was not performed for it (due to p=quarantine).
squizlabs/PHP_CodeSniffer is dead, long live PHPCSStandards/PHP_CodeSniffer!
Also, please consider sponsoring the project to safeguard its continuation, as without funding, we'll have the same problem again sooner rather than later.
@jrf_nl Haha! I just initially saw what you shared and not that you are the one who is maintaining the project. If I'd've known that, I would've done my own leg-work to find out what I need to know. 😅
@Girgias@zimzat@Crell@jclermont The thing about all of this is - I didn't have to worry about any of this with the best programming language I've ever touched... gw-basic. 😆
@ctietze@joby@deanatoire Pretty sure yes. If you wanted to do that, there's some complex and rarely used HTTP headers that you'd have to handle manually, then work on the streams yourself. That would definitely be slower, but assuming my benchmarks are still vaguely correct, it wouldn't be orders of magnitude slower.
Unless that's a common issue for your use case, it's probably not worth the trouble.
This article is all about how things are looking great for hiring Laravel devs in 2024, and I’m not seeing it.
I’ve been job-searching for 3 months, and very, very, very few of those jobs are decent-paying #PHP / #Laravel jobs. Sure, PHP/Laravel jobs exist, but most (anecdotally) pay far less than the rate others are willing to pay for #Golang, #Python, #Rust, #Elixir, #Java, #Csharp, and #TypeScript developers.
The industry does not value the output of PHP developers.
@ramsey Yep, had the same experience last summer. For the first time myself, I feel like PHP might be actually be on a decline. And I sort of get it? I've been doing a lot of TypeScript lately and the DX is just... better. If you look at what C# brings to the table for API development, it's pretty nuts and I could definitely see why larger companies invest in that.
@Crell@syntaxseed Agreed. Organizing things by what they do isn't optimal. Imagine to organize a house like that: a room for things that throws water, like kitchen sink and the shower, and another for things that emit warm, like fireplace and stove. If you organize thing semantically, you can have a folder with some views, some controllers, enums, value objects, etc, all related to the same conceptual part of the thing. Another folder with other views, other controllers, etc.
I’m trying to run “Debug” (for step-debugging with #Xdebug) in #PhpStorm while running a #Pest test. I do this all the time with standard #PHPUnit tests, and I’ve never had this problem…
The test runner stops immediately, and PhpStorm reports in the debug console, “Test framework quit unexpectedly.”
Has anyone else seen this error? Do you know what causes it?
Who will I see at #PHPTek next week? I’m giving a keynote on Thursday, and I’m super nervous. It’s only the second keynote I’ve ever given, and the first one was over 10 years ago. 😬😰 #PHP
@awoodsnet I would have loved to attend both, but some jerk is speaking at the same time as your first one, and I gotta attend that one. Looking forward to the dotfiles talk though!
How's that possible that people like @OndrejMirtes or Keradus don't have #PHP RFC voting rights? It does not make any sense. Language should be evolving under an eye of people who know it most, not people determined enough to check all the points of the onboarding list.
@codito@OndrejMirtes Well yeah, because as far as I understand, the RFC process got introduced around the PHP 5.3 era because people, rightfully so, were displeased that decision were done completely random and in the dark.
@Girgias@codito@OndrejMirtes Indeed. The fixes the RFC process needs are not confined to "give more people a vote." As currently setup, everything is spec work. Moreso than most OSS projects, everything is spec work. That's frankly abusive.
I have thoughts on improvements, but it's been made very clear that there's enough people who like the current abusive/chaotic status quo that they'll only participate in order to keep it as is that improvements are likely impossible.