Why PHP is so much more popular for web-development

[Steve Holden]

In terms of memory and CPU, maybe. But I think that *requires* apache
2.x and a very recent version of mod_python. By web-hosting
standards, those are very steep requirements.

You are wrong. CherryPy is a standalone web server environment.

regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC/Ltd http://www.holdenweb.com
Skype: holdenweb http://del.icio.us/steve.holden
--------------- Asciimercial ------------------
Get on the web: Blog, lens and tag the Internet
Many services currently offer free registration
----------- Thank You for Reading -------------

 

[walterbyrd]

Jeff McNeil wrote:

Right, that's why hospitals are replacing their surgeons with butchers.
There are so many more of them available. It's only cutting meat, after all.

Hospitals probably would if they could. Healthcare is extremely
regulated. Software development, web or otherwise, is still the wild-
west. Besides, I don't think it's quite fair to characterize all PHP
developers as "butchers" and Python developers as "surgeons." Python
may be superior to PHP, but come on now. Besides, I see about 100X
more ads for PHP programmers, than Python programmers. My guess is
that there probably are a lot more PHP developers, especially web-
developers.

Virtualization will solve that problem.

I can get PHP hosting for $10/year. Will I be able to get a virtual
host for that?

 

[Jeff]

No programming language can fix bad programmers. And if cost is an
issue, www.nearlyfreespeech.net has Python, clisp, and OCaml.

 

[Jeff McNeil]

Right, that's why hospitals are replacing their surgeons with butchers.
There are so many more of them available. It's only cutting meat, after all.

I prefer Python by a long shot, but I'm confident there are a lot of
shops making the PHP vs. Python decision every day and this is up
there on the list of PHP's benefits. Of the 10 guys I've interviewed
in the past two months, I think one had Python experience. In digging
a bit deeper, it turns out he got that installing Anaconda packages.

Virtualization will solve that problem.

It will help, sure. I run a few things in a FreeBSD VPS right now,
actually. I really like the freedom it brings.

The problem again goes back to density, though. I work for one of the
large web hosting firms. When talking straight shared hosting, we can
put well over 50,000 web sites on a cluster of servers. On our VPS
products? That number drops down to about 1,000 on the same hardware
configuration. If we start talking about hardware virtualization,
divide by ten again.

The technology is getting there, but it's still just not feasible to
hit the same scale with virtualization that one can hit when building
a standard shared hosting platform.

All of that said, we *do* offer Python on our products. We just don't
provide additional support for things such as TurboGears, Zope, or
Django. All of our provisioning and management infrastructure is in
Python as well.

 

[paul]

The comparison is not fair on many levels. PHP is not a framework like
Django or TG. You get a lot more stuff with Django or TG, so of course
the requirements are higher.

Wait a minute, did he write "Also, PHP and PHP frameworks are supported
everywhere..."? And he is right, you can drop symphony or cakePHP in
your webroot and it will work, period.

Seriously, take a closer look at CherryPy. With CherryPy, you don't even
need Apache since it provides its own web server.

So how do you run this in production? There's only one port 80, you'd
need e.g. mod_proxy + CherryPy on a high port as a long running process.
That's just not possible in most shared hosting envs, plus you'd have to
monitor cherrypy and whatnot.

Don't get me wrong, I'm not defending PHP but from a deployment POV
python is definitely more complex.

cheers
Paul

 

[walterbyrd]

Either you are a casual user with 101 web
development skills trying to set up your personal home page

But this, sort of, brings me back to my original point. Nobody starts
out being advanced. There are substantial differences in cost, and
deployment, between PHP and Python. It is much easier to get started
with PHP. And once somebody has started with PHP, that person is
likely to stay with PHP. Most PHP developers do not see a compelling
reason to start all over again with Python.

BTW: I have a certain amount of respect for PHP, and PHP developers.
PHP5 is a big step forward over PHP4. And, there have been substantial
web projects completed with PHP - probably more so than with Python.

 

[Steve Holden]

But this, sort of, brings me back to my original point. Nobody starts
out being advanced. There are substantial differences in cost, and
deployment, between PHP and Python. It is much easier to get started
with PHP. And once somebody has started with PHP, that person is
likely to stay with PHP. Most PHP developers do not see a compelling
reason to start all over again with Python.

BTW: I have a certain amount of respect for PHP, and PHP developers.
PHP5 is a big step forward over PHP4. And, there have been substantial
web projects completed with PHP - probably more so than with Python.

If PHP does everything they want, why should they change to Python? I am
as keen as anyone else to see Python widely adopted, but not at the
expense of forcing a tool down an unwilling population's throats.

Python is a programming language first, PHP has become one almost
incidentally. It's good at (some) things that Python isn't. It's
horrible at others (for example OO in PHP is almost as horrible as OO in
Perl). Learn to live with it! ;-)

regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC/Ltd http://www.holdenweb.com
Skype: holdenweb http://del.icio.us/steve.holden
--------------- Asciimercial ------------------
Get on the web: Blog, lens and tag the Internet
Many services currently offer free registration
----------- Thank You for Reading -------------

 

[Bruno Desthuilliers]

walterbyrd a écrit :

But this, sort of, brings me back to my original point. Nobody starts
out being advanced.

Nope. But some start out being already seasoned programmers, even if
they never done web development !-)

There are substantial differences in cost, and
deployment, between PHP and Python.

Depends on the context. But true, it's easier to get PHP than Python on
a budget shared hosting (except possibly for python cgi).

It is much easier to get started
with PHP.

If you are not programmer and don't know anything about the HTTP
protocol, yes, indeed.

And once somebody has started with PHP, that person is
likely to stay with PHP.

FWIW, I started web programming with PHP. Then I quickly started to look
for Python-based solutions.

Most PHP developers do not see a compelling
reason to start all over again with Python.

If I judge by the average quality of the php code I've seen so far - and
I've seen quite a lot - most "PHP developers" don't know zilch about
both programming and the web. The others are usually not "PHP
developers" but developers using PHP - which is not exactly the same
thing. There are, of course, well-designed, well-written php apps, but
that's certainly not the most common case.

BTW: I have a certain amount of respect for PHP,

I don't.

and PHP developers.

That's another problem.

PHP5 is a big step forward over PHP4.

Because it introduced a Java-like object model ?

And, there have been substantial
web projects completed with PHP

Indeed. As well as with Java and Perl. A good programmer is usually able
to write good code whatever the language.

- probably more so than with Python.

There certainly are more "substantial" web projects written in Java than
in Python, and believe me, deploying a Java web app is orders of
magnitude more difficult and costly than with a Python one, whatever the
Python framework used. Heck, compared to any Java solution, even Zope
looks lightweight and agile.

 

[Roel Schroeven]

Jeff schreef:

No programming language can fix bad programmers. And if cost is an
issue, www.nearlyfreespeech.net has Python, clisp, and OCaml.

But only via CGI, which means every request results in a new instance of
the interpreter.

 

[Jeffrey Froman]

The point is: PHP framework makers are very considerate of the
realities of shared hosting.

I think the opposite is true: PHP applications typically ignore the
realities of shared hosting in order to be considerate to non-developers
(that is to say, "users"). In particular, security in a shared hosting
environment is almost always discarded.

Consider a PHP-based CMS that allows users to upload files. Because the
application runs as the webserver user, uploaded files, and the directory
where they reside, must be accessible and writable by that user. It is the
same user that any other hosting customer on that machine has access to.
Thus, any user on the shared host could write a quick CGI script that
accesses, adds, removes, or defaces your uploaded content.

While it is true that PHP can be deployed through fastcgi/suexec to avoid
this problem, doing so is just as complicated as deploying python
applications through fastcgi.

Deploying python applications through mod_python suffers the same drawbacks
on a shared host that using mod_php does, but it is quite simple to set up:
3 lines or so in an .htaccess file is all that is required to get
mod_python configured. Surely PHP developers need to write their
own .htaccess files as well in most cases?

On a related note, most PHP hosting providers offer only PHP4. While this is
again fine for the typical PHP *user*, I would hope that PHP *developers*
are looking primarily (if not exclusively) for PHP5 at this point. PHP5
providers are much rarer.

All that said, I am sympathetic to your concerns, and am currently working
hard to set up a commercial shared hosting environment that offers turn-key
Django and Plone provisioning. Certainly, the automated, generic set-up
won't suit everyone's fine-tuned requirements, but I agree that more hosts
should think about providing a working default configuration for python
frameworks.


Jeffrey

 

[SamFeltus]

PHP is just a more inclusive community. The PHP community is more
concerned with the casual user and the end user. This is PHP's core
strength, and one of Python's core weaknesses. The Python community
would be wise to adopt PHP's concern for the end user.

That being said, I don't think you will find PHP easier than Python.
I think the reverse is true, except in the simplest cases. Also,
Python is economical and easy to use if you go with a Python centric
web host, such as Web Faction.

 

[Paul Rubin]

Consider a PHP-based CMS that allows users to upload files. Because the
application runs as the webserver user, uploaded files, and the directory
where they reside, must be accessible and writable by that user. It is the
same user that any other hosting customer on that machine has access to.
Thus, any user on the shared host could write a quick CGI script that
accesses, adds, removes, or defaces your uploaded content.

That sounds trivial to ameliorate (at least somewhat) by putting your
uploads in a directory whose name is known only to you (let's say it's
a random 20-letter string). The parent directory can be protected to
not allow reading the subdirectory names.

 

[Steve Holden]

That sounds trivial to ameliorate (at least somewhat) by putting your
uploads in a directory whose name is known only to you (let's say it's
a random 20-letter string). The parent directory can be protected to
not allow reading the subdirectory names.

But you have to admit that's "security by obscurity".

regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC/Ltd http://www.holdenweb.com
Skype: holdenweb http://del.icio.us/steve.holden
--------------- Asciimercial ------------------
Get on the web: Blog, lens and tag the Internet
Many services currently offer free registration
----------- Thank You for Reading -------------

 

[Paul Rubin]

But you have to admit that's "security by obscurity".

I'm not completely sure it's security by obscurity if the system setup
is careful. The pathname is like a password and maybe it can be
proteced from exposure to the same degree that other file system
contents are protected. This would not pass review for protecting
launch codes, but neither most things done on even serious commercial
web sites.

 

[Chris Mellon]

I'm not completely sure it's security by obscurity if the system setup
is careful. The pathname is like a password and maybe it can be
proteced from exposure to the same degree that other file system
contents are protected. This would not pass review for protecting
launch codes, but neither most things done on even serious commercial
web sites.
--

Would you make this directory name be the username+the password? If
not, why not? The answer is the same reason why this isn't a reliable
method of security.

That said, no hosting provider I'm aware of (even the really cheap
ones) runs in a purely shared environment anymore. They use suexec or
fakejail or something at the very least. This is for their own
protection as much (or more) than it is to protect their customers
data, though.

 

[Paul Rubin]

Would you make this directory name be the username+the password? If
not, why not? The answer is the same reason why this isn't a reliable
method of security.

I would not store plaintext passwords in a database, but that doesn't
mean it's security by obscurity to do so.

 

[Jon Ribbens]

But you have to admit that's "security by obscurity".

Um, no?

 

[SamFeltus]

I don't suggest Python is unconcerned with the casual user and the end
user, only that this is where PHP's community excels.

Learnig both as a newbie, I actually found PHP more confusing and
difficult than Python. Programming in PHP reminds me of a game of
trivial pursuit. Once you know a little Python, you can often guess
how something new is going to be before you see it.