I don't understand how this is possible. I've heard the New York Subway system is riddled with antisocial behaviour, homeless, drunks, people pissing everywhere, etc.
They've already proved themselves as competent. $50k a year to a billion dollar company is nothing. Even if they find 0 vulnerabilities a year it's still worth it to them
I directionally agree with you but we could go another 20 comments deep on exactly what the purpose of an external pentest or red-team exercise is and how it might not match up perfectly with what an amateur web hacker is currently doing. But like: yeah, they could get into that business, at least until AI eats it.
I think PHP is way more accessible syntactically, even with all the standard complaints about the language. In the early 2000s it felt like "simple C style function calls embedded in HTML templates" more or less. Not much to have to teach there.
And serving it tends to be "copy the files to your web server's public dir".
Perl is a very difficult language. PHP was a comparatively simple language. PHP was just a scripting language for C and incorporated as many open source C libraries as possible back when open source libraries were a bit of disjointed mess.
PHP's success and Perl's decline was obvious at the time.
mod_php was dramatically simpler to use than mod_perl. If the sysadmin set it up, you didn't need to know it was there, and your regular PHP just ran really fast. That and nothing else really copied the "scriptable HTML file" paradigm which some people really really liked and made a very low barrier to entry compared to Perl. That's really what kicked off the demise of Perl -- it stopped being the most accessible way onto the internet. PHP also didn't screw up their major language upgrades like Perl did.
RoR helped Ruby push off its inevitable demise for a while, but it's going the same way as Perl. Python got lucky that it's become the defacto choice for everything ML.
PHP has fallen off. Who is doing anything new in PHP?
PHP has a much bigger legacy of web stuff than Perl, because it was so much easier to use. But there's no future in it. Wordpress, Drupal, Joomla... all had their time but it's all in the past.
As someone who doesn't really know neither Perl nor PHP, PHP is more of a domain-specific EDSL than a mainstream programming language.
One of the few insights in the blog post that aren't stupid, fake, inconsistent and schizophrenic, is the one about PHP's common approach regarding spinning up new processes.
Since everything is absolutely correct, no one forced it; they just provided a good, excellent solution for free, and consequently, the whole internet has gotten hooked on it. As they say, free cocaine causes harm. So, what are the alternatives? What options are there to protect against DDoS attacks and to make a website quickly accessible from different parts of the world? And at the same time, without paying a sky-high price for it.
That sums up my gripe with the vocal cloudflare haters. They will tell you all day long to move but every solution they push costs more time and money.
reply