[kwlug-disc] Security arguments

Khalid Baheyeldin kb at 2bits.com
Wed Sep 23 17:55:52 EDT 2009


On Wed, Sep 23, 2009 at 4:31 PM, Chris Frey <cdfrey at foursquare.net> wrote:

> On Wed, Sep 23, 2009 at 04:04:52PM -0400, unsolicited wrote:
> > Let alone in this day of rapid web deployment / refresh, where time to
> > delivery is deemed crucial. Compiled source, particularly given the
> > prevalence of 'script kiddies' (for lack of a better word, not meaning
> > the usual, more, as Khalid points out, novices) implies a rather
> > static design of demonstrably long term use.
>
> I prefer to view using compiled languages as automatic debugging at the
> least costly level.  If the compiler finds a bug as soon as I type
> 'make', it's cheaper to fix it there than if it crashes for the customer.
>
> The more bugs a compiler can find for me, the better.
>
> I take this compiler-loving to a bit of an extreme, perhaps, because
> I use it as a sidekick to help me wrestle code and logic into shape.
> And I definitely miss that sidekick when I use something like PHP.
>
> I don't think that compiled == static.  Updating a website is about
> the same whether using a scripted or a compiled language.  But the
> extra compile step will show you some errors early instead of in the
> browser window.
>
>
A few comments here:

First, eBay used to have everything in C (or was it C++), and linked
into Apache. So they had this huge monolithic beast that is faster
because it is compiled, yet hard to maintain and deploy. I think that
they have moved off of that, not sure to what exactly though.

Second, there are new languages that are being created for exactly
the reasons you state: let the compiler sweat it and find most of the
bugs ahead of time.

One such language is Scala. It is a hybrid language in that it uses
the Java Virtual Machine, yet it has functional programming features.
It is being used in Twitter, after they replaced Ruby on Rails for portions
of what they do (message queuing and delivery).

There is a web framework written in Scala, but like Ruby on Rails
it shares the "difficult to deploy" aspect, even more so! To some extent
Django would be the same, being that it requires Python to be configured
for the web. More work to do for getting it to run, and less hosts to
run it on, or requires a VPS to get it running.

If Drupal was written in a better language (compiled, ...etc.), it would
never have been successful, simply because the hosting options for it
would be severely limit. By using LAMP, it automatically became
deployable to tens of thousands of users immediately, even shared hosts.

So, everything has its place, I guess. Suitable tool for the job. Otherwise,
we would all be using Ada by now.
-- 
Khalid M. Baheyeldin
2bits.com, Inc.
http://2bits.com
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://astoria.ccjclearline.com/pipermail/kwlug-disc_kwlug.org/attachments/20090923/fc0a17a3/attachment.html>


More information about the kwlug-disc_kwlug.org mailing list