Hello there, just couple of words about PHP. I've been develop on PHP more than 10 years, I've seen it all 3,4,5,{6},7. Yes PHP was not good in terms of engineering and patterns, but it was simple, it was the most simple language for web to start those days. It was simple as you put code into file, upload it via FTP and it works. No java servlets, no unix consoles, no nothing, just shared hosting account was enough to host site, or even application with database. As database everybody used to have mysql, again because its simple to start and easy to maintain. So PHP+MySQL became industry standard on Web during 00-2012, and continues in some way.
You can write HTML and logic inside single file, within php code, even more single file may content few pages, or even kind of framework. That simplicity and agility sticks everybody who wants to develop sites with PHP.
This is pretty much about why it is so popular.

Each good or wannabe PHP developer in an early days write its own framework or library (like in javascript this days because of nodejs)

Imagine that PHP has hadn't have package manager, developers used to have host packages on their own sites, then various packages catalog sites created, and then finally composer. A gazillions of php code had spread over internet, without any kind of dependency control. To include libraries to your projects you have to just write include, or require. Some developers do it better than others.

So what we have ? A lots of code, no repositories, zip archives with libraries, no dependency control.
Project that uses that kind of code are still alive even today, they are solid hose of cards, and unmaintainable of course.

And main question that I'm trying to answer is Why PHP is not good ?
- First is amount of legacy code which people copy and pasted into their project, spread it even more like a virus.
- Lack of industry standards at the beginning lead to a lots of bad practices among developers. PHP code usually smells.
open source php projects in early days was developed in same conditions so even in phpbb, phpnuke, wordpress, drupal used to have a lot of bad practices in their codebase. So php developers usually not study by another library, instead they write their own frameworks/libraries.
- "It works", - there are no strong business demands, on web development, again because lack of standards, and concerns.
This three things are basically same, they linked to each other and summarize of answer of why PHP have strong smells and everybody yelling against it.

Whats is with PHP nowadays ? Of course PHP today is more influenced by good practice of webdev. Composer, Zend, Laravel, Yii, Symphony and language it self became more adult so to say, but developers...

People who never tried anything except PHP are usually weaker in programming and ecosystem knowledge than people who tried something else, python, perl, ruby, c for instance.

Summary

PHP as any other programming language is a tool. Each tool has its own task. Consider this and your task requirements and PHP can be just good enough solution.
"PHP is shit" - usually you heard that from people who never write strong applications on PHP and haven't used any good tools like Symphony or Laravel.
Cheap developers, - the bigger community, the more chance to hire cheap developers, and more chance to get bad code. That can be applied on any other language.
PHP has professionals developers, usually they have not only php on scope.

That's all folks, this is very brief, I am not covering php usage early days in details, but this is good enough to understand the point.

Enjoy.

This wanker approached me via LinkedIn before new year to be team lead to a diverse team of devs spread over a few time zones.

The mission? Build a metacritic clone, but geographically constrained to New York.

Me : How much are you offering?

Him: <radio silence>

Working at a local seo sweat-shop as "whatever the lead dev does't feel like doing" guy.

Inherit their linux "server".
- Over 500 security updates
- Everything in /var/www is chmod to 777
- Everything in /var/www is owned by a random user that isn't apache
- Every single database is owned by root sql user
- Password for sudo user and mysql root user same as wifi password given to everyone at company.
- Custom spaghetti code dashboard with over 400 files in one directory, db/ api logins spread throughout these files, passwords in plain text.
- Dashboard doesn't have passwords, just usernames to login
- Dashboard database has all customer information including credit card stored in plain text
- Company wifi is shared by other businesses in the area

I suggest that I should try to fix some of these things.

Lead Developer / Tech Director : We're an SEO company, not a security company . . .

I often dream that I discovered a rare edge case in reality that can lead to a crash if corrupted people create any object together. Corrupted state is infectious but due to caching and lazy copying strategies you mainly spread it to previous owners of items you infect. Also I can't edit the code to fix the issue because I'd have to recompile and our world is an in-memory artifact of the current execution.

Disclaimer: This is all theoretical. Neither me nor my friend (with whom I discussed this) are stupid enough to even try to pursue this, but as an idea, i believe it might generate cool/new ideas/ways for handling secure communications across social groups.

Let's do some role play. Let's design a delivery app for drug dealers, think Seamless or Uber Eats, but for drugs. Not for big deliveries, like kilograms of coke, but smaller stuff. Maybe a few grams of it or something. The clients could rate dealers, and vide-versa. This would build a level of trust within the system. There would be no names, just anonymous reviews, ratings, and prices. Only the info you'd need to know.

The biggest (only?) problem we found (besides legality) was that, how would you prove that you're a client and not a snitch (or cop). This would have to somehow be handled both on signup, as well as when ordering (let's imagine that all who are clients are pure and won't ever snitch).

One of the ways we found to combat this was to have the app invite-only. This would, in theory, do away with the problem of having snitches signing up. However, what if the phone got stolen/breached by a snitch, and they also got full access to the account. One way we thought we could combat this would be with a "dispose number" or something similar. Basically, you call a number, or send a text, or message a Signal bot etc, which would lead to the account's instant termination, no traces of that user left. Hence, a dispose number.

The flow of the app would be as follows:
A client wants some amount of heroin. He opens the app, searches for a dealer, sends the him the desired amount, and in return gets back a price from the dealer. If both parties agree on the amount and price, the deal would start.

The app would then select a random time (taken from the client's selected timeframe and the dealer's "open" time) and a location (within a certain radius of both them, somewhere in between them both for convenience). If both of them accept the time and place, they'll have to meet up at said time and place.

The actual delivery could also be done using two dead drops - the client drops the money at one of them, the dealer drops the goods at the other one. Yes, this might be subject to abuse, but it wouldn't be that bad. I doubt that clients would make huge orders to unknown/badly rated dealers, as well as dealers accepting offers from badly rated clients. My idea is that they would start small, just so if they do lose their money/goods, the actual loss wouldn't be as big for them, but for the other party, having bad ratings would mean less clients willing to buy or dealers willing to sell.

A third way would be to use crypto, but the reason I left this as the last one is because it's not that wide-spread yet, at least not in local drug dealing. With this method, the client would initiate the order, the crypto would be sent to either the dealer or an escrow account, the dealer would then drop the goods at a random place and let the client know where to go to get them. After the client has gotten the goods, they could both review/rate the quality as well as the overall experience with that dealer, which would either make or break the dealer's upcoming deals. This would be pretty much like other DNM's, but on a local scale, making deliveries faster.

So far, this would seem like something that would work. Are there any ideas that might improve this? Anything that might make things more secure/anonymous?

My reason for this post is to spark a conversation about security and anonymity, not to endorse drugs or other illegal stuff.

Cheers!

PS. Really loving the new PC design of devRant

is being a tech/dev person, a dead end job?

i have been thinking about this for sometime. as a dev, we can progress into senior dev, then tech lead, then staff engineer probably. but that is that. for a tech person :

1. their salary levels are defined. for eg, a junior may earn $10k pm , and the highest tech guy (say staff engineer) will earn $100k pm, but everyone's salary will be spread over this range only, in different slots.

2. some companies give stocks and bonuses , but most of the time that too is fixed to say 30% of the annual salary at max.

3. its a low risk job as a min of x number of tech folks are always required for their tech product to work properly. plus these folks are majorly with similar skills, so 2 react guys can be reduced to 1 but not because of incompetency .

4. even if people are incompetent, our domain is friendly and more like a community learning stuff. we share our knowledge in public domain and try to make things easy to learn for other folks inside and outside the office. this is probably a bad thing too

compare this to businesses , management and sales they have different:
1. thier career progression : saleman > sales team manager> branch manager > multiple branch manager(director) > multiple zones/state manager (president) > multiple countries/ company manager (cxo)

2. their salaries are comission based. they get a commission in the number of sales they get, later theybget comission in the sales of their team> their branch > their zone and finally in company's total revenue. this leads to very meagre number in salaries, but a very major and mostly consistent and handsome number in commission. that is why their salaries ranges from $2k pm to $2-$3millions per month.

3. in sales/management , their is a always a room for optimisation . if a guy is selling less products, than another guy, he could be fired and leads could be given to other/new person. managers can optimise the cost/expenses chain and help company generate wider profits. overall everyone is running for (a) to get an incentive and (b) to dodge their boss's axe.

4. this makes it a cut-throat and a network-first domain. people are arrogant and selfish, and have their own special tricks and tactics to ensure their value.

as a manager , you don't go around sharing the stories on how you got apple to partner with foxconn for every iphone manufacturing, you just enjoy the big fat bonus check and awe of inspiration that your junior interns make.

this sound a little bad , but on the contrary , this involves being a people person and a social animal. i remember one example from the office web series, where different sales people would have different strategies for getting a business: Michael would go wild, Stanley would connect with people of his race, and Phyllis would dress up like a client's wife.
in real life too, i have seen people using various social cues to get business. the guy from whom we bought our car, he was so friendly with my dad, i once thought that they are some long lost brothers.

this makes me wonder : are sales/mgmt people being better at being entrepreneur and human beings than we devs?

in terms of ethics, i don't think that people who are defining their life around comissions and cut throat races to be friendly or supportive beings. but at the same time, they would be connecting with people and their real problems, so they might become more helpful than their friends/relatives and other "good people" ?

Additionally, the skills of sales/mgmt translate directly to entrepreneurship, so every good salesman/manager is a billionaire in making. whereas we devs are just being peas in a pod , debating on next big npm package and trying to manage taxes on our already meagre , "consistent" income :/

mann i want some people skills like these guys

Sooooo....worked at a place (which i think was my first rant on here lol) a little while back where, to keep a long story short, was treated like shit and still managed to pull out some magic for them before i left my contract (cos work pride).

Come to new company, it is a consultancy company. The project I worked on at the previous company, they had came (while i was there, i went to the meeting) and done some requirements analysis for them (that weren't even relevant, mostly because the CIO was a tard).

Come to find out today, through the grapevine, that these lot have been claiming that they done more than requirements and actually implemented the full solution and even wrote a case study about the shit they weren't involved in. "Oh look at this GDPR project we completed for this £400M turnover company and all the problems we solved".

More hurtful cos this project I done with no help from anyone, got moaned at every day, got my references threatened, wouldn't let me work from home but anyone else could. Serious, a lesser man would have punched the CIO....repeatedly.

What would you do? I'm getting sick of fighting in every job but also getting sick of never getting any credit for the shit I've done.