[ArtDev]

Unnecessarily bashing PHP is soo 2005. Like javascript, it can be written poorly due to its loose roots. Also just like javascript, it is a very different language now.

That said, DocuWiki is pretty decent to get up and running quickly.

[john-shaffer]

I use PHP in my day job. It is by far the worst language I've ever used. Nothing else even comes close. The language and ecosystem are so full of footguns that you are bound to shoot yourself eventually. The OpenSSL implementation will silently truncate the key [1][2] without even giving a warning. The cURL lib, in 2020, still hasn't implemented a get_curl_opt function. Sure you could wrap it if you're writing everything, but the reality is I have to work in this nightmare ecosystem that just uses raw curl. Every == comparison is still a potential security hole due to PHP's insane (and inconsistent) typecasting behaviors. Sometimes a number gets cast to a string, but a string gets cast to a number if you use it as an array key. WTF? Do I have to wait another 15 years for PHP to become a halfway decent language?

[1] https://github.com/WP2Static/wp2static/pull/506

[2] https://stackoverflow.com/questions/55062897/decrypt-aes256-...

[heresie-dabord]

> The language and ecosystem are so full of footguns

"footgun" is an excellent term. Here's an earlier use on HN, 2010:

https://news.ycombinator.com/item?id=1904960

[kmill]

I've wondered whether the term directly evolved from this sort of joke list that was popular to pass around on the early internet: http://www.personal.psu.edu/sxt104/program1.html

[codezero]

I assume it evolved not long after guns existed, and likely grew in the military :)

[kmill]

"Shooting yourself in the foot," sure, but if you look up "footgun" it seems to only be programming slang. What I was suggesting with the above comment was that this sort of list might have popularized the metaphor of shooting yourself in the foot in programming, which was then was subjected to hacker-style word manipulation.

[codezero]

Ah fair, yep, that's probably right.

[heresie-dabord]

> Like javascript, it can be written poorly due to its loose roots.

I understand that bad code can be expressed in every language. But there is bad tooling too.

PHP clearly has a lucrative place in the world. But it remains a significant threat vector.

Yes, even in 202x. I leave others to discuss why this is the case. I won't install PHP on a workstation just to run a Wiki. ^_^