this post was submitted on 30 Oct 2023
977 points (96.1% liked)
Programmer Humor
32588 readers
1691 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
not only that but you just install it with the lamp stack setting in ubuntu tasksel with apache and mariadb. the beating that these can take (except maybe the sql) and survive is great. you also have access to the whole of linux to do more advanced stuff, while other languages/ stacks shy away from exec
I’m sorry, what?
Turns out arbitrary code execution is actually great(!)
it does not have to be arbitrary my dude
Problem is, you’re mixing a number of different concepts into a nonsensical claim.
Exec as an “execute a string as a language instructions” is nothing new nor unique to PHP. Ruby on Rails, for example, uses it in a controlled manner to generate methods on ActiveRecord models.
Exec as an “replace this process with another process” is old news again. It’s not even language specific.
Popen/spawn family (which seems to be what you alluded to) is, once again, nothing new and is used everywhere.
i just meant that python's and node's implementation is shit
All of that can be the same as other stacks except the Apache bit. You can stand up a Go application on Ubuntu hitting MariaDB as its persistence layer. Or Python. Or Node. Or Java. Or even Ruby. Shit, Haskell can do it.
~~Also,
exec
is a code smell. Arbitrary code execution is a massive security risk, and the effort to mitigate that risk is often less than explicitly building out the required functionality.~~I think you need to explore more technologies, my friend. And read up on some security things
Edit: I now realize you mean
exec
as in calling out to a shell. All languages have this. Still, the overhead of spawning and managing a new process is often more than just implementing the logic in your application itself.I personally prefer hestiaCP but yes