JAWW (beta)

The ward is a factory for the Combine

why all my hosts are running PHP 4?

Collin is puzzled:

So, if PHP is currently at 5.2.4 then why the hell are all my hosts still running 4.4.2 or 4.4.3? Am I using shit hosts or are all hosting companies this slow to respond??

the short answer because PHP sucks, the longer one is really simple as well:

  • there are too many well-known PHP4 apps (including those that power control panels of hosting providers themselves) which will be borked on PHP5 without a serious code redone to workaround PHP5 backward incompatible changes.
  • it’s too much of a maintenance hassle for web hosts to reliably run both PHP4 and PHP5 on a shared hosting.

    the only path PHP.net offers is a "Migrating from PHP 4 to PHP 5" appendix document with quite a few of "User Contributed Notes", but you won’t find any documentation neither provided nor merely approved by the PHP.net on how to reliably run both PHP4 and PHP5 on a same box.

in a year I expect the fun times:

PHP 4 end of life announcement
[13-Jul-2007]

PHP 4 will be discontinued.

The PHP development team hereby announces that support for PHP 4 will continue until the end of this year only. After 2007-12-31 there will be no more releases of PHP 4.4. We will continue to make critical security fixes available on a case-by-case basis until 2008-08-08.

see also:
click on the image to see the Secunia Vulnerability Report for PHP 4.4.x
Impact graph

also, in the comments to the same Collin’s post cited above, Trent links to just an exciting PHP 4/5 speed comparison "test" by Barry of Automattic Inc. who found "php5 was 33 % slower than php4!":

Here are the results of a simple apache bench test of a phpinfo page.

[snip: test results here]

From these preliminary tests, php 5.2.2 seems about 33% slower than php 4.4.6. Surprising…

surprising? not at all, never seen such a meaningless test to measure a PHP performance:

  • hello, ApacheBench is "a command line computer program for measuring the performance of HTTP web servers, in particular the Apache HTTP Server", not that for measuring the performance of PHP itself.

    of course, first of all httpd had to be thrown out of the loop and the performance of PHP should be measured using the CLI.

  • let alone phpinfo() outputs different stuff on different versions of PHP, will anyone ever be calling this particular function in a production environment like so many times Barry did in his "test"?

can’t imagine any more pointless test than measuring the speed of phpinfo() by the Apache Benchmark tool "to see if upgrading to php 5 is something we want to do on WordPress.com". admittedly, I haven’t profiled WP but phpinfo() is definitely not something like a WP bottleneck!

(nor I suppose an echo() — hat tip to Matt ;-)

6 responses to “why all my hosts are running PHP 4?

  1. Collin September 6, 2007 at 11:22

    I think your short answer nailed it. Having read a little more about it, you’re right.

    I see that PHP6 is in Dev though. Thing is, they are deprecating elements (is that the right word?) even in PHP6 so most of the applications that are still running PHP4.x and b0rk in 5 are gonna be screwed in 6 too. The end result is that there’s gonna be no inclination for hosts to go to 6 either.

    Way to kill your language people…

    Thanks for the link love by the way!

  2. Collin September 6, 2007 at 11:22

    Oh, love the “porn” tag on this post. ;)

  3. Pingback: Killing Off The Porn « Collin’s Geek Rants

  4. Trent September 6, 2007 at 16:01

    I wouldn’t say I was “fascinated by the results”, just providing links to posts that I remembered reading on the topic. Interesting perspective Options!

  5. options September 7, 2007 at 22:39

    hello Collin,

    The end result is that there’s gonna be no inclination for hosts to go to 6 either.

    after PHP4 EOL they will eventually have to.

    despite many apps will be broken by this upgrade, they are to be sacrificed in exchange for system security — there’ll be no provider I think who would like to have a System Access to their host gained through unpatched vulnerable version of PHP4. nor even though from the local side as on a shared hosting that’d have an impact on all the clients hosted on a such box inflicting even more damages to the webhosts then the broken apps.

    only up today Secunia says there are 19% unpatched vulnerabilities — it’s not hard to guess what’s going to be in a year when critical security fixes won’t be available.

    re: PHP is going to shoot themselves in the foot

    what we’re seeing now is a sort of ‘growing pains’, or more precisely yet overgrowing ones — a typical issue of a ‘designed‘ vs. ‘home·bred‘ product: when a latter one outgrows from what it’s been initially purposed (an excellent templating engine — that’s what PHP was made for) it begins to suffer from this pain cause old frames in which it used to feel itself very comfortable and was an effective utility are pressing hard on essential modern features it inevitably has to be sporting to compete.

    that said, in a long run well designed products have always a more bright future as they can be adapted more easily to new challenges since someone has already thought it out (designed).

    also, doubt that Pyra Labs/Google Blogger really uses PHP. Facebook does for sure, but they have a whole bunch of C engineers to compile a heavily hacked version of PHP of their own. Goog, however, is well known as a company which rather prefers to use real programming languages like Java or Python as their languages of choice.

    one more interesting fact is that used by PHP.NET web-interface to a CVS (source code repository) of the PHP itself is powered by the Python script! :-)

    hello Trent,

    have to confess now, stumbled upon that link placed in the exclamatory sentence I’ve been fascinated myself for a some time while staring at it till I finally had a look on a linked page and found how those performance results had been measured in the said “Test”.

    I am sorry for the wording Trent. post is amended, would you like me to remove any mention of your name at all from it?

    regards,
    /options

  6. Trent September 8, 2007 at 15:06

    I have no problem mentioning me! I really like your blog and your “fascinating” posts! ;) Not a problem at all!

%d bloggers like this: