Moderator: Thanas
Code: Select all
<?php
$arr = array ();
for ($i = 0; $i < 100000; $i++)
{
$c = mt_rand (0,1);
if (!isset ($arr[$c])) $arr[$c] = 1;
else $arr[$c]++;
}
ksort ($arr);
foreach ($arr as $key => $value)
{
echo '<b>'.$key.':</b> '.$value.'<br />';
}
There should be nothing wrong with my script above, and in most languages, there wouldn't be. PHP implements rand () and mt_rand () incorrectly, however.Ryan Thunder wrote:What exactly did they do wrong? It looks like they're using a standard method to generate the random numbers, if I've read it correctly. Then again, I'm not familiar with php, just curious.
5.2.11 (CentOS 5.3 32 bit) and 5.2.12 (Debian Squeeze 64 bit).Drooling Iguana wrote:Which version of PHP are you using? I ran that code on my system and the results are coming out fairly even. I'm running PHP version 5.2.10.
Maybe if the sample size was 10, something like that could happen. But with a sample size of 100,000, the chance of any significant deviation from a 50/50 split is practically zero. At that sample size even a 60/40 split would mean there was a problem with the RNG.Bedlam wrote:if this is just a single run of the 100,000 repeats there the chance of 1 and 0 could still be the same and still give a 25/75 split, its just unlikely (someone might be able to do the calculations). You would expect it to tend towards 50/50 but it could be 100/0 and still be random its just very very unlikely.
The issue is I would actually need to write it and be competitive with -and more stable than- php+APC-stat. Flup is neither stable enough nor fast enough to handle thousands of connections per second on my server.Destructionator XIII wrote: Eh, not really. When I do cgi in C, I just recreate the little pieces I need as I need them. I do have some CGI stuff in the D language, but I keep hacking it up and breaking it, so that's not redistributable either. Though, FastCGI and CGI aren't the same thing anyway...
I tried to. It's ostensibly to allow end users to do semi-code level things with some level of security.For PHP, what I find most hilarious are the people who layer shit on top of it. Ever used the Smarty template system? why God?! WHY?!
There is a vBulletin plugin to Sphinx search that costs $2k. It is only marginally more impressive than the one built for SMF. The one the phpBB team built is a joke, and who does the phpBB dev blame?I've been dealing with this php shit for a client for months now. The client paid like $2000 for a license to this fucking thing - for that kind of money, you'd expect it to be decent, right? Wrong, it's PHP!
What's really annoying is that mysql(i)_real_escape_string still has a major security hole, as no widely used cms's database wrapper uses prepared statements and all of the major forum softwares encourage utf8 conversion.On the top level, the code is spaghetti, of course. Things are repeated all over the place - every single file in it has about 80 lines of the same boilerplate, only slightly different each time. (Functions? What are they for?) Every function it does have starts with a long list of globals - about 15 of them. Among them is a database class... that just wraps the built in mysql library, obfuscating the myriad sql injection holes.
It's faster to write code than to read it. A very important distinction that I like to remind clients of.Then, there is this retarted, utterly worthless Smarty thing. All it does is duplicate the one thing PHP itself does reasonably well, but with more slowness. You add a pile of boilerplate to the PHP to use it... then the template just has more embedded PHP! And of course, repeated instances of nested tables all over.
How the fuck did something this messed up pass review? Easy - it didn't have review!
In the time I've wasted trying to work around the shit and deal with the repeated bloat, I could have just rewritten the thing from scratch myself. But noooo, we must reuse existing code!
Quite a lot of programming languages are someone's personal crappy scripting language that somehow escaped and gained popularity. These are kludged together with no real understanding of language, compiler or library design, and they universally suck. Perl is in this category despite massive efforts put in for over a decade to try and make it into a real language (why anyone would want to, I don't know).Zixinus wrote:If I get the posts correctly, is PHP fundamentally flawed? Because that is the point that I feel gets across. How did that happen?
Perhaps one of the few good things about PHP is that it does scale very well (as mentioned earlier) - but that is in spite of its many problems.Destructionator XIII wrote:PHP was (and is) created by morons for morons. Fundamental technical flaws are the least of its problems. Greater is that the idiots around it don't see them as flaws.
PHP was early, free, cross-platform and relatively easy to understand. There were not many alternatives when it was created (CGI scripts and Perl come to mind). Nowadays there are many alternatives - but PHP lets you get your feet wet early and is deceptively simple.Chris OFarrell wrote:Its free, and it has been the mantra of a lot of geeks that Apache + PHP = Liberation...or something.
IIRC, most security sites specifically advice users not to use *escape_string for sanitizing. Also, MySQL is terrible - too bad Postgres made some bad decisions back in the day and let MySQL take the market.Xon wrote:Mysql and secure? Don't make me laugh.
mysql_real_escape_string doesn't protect against against SQL injection properly with dynamic sql even ignoring unicode! Linky.
Perl came early with the right features and the right price at the right time. Plus, there was strong demand for something to do string parsing and munging. Of course, now there's so much legacy code and so many Perl gurus they want "sane" Perl.Starglider wrote:Quite a lot of programming languages are someone's personal crappy scripting language that somehow escaped and gained popularity. These are kludged together with no real understanding of language, compiler or library design, and they universally suck. Perl is in this category despite massive efforts put in for over a decade to try and make it into a real language (why anyone would want to, I don't know).
Yeah, but it's popular, free and cross-platform so new people see it and dive right in.These languages are attractive only because they seem simple and easy to pick up. In actual fact, all the 'counterintuitive' and complex features in other languages are generally there for a reason. Furthermore there are now plenty of properly designed languages that target simplicity and beginners, so really there is no excuse for using junk like PHP except having to maintain legacy code.
Incidentally, when you write things likeXeriar wrote:Half of my development time with PHP is basically rewriting things I can't trust the php team to have done properly. I think this epitomizes it.
Code: Select all
$arr = array ();
for ($i = 0; $i < 100000; $i++)
{
$c = mt_rand (0,1);
if (!isset ($arr[$c])) $arr[$c] = 1;
else $arr[$c]++;
}
ksort ($arr);
foreach ($arr as $key => $value)
{
echo '<b>'.$key.':</b> '.$value.'<br />';
}Code: Select all
$arr = array (0,0);
for($i = 0 ; $i < 100000 ; $i++) {
$arr[mt_rand(0, 1)]++;
}
foreach($arr as $k => $v) {
echo '<b>'.$k.':</b> '.$v.'<br />';
} PHP gets out of the way. Far too early, but it has an installed base of pretty much Everywhere, and is getting slowly whipped into shape. It might take a fork to get a proper implementation, however.Starglider wrote:Quite a lot of programming languages are someone's personal crappy scripting language that somehow escaped and gained popularity. These are kludged together with no real understanding of language, compiler or library design, and they universally suck. Perl is in this category despite massive efforts put in for over a decade to try and make it into a real language (why anyone would want to, I don't know).
These languages are attractive only because they seem simple and easy to pick up. In actual fact, all the 'counterintuitive' and complex features in other languages are generally there for a reason. Furthermore there are now plenty of properly designed languages that target simplicity and beginners, so really there is no excuse for using junk like PHP except having to maintain legacy code.
I suspect the concept is actually related. Because so much php code is hacked together, quite a lot of the most important parts (getting information from the database to the server) gets tweaked for speed. And occasionally they notice about security.phongn wrote:Perhaps one of the few good things about PHP is that it does scale very well (as mentioned earlier) - but that is in spite of its many problems.
php.net's documentation is currently king. Pretty much the sole reason. Problem with anything? Look it up.Yeah, but it's popular, free and cross-platform so new people see it and dive right in.
It's not "poorly optimized," it's "badly written." It has extra control structures for no conceivable reason, which make it hard to read and understand, pointlessly. If you really, for some reason, didn't want to initialize the array when you declared it (I am guessing you started with a much larger array, due to the pointless ksort, and pruned it down to 0/1? Filling with 0 manually in that case would be tedious), $arr.fill(0) works just fine.Xeriar wrote:I can only have so much respect for people who equate poor optimization (especially for a pruned test case) with an actual failure of implementation.
The fact that you have to read through the comments section with various posts of questionable expertise and veracity to answer most questions and read about known issues somewhat negates this.Xeriar wrote:php.net's documentation is currently king. Pretty much the sole reason. Problem with anything? Look it up.Yeah, but it's popular, free and cross-platform so new people see it and dive right in.
PHP.net's documentation is not "good".Xeriar wrote:php.net's documentation is currently king. Pretty much the sole reason. Problem with anything? Look it up.Yeah, but it's popular, free and cross-platform so new people see it and dive right in.
Not only does it have a fill function, it completely obviates your complaint, since the fill function can take as additional arguments the range of values you wish to fill. Want to do 10 - 20? $arr.fill(10, 20, 0). So, not only did the function you didn't think existed exist, it also does what you didn't think it could do.Destructionator XIII wrote:FUCK MY KEYBOARD WITH A BACK BUTTON NEXT TO THE SHIFT KEY
FUCK FUCK FUCK
Think for a minute. His code is easily altered. If he wants to change the range of the random numbers generated, it is a one line change - the mt_rand arguments. He can punch in any values and it will just work.Terralthra wrote:It's not "poorly optimized," it's "badly written." It has extra control structures for no conceivable reason, which make it hard to read and understand, pointlessly. If you really, for some reason, didn't want to initialize the array when you declared it (I am guessing you started with a much larger array, due to the pointless ksort, and pruned it down to 0/1? Filling with 0 manually in that case would be tedious),
Not so with any of your suggestions. Changing it from 0-5, for example, requires two lines changed: the mt_rand and the array constructor.
Moreover, your suggestion is needlessly wasteful of memory and performance, initializing an (associative) array that is never used.
Consider 10-20. In his code, change mt_rand and boom. On your code, what will you do? Construct a 20 element array and waste half the memory? Make it 10 elements and subtract 10 from the returned value? Lol.
Or, the most likely case: mt_rand() with no arguments, goes between 0 and RAND_MAX which is something like 2^31. Do you suggest that he allocate 2 GB * sizeof(php arr element) of memory up front?
Fucking lol, especially with only 100,000 iterations. Less than 1/1000 of that memory will ever even be used - it is sparsely and randomly populated. The very definition of where a lazy AA is meant to be used.
For the simple 0 and 1 case, your code is a bit nicer (saves two lines! woooo!) but for almost any other conceivable case, his code is vastly superior.
The real incompetence here is you throwing out the initial ad hominem (yeah, dismissing someone's points because of a "failing" in personal style is really logical. oh wait, it's a textbook fallacy) and then having your own defense of it lead the way to knocking you right on your ass, but you fail to see it! And you make the sweeping "inconceivable" claim.
Christ.
Finally, does php even have an arr.fill() function? I didn't think it did.
The original code was testing a function that generated random strings of various lengths and levels of randomness, where certain characters are forbidden (cookie storage), and I was doing various tests on that. I didn't rethink it after adjusting the test case, it being a test case.Terralthra wrote: It's not "poorly optimized," it's "badly written." It has extra control structures for no conceivable reason, which make it hard to read and understand, pointlessly. If you really, for some reason, didn't want to initialize the array when you declared it (I am guessing you started with a much larger array, due to the pointless ksort, and pruned it down to 0/1? Filling with 0 manually in that case would be tedious), $arr.fill(0) works just fine.
It makes it of disputable quality, yes, but I was referring to its accessibility.Terralthra wrote:The fact that you have to read through the comments section with various posts of questionable expertise and veracity to answer most questions and read about known issues somewhat negates this.
Why not try it?Jeremy wrote:Approximately, how long would it take for me to read enough and have enough hands on experience to know how to do any of this?
COP 2220 looks like a basic introductory course: you should know how to use a computer.The most advanced "code" I knew was how to set the background color in HTML and I don't really remember that right now. To the point, I have to take a COP 2220 course in the summer, what do I need to learn before putting my ignorant butt into it?
