PHP is a nuts and bolts function on websites. It originally stood for Personal Home Page Tools, but now stands for PHP: Hypertext Preprocessor, as though anyone cares. Anyway, it’s a must-have and it includes possible security vulnerabilities. This is all runtime stuff, and it does matter, a lot. The risks are real enough, and potentially very dangerous.
The first thing I discovered was that my PHP wasn’t just out of date, it was prehistoric. The problem with this is that my blog and site pages might be unreadable, scrambled and insecure. Nice to know. This has been going on for years and it’s still a dog’s breakfast of inconsistencies.
WordPress said to check with my host if I couldn’t upgrade my PHP myself. I don’t know if you can use a PHP which your host doesn’t support. My guess would be that you can, but it wouldn’t have much effect, or could cause as many glitches as it solves.
If you’re getting the impression that I, like everything else in existence including rocks, have better things to do with my time than fuss about with obscure internet protocols, you’re quite right. I expect these things to be easily upgradable and fixable like Java – Update, groan about the extra time, and get on with it.
So began my epic journey of discovery. Try to find web hosting account on Yahoo/aabaco/Luminate/whatever unnecessary irritating name they’re using now. Found it, after an ungodly length of time. Found Edit PHP link, like Indiana Jones and the Temple of Lost Minds. The server shut down twice on this link, which would not open.
Further investigation, with swearing in several languages, led to the fact that the PHP I have is it, pure and simple. No options. My host can’t currently do anything with PHP upgrades, even if they want to.
To achieve this masterpiece of un-usability, you need paleo codes from about 1995, and software from the days of beanies and tedious techno-bastards talking about 10kb per second downloads. The Smithsonian is the right place for this crap. Lucky Verizon!
Issues and more issues
Anyway, having found out this particularly useless and unproductive piece of information, there are a few other issues which the Great Minds of the Internet and other contradictions in terms need to know:
1. Anything to do with security has to be easy to upgrade: Why the Pedants Patrol which is running the internet is so blasé about this very basic need is anyone’s guess. With the many years of hopeless security failures under its belt, surely the internet would like to try getting security right for once in its smug, ultra-complacent, expensive to everyone, existence?
2. Users have better things to do with their time than launch major expeditions to run basic online dynamics: Who the hell has a few hours of time to waste trying to do these things themselves, screwing up and finding fixes for the screw-ups?
3. Expecting users to do these things right is absurd: Most people aren’t PHP experts. They don’t know, or more probably have forgotten, what PHP is. Asking users to do this is to ask for crashes, endless support enquiries, and a lot of wasted time for hosts and users.
4. The net cost to users and hosts of this “build your own canoe” approach is likely to be staggering: In both time and practical costs in terms of error management, a global DIY to PHP is more than ridiculous; it’s downright dangerous, and likely to be messy.
5. PHP upgrades shouldn’t require any significant site and content reconfigurations: In everything I read about PHP upgrades, the risk of older stuff getting compromised or lost was mentioned. Why? What use is that to anyone? Why would it be hard to configure new PHPs to accommodate old, relatively simple code?
Future issues
There’s another side to this global dithering PHP stuff-up. There are almost no limits to the risks posed by PHP security vulnerabilities. The bottom line is that future protocols will be more complex, with an ever-increasing backlog of insecurities and/or dysfunctions possible. This mess has to end, right now. Cloud protocols, in particular, are likely to be extremely ugly issues for older sites. The more complex the net becomes, the more efficient it must become.
The business angle is this – Sort this out right now, or you can expect lawsuits with every support call. Old functions are part of the mix, and will remain part of the mix. Nobody can afford to screw up the basics any more. Imagine if the world’s banking system went gaga over some trivial upgrade protocol issue like this. Trillions of dollars, suspended in mid-transfer, because of a code issue? Forget it. You’ll be sued down to your DNA. Just get this damn thing sorted, ASAP.
