Comment On Raiding the RAID

"I'm currently in the process of customizing the firmware for a RAID controller used in some of my company's products," jspenguin wrote, "The LCD Controller Module (LCM) is written in PHP and, as it turns out, an LCM is not quite what PHP was designed for. In addition to abusing exec() all over the place, they poorly re-implement functions that are built-in to PHP." [expand full text]
« PrevPage 1 | Page 2 | Page 3Next »

Re: Raiding the RAID

2008-11-03 09:03 • by mitschke (unregistered)
But exec is so temting easy sometimes....

Re: Raiding the RAID

2008-11-03 09:07 • by KittyKat (unregistered)
Wouldn;t it been safer and better to add a custom php addin?

Re: Raiding the RAID

2008-11-03 09:11 • by Tim (unregistered)
Dear God,

Please kill PHP.

Sincerely,

Everyone except PHP programmers (and VB programmers).

Re: Raiding the RAID

2008-11-03 09:13 • by Hivemind (unregistered)
I'm an IT geek whose primary language is PHP *ducks*
Though I've never done anything like this, I at least know when to NOT use PHP. For shell scripting - yes, anything browser-based - ok. but that? hell no.

*sigh*

Re: Raiding the RAID

2008-11-03 09:19 • by g0ats3 (unregistered)
5th!!!!!!1111!!555%%555five

Re: Raiding the RAID

2008-11-03 09:20 • by snoofle
This comment on php-driven raid controllers *beep* is being written because *Beep* it is important to note that *BEEP* php may not be the best choice for this purpo... *Plug yanked*

Re: Raiding the RAID

2008-11-03 09:24 • by Mii (unregistered)
I'm a PHp programmer.. and I actually didn't recognize that as PHP...

And yes.. I agree.. kill PHP please.. now that decided to use the \ as namespace separator I really wanne quit it :S

Re: Raiding the RAID

2008-11-03 09:26 • by Bob (unregistered)
It always scares me when I meet engineers who program. Think of all the firmware code out there. And what it does.

Re: Raiding the RAID

2008-11-03 09:29 • by Jason Felice (unregistered)

My favorite part is definitely:

$new_str .= sprintf("%s", $str);

Re: Raiding the RAID

2008-11-03 09:33 • by Ken (unregistered)
oh... my... god.

that's worse than the LSI Logic RAID util code I had to work on last summer as an intern. Here I was thinking that was the worst code I would ever see...

Re: Raiding the RAID

2008-11-03 09:34 • by Bobble (unregistered)
I think there is a CTO that deserves a beating somewhere.

Re: Raiding the RAID

2008-11-03 09:36 • by SlyEcho
226568 in reply to 226565
Jason Felice:

My favorite part is definitely:

$new_str .= sprintf("%s", $str);



Well, it's better than:

$new_str .= sprintf($str);

PHP not so bad

2008-11-03 09:37 • by Richard (unregistered)
Actually, PHP-CLI is quite a decent scripting language for general purpose use. In many cases, it's interchangeable with perl. Given that the LCD control probably requires just a bit of simple "glue", and some re-formatting, and most likely has a serial port interface, I can't see anything wrong with using PHP here. If the performance is bad, it's probably not PHP that's really to blame, but one of the underlying programs.

For what it's worth, I do use PHP extensively, and (at the risk of thinking that, if all you have is a hammer, everything looks like a nail), I've used it for simple hardware interfacing myself.

Re: Raiding the RAID

2008-11-03 09:52 • by Anonymous (unregistered)
RAID controller firmware is definitely not a personal home page. And even if it was, I'd still question the use of PHP.

Re: Raiding the RAID

2008-11-03 09:59 • by mauhiz (unregistered)
exec('echo "This is a comment"' > mycomment && wget --post-data mycomment "http://thedailywtf.com/Comments/AddComment.aspx?ArticleID=6348"');

Re: PHP not so bad

2008-11-03 10:00 • by Alex (unregistered)
226572 in reply to 226569
Richard:
Actually, PHP-CLI is quite a decent scripting language for general purpose use. In many cases, it's interchangeable with perl. Given that the LCD control probably requires just a bit of simple "glue", and some re-formatting, and most likely has a serial port interface, I can't see anything wrong with using PHP here. If the performance is bad, it's probably not PHP that's really to blame, but one of the underlying programs.

For what it's worth, I do use PHP extensively, and (at the risk of thinking that, if all you have is a hammer, everything looks like a nail), I've used it for simple hardware interfacing myself.


Isn't that like using paper glue to try and tie two pieces of PVC pipe together ?

Re: Raiding the RAID

2008-11-03 10:17 • by relaxing (unregistered)
please, please tell me what company this is so i can not buy their products...

Re: Raiding the RAID

2008-11-03 10:20 • by PHP Programmer (unregistered)
http://www.php.net/manual/en/function.str-pad.php

Re: Raiding the RAID

2008-11-03 10:20 • by kennytm
226575 in reply to 226568
SlyEcho:
Jason Felice:

My favorite part is definitely:

$new_str .= sprintf("%s", $str);



Well, it's better than:

$new_str .= sprintf($str);

Don't worry, at least PHP's sprintf is safe from format string attack.

Re: Raiding the RAID

2008-11-03 10:21 • by kennytm
exec("killall php");

Re: Raiding the RAID

2008-11-03 10:42 • by tdb
WTF for does an LCD controller module write events to log? Shouldn't it, like, control the LCD and let other parts of the system do the logging and whatnot?

Re: Raiding the RAID

2008-11-03 10:44 • by operagost
226581 in reply to 226554
Tim:
Dear God,

Please kill PHP.

Sincerely,

Everyone except PHP programmers (and VB programmers).


Ha ha, I get it. You're an elitist programmer. You probably only know C on BSD or Linux, spell "Windows" with a Z, and laugh at "User Friendly." You do a little web programming in Perl, but dismiss its inferiorities as being part of a "more powerful" scripting language "not for MC$E idiots." Your fatal slip was attacking VB and PHP in the same sentence, whereas they are two totally different languages and, for one, PHP is actually cross-platform. Ha ha, I and every other quasi-programmer who even knows how to spell PHP should kill ourselves. That's hilarious. I can't wait to hear your splendid C-pound material.

Re: Raiding the RAID

2008-11-03 10:48 • by Ted (unregistered)
"... not quite what PHP was designed for."

PHP was designed?

Re: Raiding the RAID

2008-11-03 10:50 • by Matt (unregistered)
226583 in reply to 226581
operagost:
Tim:
Dear God,

Please kill PHP.

Sincerely,

Everyone except PHP programmers (and VB programmers).


Ha ha, I get it. You're an elitist programmer. You probably only know C on BSD or Linux, spell "Windows" with a Z, and laugh at "User Friendly." You do a little web programming in Perl, but dismiss its inferiorities as being part of a "more powerful" scripting language "not for MC$E idiots." Your fatal slip was attacking VB and PHP in the same sentence, whereas they are two totally different languages and, for one, PHP is actually cross-platform. Ha ha, I and every other quasi-programmer who even knows how to spell PHP should kill ourselves. That's hilarious. I can't wait to hear your splendid C-pound material.


Wow. Who made you king jack-ass?

Re: Raiding the RAID

2008-11-03 10:52 • by Evo
226584 in reply to 226582
Ted:
"... not quite what PHP was designed for."

PHP was designed?


Absolutely. By about 5000 different people with completely different ideas.

Re: Raiding the RAID

2008-11-03 11:05 • by bla (unregistered)
226586 in reply to 226582
Ted:
"... not quite what PHP was designed for."

PHP was designed?


You made my day :-)

Re: Raiding the RAID

2008-11-03 11:13 • by idan (unregistered)
226588 in reply to 226582
sprintf("I agree.");

Re: Raiding the RAID

2008-11-03 11:17 • by EatenByAGrue (unregistered)
226589 in reply to 226582
Ted:
"... not quite what PHP was designed for."

PHP was designed?


No, it was congealed.

And this whole article can be filed under "use the right tool for the job". Having been subjected to PHP in previous jobs, it's semi-tolerable for web apps, but worse than useless in most other contexts.

Re: Raiding the RAID

2008-11-03 11:18 • by Chiper (unregistered)
226590 in reply to 226584
Evo:

PHP was designed?

Absolutely. By about 5000 different people with completely different ideas.

Each of them coming and going over the course of, what, ten years? PHP has more depreciated function calls and features then any other language I've ever used.

But I still love it, because it's easier to work with then JSP, and cheaper to deploy then ASP.

Re: Raiding the RAID

2008-11-03 11:22 • by jspenguin
226591 in reply to 226580
tdb:
WTF for does an LCD controller module write events to log? Shouldn't it, like, control the LCD and let other parts of the system do the logging and whatnot?


No, it doesn't handle logging. The log daemon is written in C -- but running 'strings' on it reveals that it abuses 'exec' just as much:


$ strings qlogd
...
/bin/umount -f %s >/dev/null 2>&1
/sbin/e2fsck -p %s >/dev/null 2>&1
/bin/mount -t ext3 %s %s >/dev/null 2>&1
/sbin/mke2fs -j -b 4096 %s >/dev/null 2>&1
...
ifconfig eth0 | awk '/inet addr:/{print $2}' | awk -F: '{print $2}'
...
/usr/bin/snmptrap -v 1 -c %s %s %s %s 6 %d "" %s s "%s"
...
%s %s: "%s" "%s" "%s" "%s" "%d" "%s" "%s" "%s" >/dev/null 2>&1

Re: Raiding the RAID

2008-11-03 11:28 • by gabba
Not clear what he means by "due in no small part to the kernel module, exec() is slow", but if he's loading and unloading the module on demand, try not doing that.

Re: PHP not so bad

2008-11-03 11:29 • by Matthew (unregistered)
226593 in reply to 226569
Richard:
For what it's worth, I do use PHP extensively, and (at the risk of thinking that, if all you have is a hammer, everything looks like a nail), I've used it for simple hardware interfacing myself.


In this case PHP is the hammer, and the problem is a screw. Yeah if you bang hard enough it will work, but a Screwdriver (C) or even a powerdrill (Python) would work much better :)

Re: Raiding the RAID

2008-11-03 11:48 • by SomeCoder (unregistered)
I've seen this sort of thing a lot. In fact, I know people who actively do it, though not to this degree, certainly.

Because PHP has the CLI interface, everyone thinks that it's great for writing applications.

PHP may not stand for Personal Home Page anymore, but that doesn't mean it's a good language to use to interface with hardware.

I like PHP for web stuff but this kind of abuse is just... gah.

Re: PHP not so bad

2008-11-03 11:48 • by Yep (unregistered)
226596 in reply to 226593
Matthew:
Richard:
For what it's worth, I do use PHP extensively, and (at the risk of thinking that, if all you have is a hammer, everything looks like a nail), I've used it for simple hardware interfacing myself.


In this case PHP is the hammer, and the problem is a screw. Yeah if you bang hard enough it will work, but a Screwdriver (C) or even a powerdrill (Python) would work much better :)


Haha.. Python.. a power drill. That's a good one. You almost had me believing that you were serious.

Re: Raiding the RAID

2008-11-03 12:14 • by Robert Englewood (unregistered)
226598 in reply to 226590
Chiper:

PHP has more depreciated function calls and features then any other language I've ever used.

Oh sure, these other function calls might be worth half of what they used to, but you can't really expect to get retail price after they're standardized anyway.

Re: Raiding the RAID

2008-11-03 12:19 • by rycamor (unregistered)
Well now, it could have been worse. They could have hosted Windows inside a virtual machine and then run an instance of ASP.NET, with the backend calls being implemented as emails to the host (Linux?) OS.

Or Ruby on Rails (ducks flamewar).

Seriously, I have perpetrated a few PHP atrocities (although I at least coded them better), but never in my wildest most desperate imaginings would I use PHP on firmware. The only scripting language I see as being appropriate for firmware might possibly be Lua, but honestly, if you're going to the trouble, why not just code it in C? It's FIRMWARE. The whole concept of firmware runs completely counter to the idea of scripting languages.

Re: PHP not so bad

2008-11-03 12:24 • by Anon Ymous (unregistered)
226601 in reply to 226596
Yep:
Matthew:
Richard:
For what it's worth, I do use PHP extensively, and (at the risk of thinking that, if all you have is a hammer, everything looks like a nail), I've used it for simple hardware interfacing myself.


In this case PHP is the hammer, and the problem is a screw. Yeah if you bang hard enough it will work, but a Screwdriver (C) or even a powerdrill (Python) would work much better :)


Haha.. Python.. a power drill. That's a good one. You almost had me believing that you were serious.


Python is a football bat.

Re: Raiding the RAID

2008-11-03 12:27 • by James (unregistered)
OK, I have one question about the very last code snippet: if exec'ing was wrong to get the IP of eth0 (specifically eth0, not just "any old network"), what's the right way to do it? I've been looking for just that kind of information lately...

Re: Raiding the RAID

2008-11-03 12:29 • by jspenguin
226603 in reply to 226599
rycamor:
The only scripting language I see as being appropriate for firmware might possibly be Lua,


YES. Thank you. If I had actually designed the blasted thing, I would use Lighttpd and Lua. Lua is faster than PHP or even Python (which is still much better than PHP). A scripting language is fine for things like the web UI.

Bad programmers can write PHP in any language, though.

Re: Raiding the RAID

2008-11-03 12:39 • by rycamor (unregistered)
226604 in reply to 226603
jspenguin:
A scripting language is fine for things like the web UI.


Except for the part about it being a custom kernel module. Again, if you are going to go to the trouble of building a kernel module... in C...?

jspenguin:

Bad programmers can write PHP in any language, though.


I like that one, and I'm going to use it.

Re: Raiding the RAID

2008-11-03 12:40 • by JamesQMurphy
Well, at least all of the exec's appear to be abstracted into centralized functions. Think how much worse it would be if the code was peppered with exec('ipconfig ...') all over the place.

Re: Raiding the RAID

2008-11-03 12:41 • by jspenguin
226606 in reply to 226602
James:
OK, I have one question about the very last code snippet: if exec'ing was wrong to get the IP of eth0 (specifically eth0, not just "any old network"), what's the right way to do it? I've been looking for just that kind of information lately...



struct ifreq req;
int fd = socket(AF_INET, SOCK_STREAM);

strcpy(req.ifr_ifrn.ifrn_name, "eth0");
ioctl(fd, SIOCGIFADDR, &req)
return inet_ntoa(((struct sockaddr_in*)req.ifr_ifru.ifru_addr).in_addr);


It would be easy to code a wrapper function for PHP that does that. They already have several custom native functions that allow the PHP web UI to manage the RAID.

Even still, the command is a pipeline that starts three processes, when it could just start one ("ifconfig eth0") and parse the output text itself instead of using awk and grep. That's what my replacement function does.

And calling "grep" just to find out if a file contains a certain line -- well that's just pure laziness and stupidity.

Re: Raiding the RAID

2008-11-03 12:43 • by Zach Bora (unregistered)
http://ca.php.net/manual/en/preface.php:
http://ca.php.net/manual/en/preface.php PHP, which stands for "PHP: Hypertext Preprocessor" is a widely-used Open Source general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Its syntax draws upon C, Java, and Perl, and is easy to learn. The main goal of the language is to allow web developers to write dynamically generated web pages quickly, but you can do much more with PHP.


the sky is the limit!

Re: Raiding the RAID

2008-11-03 12:45 • by jspenguin
226608 in reply to 226604
rycamor:
jspenguin:
A scripting language is fine for things like the web UI.


Except for the part about it being a custom kernel module. Again, if you are going to go to the trouble of building a kernel module... in C...?


I think you misunderstand. The kernel module is not written in PHP. My brain would explode if it was.

The RAID module (sansoft.o) is written in C, but it's so poorly written that it slows down the entire system. It creates a kernel thread called "SCHED" that constantly uses 97% of the CPU.

If I boot with a stripped down firmware that doesn't load the module, everything runs snappy.

Re: Raiding the RAID

2008-11-03 12:46 • by Bored Bystander (unregistered)
226609 in reply to 226590
Chiper:

...snip...
PHP has more depreciated function calls and features then any other language I've ever used.
...snip...


Give it a while, Python will definitely have more.

Re: Raiding the RAID

2008-11-03 12:55 • by rycamor (unregistered)
226610 in reply to 226608
jspenguin:
rycamor:
jspenguin:
A scripting language is fine for things like the web UI.


Except for the part about it being a custom kernel module. Again, if you are going to go to the trouble of building a kernel module... in C...?


I think you misunderstand. The kernel module is not written in PHP. My brain would explode if it was.


No, I understood that, but I was under the impression that the PHP/Apache runtime was a custom kernel module. In other words, someone still had to go to the trouble of mucking around with C and compiling, just to get the scripting environment.

Or am I wrong about that also?

Re: Raiding the RAID

2008-11-03 13:16 • by jspenguin
226611 in reply to 226610
rycamor:
jspenguin:

I think you misunderstand. The kernel module is not written in PHP. My brain would explode if it was.


No, I understood that, but I was under the impression that the PHP/Apache runtime was a custom kernel module. In other words, someone still had to go to the trouble of mucking around with C and compiling, just to get the scripting environment.

Or am I wrong about that also?


The kernel module is just for the RAID. The http daemon (I think it's called mini_httpd) runs in userspace, and uses plain old CGI to interface with PHP. The PHP binary is definitely customized, as I said before, since they have functions that interface with the RAID module (probably through ioctls on some device -- I haven't disassembled anything). Apparently, they don't know how to use standard IOCTLs, though.

Also, because each PHP CGI request involves forking and execing, the web UI is slow as crap. And perhaps the biggest WTF is that using the web UI can actually slow down transfer speeds - over Ultra320 SCSI. And, since the web UI automatically refreshes every 10 seconds or so, even having the config UI open can slow down transfers.

Re: PHP not so bad

2008-11-03 13:17 • by Charles400
226612 in reply to 226593
Matthew:
Richard:
For what it's worth, I do use PHP extensively, and (at the risk of thinking that, if all you have is a hammer, everything looks like a nail), I've used it for simple hardware interfacing myself.


In this case PHP is the hammer, and the problem is a screw. Yeah if you bang hard enough it will work, but a Screwdriver (C) or even a powerdrill (Python) would work much better :)



Ha, heh, heh... you said "screw",... heh, heh, ha... and "bang".

Re: Raiding the RAID

2008-11-03 13:26 • by snoofle
226614 in reply to 226606
jspenguin:
James:
OK, I have one question about the very last code snippet: if exec'ing was wrong to get the IP of eth0 (specifically eth0, not just "any old network"), what's the right way to do it? I've been looking for just that kind of information lately...



struct ifreq req;
int fd = socket(AF_INET, SOCK_STREAM);

strcpy(req.ifr_ifrn.ifrn_name, "eth0");
ioctl(fd, SIOCGIFADDR, &req)
return inet_ntoa(((struct sockaddr_in*)req.ifr_ifru.ifru_addr).in_addr);


It would be easy to code a wrapper function for PHP that does that. They already have several custom native functions that allow the PHP web UI to manage the RAID.

Even still, the command is a pipeline that starts three processes, when it could just start one ("ifconfig eth0") and parse the output text itself instead of using awk and grep. That's what my replacement function does.

And calling "grep" just to find out if a file contains a certain line -- well that's just pure laziness and stupidity.

It's been a VERY long time since I've used "C", but I am quite certain it doesn't garbage collect connections; shouldn't you also close the socket?

If you're going to show someone how to do something, please go all the way!

Re: Raiding the RAID

2008-11-03 13:33 • by rycamor (unregistered)
226616 in reply to 226611
jspenguin:


The kernel module is just for the RAID. The http daemon (I think it's called mini_httpd) runs in userspace, and uses plain old CGI to interface with PHP. The PHP binary is definitely customized, as I said before, since they have functions that interface with the RAID module (probably through ioctls on some device -- I haven't disassembled anything). Apparently, they don't know how to use standard IOCTLs, though.

Also, because each PHP CGI request involves forking and execing, the web UI is slow as crap. And perhaps the biggest WTF is that using the web UI can actually slow down transfer speeds - over Ultra320 SCSI. And, since the web UI automatically refreshes every 10 seconds or so, even having the config UI open can slow down transfers.


So my argument still stands. They had to install an httpd daemon, and customize and compile their own PHP binary, which still pretty much begs the question of using a scripting language. Not to mention, they used CGI?? And auto-refreshes... gahh!! The more I hear, the more WTF I see. Really, the simple fact that PHP was used is the least of the WTFs here.
« PrevPage 1 | Page 2 | Page 3Next »

Add Comment