Article Rebuttal on ASP.NET versus PHP
The ubiquitous power of the internet as a publishing platform and the concept of “freedom of speech” make for a very interesting combination.
Take this article for example. http://www.oracle.com/technology/pub/articles/hull_asp.html
Now don’t get me wrong, I don’t have a problem with an actual, experienced multi platform expert making an argument as to the strengths of PHP. I frequently do that very thing myself.
This blog article will not conclude with a blanket declaration that ASP.NET is better than PHP or that PHP is better than ASP.NET (and I work daily in both). That’s a bit like saying “my wife is better than yours”.
Read the writings of experts like Andi Gutmans (co-Founder of Zend/PHP, experienced .NET developer and former J2EE developer) or Wez Furlong. You may not agree with their conclusions, but you MUST see their contentions as a catalyst for thought because, apart from being really smart guys, they have deep, diverse, and VERIFIABLE real commercial development experience.
In addition to ASP.NET, I’m a PHP developer too. Just do a search on my name and you will find that I am member in good standing of the PHP community, which is not in conflict with my role at Microsoft on the Web Tools and Platform team. I present at PHP conferences, write PHP magazine articles, do PHP web casts, appear on PHP pod casts, and regularly trade ideas with the folks at Zend.
I evaluate technology based on its actual technical and practical merits, rather than a need to convince my audience to sign a service contract so that I can pay this month’s mortgage.
The NYC consulting firm that I owned and ran for many years had a Microsoft practice, a Java practice, and an Open Source practice, and our customers and partners were a who’s who of the fortune 500. (Meaning we were technically diverse and we weren’t struggling to pay the bills, and we had more work than we could handle from “real / name customers”.)
My problem with the referenced article is not the conclusions, so much as the simplistic propaganda of it.
First, the author identifies himself as an Oracle DBA and founder of what would appear to be a very small consulting team described as a “boutique” firm.
The company’s services section shows no experience or expertise in any Microsoft development technologies or in PHP.
They appear to be a database company that will set up your network or VOIP system, etc. There is no customer evidence published on their site that reveals any commercial development experience at all.
After the bulk of the article which is a “Programming for Beginners” tutorial with code lifted from the internet, the author concludes that PHP is “better” because of price, performance, and security.
I’d like to offer a little professional consideration to round out the articles lack of substantiation.
The article says….
“Price. Here, we must consider not simply the price tag of the initial investment, which, in the case of PHP, is obviously free, but also the implementation, maintenance, and debugging costs. In the case of PHP, you may invest in the Zend optimization engine. With ASP, however, you're investing from the very beginning, and you're spending for add-on technologies—libraries for doing graphics manipulations, for instance. But, in the long term, PHP isn't going to press you to upgrade and collect more licensing fees. Everyone who has dealt with complex licensing also knows that companies spend time and money just ensuring they are compliant. Furthermore, you have a difference in response when getting bugs fixed. This, of course, translates to time, which translates to cost for overall development.”
*** PHP is Free?
Consulting companies love to say open source is free, because if you buy what they say, then you have more money to give them for services (Usually building something from scratch – for twice the price - that you could go out and buy off the shelf.)
My time has actual monetary value. While acquisition costs can matter to very small companies, or poorly funded startup companies, real business experts concede that software licensing costs represent a very small percentage of the overall capitalization of a new company or project. What is far more important than cost of the language is the efficacy of development, update, operations, scale, etc. I’m not saying that ASP.NET is cheaper, I’m saying you can’t answer such a question without A LOT of contextual data.
*** With ASP you’re spending for add-on technologies?
This is true no mater what your development platform. If add-on technologies are available for purchase they are ALLWAYS less expensive than having a consultant build an add-on to meet your needs.
*** PHP won’t press you into upgrading?
HELLO? Try to run your PHP 3 or 4 applications on PHP 5 lately?
All software advancement requires painful change and goodness comes from it. Look at the great work being done by the folks at EzPublish. Because their code base needed significant re-write to work on PHP 5, they are re-engineering and, in addition to a 5.x version of EzPublish, EzComponents is being created.
*** With Microsoft’s “complex” licensing you’ll spend lots of time ensuring that you’re compliant.
If you’re not a lawyer, licensing is HARD.
http://www.opensource.org/licenses/ lists over FIFTY Open Source licenses (not counting different versions of the same license like GPL version1, 2, and 3). If you think understanding a single company’s ONE commercial license is hard, try figuring out what your liabilities are when you build an application using code that combines several different Open Source Licenses at once. Then try and buy indemnity for the intellectual property use without a team of researchers to verify the origin of all the code and the voracity of the authors claims of origin.
ALL LICENSING is complex !
The next generalization concerns speed and efficiency. The article says,
“Speed and efficiency. As I mentioned earlier, ASP.NET is a framework allowing you to use various programming languages. In addition, it is touted as having a great object-oriented model. All this is true, but it becomes a detriment as far as speed is concerned. For all that advantage, there is a lot more code to run through to execute the same ASP page than you have to execute in the PHP engine for an equivalent PHP page. PHP is the quick-and-dirty type of solution, the one to get the job done. And though a lot of robustness has been added to it since its 2.0 and 3.0 days, it still retains that core optimized high-speed approach. Speed is not the only consideration. Memory usage is also important.”
To generalize that a web application written in one programming language is faster than one written in another programming language is as foolish as to declare cars made in Europe are faster than cars made in Asia.
For any seasoned web application architect, programming language is low on a very long list of issues that determine a web applications scalability and performance. (Both of which are far more important than anecdotal speed of code interpretation.)
Last week I was at PHP|tek and Rasmus Lerdorf gave a great keynote address in which he did some great demos that illustrated the vast difference in web application performance as experienced by the novice developer versus that of an expert with “inside” knowledge of the architecture on which a given application is deployed.
The article’s author states declaratively that it is ASP.NET’s Object Orientation that makes ASP.NET slow. I guess he missed the complete OO support in PHP 5 and must never have programmed in C++. The author goes on to say that PHP is “Quick & Dirty” but that is it optimized for speed.
Neither of these statements is true.
As to one needing “more code” in ASP.NET, one would actually have to have worked in both environments in order to make such a comparison.
The author also dedicates an entire paragraph to security. J He surmises that PHP is more secure because it runs on Apache. He states….
“Security. ASP.NET runs on IIS, which has been compromised innumerable times, as evidenced by IT news reports every other week. It has become such a liability, in fact, that in spite of all the marketing dollars spent on it, many IT professionals refuse to have their networks exposed with an IIS Web server. PHP, however, works with Apache, which has a proven track record of speed, reliability, and hardened security. “
In point of fact, IIS 6 (on the market for nearly three years) has never had a critical security vulnerability. Period! In fact, many industry organizations have performed studies and concluded that Windows Server 2003 and IIS are simply more secure than Linux / Apache. (http://www.microsoft.com/windowsserversystem/facts/analyses/vulnerable.mspx)
Experientially speaking, programming language has little to do with security. All commonly accepted evidence agrees that ¾ of today’s security problems are the result of application level defects and not IT infrastructure vulnerabilities.
Though ASP.NET & Windows offer great built in features to facilitate security (Code Access Security, System.Cryptography, Active Directory, ADAM, Authorization Manager, Custom Identities and Principals, etc.) PHP developers with Secure design and development skills can also create secure applications. Application security is a developer skill set issue NOT a syntax choice issue.
The article then goes on to contradict itself……
“Cross-platform applicability. ASP.NET runs on IIS and is starting to run on Apache, which can run on a whole host of platforms. PHP has been designed to work with Apache from the beginning, so you have many proven and reliable server platforms to choose from. “
The above statement says ASP.NET works on multiple platforms, but was designed for Windows. PHP also runs on multiple platforms but was designed for Apache(Linux). In the real world, people don’t deploy on one platform and then later decide to move applications (without re-writing) to a different platform. The more complex an application is, the more OS specifics that are required. There ARE reasons to choose one OS over another, but which programming language you want to use is not one of them.
The author then goes on to contradict himself again by discounting the cost saving of choosing Open Source as just “a few bucks on licensing costs”, as opposed to his earlier comments about the significance of those “few bucks:”. The article goes on to make the “more eyes means quick bug fixes”.
“Open source opportunity. Open source is not just some philosophical torch idealistic programmers, or companies wanting to save a few bucks on licensing costs, are carrying. When you're dealing with bugs in the software itself, open source can be a serious godsend.
In either case, with PHP or ASP.NET, you have a large user base using the software and possibly encountering bugs. With ASP.NET, those bugs have to go through a bureaucratic process to get acknowledged, fixed, tested, and rolled out in a new patch or release. PHP fixes, however, can get fixed quickly and re-released. Anyone who has watched open-source development knows new releases and patches often come out in days rather than in weeks or months, as with commercial software. If that's not fast enough, you can always fix a problem yourself if you have to. “
This declaration is most commonly attributed to folks that don’t actually do commercial Open Source development as there are several logical flaws.
- More eyes on a project do not mean more work gets done. (You can put a thousand men on the project but they still can’t produce a baby as quickly a one women.)
- Most open source projects (like the PHP Core) are built by a small core team, unsolicited contributions are not merged without detailed review for quality, impact, and Intellectual Property review.
- SLAs are generally not available for community owned Open Source projects.
- Fixing a bug yourself in something like the PHP interpreter, the Linux Kernel, or the Apache web server is not a trivial exercise. An anecdotal survey that I performed at a PHP Talk recently revealed that NONE of the PHP Developer in attendance had actually compiled PHP from scratch.
The choice between ASP.NET and PHP for professional web development is not Performance / Scalability. Both can be made equivalently fast and scalable.
It is not security – application level security is a factor of Secure Development practices, pure and simple.
And it’s not a matter or licensing costs. (Except for hobbyists or very small, under funded companies).
It is, I believe, a factor of two groups of criteria.
First - Full lifecycle costs including, licensing acquisition, IP indemnity, human factors (cost and productivity), agility (the cost or change), support (the cost of maintenance, repair, trouble shooting, down time, etc.), operational management, etc.
The complexity of this question in “The Real World”, can not be answered with out a great deal of data about the organization, it’s application domain, it’s staff, etc. Making fiscally responsible business decisions if complex – you gotta to the research.
Second – Philosophy. Not philosophy is the philanthropic, Open Source – free as in Speech, religious argument, but rather the software engineering philosophy that you adhere to.
ASP.NET is Strongly Typed, Object Oriented, Sandboxed, Multi-Syntax, Component Centric, Event Driven, forms oriented, pre-compiled experience.
PHP is a loosely typed, objects optional, fixed syntax, component-less, runtime interpreted, structured programming model.
The debate will rage long after I retire as to whether strong structure or “loose and wild” development methodologies are superior.
In my experience it’s irresponsible to make unqualified blanket declarations out of context. In fact I often use both, and I frequently use them together.
To Sean Hull, the article’s author, I concede that it’s hard to stay current with technology at the detailed level. While I once did a great deal of work with Oracle (on side with them in the MD facilities) I’m out or touch with the latest features of the Oracle engine myself.
Sean, if your out t here, drop me an email, I’ll be happy to hook you up with Visual Studio and a guided tour of ASP.NET and PHP.
To everyone else, choose ASP.NET or PHP (5), but do so based on a factual evaluation predicated on your own needs as weighted against FACTS.