Is there a danger of using external libraries?

Discussion in 'Forum Software Development' started by Danielx64, Jan 18, 2016.

  1. Danielx64

    Danielx64 Developer

    3,330
    607
    +1,395
    Many forum systems use external libraries such as HTMLPurifier, Zend and so on. While they are great, I do feel that that they come at a cost: you are relying on the 3rd party developer to update their library to support new standards and in the case of the two named libraries, new versions of PHP.

    Last time I checked IPS 4.1 wouldn't work on PHP 7 because of HTMLPurifier, and IMO that would have been a bad thing for IPS. Had IPS be using their own custom written library/function, this wouldn't had happen and if it did, IPS would be able to fix it themselves.

    What do you think about the cost of using external libraries and do you think that it worth the risk?
     
  2. ozzy47

    ozzy47 Tazmanian Veteran

    9,007
    892
    +4,328
    I don't like using third party libraries on my sites. I like to have it all locally hosted when feasible.
     
  3. Jake

    Jake Developer

    1,058
    362
    +1,111
    I think you may want to reread the OP :whistle:

    Really, for most of it there is no need to reinvent the wheel. Zend has been around for years, I doubt they're going anywhere.
     
  4. LeadCrow

    LeadCrow Apocalypse Admin

    6,436
    1,232
    +2,179
    It's always well worth going with actively developped third-party libraries. They update at their own pace, passively granting you benefits as you update.

    There is no reason to believe functions not available in an 'outdated' library could be walked around by simply ditching it and using homegrown code. Tinkering with the thrid-party library's code should generally always be the much cleaner option, especially if your code gets adopted upstream (to reduce conflict between implementations over time, as libraries eventually adopt similar changes to yours, forcing you to either adopt theirs or ditch yours and requiring your customers to do the same).
     
    • Like Like x 1
    • Agree Agree x 1
    • List
  5. dtdesign

    dtdesign Developer

    569
    287
    +658
    It is a "risk vs reward" thing and I seriously doubt that it would be wise to opt-out for 3rd party libraries at all. It heavily depends on the purpose, its importance and the cumulative work required to build and maintain an own solution.

    HTMLPurifier is a huge library which is well-tested and covers pretty much all edge case you have to deal with when working with HTML. If IPS opted to build an own version it would cost them a lot of time (and in return money) and there will always be trade-offs regarding functionality and flexibility which could have serious drawbacks when it comes to 3rd party modifications.

    You should look it another way, WYSIWYG editors are pretty much everywhere and they're in fact a 3rd party library. Creating an own version makes absolutely no sense, especially considering they're a huge time sink when it comes to compatibility even with common browsers.
     
  6. Danielx64

    Danielx64 Developer

    3,330
    607
    +1,395
    While I see where you are coming from, I can also see it as that if someone decides to use a huge framework/library that is overkill and heavy that could seriously affect a script performance. And in some of those cases, the same thing can be done in far less code, and run faster. But again, I am a bit of a performance freak when it comes to online scripts. WordPress and phpBB 3.1 comes to mind.
     
  7. Rune

    Rune Neophyte

    8
    6
    +0
    I don't think it's necessarily bad or dangerous to rely on a custom library, especially for something like PHP which lives and breathes through them. Codes grow old and obsolete all the time and there's usually a replacement of abandoned libraries. On the other hand, if you're worried about being in the cutting edge, eventually you will want to rewrite the whole thing anyway even when you did self-code everything. Otherwise, there's not much harm in sticking with the older version for a while. Although, it's good to plan for the future as the security risks may increase over time.

    In the end, it's not like you're doomed if the third-party devs stop maintaining their code. You can always write your own or modify theirs if you have an understanding of the language. So long as it isn't absolutely necessary to do it yourself, I don't see a reason to be overzealous and try to make everything by yourself. Especially nowadays, where there are just too many pitfalls you can easily fall into in terms of performance and security. Unless you're a programming genius who somehow is able to understand computer science at an otherworldly levels or a huge company, it's usually impossible to keep track of every single of the always changing "best-practices" and technology.
     
  8. rafalp

    rafalp Desu Ex

    1,180
    707
    +363
    Code amount performace penalty is only viable at parse time (which is why standard opcode cache in PHP was such a big thing). Once its op/byte code, its number of function calls executed by interpreter that should bother you and I/O ops.

    If your framework's overhead on script's performance is noticable, you are doing something wrong. I'm doing great deal of Django development, and there's great deal of whinies out there ready to go "oh but its so slow and heavy you should move everything to Flask with SQLAlchemy for db operations". And then I deploy complex app for major country-wide campaign that notes 100k hits hour in Django and its DB searches missing indexes on 10 gigabytes PostgreSQL table that bite us when Django notes 10% cpu usage.

    The same WP where every function call in API is actually wrapped in 15 extra calls because of their plugin system that is notorious for being slow and heavy on resources?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.