Context is key when buying a car, in digital government or in PHP

I often find folks in tech to be very dogmatic. “Framework X is the best “, “Java is a terrible language”, “pineapple doesn’t belong on a pizza”, etc.

There seems to often be a lack of context when we throw out thoughts like that.

It’s a bit like someone asking you what’s the best car and you tell them a Ferrari. So they go and buy a Ferrari and they try to use it to move their family across the country.

I saw a talk by the creator of PHP Rasmuf Lerdorf looking back at the 25 years of PHP. If there’s one thing that everyone who’s been using PHP with version 4 knows is that register globals was a terrible idea.

For everyone didn’t code PHP way back in the day. Previously, if you had a GET or POST parameter such as ?test=random_string a variable called $test was created automatically with the value passed in. No sanitation etc. So if you had some code that let’s say checked if a variable existed, well an attacker could basically inject any variable they wanted. I (and pretty much everyone) always thought this was the dumbest thing.

In his talk Rasmuf talks about register globals. And one thing he mentions is that, when this was created, JavaScript didn’t exist….. That blew my mind. In that context it made much more sense! A whole attack vector just didn’t exist when it was created. Now I’m not saying it was a good idea even considering that but just learning about the whole context was mind opening.

I find that searching for the context behind decisions is at times missing in digital government. I’m working at CDS and when working with partners there are often technology decisions that will make people’s eyes roll (I’m sure I’ve been guilty of this as well).

I think those kinds of comments don’t help anyone. They certainly don’t help us understand the context in which these decisions were made.

It’s easy to shit on tech work in government, what’s less easy is really trying to understand the context that lead to these decisions. The constraints people were under, the requirements, the available resources. All those things we might not know about. Only after we’ve started to build a shared understanding of what the current context is can we, together, find a better solutions to serve people better

Leave a Reply

Your email address will not be published. Required fields are marked *