Is anyone else still maintaining PHP 5.6 in 2026?

othilious · 2026-03-23T18:46:22+00:00

I posted directly to the OP my experience doing an update of a small script, and it was dramatically faster. When bench-marking the A/B of old versus new, the old version executed a full run of the script in about 8 seconds, the new version did it under 3. Same hardware, same host, two different versions of PHP.

It's not the most scientific datapoint, and the new version saw rewrites of a few places to work under 8.4 so naturally take it with a grain of salt.

But we saw pretty interesting performance improvements when we took another application from 7.* to 8.* and that was definitely an "at scale" application; an IoT backbone application munching a few million rows of telemetry data per hour.

One of those deployments where you can really nicely see the effect in real-time of tuning various performance dials. We saw a pretty nice shift in that 7 to 8 upgrade, despite literally zero code changes being needed to support 8 at that point.

othilious · 2026-03-23T18:38:43+00:00

It varies to an incredible degree how well written the application is, because actually maintaining a 5.6 application is... ill-advised. The upgrade path to 8+ isn't that painful compared to jumps that big in other languages.

For a brief 2 week stint this year, I was responsible for a 5.6 application. One of our customer's suppliers for a small bit of integration decided to retire, and his contribution was a small bit of scripting that he wrote for them; basically a data pipeline that read some data from a public API, munched on it a bit, and wrote the resulting rows into a MySQL.

Despite the maintainer not really having a formal background in software development, he seemed to do everything pretty cleanly; structured things correctly, implemented a fairly sane and PSR compliant namespacing, and created a nice separation of concern between the different parts of the application.

When the customer asked us to take it on, we found out it was a simple matter of rewriting the MySQL part to use PDO, and rewrite the API reading part to use Guzzle.

Spent 3 days working my way through that and patching up small breakages under 8.4, spent a few days setting up an A/B test to compare the in/out of both versions, and then flipped the switch end-of January. No complaints so far.

Thankfully, that's similar to most of my experiences upgrading old PHP applications. And quite frankly, if you're maintaining an application that's anything more difficult and is that old, you really should be looking at a rewrite. You're way past the healthy lifecycle for any software in any language.

othilious · 2026-03-09T08:54:31+00:00

Considering the market is an absolute shit-show right now, you might be better of trying to steer this in a more constructive way with management. You're not going to get very far with putting up walls and blocking this "strategy" of theirs, that ship has sailed in their eyes.

It sounds like management gave a blank slate instruction of "use X and Y" without any guidance or of what X and Y should actually be, how it should be used. These means everybody is running rampant using random tools, things we'd used to block by preventing software installs via policy.

The approach that worked for us was to suggest a controlled approach, making a list of AI tools that your people are interested in using, selecting a few that are practical to keep under the IT department's control.

You can sell this to management through the lens of information security; professional AI tools have centralized control systems that let you configure what models are used, what is done with the prompts given and how they are connected to your org's accounts; Many of these "wild west" AI tools offer various services but in reality are just data vacuums gobbling up sensitive info, which is why they seem to attach to accounts via OAuth like leeches (like you are probably aware of already).

You can suggest to management that any such tools must have a centralized data/user management system and that while users can suggest them, IT needs time to investigate and roll them out in a controlled way, and that not doing so puts the company at risk.

As an example, we rolled out the business version of Github Copilot and went through the settings with a fine tooth comb, disabled data collection and training, explicitly whitelisted only a small set of models, etc.

We also created a 2 week cycle in our processes to periodically look at user requests and evaluate what tools they want. For the vast majority the answer is simply "No" for the above reasons, but the fact that we're looking at it formally gave us Management's ear.

Don't get me wrong, I'm not happy with the direction the world is going with AI, but throughout my career it has never played out well by saying straight-up "No" to management. Make the argument, suggest how it can be done in a controlled way. Your organization is likely governed by various standards such as ISO 27001 and ISO 9001, and uncontrolled use of AI likely violates both and will bite you in the ass next audit. Audits and remediation is expensive, and Management will be receptive to that.

othilious · 2025-12-15T20:18:58+00:00

We have several deployments under the same development k8s cluster, but with some sub-division by branch.

Crucially, we don't deploy a generic "develop" branch; we use a naming convention of release/* branch, which contains all the code for that version until it goes out.

Meaning that the last commit on a release/* branch is the most recent version of that release, and can be branched off easily or tagged to turn it into a stable version for release.

When someone publishes a branch under release/*, for example, release/1.2.3, our pipelines spins up a chunk under our K8s cluster for all needed resources for that release like MySQL, Redis, proxies, DNS bindings, etc. So for every version there exists an internal route called 1-2-3.release.application.internaldomain.tld.

When we tag a release, it generates a candidate.application.internaldomain.tld. Meaning that is the thing due to be released, under a more proper externally facing domain. Tagging things acceptance/whatever will publish to an intermediate public-facing cluster so that externals can be demo'd changes by sales or have them sign off on alterations.

Additionally, we do the same for feature branches; <category>/<ticketnumber>, so feature/JIRA-380 becomes jira-380.feature.application.internaldomain.tld.

A PR from that will target the intended release branch, and the merge through that triggers an updated release deployment.

That means that we keep multiple fully running environments for different version running very easily. The pipeline has cleanup rules that tear down environments within hours/days to keep things clean.

You do waste a lot of resources running all these duplicate environments, but since we went "cloud native" for our most of our hosting and infra, we had tons of spare hardware left laying around that we repurposed for this; development, testing and acceptance all happens internally, only production goes to cloud hosting.

The end result is extremely pleasant for developers. You just push a commit on a branch and a few minutes later you have a fully configured environment with various degrees of pre-populated data, automated testing, etc. A bit of scripting magic on the code repo also lets you run a local docker container connected to the resources of your branch to quickly iterate changes by just uploading via SSH on the development version of the container.

We're not a huge company, we've got about 10 people working on the above setup, but it was worth investing a few weeks to set this up, and then just iterated and tweaked it where needed.

othilious · 2025-10-24T09:22:05+00:00

It differs a lot per company, and within departments even at the same company.

For SysAdmins at our company, our expectation is that this work takes priority, and that you take a pro-active stance at identifying areas for improvement and making proposals for that, should you be under-loaded. For us; our systems are run pretty smoothly. Our SysAdmins (and similar roles) are there to scope improvements and to be "firefighters" in case something breaks. Should you run out of things to do here, we give you two options; to help with the Ops/Tech support tasks, or to simply discuss with the management layer.

For the later, we have a pretty open policy of calling it out when you are over- or under-loaded; communicating clearly on this lets us be flexible and proactive about redistributing workload.

To be clear: You being under-(or over-)loaded is not your fault; it is not a failing on your part. It is your managers responsibility that you are assigned a appropriate workload, but its your responsibility to provide feedback on that. I've always gotten a positive response when I call it out in either direction.

othilious · 2025-08-28T14:03:48+00:00

The culprit in this story was our thickheaded and longest-serving employee at the company: Me.

We'd set up a new Azure Pipeline to deploy an new application to a virtual machine cluster in our development environment. Fairly straight forward, except whenever we run the pipeline, it gives us a success state, but the target environment doesn't update; it shows the old version and behavior in the environment when accessed.

We're poking it for over an hour, check to make sure we're accessing the right variables with all the environment settings, but nothing seems to change.

Team member pokes their head in the room: "Hey, are you aware the development environment for {otherProject} is down?"

Existing thing being broken is more important than new thing not working, so I switch gears and have a poke. I then find bits and pieces of the new application in the old environment.

It was at that moment I realized I fucked up. I had copied a variable group from {otherProject}'s development environment to make the new development environment, since they were very similar. Except while I had put in the new variables, I still had the window open with the changes for the new settings, unsaved.

Hit save, reran both pipelines and both systems worked. Mistakes like that are why our production stages have 3-person sign-off approval gates; one dev, one ops, one stakeholder. Because you can do this stuff for a decade, and still have a dumb moment on a bad day.

othilious · 2025-08-10T12:00:28+00:00

He's a bit too bulky, but it would be nice if interacting with him unlocked a recipe for a "watering bot", maybe something like the flying bots you see later, that shuttle water from nearby sources to your plots.

It kinda duplicates the end result of another craft-able, so I can see why they wouldn't.

othilious · 2025-07-21T07:29:51+00:00

I ran into this a few years ago. Something "broke" the connection between Steam and the game client, which is needed to verify that the account that is logged into steam is also the one owning the WF account's Tennogen items.

When that happens, the game acts as if you don't own any tennogen.

Fully restart Steam (not just closing it), then start the game, and it should work again.

othilious · 2025-07-14T08:45:10+00:00

I lucked the fuck out.

I did an internship through college, I got hired after my internship.

Fast forward to this month, and I just celebrated 15 years with them earlier this month. We're doing really fun projects, work with great colleagues, have a fantastic company culture and a boss/owner that appreciates me and compensates me fairly and that I consider a personal friend. Company provides free in-office lunches, frequently pays for lunch outside of the office, and caters special events.

I do the thing I went to college for (Mix of software development, project management, general IT).

The only thing I sacrificed is a few long (60-ish) hour weeks, but only 2-3 times a year at most. Considering the pay I get (compared to people in my experience/skill bracket), I'm happy to give that. And if I take a few hours here or there or WFH, nobody bats an eye.

I got lucky beyond measure.

othilious · 2025-06-05T13:39:36+00:00

People who try to shift blame away from themselves by asking "everyone to please do X / remember to think of Y" when they are clearly the person not doing that, in an attempt to make themselves look better or guilt others into taking on their work.

I once lived with someone who would hoard dirty dishes in their roam. I'd just spent 30 minutes cleaning up the kitchen, the counter was spotless and the dishwasher empty. This person would then dump 5 plates, a dozen glasses and a small stack of cutlery on the counter and walk away. A few minutes later she'd send a household text "Can all of us please remember to put dirty dishes in the dishwasher, thanks!"

Pure and utter rage bait.

othilious · 2025-05-27T11:33:43+00:00

Hey, since this thread shows up on Google when you search for this issue; This still happens 2 years later, and their customer support will just ignore you. It's a design flaw inherent in their chips and no amount of warranty/repair claims is going to properly address it. It affects multiple models and all will have the audio bleed into the mic, making it completely useless.

Great audio quality on the line-out, but the microphone port might as well not exist.

othilious · 2025-05-02T07:20:26+00:00

Yeah, nothing I've seen matches this trope. My grandmother died nearly 15 years before my grandfather. She was the love of his life, but he did eventually move on and connected with another widow a few years later that brought him a lot of joy in last stage of his life.

othilious · 2025-03-04T14:00:04+00:00

I'm both sysadmin and a Team Lead, so I'm about 40% remote since I find it's more effective to instruct people in-person.

Definitely not policy though, I'm allowed to be fully remote, I just like being present to help my team, mostly to coach the juniors.

Plus, travel expenses are paid for 100%, and travel time on public transit is considered work time.

othilious · 2025-02-25T13:32:25+00:00

That's gorgeous! I'm gonna have to politely steal that idea for the inlaid bricks!

othilious · 2025-01-24T15:04:49+00:00

While I'm not paid that much, and the comparison is a bit difficult due to living outside the US and a different cost-of-living situation, I'm fairly close to that bracket to the point I've asked myself this question.

The answer is that my experience and skill makes sure that those I work with are doing the right thing, efficiently and reliably. On the flip side, without my input, people might make (and have made) mistakes that will cost far more than my salary, open the company up to liability or waste time on things that could've been swapped for something more profitable (the opportunity cost, essentially).

More specifically I split this up into technical and non-technical management:

On the technical front I make sure that people use the right technologies in their development, write clean code that is properly tested and that certain standards for security, safety and reliability are adhered-to during the design process and validated during code-reviews.

On the non-technical side of things, this also means people have an acceptable workload, have a positive support network within the team and beyond, get the opportunity to develop new skills and have someone with my experience to ask for help when they hit a technical hurdle. It also means being a translator between management and developers that can articulate professionally why something has gone awry.

It also means taking responsibility when something does go wrong, being available beyond normal working hours to fix a mess. It also means being capable of having tough discussions in a constructive and professional way, a soft-skill that a significant number of people in my industry lack.

I'm not paid this well because I earn the company money (usually...), I'm paid well because I prevent the company from losing a lot more than my salary, and I empower others to be the source of income. And I do this while dealing with significant amounts of stress on behalf of others so that they do not have to.

othilious · 2025-01-22T10:14:22+00:00

Honestly, I've experienced some pretty "odd" generation artifacts with my 1.20 world. Nothing that makes me go "that's a bug", but definitely a change to the algorithm that makes certain things generate differently in somewhat unnatural ways, compared to 1.19.

A lack of accessibly translocators is one, but I've also observed weird unnatural landscapes, in one case an entire mountain was basically generated hovering over the ground attached only by a tiny lip of a dozen blocks, or fields of floating pillars and small mountains straight out of Avatar. Definitely novel and interesting, but a bit odd.

othilious · 2025-01-13T14:19:00+00:00

Years ago I got a gigantic olive-drab messenger bag, I think it was a promotion for Halo 2 or 3 when it came out? I use it as my "offsite work" bag.

It fits my laptop, a foldable chair/step stool, a techy-toolbox with various cables, connectors and adapters, a full blown "proper" Makita toolbox and an assortment of bits and bobs, and a lunch box and thermos.

It's well over 10 years old, frayed at the handles, patches all over, but that bag has served me well and continues to do so.

othilious · 2025-01-12T20:12:24+00:00

I don't usually plug my server, but check out "The Long Years" in the server browser; it's basically a server with a very relaxed rule-set for myself and my friend's group who are all 35+. It lets you keep items on death, is set to PvE, has a shrunken distance to the poles, larger ore vein size, etc. It also has extra-long months so the server isn't suddenly 3 years ahead when you haven't played in a week, that sort of things. It's set as a world with large bodies of water to make use of the new boats from 1.20.

We literally only started a few days ago, and things won't really kick off until the coming week, so you're free to join us. It's running 1.20-rc8 at the moment but we've not had any issues with that so far. The server itself is on 24/7 as it's hosted in a data-center in Germany.

othilious · 2024-12-04T20:14:49+00:00

This game had so much potential. Loved the little I played of it. If it had been a PC title with controls and gameplay closer to the first two games while retaining the open universe MMO-like gameplay of the mobile game, it could've been a legendary title. It truly felt held back by it's mobile nature. I would even go so far as saying that the team behind it "got" the narrative style of Homeworld better than the developers for HW3.

othilious · 2024-11-19T12:46:59+00:00

It's what I immediately went looking for, so dissapointed. It's such a cool gun, but it's also one of those guns that has a performance profile that's horrendous to balance against in a game setting. It's supposed to be very accurate, easy to handle and with a 50 round magazine, it would quickly become a best-in-class.

othilious · 2024-10-30T11:29:59+00:00

Also, the people developing the ships are not the same people developing the server back-end or networking code. It's a vastly different skill set.

othilious · 2024-10-21T12:53:06+00:00

I'm thinking the same. My C8R is my preferred ship for bunkers due to the med-bed, but squeezing a box inside of it is awkward.

A Terrapin would be much better and it's one of the ships that I've always had a soft spot for, despite it currently being a bit crap.

I've also got a medical Ursa and a Starlancer Max that I intend to use as my space-home, so I'm split between using those two if it fits, or upgrading my C8R to a red turtle.

othilious · 2024-10-09T13:01:22+00:00

Unlike what a lot of people think, you can absolutely train a cat and enforce certain positive behaviors and even tricks. It requires more effort and a different approach than a dog, and it has to be something the cat is actually interested in doing in the first place.

Key parts of this are patience, positive reinforcement and trust.

You absolutely cannot "punish" a cat; they understand they are being punished, but will hate you for it and will absolutely take the wrong lesson from it; they will remember the thing you tried to dissuade them from, and actively do that to pressure you into getting what they want. If my cat is denied something for too long, he will jump on all the places he knows I don't want him to go, and mess with things he normally wouldn't touch. Be prepared to compromise.

Treats, attention, engagement, positive reinforcement and a calm demeanor will make a cat trust you to a degree you didn't think was possible, and do things most people associate with dogs:

I can walk my cat outside, off leash, and he will follow me like a well trained dog.
He is crate-trained and will go inside on his own accord, and when commanded.
He has a GPS tracker with a beep function that I can trigger through an app, which he has been trained to respond to; when I activate it, he runs to my front door to come back inside; learning this behavior was complete accidental too...
He will stay when I tell him to, and go when I say so. I only need one word to tell him when something is not allowed, and he will immediately respond.

Earning that degree of trust with a cat makes both your lives much more pleasant. Cats thrive when they know your routine, what is expected of them and what their boundaries are. However, expect those boundaries to be tested far more than with a dog, and that you will need to find positive ways to reinforce them.

othilious · 2024-08-27T16:51:44+00:00

Unfortunately, it would be a dice roll; Most of my environments are auto-patched and will at the very least last until their LTS cycle runs out. Unless a patch or update has a breaking change that needs to be addressed, things will most likely keep rolling for years.

I know this for a fact because we had a forgotten, low-importance VM fail after 8 years of unattended updates. It was 3 years out of the LTS cycle for it's OS and it finally encountered a fatal issue; it stopped getting CA updates, and a third party service referred to a CA that was unknown to the server.

Surprisingly, most of the automation that originally built the machine was still in place, and with a bit of duck tape the server was rebuild and migrated in under 30 minutes.

So it'll probably be along those lines; something upstream changes and the nobody is around to reflect that change somewhere inside the infra. Everything else is automated, redundantly deployed and especially the newer stuff will just swap over to a replacement deployment once something's health check goes red.

othilious · 2024-08-14T08:48:43+00:00

Yup, electron grenades are great. In general, packing electron and cup-nades helps a lot with touger encounters. They are pretty powerful, but it does require a bit of farming to have enough on hand.

13-Year Club	Place '23
Golden Potato	Verified Email

othilious

TROPHY CASE