... of course there's just so many minutes in a day...
Also, you have to consider that a large chunk of those minutes on Pandora are used for advertising. I saw something somewhere that said it is supposed to be like 5 minutes per hour, but in fact it is a bit more than that. I gave up on Pandora because of this. Listen to one song, hear an ad. Listen to another song, hear an ad.
My desktop is just about right there. I purchased the "core" of the system in 2009 / 2010. I've since upgraded the case, PSU, and have maxed out the RAM.
This machine still remains more than capable. I don't anticipate buying a new desktop for another couple years.
You haven't ridden a bike since you were 16, have you?
Do you think cyclists feel entitled to their right of way to the point where they are oblivious to oncoming collisions? If that were true, don't you think after, say, six months, there wouldn't be any cyclists left because they had all been run over?
Walking down the street with a screen attached to your face and being oblivious to the world around you is a lot different than riding a bike through a busy intersection and dodging every third car driven by someone with a screen attached to their face.
But, the real difficulty for the attacker is to inject some JS into a page in the first place. This is (usually) not easy!
Why are we not able to lock down our javascript files before they get sent to the browser? Sure, inline scripts could be exposed, but anything served as.js should have a header that tells the browser whether to give me all the juicy bits of the javascript running on the page... or not.
Really, why should someone be able to see all the javascript on your site just by hitting F12? Shouldn't we be able to turn this off, ala a header in.js files, so that we can use it for debuggings/development, but disable it in production?
More importantly, why should this content be exposed to various nefarious "plugins" when an infected user visits your site?
Yes, that's exactly what they're saying. Was there something you weren't clear about?
Do you think developers just sit around all day looking for tracking scripts to start installing on client's sites?
Since the advent of saving markup in the DB, clients have become empowered on what code runs on their site. They google something, find a script snippet that they don't understand, copy and paste it into their CMS' "additional header scripts" field and save. They don't understand the concept of optimizing image files, let alone be concerned with the number HTTP requests on each load.
Lets be clear that as in so many aspects of life, misunderstanding science of a matter is not the province of just the left or right.
So basically, this article is attempting to prove your statement, and that's all.
Why did they pick Silicon Valley? Because they already know where Marin County stands, and they're simply working their way south? Bullshit. Marin County is giving the left a bad name. This is simply an attempt to balance perception.
There are less sites on the web today than there would be if domain squatters didn't exist.
A: This sounds like a feature, not a bug.
B: People act like having to pay a couple grand for a desirable domain name is such a travesty. If you're a legitimate business and you can't scrape a chunk of your advertising budget to buy the name you want, you should probably just stick to your brick and mortar.
The practice is so widespread, new software can never be named something practical and descriptive. It's always gotta be some name from left field. I came across one recently that was so bad, the website didn't even say what the software did! All it says are buzzwords with a link on how to install. They want you to install the software before you know what it does.
More popular... wiping your ass with toilet paper, or wiping your ass with fir boughs?
More popular... vacation on Maui, or vacation in Damascus?
More popular... Green means proceed / go, or red means proceed / go?
You define popularity as an amount of noise generated by media about a given consumer product. I prefer to think of popularity as the choice of the masses due to utility.
Are you trying to imply that Swift would be better served by being less popular? I mean, maybe among you and your Swift coding buddies, sure, it will still be the most popular, but will it be the most popular EVAR? I feel like this ultimately has something to do with an inner fear and irrational hatred of anything below 32 bit.
The last relatively serious thing I used it for was to draw tree form illustrations using a Wacom. I had always like the application, but this use made it clear how much more usable it had become than Illustrator. Granted, Illustrator might have made some changes in the handful of years since I've bothered, but I've preferred Inkscape's UI because it's just so much less clicky.
Glad to see the long-awaited new version. Hopefully they fixed some of the annoying bugs I saw using the drawing tablet.
It's a great film. All those pointless decisions that get made that shape the things around us and, in turn, the world for ever. Just imagine, had that nomadic hunter-gatherer ancestor of yours decided to head back out to hunt rather than go home, you, and everyone in your lineage, would fail to exist.
In that moment when that ancestor was deciding which way to go, everything was possible.
Mann was on Charlie Rose last night. It was interesting listening to them talk about this kind of stuff, but it did sort of feel contrived. I mean, I love Charlie Rose and all, and some of his interviews are incredibly good, but this felt forced.
They were talking about a scene where good guy gets the drop on bad guy amidst some sort of cultural festival. Bad guy whips out automatic weapon while there's a steady stream of people ignoring them and doing their cultural festival thing. Good guy has no automatic weapon but seems perfectly confident about having a gun pointed at him by someone that looks pretty scared. I'm just not buying it.
The interview also had loads of praise for Mann as being so thorough and leaving no detail overlooked. Meh, I think he might have missed a few things.
Do you imply that redistributed PHP frameworks are the problem. In 2015, do you have some alternative suggestions?
I feel like you're saying it would be a great thing if everyone went back to CFML, because you know, hey, it's great having to pay for all your software tools. Of course freely distributed software is going to cause "bad stuff" to happen. I'm pretty sure licensed software isn't immune, either, it's just a different flavor of "bad stuff".
You make a great point, don't get me wrong, it's just that you left it hanging too low. What if we want to have our cake and eat it too? Where does the guy go who thinks, "yeah, I'm totally gonna put all of PHP's crap on the lawn, I don't care if they're paying rent"? In 2015, if I want to build software based on distributed frameworks but I want to do it without any "bad stuff", where do I go?
Javascript/Node? But then I get stereotyped as a fucking douchebag hipster that couldn't code my way out of Prius. I classify that as "bad stuff".
Python? Then I get to be the guy that's always talking but nobody listens. Also "bad stuff".
ASP.NET? Oh... right. If this is the answer I'm moving up to the mountains to grow pot and fish for trout. Full time.
Meanwhile, back in "work week" land, I'll head back to the office tomorrow and start chugging away on PHP built on a distributed framework with tons of "bad stuff". I will use the money I earn from this job to do tons of other "bad stuff" like, you know, pay bills, buy food, grow pot, fish for trout.. etc.
Wordpress is widely adopted. Very widely. The #1 reason it is insecure is because it is targeted so often.
Is that PHP's fault?
Along with WP, plenty of other platforms plainly store their database credentials in some config file. It might be PHP, maybe XML, maybe JSON... irrelevant. The credentials are stored in plaintext on the server.
Is that PHP's fault?
All these platforms do things in their own way. I'm a Magento developer and it is a platform that is notorious for it's complexity. I understand it pretty damn well, but the majority of the code I see was clearly written by folks who don't understand it very well. I've seen/www/var/log left wide open and the justification was that/www/var/log doesn't contain anything important. Just errors and stuff like that. For those paying attention, what's the difference between Mage::log($order, null, 'orders.log') and Mage::log($order->debug(), null, 'orders.log')? If you said, "the first one will log the entire object -- including database credentials", you get a cookie.
I'm talking about Magento specifically there, but every platform has it's own thing and twists PHP into doing things a bit differently. This fragments the understanding of the code and results in company XYZ hiring a "PHP developer" when they should have hired "Platform X developer".
I am wary of the statistics presented by this article simply because they don't take into account platform insecurities and the plethora of code that was written with a lack of full understanding. The number of "insecure" PHP sites is probably much closer to 100% than advertised, but it usually isn't PHP's fault.
Slashdot Mirror
Keeping an eye on the pubs, eh Evgeniy?
They're Russians. They have cameras on everything.
Also, you have to consider that a large chunk of those minutes on Pandora are used for advertising. I saw something somewhere that said it is supposed to be like 5 minutes per hour, but in fact it is a bit more than that. I gave up on Pandora because of this. Listen to one song, hear an ad. Listen to another song, hear an ad.
Grooveshark is going to eat your cake.
What are you saying? Please elaborate.
My desktop is just about right there. I purchased the "core" of the system in 2009 / 2010. I've since upgraded the case, PSU, and have maxed out the RAM.
This machine still remains more than capable. I don't anticipate buying a new desktop for another couple years.
3. Bicyclists
You haven't ridden a bike since you were 16, have you?
Do you think cyclists feel entitled to their right of way to the point where they are oblivious to oncoming collisions? If that were true, don't you think after, say, six months, there wouldn't be any cyclists left because they had all been run over?
Walking down the street with a screen attached to your face and being oblivious to the world around you is a lot different than riding a bike through a busy intersection and dodging every third car driven by someone with a screen attached to their face.
Just out of curiosity, what did you think of Gliffy? Do you think it works as a web app?
Not anymore.
But, the real difficulty for the attacker is to inject some JS into a page in the first place. This is (usually) not easy!
Why are we not able to lock down our javascript files before they get sent to the browser? Sure, inline scripts could be exposed, but anything served as .js should have a header that tells the browser whether to give me all the juicy bits of the javascript running on the page ... or not.
Really, why should someone be able to see all the javascript on your site just by hitting F12? Shouldn't we be able to turn this off, ala a header in .js files, so that we can use it for debuggings/development, but disable it in production?
More importantly, why should this content be exposed to various nefarious "plugins" when an infected user visits your site?
Yes, that's exactly what they're saying. Was there something you weren't clear about?
Do you think developers just sit around all day looking for tracking scripts to start installing on client's sites?
Since the advent of saving markup in the DB, clients have become empowered on what code runs on their site. They google something, find a script snippet that they don't understand, copy and paste it into their CMS' "additional header scripts" field and save. They don't understand the concept of optimizing image files, let alone be concerned with the number HTTP requests on each load.
Lets be clear that as in so many aspects of life, misunderstanding science of a matter is not the province of just the left or right.
So basically, this article is attempting to prove your statement, and that's all.
Why did they pick Silicon Valley? Because they already know where Marin County stands, and they're simply working their way south? Bullshit. Marin County is giving the left a bad name. This is simply an attempt to balance perception.
... MAX_PATH is 260 ...
and
It wouldn't hurt to check PATH_MAX ...
Recursion error?
So when I want to launch a new domain name, I have to wait for something to come in the mail? Are you fucking serious?
There are less sites on the web today than there would be if domain squatters didn't exist.
A: This sounds like a feature, not a bug.
B: People act like having to pay a couple grand for a desirable domain name is such a travesty. If you're a legitimate business and you can't scrape a chunk of your advertising budget to buy the name you want, you should probably just stick to your brick and mortar.
The practice is so widespread, new software can never be named something practical and descriptive. It's always gotta be some name from left field. I came across one recently that was so bad, the website didn't even say what the software did! All it says are buzzwords with a link on how to install. They want you to install the software before you know what it does.
Sigh ... Millennials.
More popular ... wiping your ass with toilet paper, or wiping your ass with fir boughs?
More popular ... vacation on Maui, or vacation in Damascus?
More popular ... Green means proceed / go, or red means proceed / go?
You define popularity as an amount of noise generated by media about a given consumer product. I prefer to think of popularity as the choice of the masses due to utility.
Are you trying to imply that Swift would be better served by being less popular? I mean, maybe among you and your Swift coding buddies, sure, it will still be the most popular, but will it be the most popular EVAR? I feel like this ultimately has something to do with an inner fear and irrational hatred of anything below 32 bit.
Interrogator: Sir, you contend that you did not knowingly inflate those footballs with heated air?
Equipment Manager: Well, I didn't know it would be a problem. I always wondered why our air compressor was hooked up to the furnace.
What do sturgeons have to do with it? Have you ever caught one? They're pretty gnarly fish, aren't they?
The last relatively serious thing I used it for was to draw tree form illustrations using a Wacom. I had always like the application, but this use made it clear how much more usable it had become than Illustrator. Granted, Illustrator might have made some changes in the handful of years since I've bothered, but I've preferred Inkscape's UI because it's just so much less clicky.
Glad to see the long-awaited new version. Hopefully they fixed some of the annoying bugs I saw using the drawing tablet.
Mr. Nobody.
It's a great film. All those pointless decisions that get made that shape the things around us and, in turn, the world for ever. Just imagine, had that nomadic hunter-gatherer ancestor of yours decided to head back out to hunt rather than go home, you, and everyone in your lineage, would fail to exist.
In that moment when that ancestor was deciding which way to go, everything was possible.
Mann was on Charlie Rose last night. It was interesting listening to them talk about this kind of stuff, but it did sort of feel contrived. I mean, I love Charlie Rose and all, and some of his interviews are incredibly good, but this felt forced.
They were talking about a scene where good guy gets the drop on bad guy amidst some sort of cultural festival. Bad guy whips out automatic weapon while there's a steady stream of people ignoring them and doing their cultural festival thing. Good guy has no automatic weapon but seems perfectly confident about having a gun pointed at him by someone that looks pretty scared. I'm just not buying it.
The interview also had loads of praise for Mann as being so thorough and leaving no detail overlooked. Meh, I think he might have missed a few things.
I'd fuckin' buy Blackberry Bacon!
Do you imply that redistributed PHP frameworks are the problem. In 2015, do you have some alternative suggestions?
I feel like you're saying it would be a great thing if everyone went back to CFML, because you know, hey, it's great having to pay for all your software tools. Of course freely distributed software is going to cause "bad stuff" to happen. I'm pretty sure licensed software isn't immune, either, it's just a different flavor of "bad stuff".
You make a great point, don't get me wrong, it's just that you left it hanging too low. What if we want to have our cake and eat it too? Where does the guy go who thinks, "yeah, I'm totally gonna put all of PHP's crap on the lawn, I don't care if they're paying rent"? In 2015, if I want to build software based on distributed frameworks but I want to do it without any "bad stuff", where do I go?
Javascript/Node? But then I get stereotyped as a fucking douchebag hipster that couldn't code my way out of Prius. I classify that as "bad stuff".
Python? Then I get to be the guy that's always talking but nobody listens. Also "bad stuff".
ASP.NET? Oh ... right. If this is the answer I'm moving up to the mountains to grow pot and fish for trout. Full time.
Meanwhile, back in "work week" land, I'll head back to the office tomorrow and start chugging away on PHP built on a distributed framework with tons of "bad stuff". I will use the money I earn from this job to do tons of other "bad stuff" like, you know, pay bills, buy food, grow pot, fish for trout .. etc.
Wordpress is widely adopted. Very widely. The #1 reason it is insecure is because it is targeted so often.
Is that PHP's fault?
Along with WP, plenty of other platforms plainly store their database credentials in some config file. It might be PHP, maybe XML, maybe JSON ... irrelevant. The credentials are stored in plaintext on the server.
Is that PHP's fault?
All these platforms do things in their own way. I'm a Magento developer and it is a platform that is notorious for it's complexity. I understand it pretty damn well, but the majority of the code I see was clearly written by folks who don't understand it very well. I've seen /www/var/log left wide open and the justification was that /www/var/log doesn't contain anything important. Just errors and stuff like that. For those paying attention, what's the difference between Mage::log($order, null, 'orders.log') and Mage::log($order->debug(), null, 'orders.log')? If you said, "the first one will log the entire object -- including database credentials", you get a cookie.
I'm talking about Magento specifically there, but every platform has it's own thing and twists PHP into doing things a bit differently. This fragments the understanding of the code and results in company XYZ hiring a "PHP developer" when they should have hired "Platform X developer".
I am wary of the statistics presented by this article simply because they don't take into account platform insecurities and the plethora of code that was written with a lack of full understanding. The number of "insecure" PHP sites is probably much closer to 100% than advertised, but it usually isn't PHP's fault.
These guys don't really look too bored. I think I'd call that somewhat less casual than ceremonial duties.