Download the usernames, email addresses and password hashes, duh! Salted passwords or unsalted, even a list of email addresses is worth something. Most of them ask for your date of birth as well. DOB, plus email address plus password hash and you're well on your way to identity theft.
Well yeah, as with any web app, you can't "just learn php and write your own forum!".
You'll need to learn css, html, php, sql, javascript and how to properly secure against stuff like SQL injection and cross site scripting. Php (or perl) is just a tiny part of a project like this.
Probably not, but more likely vulnerable to schoolboy errors, unless the developer has already had experience in writing an internet exposed project of significant size.
That wasn't my point, and I agree with your post. Both generate crappy code. I was intending to refute teh/. groupthink that "Open source is teh win1!1 you have the code, you can fix it yourself!!". Well whoopie...
You know what I do to maintain a fleet of 650 desktops?
I go into WSUS, select "security updates", approve those I deem necessary, go into "critical updates", approve those I deem necessary and go back to reading slashdot. It's about 2 minutes for 650 machines. You do the math.
Oh and of course - it broke when the kernel was upgraded as part of the automatic update process, and had to be recompiled. You know how many times an automatic update for Windows has broken a driver on any of my machines in the past 15 years? Zero.
When a Linux distribution can do something as simple as actually work out of the box on typical consumer hardware, you'll have a case. I just built a Core i5-4430, Nvidia GT760 and Asus PCE-N53 wifi adapter (Supports linux on the box). The wifi required compiling a driver from source, it failing, looking for a random, un-certified patch by some dude on a random internet forum, and recompiling before it worked (the included compile-from-source, non-updated driver is for kernel 2.6 only).
And I don't care WHY this is the case. it doesn't matter. As an end user I still had to fuck around to get my wifi to work. On hardware that listed Linux support on the box.
If a commercial product does not do 100% of what you want, it is often a lot easier to slightly tweak your business process to fit. For most businesses, this is an acceptable trade-off for the drastically reduced maintenance.
How often have we had to endure for years (sometimes decades) bugs in commercial software that get passed on from one version to the next with absolutely no hope that the vendor will ever fix it?
Think this doesn't happen with open source? I've been watching a WPAD proxy detection bug in Firefox, reported in 2006 with patch, that is still (or was, last I checked last year) open. This is a deal-breaker for running Firefox within my company.
It is something that has worked in IE since version 6 at least, and I believe even back to 4.0.
I've dealt with many more bugs, including NTLM authentication problems in Squid, mpd VPN server bugs (this is going back a bit) in FreeBSD, and don't even get me started on the Linux desktop software suite.
Free/open source software typically gets a pass with comments like "oh but it is open source, you can fix it yourself!". Not everybody has the time, skills, or inclination to do so. If i can simply pay some money to make the problem go away, I can be doing other things that I can't just pay money to fix.
Typically with commercial software bugs, there is either a work-around, or if the bug is significant enough, another vendor will release something that works. Bugs get fixed based on what is important for customers (i.e., what they will pay for), rather than what the maintainer is personally concerned with.
This law may have made sense in years gone by where a business required an actual physical presence and employees to operate in a particular country. It would have encouraged actual business set up and the associated local employment, etc.
Except of course every time you spend money, or it goes to your employees via payroll tax. Money sitting in an account is no use to a corporation until they do something with it. At which point it will end up being taxed.
Because this isn't "bad" in the legal sense. Google do it to, and I have no issue with Google doing it either. If it is LEGAL (and it is) then complain to the people who write the laws to get the law changed if you disagree. Giving up say 12.5% of their profit when they do not need to is a MASSIVE hit to any company, and if they voluntarily do this whilst others do not, they're essentially given their competition a 12.5% head start. The government(s) might want to paint the corporations as the bad guys here, but they are the ones to blame, not Apple/Google/etc., in this instance.
Pfft. If you are a multi-national company with shareholders, you minimize your tax burden, by optimizing your company structure within whatever legal framework exists. This isn't exclusive to apple, and is not going to suddenly stop when Ireland change their taxation law. The company (like all the major multi-nationals) will simply evolve to make the best use of whatever taxation structure is possible.
If apple (or google, or samsung no doubt) were to NOT make use of legal quirks like this, then they will be out-performed in the market by those who do. Their major shareholders would also be asking questions/questioning the competency of their accounting and legal departments for missing the opportunity.
Yes it is a step in the right direction, for Ireland's sake (it will no doubt help their economy), but to complain about apple, google, GM, GE, Microsoft or any other multi-national doing such things is going after the wrong people. Take the issue up with the people who write the laws. They're the ones at fault here, not those who are simply making use of the law to optimize their company structure.
Compare the level of integration and usability between say, OS X or BeOS, to your typical linux distribution. Compare how many times a typical component of the open source ecosystem goes through a major API breaking re-write because the core design was so badly broken that maintaining API compatibility was either too difficult or impossible.
Open source is many things, but a generator of superior code, reliably, it is not.
There is masses of half-assed, broken, wretched and downright brain-damaged open source code out there, and anyone who claims otherwise doesn't know what they're talking about. Much of it is written as a quick and dirty hack to solve an individual's problem and then released, with scant regard to long term maintainability.
Yes, there are some gems, but they are hidden amongst many many times more garbage.
The good thing is you can fix it, if needed, and the software will evolve. But typically commercial software has gone through that process several times before it gets to market, because despite what people here may say about microsoft, not many people will pay good money for completely broken crap that doesn't work.
This isn't initial install time we're talking about - but boot and load from media time. If it's going to be installed on the hard drive of the machine, it may as well just run under the host OS.
Slashdot Mirror
Download the usernames, email addresses and password hashes, duh! Salted passwords or unsalted, even a list of email addresses is worth something. Most of them ask for your date of birth as well. DOB, plus email address plus password hash and you're well on your way to identity theft.
I did this exact thing when the PSN hack happened.
Well yeah, as with any web app, you can't "just learn php and write your own forum!".
You'll need to learn css, html, php, sql, javascript and how to properly secure against stuff like SQL injection and cross site scripting. Php (or perl) is just a tiny part of a project like this.
Probably not, but more likely vulnerable to schoolboy errors, unless the developer has already had experience in writing an internet exposed project of significant size.
big = bit.
The "provided you know what you're doing" part is the big that is surprisingly difficult to get right for non-trivial software.
It requires a fairly large investment in time and energy to know what you are doing. If you think it's "easy" you probably don't.
not hard to do if you don't care about security you mean.
Like the debian openSSL package from 2006-2008? Oh you generated your PGP key with a debian sourced version of openSSL in that time-frame? Oops.
Have read somewhere that the new setup does not use perfect forward secrecy any more. So yes, you're probably right.
That wasn't my point, and I agree with your post. Both generate crappy code. I was intending to refute teh /. groupthink that "Open source is teh win1!1 you have the code, you can fix it yourself!!". Well whoopie...
You know what I do to maintain a fleet of 650 desktops?
I go into WSUS, select "security updates", approve those I deem necessary, go into "critical updates", approve those I deem necessary and go back to reading slashdot. It's about 2 minutes for 650 machines. You do the math.
Oh and of course - it broke when the kernel was upgraded as part of the automatic update process, and had to be recompiled. You know how many times an automatic update for Windows has broken a driver on any of my machines in the past 15 years? Zero.
When a Linux distribution can do something as simple as actually work out of the box on typical consumer hardware, you'll have a case. I just built a Core i5-4430, Nvidia GT760 and Asus PCE-N53 wifi adapter (Supports linux on the box). The wifi required compiling a driver from source, it failing, looking for a random, un-certified patch by some dude on a random internet forum, and recompiling before it worked (the included compile-from-source, non-updated driver is for kernel 2.6 only).
And I don't care WHY this is the case. it doesn't matter. As an end user I still had to fuck around to get my wifi to work. On hardware that listed Linux support on the box.
If a commercial product does not do 100% of what you want, it is often a lot easier to slightly tweak your business process to fit. For most businesses, this is an acceptable trade-off for the drastically reduced maintenance.
Oh, I'm a shill. I've been here since 1996 kiddo, and have run both open source (and still do) and commercial software in production since 1995.
Exactly. It took debian about 2 years to find that the package maintainer had screwed up the version of OpenSSL that was included in the distribution.
Think this doesn't happen with open source? I've been watching a WPAD proxy detection bug in Firefox, reported in 2006 with patch, that is still (or was, last I checked last year) open. This is a deal-breaker for running Firefox within my company.
It is something that has worked in IE since version 6 at least, and I believe even back to 4.0.
I've dealt with many more bugs, including NTLM authentication problems in Squid, mpd VPN server bugs (this is going back a bit) in FreeBSD, and don't even get me started on the Linux desktop software suite.
Free/open source software typically gets a pass with comments like "oh but it is open source, you can fix it yourself!". Not everybody has the time, skills, or inclination to do so. If i can simply pay some money to make the problem go away, I can be doing other things that I can't just pay money to fix.
Typically with commercial software bugs, there is either a work-around, or if the bug is significant enough, another vendor will release something that works. Bugs get fixed based on what is important for customers (i.e., what they will pay for), rather than what the maintainer is personally concerned with.
This law may have made sense in years gone by where a business required an actual physical presence and employees to operate in a particular country. It would have encouraged actual business set up and the associated local employment, etc.
You do not need to be listed on the NASDAQ to do exactly what is happening here.
Except of course every time you spend money, or it goes to your employees via payroll tax. Money sitting in an account is no use to a corporation until they do something with it. At which point it will end up being taxed.
Exactly, and I guarantee you this law was intentionally left like this to encourage foreign investment.
Because this isn't "bad" in the legal sense. Google do it to, and I have no issue with Google doing it either. If it is LEGAL (and it is) then complain to the people who write the laws to get the law changed if you disagree. Giving up say 12.5% of their profit when they do not need to is a MASSIVE hit to any company, and if they voluntarily do this whilst others do not, they're essentially given their competition a 12.5% head start. The government(s) might want to paint the corporations as the bad guys here, but they are the ones to blame, not Apple/Google/etc., in this instance.
Pfft. If you are a multi-national company with shareholders, you minimize your tax burden, by optimizing your company structure within whatever legal framework exists. This isn't exclusive to apple, and is not going to suddenly stop when Ireland change their taxation law. The company (like all the major multi-nationals) will simply evolve to make the best use of whatever taxation structure is possible.
If apple (or google, or samsung no doubt) were to NOT make use of legal quirks like this, then they will be out-performed in the market by those who do. Their major shareholders would also be asking questions/questioning the competency of their accounting and legal departments for missing the opportunity.
Yes it is a step in the right direction, for Ireland's sake (it will no doubt help their economy), but to complain about apple, google, GM, GE, Microsoft or any other multi-national doing such things is going after the wrong people. Take the issue up with the people who write the laws. They're the ones at fault here, not those who are simply making use of the law to optimize their company structure.
Compare the level of integration and usability between say, OS X or BeOS, to your typical linux distribution. Compare how many times a typical component of the open source ecosystem goes through a major API breaking re-write because the core design was so badly broken that maintaining API compatibility was either too difficult or impossible.
Open source is many things, but a generator of superior code, reliably, it is not.
There is masses of half-assed, broken, wretched and downright brain-damaged open source code out there, and anyone who claims otherwise doesn't know what they're talking about. Much of it is written as a quick and dirty hack to solve an individual's problem and then released, with scant regard to long term maintainability.
Yes, there are some gems, but they are hidden amongst many many times more garbage.
The good thing is you can fix it, if needed, and the software will evolve. But typically commercial software has gone through that process several times before it gets to market, because despite what people here may say about microsoft, not many people will pay good money for completely broken crap that doesn't work.
This isn't initial install time we're talking about - but boot and load from media time. If it's going to be installed on the hard drive of the machine, it may as well just run under the host OS.