Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
Yes, the FF developers ARE being irresponsible if they are including CSS3 features before the standard is finalizd.
There are now millions of copies of FF out there, and thanks to the "get firefox" campaign (and tons of FF enthusiests telling their friends), they are now in the hands of millions of people who believe FF is invulnerable to security flaws and won't need updating. I see machines all the time still with FF 1.0 on them.
What makes you think that someone that downloads FF1.5 will automatically upgrade when the finalized CSS3 behavior occurs?
What will happen is that we have yet another unique set of bugs to work around, all because the FF developers chose to release draft functionality to the public. Stupid. Stupid. Stupid. Collossally Stupid.
What's even more stupid is that you'll have web developers taking advantage of these draft behaviors, and then they'll have to go and fix all their sites when the standard is finalized.
Releasing CSS3 functionality today means one of two things. Either it won't be used, or it will create a ton of work down the road for people that do use it. Either way, it's pointless.
Yes, I'd rather see nothing than draft implementations, or I'd rather see implementations that meet the draft, but use the -moz namesapce, so that this won't break down the road if the draft changes. They've done this in the past with things like -moz-border-radius and the like.
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
Wrong. You appear to be going on "what you've been told" rather than real facts. Your statements clearly indicate you have *NOT* read the ProCD v. Zeidenberg appeal.
Basically, what the appelate court says is that shrink wrap EULA's are enforceable if you can return the product after purchase, it doesn't matter if the buyer is not informed of the conditions prior to purchase because he has the opportunity to reject them at his leisure and return the product for a full refund.
When you buy an OEM PC, you are shown a screen with the terms when you boot up, and you must agree or decline. If you decline, then you can return the PC and the Software to the vendor you purchased it from within their return period. I don't know of any major vendor that doesn't do this.
"Following the district court, we treat the licenses as ordinary contracts accompanying the sale of products, and therefore as governed by the common law of contracts and the Uniform Commercial Code."...
"Transactions in which the exchange of money precedes the communication of detailed terms are common. Consider the purchase of insurance...."...
"So although the district judge was right to say that a contract can be, and often is, formed simply by paying the price and walking out of the store, the UCC permits contracts to be formed in other ways. ProCD proposed such a different way, and without protest Zeidenberg agreed. Ours is not a case in which a consumer opens a package to find an insert saying "you owe us an extra $ 10,000" and the seller files suit to collect. Any buyer finding such a demand can prevent formation of the contract by returning the package, as can any consumer who concludes that the terms of the license make the software worth less than the purchase price. Nothing in the UCC requires a seller to maximize the buyer's net gains."
Your turn.
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
It really wouldn't surprise me to see IE8 (or 7.5 or whatever they call it) shipped within 6 months of the release of IE7. Knowing Mozilla, Firfox 1.5 might be done by then.
I doubt Firefox has CSS 3. If they do, they're making a HUGE mistake. CSS3 is still in development, and issuing a browser based on it today will likely result in behavior that's different from the final standard, which means yet another set of hacks to support non-standard features.
This is what the -moz properties are for, to give more advanced functionality, but prevent it from colliding with possibly changed features in the standard. It's absolutely irresponsible for FF developers to make CSS3 features available using proposed CSS3 properties.
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
Apparently you didn't actually read the article.
While there are indeed a ton of bugs being fixed (Which, I might add are in fact improving standards compliance) there are also a lot of new CSS features, such as CSS 2.1 Selector support, CSS 2.1 Fixed positioning,:hover on all elements, Background-attachment: fixed on all elements not just body
What truly amazes me is that you bitch about standards compliance, and when compliance is improved you say "so what?"
Perhaps you don't know the meaning of "lip service" which means saying, but not actually DOING. They're clearly DOING.
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
You are correct that there is no requirement under the law regarding OEM copies of any product.
It's more simple than that. It's simple CONTRACT law. You agree to the terms of a license by clicking "I agree" or by using the software. You are bound by those terms, so long as those terms themselves are not illegal (and to date, no court has shown OEM licensing to not be legal and has in fact been upheld in several courts.)
Shrinkwrap licenses are legal in so far as any other contract is legal, and there is lots of case law supporting them. By agreeing to a shrinkwrap license, you are bound by its terms.
Sticking your fingers in your ears and say "No they're not and i won't listen to any arguments otherwise" is not going to hold up in court. I hope you never have to support your theory, you will lose.
You have no legal standing to support your claim. First, you argued one way, then you argued another, then you threw in first sale doctrine (which doesn't even apply to the argument), then you resorted to simply saying "bullshit, because I said so".
I'm sorry to intrude on the reality you fabricated for yourself, but These are the facts:
1) Shrinkwrap licenses have consistently been upheld by the courts as valid.
2) There have been several extenuating circumstances that have, in some cases, overriden the shrink wrap license terms (such as first sale doctrine, not having agreed to the terms of the license prior to resale, etc..) but those are EXCEPTIONS, not the rule.
Unless you can provide some legal basis for the license term prohibiting transferring the license to a different machine (while still maintaining ownership), you're just blowing smoke. First-sale doctrine doesn't apply because you're not selling the copy to someone else. It's a simple case of a contract you agreed to.
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
First, you are suddently arguing something different. Your first argument was that you could transfer your license to a new PC, now you are arguing that you can sell your license.
Second, because the license was acquired with the hardware in question, and is only valid on the hardware in question, your licensed rights do not extend to other hardware. You can sell your license, but only in conjunction with the hardware it was purchased on.
Third, First sale doctrine covers distribution rights, not usage rights. Also, First sale doctrine has not been coherantly ruled on in various case law.
"US copyright case law supports that consumers cannot make copies of computer programs contrary to a license, but may resell what they own. This however is conflicting with both section 117 and 109, and the case law itself is conflicting depending on which circuit the case was heard in."
Your argument *MIGHT* have some merit if you were trying to resell a bundled copy of Windows without ever having run it (and thus agreeing to the EULA), however you are talking about taking a copy that you HAVE used (and thus agreed to it's terms) and violating the license by transfering it to a different computer. First sale doctrine does not apply here. You are bound by the terms of the contract you agreed to by using the software.
As for ProCD v Zeidenberg, you have to look at the appeal, not the original ruling. The appeal is where the real precedent comes into effect.
The issue here is not whether the license is enforceable. It is, and has been held to be enforceable many times in various courts. The issue with first sale doctrine is in regard to a special exception of copyright law in regards to distribution, not usage (which is what the EULA covers).
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
BTW, regarding license transfer, it's not illegal to transfer a retail license to another PC, but it is illegal to transfer an OEM license.
What makes you think OEM licenses are not binding? US court has upheld them in the past (see ProCD vs. Zeidenberg)
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
No, extended support is because no company can be expected to support a product indefinately. 5 years for first tier support is pretty damn good. 10 years for extended is good too. The government only requires 7 years.
The fact is, if companies had to support every product indefinately, very little new stuff would ever get done because you'd have to backport everything to stuff you did 20 years ago.
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
So tell me, how much support has the 2.0 kernel received lately? When was the last 2.0 kernel patch? Can you find many 3rd party patches in recent developments for 2.0? Can you put ReiserFS in 2.0?
The point was, NT4's Linux "peer" of the time is also largely unsupported now as well.
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
Extended support means no new features for the OS. It still gets bug fixes and security support.
NT4 is no longer supported, Windows 2000 is.
Actually, while MS has said they won't be 100% compliant in IE7, they will have closed that gap by a LARGE margin, and I fully expect IE8 to be as compliant (or more) than FireFox will be.
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
The thing is, Microsoft isn't just giving standards compliance lip service. They're actually doing it. Again, we won't see this until beta 2 of IE, but they've said on the IE blog that a ton of that work has already been done. Lying about it would just make matters worse, so I see no reason to disbelieve them on this.
I think Microsoft has finally realized just how behind the 8 ball they are, and realize they need to shore up their standards support to compete. So yes, it *IS* in their best interest to be standards compliant these days.
Maybe Microsoft is just pulling some collosal wool over many peoples (including those in the standards industry) eyes, but I don't think so.
Microsoft has turned 180 degrees on a dime before, and while they're much larger today than the last time, they seem to be taking it very seriously.
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
If you've been following the IE Blog, you know exactly what will be in IE7, and the vast majority of issues have already been fixed (we'll see them in Beta 2). While we don't have this "in our hands" it's not "proposed work" either.
If we get everything MS has said has already been done (and i see no reason to doubt them) then nearly all of your complaints are moot. Microsoft *IS* taking standards compliance seriously. They *ARE* fixing the problems in their browser. And they *ARE* taking security extremely seriously.
Burying your head in the sand and ignoring all the evidence, will put you in a very uncomfortable position when you can't deny it any longer.
My estimate of IE8 is based, again, on comments made on the IE blog. They're planning to fix (in post IE7 timeframe) the parser so that they can serve XHTML with the proper mime type, for instance.
The fact of the matter is, Microsoft has become a radically different company in the last few years. You might not see a lot of it in current products, but new products are going to be VERY different going forward.
And, this isn't "fanboy" comments either, though I may be giving them too much credit in regards to IE8, you are certainly ignoring everything.
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
You, sir, are incredibly ignorant of what MS is actually doing. You're going to be awfully surprised in a year or so.
Fact is, IE7 is going to be far more standards compliant, and IE8 is likely to be more compliant than FireFox.
By the way, NT4 is 10 years old, not 5. We're talking Linux kernel 1.x here.
That sounds more like a limitation of Apache to me. There are similar limitations with IIS (some stuff doesn't work under IIS6), but I consider that either a) a fault of the application and it should be fixed or b) a fault of the web server that should be fixed.
I've always considered Apache's modules to be too loosely versioned. one module can't specify to use a specific version of another module. Apache should be enhanced to provide that functionality rather than force users to jump through hoops.
This argument is like "Well, my apps crash when run on an OS that utilizes an MMU to control memory management, so those OS's suck and i'll just run my app on two different physical PC's to solve it".
You're logic is faulty. Your box is only as secure as its weakest link. If your dynamic site is compromised, it can compromise your entire computer, including your locked down site. This gives you a false sense of security.
Yes, with Apache you have to run multiple instances of Apache to run it under different user credentials, but not so with IIS. Each application can run with its own credentials.
And i don't consider managing multiple servers more "simple" than managing one.
No, I'm just asking why you would want to. Let me rephrase that as "Why should you HAVE to"?
I can't think of any situation where you would have to run two instances of apache or IIS to solve a problem. Sure, I can understand the "Because I WANT to, dammit" argument, but does doing that really solve any problems you can't do in a single instance?
That is a very complicated solution to a simple problem.
You can very easily run each version of your web app in different virutal sites in the same apache instance. You're going to have be convince me as to why it's necessary to run them under different instances.
Unlike Apache, IIS is far more configurable about it's "Application Pools" and can run them all as different uesrs, or different configurations or different security.
Again, assuming a) you know how to do that, b) you remember to do that, c) aren't too lazy to do that, and d) you don't screw up while doing it.
There's lots of room for error in any human process. It's possible to automate it, i suppose, but most people would probably be upset if their word processor suddenly exits because an update happened in the background.
Don't get all defensive on me. I'm not saying that inodes are bad, just that there are trade-offs in manageability, security and stability vs flexibility here. It's not black and white.
While that's true, it can also get into some weird coherancy problems. Say you have a program that's multi-threaded. And, it uses a library like glibc. If that program is running when glibc is replaced, then one thread is running one verion of glibc and any new threads will run a different version. Maybe that will work fine, but maybe it won't, especially if you start passing data between threads. It also depends on whether file handles are duplicated or new ones opened.
This can also cause security issues. Suppose there's a security flaw in a library, like zlib or libpng, or something like that. Now, you update those libraries and think you're patched, but any programs had those libraries open won't get the fixes until they've been restarted, which might be a long time for some kinds of programs, leaving them vulnerable.
If you know what you're doing, and know what libraries are used by what programs, you can manually change that, assuming you don't make a mistake or forget.
Certainly the ability to replace an inode makes life easier for people, but it's one of those trade-off situations. And something that you have to consider before you proclaim that "not locking files is good". Not always.
No, I don't expect people export text into a page layout program.
In fact, Word works pretty well for page layout, so long as you only print to the device it was designed for. But at its heart, it's still a word processor, not a page layout program.
The problem here is that lots of people WANT word to repaginate for the device they're printing on. That's it's correct function, and the function it was designed for. Changing that function would break it for lots of people.
If, however, you want a program that guarantees precise page formatting will stay the same regardless of the output device, then you need to use a program that's designed for that, ie a page layout program.
What this boils down to is that different devices have a different idea about things like margins, font metrics, etc... a 10 point font on one printer can be the same as a 12 point font on a different one. Being a word processor, it relies on the printer font rendering when at all possible.
A page layout program, however, is different. It renders all fonts itself, thus it can guarantee that rendering will be identical (or as close as possible) on every device.
This is the difference between word processing and page layout, and why Word isn't a page layout program.
You seem to misunderstand the purporse of a word processor. A word processor takes text, applies styles, and paginates to fit the desired output device and paper size.
That's it. That's what a word processor does.
If you want page layout, use a page layout program instead. Don't try to fit a square peg in a round hole. All the other page layout style tools Word has are, in fact, attempts to make a word processor fit in a rount hole, and as you can tell, it just doesn't work very well.
If you turn Word into a page layout program, then it won't be a word processor anymore.
I know exactly what WYSIWYG means. You are aparently confused about what we're talking about. Word does print as you see on the screen. YOUR screen.
Word does not print the way you see on YOUR screen on someone elses computer, because the printer characteristics are different. It prints the way it looks on THAT computers screen.
While I agree with you that you CAN create good and maintainable and scalable code in PHP (as well as just about any language), the question is, does the language, common toolsets, and best practices promote good use of the language. Also, does the language allow simple and easily caught mistakes?
The lack of any real type safety in PHP makes it difficult to track down simple typos (for example, misspelling a variable name). I don't mean syntax errors, since those are easily caught, but typo's that are not syntax errors.
The lack of any real scope in functions and the ability to RAII also make it difficult. Debugging is also pretty difficult, even if you use commercial tools (ie Zend).
Yes, the FF developers ARE being irresponsible if they are including CSS3 features before the standard is finalizd.
There are now millions of copies of FF out there, and thanks to the "get firefox" campaign (and tons of FF enthusiests telling their friends), they are now in the hands of millions of people who believe FF is invulnerable to security flaws and won't need updating. I see machines all the time still with FF 1.0 on them.
What makes you think that someone that downloads FF1.5 will automatically upgrade when the finalized CSS3 behavior occurs?
What will happen is that we have yet another unique set of bugs to work around, all because the FF developers chose to release draft functionality to the public. Stupid. Stupid. Stupid. Collossally Stupid.
What's even more stupid is that you'll have web developers taking advantage of these draft behaviors, and then they'll have to go and fix all their sites when the standard is finalized.
Releasing CSS3 functionality today means one of two things. Either it won't be used, or it will create a ton of work down the road for people that do use it. Either way, it's pointless.
Yes, I'd rather see nothing than draft implementations, or I'd rather see implementations that meet the draft, but use the -moz namesapce, so that this won't break down the road if the draft changes. They've done this in the past with things like -moz-border-radius and the like.
Wrong. You appear to be going on "what you've been told" rather than real facts. Your statements clearly indicate you have *NOT* read the ProCD v. Zeidenberg appeal.
c d.htm
...
..." ...
Basically, what the appelate court says is that shrink wrap EULA's are enforceable if you can return the product after purchase, it doesn't matter if the buyer is not informed of the conditions prior to purchase because he has the opportunity to reject them at his leisure and return the product for a full refund.
When you buy an OEM PC, you are shown a screen with the terms when you boot up, and you must agree or decline. If you decline, then you can return the PC and the Software to the vendor you purchased it from within their return period. I don't know of any major vendor that doesn't do this.
http://www.law.uconn.edu/homes/swilf/ip/cases/pro
"Following the district court, we treat the licenses as ordinary contracts accompanying the sale of products, and therefore as governed by the common law of contracts and the Uniform Commercial Code."
"Transactions in which the exchange of money precedes the communication of detailed terms are common. Consider the purchase of insurance.
"So although the district judge was right to say that a contract can be, and often is, formed simply by paying the price and walking out of the store, the UCC permits contracts to be formed in other ways. ProCD proposed such a different way, and without protest Zeidenberg agreed. Ours is not a case in which a consumer opens a package to find an insert saying "you owe us an extra $ 10,000" and the seller files suit to collect. Any buyer finding such a demand can prevent formation of the contract by returning the package, as can any consumer who concludes that the terms of the license make the software worth less than the purchase price. Nothing in the UCC requires a seller to maximize the buyer's net gains."
Your turn.
It really wouldn't surprise me to see IE8 (or 7.5 or whatever they call it) shipped within 6 months of the release of IE7. Knowing Mozilla, Firfox 1.5 might be done by then.
I doubt Firefox has CSS 3. If they do, they're making a HUGE mistake. CSS3 is still in development, and issuing a browser based on it today will likely result in behavior that's different from the final standard, which means yet another set of hacks to support non-standard features.
This is what the -moz properties are for, to give more advanced functionality, but prevent it from colliding with possibly changed features in the standard. It's absolutely irresponsible for FF developers to make CSS3 features available using proposed CSS3 properties.
Apparently you didn't actually read the article.
:hover on all elements, Background-attachment: fixed on all elements not just body
While there are indeed a ton of bugs being fixed (Which, I might add are in fact improving standards compliance) there are also a lot of new CSS features, such as CSS 2.1 Selector support, CSS 2.1 Fixed positioning,
What truly amazes me is that you bitch about standards compliance, and when compliance is improved you say "so what?"
Perhaps you don't know the meaning of "lip service" which means saying, but not actually DOING. They're clearly DOING.
You are correct that there is no requirement under the law regarding OEM copies of any product.
It's more simple than that. It's simple CONTRACT law. You agree to the terms of a license by clicking "I agree" or by using the software. You are bound by those terms, so long as those terms themselves are not illegal (and to date, no court has shown OEM licensing to not be legal and has in fact been upheld in several courts.)
Shrinkwrap licenses are legal in so far as any other contract is legal, and there is lots of case law supporting them. By agreeing to a shrinkwrap license, you are bound by its terms.
Sticking your fingers in your ears and say "No they're not and i won't listen to any arguments otherwise" is not going to hold up in court. I hope you never have to support your theory, you will lose.
You have no legal standing to support your claim. First, you argued one way, then you argued another, then you threw in first sale doctrine (which doesn't even apply to the argument), then you resorted to simply saying "bullshit, because I said so".
I'm sorry to intrude on the reality you fabricated for yourself, but These are the facts:
1) Shrinkwrap licenses have consistently been upheld by the courts as valid.
2) There have been several extenuating circumstances that have, in some cases, overriden the shrink wrap license terms (such as first sale doctrine, not having agreed to the terms of the license prior to resale, etc..) but those are EXCEPTIONS, not the rule.
Unless you can provide some legal basis for the license term prohibiting transferring the license to a different machine (while still maintaining ownership), you're just blowing smoke. First-sale doctrine doesn't apply because you're not selling the copy to someone else. It's a simple case of a contract you agreed to.
First, you are suddently arguing something different. Your first argument was that you could transfer your license to a new PC, now you are arguing that you can sell your license.
Second, because the license was acquired with the hardware in question, and is only valid on the hardware in question, your licensed rights do not extend to other hardware. You can sell your license, but only in conjunction with the hardware it was purchased on.
Third, First sale doctrine covers distribution rights, not usage rights. Also, First sale doctrine has not been coherantly ruled on in various case law.
http://en.wikipedia.org/wiki/First-sale_doctrine
"US copyright case law supports that consumers cannot make copies of computer programs contrary to a license, but may resell what they own. This however is conflicting with both section 117 and 109, and the case law itself is conflicting depending on which circuit the case was heard in."
Your argument *MIGHT* have some merit if you were trying to resell a bundled copy of Windows without ever having run it (and thus agreeing to the EULA), however you are talking about taking a copy that you HAVE used (and thus agreed to it's terms) and violating the license by transfering it to a different computer. First sale doctrine does not apply here. You are bound by the terms of the contract you agreed to by using the software.
As for ProCD v Zeidenberg, you have to look at the appeal, not the original ruling. The appeal is where the real precedent comes into effect.
The issue here is not whether the license is enforceable. It is, and has been held to be enforceable many times in various courts. The issue with first sale doctrine is in regard to a special exception of copyright law in regards to distribution, not usage (which is what the EULA covers).
BTW, regarding license transfer, it's not illegal to transfer a retail license to another PC, but it is illegal to transfer an OEM license.
What makes you think OEM licenses are not binding? US court has upheld them in the past (see ProCD vs. Zeidenberg)
No, extended support is because no company can be expected to support a product indefinately. 5 years for first tier support is pretty damn good. 10 years for extended is good too. The government only requires 7 years.
The fact is, if companies had to support every product indefinately, very little new stuff would ever get done because you'd have to backport everything to stuff you did 20 years ago.
So tell me, how much support has the 2.0 kernel received lately? When was the last 2.0 kernel patch? Can you find many 3rd party patches in recent developments for 2.0? Can you put ReiserFS in 2.0?
The point was, NT4's Linux "peer" of the time is also largely unsupported now as well.
Extended support means no new features for the OS. It still gets bug fixes and security support.
NT4 is no longer supported, Windows 2000 is.
Actually, while MS has said they won't be 100% compliant in IE7, they will have closed that gap by a LARGE margin, and I fully expect IE8 to be as compliant (or more) than FireFox will be.
The thing is, Microsoft isn't just giving standards compliance lip service. They're actually doing it. Again, we won't see this until beta 2 of IE, but they've said on the IE blog that a ton of that work has already been done. Lying about it would just make matters worse, so I see no reason to disbelieve them on this.
2 .aspx
0 5/07/05/
Have you read this?
http://blogs.msdn.com/ie/archive/2005/07/29/44524
Have you read this?
http://webstandards.org/press/releases/archive/20
I think Microsoft has finally realized just how behind the 8 ball they are, and realize they need to shore up their standards support to compete. So yes, it *IS* in their best interest to be standards compliant these days.
Maybe Microsoft is just pulling some collosal wool over many peoples (including those in the standards industry) eyes, but I don't think so.
Microsoft has turned 180 degrees on a dime before, and while they're much larger today than the last time, they seem to be taking it very seriously.
If you've been following the IE Blog, you know exactly what will be in IE7, and the vast majority of issues have already been fixed (we'll see them in Beta 2). While we don't have this "in our hands" it's not "proposed work" either.
If we get everything MS has said has already been done (and i see no reason to doubt them) then nearly all of your complaints are moot. Microsoft *IS* taking standards compliance seriously. They *ARE* fixing the problems in their browser. And they *ARE* taking security extremely seriously.
Burying your head in the sand and ignoring all the evidence, will put you in a very uncomfortable position when you can't deny it any longer.
My estimate of IE8 is based, again, on comments made on the IE blog. They're planning to fix (in post IE7 timeframe) the parser so that they can serve XHTML with the proper mime type, for instance.
The fact of the matter is, Microsoft has become a radically different company in the last few years. You might not see a lot of it in current products, but new products are going to be VERY different going forward.
And, this isn't "fanboy" comments either, though I may be giving them too much credit in regards to IE8, you are certainly ignoring everything.
You, sir, are incredibly ignorant of what MS is actually doing. You're going to be awfully surprised in a year or so.
Fact is, IE7 is going to be far more standards compliant, and IE8 is likely to be more compliant than FireFox.
By the way, NT4 is 10 years old, not 5. We're talking Linux kernel 1.x here.
That sounds more like a limitation of Apache to me. There are similar limitations with IIS (some stuff doesn't work under IIS6), but I consider that either a) a fault of the application and it should be fixed or b) a fault of the web server that should be fixed.
I've always considered Apache's modules to be too loosely versioned. one module can't specify to use a specific version of another module. Apache should be enhanced to provide that functionality rather than force users to jump through hoops.
This argument is like "Well, my apps crash when run on an OS that utilizes an MMU to control memory management, so those OS's suck and i'll just run my app on two different physical PC's to solve it".
You're logic is faulty. Your box is only as secure as its weakest link. If your dynamic site is compromised, it can compromise your entire computer, including your locked down site. This gives you a false sense of security.
Yes, with Apache you have to run multiple instances of Apache to run it under different user credentials, but not so with IIS. Each application can run with its own credentials.
And i don't consider managing multiple servers more "simple" than managing one.
No, I'm just asking why you would want to. Let me rephrase that as "Why should you HAVE to"?
I can't think of any situation where you would have to run two instances of apache or IIS to solve a problem. Sure, I can understand the "Because I WANT to, dammit" argument, but does doing that really solve any problems you can't do in a single instance?
Not that I can think of anyways.
That is a very complicated solution to a simple problem.
You can very easily run each version of your web app in different virutal sites in the same apache instance. You're going to have be convince me as to why it's necessary to run them under different instances.
Unlike Apache, IIS is far more configurable about it's "Application Pools" and can run them all as different uesrs, or different configurations or different security.
Why would you WANT to run two different versions of Apache? Other than, perhaps, if you're hacking on the source.
You can have as many sites running as you like under different ports and addresses in a single version of IIS or Apache.
Again, assuming a) you know how to do that, b) you remember to do that, c) aren't too lazy to do that, and d) you don't screw up while doing it.
There's lots of room for error in any human process. It's possible to automate it, i suppose, but most people would probably be upset if their word processor suddenly exits because an update happened in the background.
Don't get all defensive on me. I'm not saying that inodes are bad, just that there are trade-offs in manageability, security and stability vs flexibility here. It's not black and white.
While that's true, it can also get into some weird coherancy problems. Say you have a program that's multi-threaded. And, it uses a library like glibc. If that program is running when glibc is replaced, then one thread is running one verion of glibc and any new threads will run a different version. Maybe that will work fine, but maybe it won't, especially if you start passing data between threads. It also depends on whether file handles are duplicated or new ones opened.
This can also cause security issues. Suppose there's a security flaw in a library, like zlib or libpng, or something like that. Now, you update those libraries and think you're patched, but any programs had those libraries open won't get the fixes until they've been restarted, which might be a long time for some kinds of programs, leaving them vulnerable.
If you know what you're doing, and know what libraries are used by what programs, you can manually change that, assuming you don't make a mistake or forget.
Certainly the ability to replace an inode makes life easier for people, but it's one of those trade-off situations. And something that you have to consider before you proclaim that "not locking files is good". Not always.
No, I don't expect people export text into a page layout program.
In fact, Word works pretty well for page layout, so long as you only print to the device it was designed for. But at its heart, it's still a word processor, not a page layout program.
The problem here is that lots of people WANT word to repaginate for the device they're printing on. That's it's correct function, and the function it was designed for. Changing that function would break it for lots of people.
If, however, you want a program that guarantees precise page formatting will stay the same regardless of the output device, then you need to use a program that's designed for that, ie a page layout program.
What this boils down to is that different devices have a different idea about things like margins, font metrics, etc... a 10 point font on one printer can be the same as a 12 point font on a different one. Being a word processor, it relies on the printer font rendering when at all possible.
A page layout program, however, is different. It renders all fonts itself, thus it can guarantee that rendering will be identical (or as close as possible) on every device.
This is the difference between word processing and page layout, and why Word isn't a page layout program.
You seem to misunderstand the purporse of a word processor. A word processor takes text, applies styles, and paginates to fit the desired output device and paper size.
That's it. That's what a word processor does.
If you want page layout, use a page layout program instead. Don't try to fit a square peg in a round hole. All the other page layout style tools Word has are, in fact, attempts to make a word processor fit in a rount hole, and as you can tell, it just doesn't work very well.
If you turn Word into a page layout program, then it won't be a word processor anymore.
I know exactly what WYSIWYG means. You are aparently confused about what we're talking about. Word does print as you see on the screen. YOUR screen.
Word does not print the way you see on YOUR screen on someone elses computer, because the printer characteristics are different. It prints the way it looks on THAT computers screen.
While I agree with you that you CAN create good and maintainable and scalable code in PHP (as well as just about any language), the question is, does the language, common toolsets, and best practices promote good use of the language. Also, does the language allow simple and easily caught mistakes?
The lack of any real type safety in PHP makes it difficult to track down simple typos (for example, misspelling a variable name). I don't mean syntax errors, since those are easily caught, but typo's that are not syntax errors.
The lack of any real scope in functions and the ability to RAII also make it difficult. Debugging is also pretty difficult, even if you use commercial tools (ie Zend).
Indeed, nor does it stop people from trying to use Word as a page layout program.