> Is it really that PHP makes it that hard to be secure
Yes, it really is. Perl has had "taint mode" forever. This forces the programmer to validate all input before passing it to things like database queries or open(), system(), etc. Instead of a coding error causing you to lose all your data and take out your web server, the program will just exit. Having the compiler double-check your work is always easier than wondering if you got everything.
Adding to that is the fact that PHP has never had a sane database interface, even though it's freakin' designed to interface with databases! Code like: mysql_query("SELECT * FROM foo WHERE bar='". sqlClean($bar). "'") is just plain hard to read and is just plain prone to error. Give me something like query("SELECT * FROM foo WHERE bar=?", $bar) any day. The compiler should do the heavy lifting for me -- as a programmer I should worry about solving problems. Navigating through spaghetti like "'".clean($var)."'" is not something I ever want to do.
Obviously, this is just the tip of the iceberg... I could write 1000s of pages about PHPs failings.
> nor the iPod were conceived for the purpose of being able to install 3rd party applications
The iPod is pretty neat straight out of Apple, but the true possibilities of the device aren't really reached. Take a look at the Rockbox firmware for iPods -- it adds tons of features that Apple said were "technically impossible" or that "nobody wants". Right now I'm listening to a gapless FLAC album with a bit of crossfeed, and it's wonderful. Fuck you, Jobs. You don't know what I want. Stop telling me what to do!
With respect to phones, I think the iPhone is going to be a flop. When it's all said and done, it's a $3000 phone (can't get one without 2 years of Cingular's worthless service) that plays mp3s and has a calendar with pixmaps borrowed from OS X.
I'm holding out for Trolltech's Greenphone. It runs Linux, and the point is openness... you can recompile the kernel if you want! Paired with KDE 4, I think it's going to blow the iPhone out of the water... at least for people that want a useful, hackable mini-computer and not a $3000 status symbol.
Yeah, that's insane. It only works for one model, and it's EXPENSIVE. Dell's replicators work with pretty much every model of laptop, and they're pretty cheap. Cheap is good. Generic is good.
Exactly. If you have nothing to hide, why worry? In other news, all walls will be removed from your house and replaced with glass, and security cameras that monitor your every movie will be installed. If you're not doing anything wrong, you should be happy to have this opportunity to show the world!
Hi. The Department of Homeland Security is the government, not a private company. If an airline wants to see my ID, that's great. I can fly on his competitor instead.
> Why should everyone else pay for a docking connector that only a small percentage of users want? Is there even a docking connector that supports DVI, 800 Mbps Firewire, Gigabit Ethernet, USB and optical audio?
Uh, yes. The one that comes standard on every Dell (business) laptop. (No Firewire 800; but even Apple doesn't ship Firewire 800 anymore.)
www.youtube.com has address 208.65.153.251 www.youtube.com has address 208.65.153.253 www.youtube.com has address 208.65.153.241 www.youtube.com has address 208.65.153.242 www.youtube.com has address 208.65.153.245
> Seriously, what the sweet christ are people ironing PAPER PRODUCTS for? Sounds like a great way to start fires.
Most irons transfer heat via steam. Try lighting a glass of water on fire, and you'll see that this isn't as hazardous as you would guess. It is a waste of time, though.
Re:I've been using vi for so long...
on
The Birth of vi
·
· Score: 1
Well, some other editors anyway. Emacs uses C-n, C-p, C-f, C-b. Much faster than using the arrow keys. (Using C-h as backspace is also faster than hitting backspace.)
Speaking of which, who decided that vi would use hjkl instead of jkl;?
Well, it may be 8 seconds but I thought Apple computers were supposed to make my life EASIER. Why should I pay more for less features, even ones that I "don't" need?
Yes. Because there aren't wireless monitors. Nobody wants to sit at a desk all day staring at a 12" screen that's a centimeter away from the keyboard. Also, many enterprises require a wired Ethernet connection.
> Brian Kernighan wrote, "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it."
Basing your life on a cute saying is probably a bad idea.
> There's no excuse in this day an age for anything other than system software and utilities to be platform-dependent.
Yes there is. Having your code compile on another platform doesn't count as "platform independence". Apple users expect your app to integrate with their other Mac apps. If you've written your app according to MS's HIG, then it's not going to work. Now you have to maintain two user interfaces (and if you have a UNIX version, 3 or 4!). Making a crap product is easy these days, but it's still hard to make a good one.
Apple needs to put docking connectors on their laptops before they're going to be taken seriously in the enterprise. I switched from Apple to Dell for this reason alone. (OK, and Dells were $1000 cheaper at the time for the same system. Now that the price gap has closed, I'd be willing to switch back to Apple.)
Java is popular because strong typing prevents bad programmers from being stupid. If your application is designed by one intelligent architect, most of the coding can be done by code monkeys without causing too much damage (especially if the architecture team writes good automatic tests). With PHP, the code monkeys are going to make a mess. The compiler won't tell them that you can't return strings from functions that are supposed to return integers, etc. If it compiles, you know they're going to ship it. Java does strict checking and won't let people screw things up too badly.
OTOH, if your team is a bunch of good programmers, though, then Java's probably not a good solution. Use something like Perl or Haskell and everyone will be much happier. When you have people that know how to properly bend the rules and understand the consequences, Java is too constraining. (Which is why I use Perl for my personal projects. Wonderfully expressive.)
This is the usual troll comment that I hear, but honestly I've never seen a ripped TV show on youtube. 99% of the videos are of the "my cat is flushing the toilet" variety, but that's what I visit youtube for. If I wanted to watch shitty TV shows, I'd get them from Usenet. (But here's the thing... I don't want to watch them.)
My point was: it's easy for you to get that information if I don't make an effort to keep it away from you. If I tell you, then everybody will eventually know.
You wanting some information to be free and "information wants to be free" are two completely different concepts.
Slashdot Mirror
> Is it really that PHP makes it that hard to be secure
Yes, it really is. Perl has had "taint mode" forever. This forces the programmer to validate all input before passing it to things like database queries or open(), system(), etc. Instead of a coding error causing you to lose all your data and take out your web server, the program will just exit. Having the compiler double-check your work is always easier than wondering if you got everything.
Adding to that is the fact that PHP has never had a sane database interface, even though it's freakin' designed to interface with databases! Code like: mysql_query("SELECT * FROM foo WHERE bar='". sqlClean($bar). "'") is just plain hard to read and is just plain prone to error. Give me something like query("SELECT * FROM foo WHERE bar=?", $bar) any day. The compiler should do the heavy lifting for me -- as a programmer I should worry about solving problems. Navigating through spaghetti like "'".clean($var)."'" is not something I ever want to do.
Obviously, this is just the tip of the iceberg... I could write 1000s of pages about PHPs failings.
> nor the iPod were conceived for the purpose of being able to install 3rd party applications
The iPod is pretty neat straight out of Apple, but the true possibilities of the device aren't really reached. Take a look at the Rockbox firmware for iPods -- it adds tons of features that Apple said were "technically impossible" or that "nobody wants". Right now I'm listening to a gapless FLAC album with a bit of crossfeed, and it's wonderful. Fuck you, Jobs. You don't know what I want. Stop telling me what to do!
With respect to phones, I think the iPhone is going to be a flop. When it's all said and done, it's a $3000 phone (can't get one without 2 years of Cingular's worthless service) that plays mp3s and has a calendar with pixmaps borrowed from OS X.
I'm holding out for Trolltech's Greenphone. It runs Linux, and the point is openness... you can recompile the kernel if you want! Paired with KDE 4, I think it's going to blow the iPhone out of the water... at least for people that want a useful, hackable mini-computer and not a $3000 status symbol.
> So tell me, are Redhat producing updates for 10 year old linux installs?
Windows 2000 came out in 1997?
> attempted copyright infringement
No, it's called "conspiracy to conspire about thinking about thinking about a thought crime". Just turn yourself in now.
Nah, Google is going to rename Uranus in 2036 to end that stupid joke once and for all.
Yeah, that's insane. It only works for one model, and it's EXPENSIVE. Dell's replicators work with pretty much every model of laptop, and they're pretty cheap. Cheap is good. Generic is good.
Exactly. If you have nothing to hide, why worry? In other news, all walls will be removed from your house and replaced with glass, and security cameras that monitor your every movie will be installed. If you're not doing anything wrong, you should be happy to have this opportunity to show the world!
Hi. The Department of Homeland Security is the government, not a private company. If an airline wants to see my ID, that's great. I can fly on his competitor instead.
> Why should everyone else pay for a docking connector that only a small percentage of users want? Is there even a docking connector that supports DVI, 800 Mbps Firewire, Gigabit Ethernet, USB and optical audio?
Uh, yes. The one that comes standard on every Dell (business) laptop. (No Firewire 800; but even Apple doesn't ship Firewire 800 anymore.)
www.youtube.com has address 208.65.153.251
www.youtube.com has address 208.65.153.253
www.youtube.com has address 208.65.153.241
www.youtube.com has address 208.65.153.242
www.youtube.com has address 208.65.153.245
> Celine Dion has a song, "Le Fils De Superman" about this.
What's there to sing about? Lalala fell out the window lalalala?
> Seriously, what the sweet christ are people ironing PAPER PRODUCTS for? Sounds like a great way to start fires.
Most irons transfer heat via steam. Try lighting a glass of water on fire, and you'll see that this isn't as hazardous as you would guess. It is a waste of time, though.
Well, some other editors anyway. Emacs uses C-n, C-p, C-f, C-b. Much faster than using the arrow keys. (Using C-h as backspace is also faster than hitting backspace.)
Speaking of which, who decided that vi would use hjkl instead of jkl;?
Well, it may be 8 seconds but I thought Apple computers were supposed to make my life EASIER. Why should I pay more for less features, even ones that I "don't" need?
Yes. Because there aren't wireless monitors. Nobody wants to sit at a desk all day staring at a 12" screen that's a centimeter away from the keyboard. Also, many enterprises require a wired Ethernet connection.
> Brian Kernighan wrote, "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it."
Basing your life on a cute saying is probably a bad idea.
> There's no excuse in this day an age for anything other than system software and utilities to be platform-dependent.
Yes there is. Having your code compile on another platform doesn't count as "platform independence". Apple users expect your app to integrate with their other Mac apps. If you've written your app according to MS's HIG, then it's not going to work. Now you have to maintain two user interfaces (and if you have a UNIX version, 3 or 4!). Making a crap product is easy these days, but it's still hard to make a good one.
Apple needs to put docking connectors on their laptops before they're going to be taken seriously in the enterprise. I switched from Apple to Dell for this reason alone. (OK, and Dells were $1000 cheaper at the time for the same system. Now that the price gap has closed, I'd be willing to switch back to Apple.)
Java is popular because strong typing prevents bad programmers from being stupid. If your application is designed by one intelligent architect, most of the coding can be done by code monkeys without causing too much damage (especially if the architecture team writes good automatic tests). With PHP, the code monkeys are going to make a mess. The compiler won't tell them that you can't return strings from functions that are supposed to return integers, etc. If it compiles, you know they're going to ship it. Java does strict checking and won't let people screw things up too badly.
OTOH, if your team is a bunch of good programmers, though, then Java's probably not a good solution. Use something like Perl or Haskell and everyone will be much happier. When you have people that know how to properly bend the rules and understand the consequences, Java is too constraining. (Which is why I use Perl for my personal projects. Wonderfully expressive.)
> Discoveries such as these don't necessarily have to spell destruction to the world.
WON'T SOMEBODY PLEASE THINK OF THE TERRORISTS?
> Uhm, you might want to read up on what "fair use" means. It doesn't mean stealing.
And "piracy" means violently taking over a ship at sea. What's your point?
Pretty much every modern OS encrypts your swap. OpenBSD and most linux distros do, anyway.
This is the usual troll comment that I hear, but honestly I've never seen a ripped TV show on youtube. 99% of the videos are of the "my cat is flushing the toilet" variety, but that's what I visit youtube for. If I wanted to watch shitty TV shows, I'd get them from Usenet. (But here's the thing... I don't want to watch them.)
No, but it does mean that regular font styles stop working.
You misunderstood my comment.
My point was: it's easy for you to get that information if I don't make an effort to keep it away from you. If I tell you, then everybody will eventually know.
You wanting some information to be free and "information wants to be free" are two completely different concepts.