Re:Where's the security section of the book?
on
PHP 5 in Practice
·
· Score: 1
allow_url_include *is* Off by default. It's available since 5.2, which was released over 3 months ago. It's also PHP_INI_SYSTEM so you have to change it in your php/server config. There you are - shoot yourself in the foot made optional.
allow_url_fopen is still On by default, because it's used in fopen(), file_get_contents(),... You could turn it off and use i.e. curl, but that won't make the code more secure.
Re:As a longtime(past tense) PHP developer I can s
on
PHP 5 in Practice
·
· Score: 1
self:: in PHP is not the same as self. or this. in other languages. It seems like you're describing $this, which does refer to the current instance (you could call that late binding if you're into buzzwords).
Re:As a longtime(past tense) PHP developer I can s
on
PHP 5 in Practice
·
· Score: 0
no first-class functions (and no, create_function does not count) Not all programming languages have and need this.
no usable object-model (check out response of developer below!) self is bound at compile time. That's how it's defined. If you want to create active records like in Ruby just wait for PHP6 (currently the keyword is static).
problems with recursion Infinite recursion is a problem in all programming languages - and a mistake. Several extensions help to avoid the segfault.
countless other horrible mis-designed "features" (not even starting on the security problems) Check the dates of your bugs. For isset() use the magic method __isset(), the links in the second bug don't work, a static method doesn't have an instance and thus no $this. PHP 5 also warns about using a method as static without defining it as static.
Seems like you just want to use PHP as language X, which won't work and that's not PHPs fault. Use X and be happy.
Re:Where's the security section of the book?
on
PHP 5 in Practice
·
· Score: 1
Considering that PHP will let you do things like do external includes from other web servers that can modify your PHP environment, etc...
allow_url_include is Off in php.ini-recommended. You have to do something wrong to allow external includes.
PS: There's also a reader for your computer that takes a picture. Combine that with isightcapture and a little Dashboard widget and you could also use it on your Intel Mac.
They could not use a URN. The DTD is not only used as a namespace URI, but also to define some entities. Without the DTD a normal XML parser would fail if one of these entities is used. But most XML parsers only know how to open a local file or load one via HTTP. Both have defined URL schemes. Thus the only alternative would have been to use a file:// URI.
That's the problem with RSS 0.91. They wanted to make it easier for developer who know HTML 3.2 entities, but now they depend on the DTD. Of course feed readers should have a local copy of that DTD, like browsers, which don't need the HTML DTD to resolve the entities.
I must have missed the new administration. Since when is Bush the president of my lovely Country? And I thought Schüssel alone was bad enough, but it was clear he wouldn't work together with Gusenbauer. Still having him in a coalition with the Republicans instead of Hojac or Haider comes as a surprise. Or did we just get invaded and couldn't defend with the old Draken?
Let's take a look at the "php.ini-recommended" (could be the name means you should use it).
magic_quotes
magic_quotes_gpc = Off magic_quotes_runtime = Off magic_quotes_sybase = Off
register_globals
register_globals = Off
Only critical errors are reported
error_reporting = E_ALL
include($var.'/include.php');
allow_url_include = Off
The last one should get a fix in PHP 5.2.1 for data-URIs.
Input checking is difficult:... htmlentities()... htmlspecialchars()... strip_slashes() Which of these functions does input checking? None? Maybe http://php.net/ctype would help.
So how would you fix a function like "print". It shouldn't allow you to output invalid XML or HTML and prevent XSS,... You can't. You could add a mandatory parameter, that defines how you want to use it. What would change? The inexperienced programmer would use an other language.
In particular, the late static binding issue (if B extends A then A::staticFunc() ran as B::staticFunc() is ran under class A not B). It's like how it took MySQL took a decade to get stored procedures and views despite many people asking for it. Many people complain about the late static binding issue but last I knew it was still "it's a feature, not a bug."
Actually the only difference in PHP is the default mode being "output mode" instead of "code mode". Everything else is the same in every language. PHP might be easier to learn, so stupid people might like PHP better.
I do understand your point but it seems to me my point isn't clear to you.
Of course producing content does cost money. If someone demands money for it it's not ok to just download it.
But my problem is, that content can be free and gratis. If you tell everyone there is no such think as content free as in beer, like IFPI et al. does, people will think stuff under a creative common license can't be legal. IFPI has many websites and other stuff that educates people how you always have to pay for content, because producing it can never be gratis. And they don't want to mention free content or creative commons. Now people are afraid to copy my free content, because after all the newspapers can't be wrong, even if the articles are nothing more than a 1:1 copy of some IFPI papers.
If you want to tell people producing content can't be free for the producers or artists, also alway tell them some of them are nice people and don't care about getting any money - maybe just a bit famous. It works for open source software and many people got jobs through OSS.
I hope you now understand my view. People should enjoy content and not be afraid it could be illegal.
PS: I guess you could replace IFPI with RIAA. In Europe IFPI is just as bad and stupid.
You always argue with all or nothing. If some content is free it can be copied free of charge and the author doesn't have a problem, no he wants you to do that. That doesn't mean everybody has to do it and also not everything has to be free.
Know to the "everything costs money issue". Let's say I play golf and you watch me. The equipment costs money and I'd also pay a green fee. Now would you pay me just for seeing me doing my hobby? I guess not. Would I stop just because nobody pays me doing my hobby? Of course not. I'm not doing it for the others in the first place, I'm doing it for me.
But still if you watch me and think I'm good it make me proud of my skills. The same thing happens, when I give away my music for free, or my software, or my photos. I've already done that stuff just for fun, not caring about money.
There's only one exception. If you want to make money with my stuff I want a slice of that cake.
And if you don't mind I'll use free software and get free content without paying, ignoring the fact, that it does cost money to create. If the author thinks he can afford it I think he'll be ok.
Just because you aren't able to read doesn't mean I'm a liar. Cactus, megaphone and railroad tracks is exactly what EUR looks like if I write it with my toes.
Your question was "...ignore the fact that it takes money to create content. How do you get around this basic issue?". I showed you an easy way. So what has that to do with violating copyright? Your fact just isn't a fact.
For every musician, who sells records, there are five who just play and compose as a hobby. They don't want to get in the music business, because it wouldn't be about the fun anymore. And if only some of them release their stuff on the internet with a creative common license you'll get tons of free content.
They have fun, you get stuff you might like. Who is losing? The industry, who wants us to listen to some crap and sue us? I couldn't care less.
In Austria Ferry Ebert, who is famous for his vending machines, stopped producing them in 2002, because the changeover would have been to expensive. There went an almost 50 year old business with the new currency.
I would say her goal wasn't to defeat the Germans, but the Nazis. That's an important difference, because her birth place, Vienna, was part of the Third Reich. Many people in Third Reich had the same problems with the Nazis as her.
Slashdot Mirror
allow_url_include *is* Off by default. It's available since 5.2, which was released over 3 months ago. It's also PHP_INI_SYSTEM so you have to change it in your php/server config. There you are - shoot yourself in the foot made optional.
... You could turn it off and use i.e. curl, but that won't make the code more secure.
allow_url_fopen is still On by default, because it's used in fopen(), file_get_contents(),
self:: in PHP is not the same as self. or this. in other languages. It seems like you're describing $this, which does refer to the current instance (you could call that late binding if you're into buzzwords).
no first-class functions (and no, create_function does not count)
Not all programming languages have and need this.
no usable object-model (check out response of developer below!)
self is bound at compile time. That's how it's defined. If you want to create active records like in Ruby just wait for PHP6 (currently the keyword is static).
problems with recursion
Infinite recursion is a problem in all programming languages - and a mistake. Several extensions help to avoid the segfault.
countless other horrible mis-designed "features" (not even starting on the security problems)
Check the dates of your bugs. For isset() use the magic method __isset(), the links in the second bug don't work, a static method doesn't have an instance and thus no $this. PHP 5 also warns about using a method as static without defining it as static.
Seems like you just want to use PHP as language X, which won't work and that's not PHPs fault. Use X and be happy.
Considering that PHP will let you do things like do external includes from other web servers that can modify your PHP environment, etc...
allow_url_include is Off in php.ini-recommended. You have to do something wrong to allow external includes.
They could call it -ie-border-radius if they don't like implementing a working draft. But it's already defined: http://www.w3.org/TR/2005/WD-css3-background-20050 216/#the-border-radius It's very similar to -moz-opacity, which is now in the CR: http://www.w3.org/TR/2003/CR-css3-color-20030514/# transparency
That's very similar to Semacode. They have readers for your mobile phone and you can create tags on their homepage. As usual you can find more information at Wikipedia.
PS: There's also a reader for your computer that takes a picture. Combine that with isightcapture and a little Dashboard widget and you could also use it on your Intel Mac.
Oh cadet you should have known that's :8080 and not :8090. Port 8090 doesn't work in every quadrant.
They could not use a URN. The DTD is not only used as a namespace URI, but also to define some entities. Without the DTD a normal XML parser would fail if one of these entities is used. But most XML parsers only know how to open a local file or load one via HTTP. Both have defined URL schemes. Thus the only alternative would have been to use a file:// URI.
That's the problem with RSS 0.91. They wanted to make it easier for developer who know HTML 3.2 entities, but now they depend on the DTD. Of course feed readers should have a local copy of that DTD, like browsers, which don't need the HTML DTD to resolve the entities.
Somewhere in the middle != in the middle. So if Bobby gets 51% and Billy 49% it's still somewhere in between. You can weight the opinions.
http://maps.google.com/maps?q=vienna
It's not called Vienna VA.
I must have missed the new administration. Since when is Bush the president of my lovely Country? And I thought Schüssel alone was bad enough, but it was clear he wouldn't work together with Gusenbauer. Still having him in a coalition with the Republicans instead of Hojac or Haider comes as a surprise. Or did we just get invaded and couldn't defend with the old Draken?
BTW Austria is east of DC.
magic_quotes register_globals Only critical errors are reported include($var.'/include.php');
The last one should get a fix in PHP 5.2.1 for data-URIs.
Input checking is difficult:
Which of these functions does input checking? None? Maybe http://php.net/ctype would help.
So how would you fix a function like "print". It shouldn't allow you to output invalid XML or HTML and prevent XSS, ... You can't. You could add a mandatory parameter, that defines how you want to use it. What would change? The inexperienced programmer would use an other language.
In particular, the late static binding issue (if B extends A then A::staticFunc() ran as B::staticFunc() is ran under class A not B). It's like how it took MySQL took a decade to get stored procedures and views despite many people asking for it. Many people complain about the late static binding issue but last I knew it was still "it's a feature, not a bug."
And it's fixed in PHP6. So much for the decade.
Maybe Esser should change how he says things. Using words like "And now please die or just shut the fuck up. I am sick of morons like you who believe they can attack me without knowing the facts." doesn't help. He's just to much the "do what I say" type of person, but don't tell him or you're as stupid as all these PHP people.
I do understand your point but it seems to me my point isn't clear to you.
Of course producing content does cost money. If someone demands money for it it's not ok to just download it.
But my problem is, that content can be free and gratis. If you tell everyone there is no such think as content free as in beer, like IFPI et al. does, people will think stuff under a creative common license can't be legal. IFPI has many websites and other stuff that educates people how you always have to pay for content, because producing it can never be gratis. And they don't want to mention free content or creative commons. Now people are afraid to copy my free content, because after all the newspapers can't be wrong, even if the articles are nothing more than a 1:1 copy of some IFPI papers.
If you want to tell people producing content can't be free for the producers or artists, also alway tell them some of them are nice people and don't care about getting any money - maybe just a bit famous. It works for open source software and many people got jobs through OSS.
I hope you now understand my view. People should enjoy content and not be afraid it could be illegal.
PS: I guess you could replace IFPI with RIAA. In Europe IFPI is just as bad and stupid.
You always argue with all or nothing. If some content is free it can be copied free of charge and the author doesn't have a problem, no he wants you to do that. That doesn't mean everybody has to do it and also not everything has to be free.
Know to the "everything costs money issue". Let's say I play golf and you watch me. The equipment costs money and I'd also pay a green fee. Now would you pay me just for seeing me doing my hobby? I guess not. Would I stop just because nobody pays me doing my hobby? Of course not. I'm not doing it for the others in the first place, I'm doing it for me.
But still if you watch me and think I'm good it make me proud of my skills. The same thing happens, when I give away my music for free, or my software, or my photos. I've already done that stuff just for fun, not caring about money.
There's only one exception. If you want to make money with my stuff I want a slice of that cake.
And if you don't mind I'll use free software and get free content without paying, ignoring the fact, that it does cost money to create. If the author thinks he can afford it I think he'll be ok.
Just because you aren't able to read doesn't mean I'm a liar. Cactus, megaphone and railroad tracks is exactly what EUR looks like if I write it with my toes.
0.5 is not egual to 0.50. Depending on what's the task it can be the same for that task.
But the precision is different.
If you have 0.46 or 0.54 you'd round both to 0.5. Now let's say we multiple:
0.5 * 2 = 1
0.46 * 2 = 0.92 ~ 0.9
0.54 * 2 = 1.08 ~ 1
With 0.50 we'd have:
0.50 * 2 = 1.0
0.496 * 2 = 0.992 ~ 1.0
0.504 * 2 = 1.008 ~ 1.0
So if 0.5 isn't your end result you're better off using 0.50 (or whatever the value is) for you calculations and only round at the end.
I said $1 = 1.16 (euros - as Slashdot doesn't accept the euro symbol), ...
You can always use EUR as in EUR 1.16. Works with every charset and font.
Your question was "...ignore the fact that it takes money to create content. How do you get around this basic issue?". I showed you an easy way. So what has that to do with violating copyright? Your fact just isn't a fact.
For every musician, who sells records, there are five who just play and compose as a hobby. They don't want to get in the music business, because it wouldn't be about the fun anymore. And if only some of them release their stuff on the internet with a creative common license you'll get tons of free content.
They have fun, you get stuff you might like. Who is losing? The industry, who wants us to listen to some crap and sue us? I couldn't care less.
In Austria Ferry Ebert, who is famous for his vending machines, stopped producing them in 2002, because the changeover would have been to expensive. There went an almost 50 year old business with the new currency.
I would say her goal wasn't to defeat the Germans, but the Nazis. That's an important difference, because her birth place, Vienna, was part of the Third Reich. Many people in Third Reich had the same problems with the Nazis as her.