I suggest leaving it to the market to decide precisely because of this sort of issue
Justify that.
This issue is presently a public-relations problem with public-relations solution. So far, the strategy is to convince the user that they did something wrong and need more software. This works because the user tends to be under-educated, and because both competent and incompetent programmers are lock-step on message: programming is hard, you can't do it, and everyone makes mistakes.
I reject this premise, so I reject that the market should figure this out. We don't let anyone practice medicine and let the "market figure it out", nor do we let anyone practice law. Nor university professor, nor even the sale of many goods is possible without license, understanding and oversight.
Programming is hard; people have to be very clever, and have a very strong background in critical thinking, rigorous reasoning, and the scientific methods. Any programmer who says otherwise is incompetent; competent programmers do not make buffer overflows. Period.
What a load of crap. FORTH is as primitive and unsafe as they come and they don't have to deal with over/under flows the way incompetent C++ programmers have to.
If users knew that there was a corrolation between competence and bug-free and problem-free code, they'd stop accepting crap. Instead, there are a lot of programmers- some good, and some second rate, defending bugs and security problems as mere accidents at worst- the kind everyone makes.
Instead, we have this culture that has convinced the user to accept liability for the failure and weaknesses in the programmer. We have entire companies that sell additional buggy and broken software that promises "protection" from other buggy and broken software- locking the user into an otherwise invisible extortion racket.
Stop letting idiots near a compiler and the bugs will go away. Seriously.
E) All software becomes GPL; You can fix defects yourself, or hire anyone to fix them.
Entertaining liability is only material because companies hold a monopoly on the "right" to fix defects- whatever that means, whether it be mere "annoyances" or outright failures of engineering.
This essentially makes it a PR problem, where with the low cost and even lower expectations of a modern software world, you could sell a life support machine that killed its patients 100% of the time.
Remove the monopoly, and you'll see higher quality software for cheaper- with the best software people working harder for more money, and the rent-a-coders becoming completely obsolete.
Imagine someone had managed to patent the idea of setting up a universal directory of websites, searchable by keywords, and indexed for efficiency. Where would Google be today?
The same would be true of software, I would think.
Agreed. To that end I don't think that software can/should be patented, and that anything that can only ever be implemented in software shouldn't receive patent protection; nor should the software form of anything receive patent protection.
My point still holds, I think. Taking a laundry list of obvious things should not make it a patent. If one of them is non-obvious -- being able to boot from the backup, without restoring it, wasn't immediately obvious to me, but still doesn't seem very innovative -- then make that the patent. However, taking a bunch of already-known or immediately obvious techniques, and adding one trivial change, shouldn't be enough to declare a completely new patent.
I think I see your confusion now.
Someone who uses those technologies says, "well that's unclever. Had I a need for that outcome, I could've done that", but patents aren't a reward for cleverness.
That is, it's not the technologies themselves that are patented, but the need in combination with the process for satisfying that need. If you have a different need, or a different process it isn't covered under the same patent.
Interestingly, when using slightly different tools, but in the same process and for the same need, it usually is covered by the patent.
As a result, when any layman performs the overtness test, they try and figure out if the need is unique first, instead of what you're doing: looking at the technologies and implementations for cleverness.
Mathematics is a troubled area. It can't be both copyrightable and patentable; it cannot be both painting and invention. Something is clearly wrong here, and while it seems to me that they have more in common with a painting of a lightbulb than of a lightbulb itself, others find that line very blurry.
Nevertheless, very few patents can be used as striking weapons. Most of them are purely defensive- to say to a judge "we're as infringing on their patent X as they are on our patent Y".
We are talking about the ability to manipulate a buffer. Or to work with something half-downloaded. I have personally re-invented this concept,
Not exactly. TiVO's patent covers the fact that the buffer is temporary, how it's rotated out, and you should look them up if you want.
But I don't actually know enough about the patents in question. However, if the concept is simply "pausing live TV", then it absolutely was an obvious idea, in that anyone forced to use Linux video tools from that time period would likely have come up with the same thing.
Agreed.
That's why I'm pointing out, it isn't simply "pausing live TV". It isn't ever simply anything.
People get very worked up over the abstract of a patent. Read the claims.
Allow me to direct you to #6862681 on what is effectively "dd if=/dev/hda of=/media/my-flash-device/mbr.img bs=512 count=1"
No, it isn't, and that's my point. That patent could only be infringed by your dd if it also:
Updated a flag in bios indicating that this occurred
Was invoked by a special "recovery utility" by the user of the computer
The Bios could boot from the mbr.img file while on your flash device
A failure to boot message were based on the flag in bios
Amongst other things. Of course, you have to read the claims to see this.
I can't read the other one from here, but I'm sure it's a little more involved than the abstract. If I'm wrong in this particular case, it's probably an oversight and can/would be tested easily.
I could go on. And on. The fact is, the patent system is so thoroughly broken right now that my first reaction to just about any patent is to question whether or not it should actually be a patent
Well, I agree it's broken. Knee-jerk reactions don't however, help. Patents themselves aren't bad, and neither are companies who patent.
I think patenting mathematics is especially bad- which is why I oppose the MP3 patents. I don't however think that all patents are bad, nor do I think that just because a company has patents (and even litigates with them) that they are bad as well.
Not entirely complete, of course -- I'm not sure/dev/video exists, I don't know what xanim is, and there's the matter of whether it's actually mpeg. But the concept is, in fact, blindingly obvious.
Sorry, I think you're full of shit. Or you have a different incompatible definition of "obvious" that is different from the one the rest of us use. Obvious means Easily seen through because of a lack of subtlety and I'm afraid that to fail the overtness test, the thing that is claimed needs to lack these very subtleties.
Face it: TiVO invented something, they documented it, they patented it. Patents are a government-granted monopoly in exchange for inventions. Echostar looked at TiVO and copied it. Period.
For example: I consider playing mp3 files to be a goal. However, the mp3 format is patented, and any implementation must pay ridiculous licensing fees.
MP3 is patented by side-effect; The MP3 patent covers a particular wavelet function that mp3 decoders need to use. It's entirely possible there's another function that produces the same result, but it's not the act of playing wavelet-compressed sounds that's patented here.
So yes, I am kind of worried that TiVo's patents might cover, for example, MythTV.
I think the reason why has nothing to do with TiVO being litigous. Perhaps you simply hate patents, and hate TiVO because they patented something?
If you accept value of some patents, phrase the question thusly: Would MythTV have come up with the idea of pausing and rewinding live TV using the method described by TiVO *without* TiVO? The MythTV developers seem to think not, do you?
finding just the right material for the filament which would conduct, but not short out, wouldn't burn up immediately, and would provide a steady amount of light.
Ah no. There's a very old light bulb which demonstrates that there's a significant amount of wiggle room in both the manufacturing and the materials.
Which shows you how little judges -- or maybe just you -- know about the history of the light bulb. It absolutely was a simple idea. We already had candles, why not use electricity to provide light?
Ohh, you don't know what patents are.
You can't patent a mere idea. You patent an *invention*. It has to be something that can be built (although not necessarily work). You can't patent "making light from electricity" and perhaps this demonstrates why you're so hostile to patents (or maybe just TiVO). Nobody's patented "playing mp3 files" either.
Are you genuinely oblivious to these facts? Or are you just a asshole?
Patents can't protect a goal; the fact that you can meet a goal in another way doesn't infringe on the patent. What constitutes infringement is if they do it the same way, and since TiVO actually worked, while your idea only worked in theory, I'd say that they are different methods. It also is probably relevant that TiVO's method uses a circular buffer such that/var/spool/movie.mpeg doesn't grow without bound.
Of course, if I'm wrong, go offer your plan to Echostar. I'm sure that if you could prove to a judge that TiVO's idea existed and was trivial (perhaps with more time than you give to this reply) you'd probably be very valuable to them.
The other side you should be aware of is that I'm probably not wrong. You didn't have this idea until after 1997, and while you might be able to reinvent many (or even all) of the things TiVO did then, that only demonstrates that the implementation is trivial, not that the idea is.
Seriously, the implementation of a light bulb is trivial, but a Judge would laugh at you if you suggested the idea.
only the stupid ones and the unlucky ones get caught.
Not only do the stupid and unlucky ones get caught, we incarcerate them and pay to keep them alive. It seems like these people are more likely to escape the gene pool if we simply take the labels off things.
And have companies who sell operating system take some financial responsibility for future security.
Absolutely ridiculous. I've heard this before, and I think it makes as much sense as holding the door manufacturer responsible for home break ins.
Hyperbole notwithstanding, anyone can make a door and reasonably assess the security of a door themselves. Not everyone can make an operating system and reasonably assess the security of an operating system.
Confusing a door, which any idiot can make in an afternoon, with an operating system which takes billions of man-hours, seems incredible.
Microsoft has never claimed to be completely secure and they haven't made any contracts specifying that they should be.
Before people took claims about security seriously, the following nugget was available at: http://msdn.microsoft.com/isapi/msdnlib.idc?theURL=/library/backgrnd/html/iissecure.htmThis integration means IIS offers the same robust security that is built into Windows NT from the very core. Windows NT was created intending to meet the security criteria for the U.S. Government's C2 Security Evaluation. The critical need for an operating system to be designed for optimum security from the ground up was noted by the NCSC, which wrote in its Final Evaluation Report of the Windows NT operating system: "When security is not an absolute requirement of the initial design, it is virtually impossible through later add-ons to provide the kind of uniform treatment to diverse system resources that Windows NT provides." Can you seriously suggest that a person reading that shouldn't have any expectation of security or privacy using Windows? I realize this doesn't say "completely" secure, but do you think phrases like "optimum security" really excuse this?
You should take a serious look around at the company you're keeping; people apologizing for Microsoft: Here is a product which defiantly does what the user doesn't want and then blames the user for having other expectations.
Really, the fear of financial responsibility without the safety net of a monopoly might make Microsoft think twice about encouraging the development of ActiveX controls.
VxWorks is exactly the opposite of a microkernel. Everything, including application code, runs in kernel mode (unless you turn on the expensive RTP mechanism.) You link the OS into your application. OS calls are just subroutine jumps. This lack of overhead lets you run very fast, but if your application uses a bad pointer to trash something in an OS data structure, it can take weeks to find the bug.
Same as it is with MINIX 2.0 but people still call that a Microkernel.
I meant a port you can use to get power from. I only see powered USB ports on computers. Not cars, nor airplanes, nor clock radios, etc.
Oh well, that's quite different then.
I have however, seen clock radios and car radios with usb ports. I haven't been on a plane in a while, so I can't say anything about that, but I still don't think they're as uncommon as you might think.
NT (like OSX) has a microkernel, but the operating system isn't just the microkernel. Most of OSX (for example) actually runs on UNIX which runs as a single application of the microkernel. NT also has an enormous number of kernel-entry points which means that it too is a monlithic-kernel-based system that happens to run on a microkernel.
A real microkernel-based system will have a lot of the userland facilities designed to take advantage of message passing and will probably look more like HURD or Squeak than it will like NT or NeXT. QNX and VxWorks are the only successful microkernel-based systems that I'm aware of, and frankly both of them are losing big to Linux, so we might have to say were the only successful systems in the future...
I guess I've had a different experience-- the only thing I've seen with a USB port is a computer. I've seen cars, planes, clock radios, and a variety of consumer goods with iPod ports.
You might not have noticed it.
My GPS, and all four cell-phones (different brands: one RIM, two Motorola, one LG) in my house, and my bluetooth earbuds and headsets all have USB ports on them. It doesn't look like a type-B port but instead is a mini usb port. The manufacturers don't seem to advertise this port as a usb or data, but simply as the charger port. They do however, all seem to have the standard USB logo next to the port.
Actually, I said that PHP can't include files using require() from domains other than the one that is serving the requested file.
And you were wrong. PHP by default operated this way for a very long time, and had this as its documented behavior.
I stated that the settings you were naming are off by default.
Oh bullshit. First of all, the settings didn't used to be disabled by default- that's rather new. Bad engineering is bad engineering- it doesn't go away.
Apparently my comment went right over your head. I'll be more direct: Other people criticise PHP because you don't understand the little corner cases like this. Once they've been declared fixed, you conveniently forget any memory of there ever having been a problem. Because you don't know them, you'll deploy an application - broken by higher standards, and you will not know how to fix it. The php developers won't know how to fix it either because they're not any smarter than you are. Meanwhile, my servers will get hammered with udp floods from your attacker. You will cause me grief, and you'll weasel your way out of responsibility like you're doing right now.
you know what they say about winning an argument online.
Even if the language and implementation didn't suck, the model is still ancient and clunky. Heck, even Microsoft abandoned the ASP model in favor of ASP.NET over 6 years ago.
Well, not really. ASP.NET still makes many of the same mistakes that PHP does. While yes, it is possible to separate code and data for application, session, and documents, it still is easier to avoid making the distinction. This makes it impossible to tell what's a "safe" url, and to adequately describe what a document can do. PHP tried to introduce "safe mode" and "magic quoting", but because the semantics are simply too complicated for the people who need php to "just be easy", they don't get used, and because they don't get used, they don't save anybody anything. It's 2008 and new programs are still requiring register globals.
However, draconian approaches are possible: I wrote SiteSafe specifically to deal with this: Most PHP applications don't need to access the filesystem. They use MySQL calls so any access to the filesystem (besides sessions) is either the author updating the site, or its an attacker who has broken your application. SiteSafe can fix this problem easily by simply denying access to the filesystem.
PHP could do something more portably: Require a permissions mask be encoded at the top of every php tag that says what permissions would be required for the block. For example, <?php f=fopen("foo.txt","r") ?> could become <?php[open-existing-file-read] f=fopen("foo.txt","r") ?>. This would encourage programmers to do less in each block, and include better semantic signatures. Including all permissions would be more typing than they would ordinarily be willing, and automated tools could be made trivially to establish risk-vectors for PHP applications. Any attempt to set these permissions sitewide would put a red box at the top of every page that says This application is running with increased privileges so that the application author would be encouraged to audit and fix their application.
mysql_connect() is supposed to connect to a unix-domain socket, not an IP address.
Got a reference for that?
Sure.
From the MySQL manual says that will pull in defaults from my.cnf which by default indicates a unix-domain socket for access.
If you call mysql_connect() with no arguments, it does this. The additional arguments are for backwards compatability- they shouldn't be used in new programs. I recommend instead people rely on PHP's runtime configuration to specify the behavior of mysql as it makes it much easier to manage your application.
Socket based connections weren't added until 3.x.
PHP versions prior to PHP 3.0.10 are irrelevant. Nobody should be using PHP 3.0.10 for new programs.
As far as I know, you can't require() a file from a server other than the one that the current file was requested from.
...
Off by default. If you are experienced enough to turn it on, hopefully you are aware of the dangers of including files via a url.
Man up. You were wrong. You said PHP in a standard configuration can't read files over the network. Either you knew about it or you didn't, and it doesn't really matter which. You know now.
please, show me data that says using an IP address (127.0.0.1) is less secure than localhost.
I didn't say that. I said it was less secure than a unix-domain socket. An SSH user can disable their password so only an SSH key can be used to login. That user can disable access to their mysql image by TCP meaning that the only way to gain access to that mysql image is by breaking their account.
It's more secure than a password which can be brute-forced, and it can even be attacked by sideways vectors- maybe someone was able to read one of your files- something very common in a shared-hosting image. Any other user of that system could instruct apache to read out your database config file and steal your mysql password.
"Regular expressions are so prevalent"??? I have written stuff for Google Maps, Inform's API, CakePHP, e107, phpbb, punbb, and hundreds of other php junk and used regular expression maybe once. Could you please list any php app package that uses them heavily?
...
Again. You give extremely limited examples. I didn't say those packages didn't use regex. The original post said that PHP is flawed because it uses large amounts of it and I said that I doubt that. And again, your example shows a few lines in packages that are almost hundreds of files.
You can always argue whatever criterea you want for "large amounts of it". I never said anything about large amounts, nor size, simply that it was prevalent. That means that it is found or existing everywhere, not that the source files are mostly regular expressions.
As a complete programming noob looking to get into web-related design and things of that nature, what languages are good to start with and to branch to other languages? Would that be like C-> PHP -> SQL? What other languages apply and/or in what order are languages needed to learn to start to bring things together for well designed websites?
Stop looking at languages that way. They aren't like spoken languages- you cannot realistically speak one well enough to make up for the fact you can't speak any other. Programming languages are designed around the different shapes of algorithms- some programmers refer to these as patterns. Ideally, each language contributes some optimal representation of a pattern, and if it doesn't, you have to wonder about the usefulness of the language- especially more so if it isn't any more useful at anything than any other language.
Learn to read. A good way to do this is to learn Lisp (CL). It has no syntax to speak of, so you will be forced to grasp well the concepts behind programming. You can introduce language features as it becomes necessary, they have an excellent development environment, and it's easy to build web applications with it. You don't even have to download anything, you can try it right now.
I think because PHP *is* easy and approachable, and so when some guy has an idea for something he just starts building it. He doesn't have to hire a Java programmer at $80K a year to tell him how his idea is not going to work.
That's an interesting way to look at it.
I would look at it differently: If I wanted to be successful, would I use the same tools that all those unsuccessful people are using? Or would I use the tools that the successful people are using?
Slashdot Mirror
No.
Absolutely, but that has nothing to do with the UCC which covers commerce.
See, when you buy something, you have certain rights; it has to work as advertised, or the seller has to pay damages.
If someone gives you a car that doesn't work, versus someone selling you a car that doesn't work, would be closer to the analogy.
Justify that.
This issue is presently a public-relations problem with public-relations solution. So far, the strategy is to convince the user that they did something wrong and need more software. This works because the user tends to be under-educated, and because both competent and incompetent programmers are lock-step on message: programming is hard, you can't do it, and everyone makes mistakes.
I reject this premise, so I reject that the market should figure this out. We don't let anyone practice medicine and let the "market figure it out", nor do we let anyone practice law. Nor university professor, nor even the sale of many goods is possible without license, understanding and oversight.
Programming is hard; people have to be very clever, and have a very strong background in critical thinking, rigorous reasoning, and the scientific methods. Any programmer who says otherwise is incompetent; competent programmers do not make buffer overflows. Period.
What a load of crap. FORTH is as primitive and unsafe as they come and they don't have to deal with over/under flows the way incompetent C++ programmers have to.
If users knew that there was a corrolation between competence and bug-free and problem-free code, they'd stop accepting crap. Instead, there are a lot of programmers- some good, and some second rate, defending bugs and security problems as mere accidents at worst- the kind everyone makes.
Instead, we have this culture that has convinced the user to accept liability for the failure and weaknesses in the programmer. We have entire companies that sell additional buggy and broken software that promises "protection" from other buggy and broken software- locking the user into an otherwise invisible extortion racket.
Stop letting idiots near a compiler and the bugs will go away. Seriously.
E) All software becomes GPL; You can fix defects yourself, or hire anyone to fix them.
Entertaining liability is only material because companies hold a monopoly on the "right" to fix defects- whatever that means, whether it be mere "annoyances" or outright failures of engineering.
This essentially makes it a PR problem, where with the low cost and even lower expectations of a modern software world, you could sell a life support machine that killed its patients 100% of the time.
Remove the monopoly, and you'll see higher quality software for cheaper- with the best software people working harder for more money, and the rent-a-coders becoming completely obsolete.
Complain to NVidia.
Seriously.
You'd complain if they did that on Windows.
If enough people complain, they might fix it.
I gave up a long time ago, and I only buy hardware that works on the system I want to use.
By the way, using Xdmx might work as a stopgap until NVidia fixes their problem.
Someone who uses those technologies says, "well that's unclever. Had I a need for that outcome, I could've done that", but patents aren't a reward for cleverness.
That is, it's not the technologies themselves that are patented, but the need in combination with the process for satisfying that need. If you have a different need, or a different process it isn't covered under the same patent.
Interestingly, when using slightly different tools, but in the same process and for the same need, it usually is covered by the patent.
As a result, when any layman performs the overtness test, they try and figure out if the need is unique first, instead of what you're doing: looking at the technologies and implementations for cleverness.
Mathematics is a troubled area. It can't be both copyrightable and patentable; it cannot be both painting and invention. Something is clearly wrong here, and while it seems to me that they have more in common with a painting of a lightbulb than of a lightbulb itself, others find that line very blurry.
Nevertheless, very few patents can be used as striking weapons. Most of them are purely defensive- to say to a judge "we're as infringing on their patent X as they are on our patent Y".
That's why I'm pointing out, it isn't simply "pausing live TV". It isn't ever simply anything.
People get very worked up over the abstract of a patent. Read the claims.No, it isn't, and that's my point. That patent could only be infringed by your dd if it also:
- Updated a flag in bios indicating that this occurred
- Was invoked by a special "recovery utility" by the user of the computer
- The Bios could boot from the mbr.img file while on your flash device
- A failure to boot message were based on the flag in bios
Amongst other things. Of course, you have to read the claims to see this.I can't read the other one from here, but I'm sure it's a little more involved than the abstract. If I'm wrong in this particular case, it's probably an oversight and can/would be tested easily.Well, I agree it's broken. Knee-jerk reactions don't however, help. Patents themselves aren't bad, and neither are companies who patent.
I think patenting mathematics is especially bad- which is why I oppose the MP3 patents. I don't however think that all patents are bad, nor do I think that just because a company has patents (and even litigates with them) that they are bad as well.
Face it: TiVO invented something, they documented it, they patented it. Patents are a government-granted monopoly in exchange for inventions. Echostar looked at TiVO and copied it. Period.MP3 is patented by side-effect; The MP3 patent covers a particular wavelet function that mp3 decoders need to use. It's entirely possible there's another function that produces the same result, but it's not the act of playing wavelet-compressed sounds that's patented here.I think the reason why has nothing to do with TiVO being litigous. Perhaps you simply hate patents, and hate TiVO because they patented something?
If you accept value of some patents, phrase the question thusly: Would MythTV have come up with the idea of pausing and rewinding live TV using the method described by TiVO *without* TiVO? The MythTV developers seem to think not, do you?Ah no. There's a very old light bulb which demonstrates that there's a significant amount of wiggle room in both the manufacturing and the materials. Ohh, you don't know what patents are.
You can't patent a mere idea. You patent an *invention*. It has to be something that can be built (although not necessarily work). You can't patent "making light from electricity" and perhaps this demonstrates why you're so hostile to patents (or maybe just TiVO). Nobody's patented "playing mp3 files" either.
Are you genuinely oblivious to these facts? Or are you just a asshole?
Or did you meant not to be taken literally?
Patents can't protect a goal; the fact that you can meet a goal in another way doesn't infringe on the patent. What constitutes infringement is if they do it the same way, and since TiVO actually worked, while your idea only worked in theory, I'd say that they are different methods. It also is probably relevant that TiVO's method uses a circular buffer such that
Of course, if I'm wrong, go offer your plan to Echostar. I'm sure that if you could prove to a judge that TiVO's idea existed and was trivial (perhaps with more time than you give to this reply) you'd probably be very valuable to them.
The other side you should be aware of is that I'm probably not wrong. You didn't have this idea until after 1997, and while you might be able to reinvent many (or even all) of the things TiVO did then, that only demonstrates that the implementation is trivial, not that the idea is.
Seriously, the implementation of a light bulb is trivial, but a Judge would laugh at you if you suggested the idea.
Otherwise would you shut the fuck up please?
Confusing a door, which any idiot can make in an afternoon, with an operating system which takes billions of man-hours, seems incredible.Before people took claims about security seriously, the following nugget was available at: http://msdn.microsoft.com/isapi/msdnlib.idc?theURL=/library/backgrnd/html/iissecure.htm This integration means IIS offers the same robust security that is built
into Windows NT from the very core. Windows NT was created intending to meet
the security criteria for the U.S. Government's C2 Security Evaluation. The
critical need for an operating system to be designed for optimum security
from the ground up was noted by the NCSC, which wrote in its Final
Evaluation Report of the Windows NT operating system: "When security is not
an absolute requirement of the initial design, it is virtually impossible
through later add-ons to provide the kind of uniform treatment to diverse
system resources that Windows NT provides." Can you seriously suggest that a person reading that shouldn't have any expectation of security or privacy using Windows? I realize this doesn't say "completely" secure, but do you think phrases like "optimum security" really excuse this?
You should take a serious look around at the company you're keeping; people apologizing for Microsoft: Here is a product which defiantly does what the user doesn't want and then blames the user for having other expectations.
Really, the fear of financial responsibility without the safety net of a monopoly might make Microsoft think twice about encouraging the development of ActiveX controls.
Done.
Vxworks "processes" can see each others memory. I don't think hardware isolation is a requirement of a microkernel.
I have however, seen clock radios and car radios with usb ports. I haven't been on a plane in a while, so I can't say anything about that, but I still don't think they're as uncommon as you might think.
NT (like OSX) has a microkernel, but the operating system isn't just the microkernel. Most of OSX (for example) actually runs on UNIX which runs as a single application of the microkernel. NT also has an enormous number of kernel-entry points which means that it too is a monlithic-kernel-based system that happens to run on a microkernel.
A real microkernel-based system will have a lot of the userland facilities designed to take advantage of message passing and will probably look more like HURD or Squeak than it will like NT or NeXT. QNX and VxWorks are the only successful microkernel-based systems that I'm aware of, and frankly both of them are losing big to Linux, so we might have to say were the only successful systems in the future...
My GPS, and all four cell-phones (different brands: one RIM, two Motorola, one LG) in my house, and my bluetooth earbuds and headsets all have USB ports on them. It doesn't look like a type-B port but instead is a mini usb port. The manufacturers don't seem to advertise this port as a usb or data, but simply as the charger port. They do however, all seem to have the standard USB logo next to the port.
Apparently my comment went right over your head. I'll be more direct: Other people criticise PHP because you don't understand the little corner cases like this. Once they've been declared fixed, you conveniently forget any memory of there ever having been a problem. Because you don't know them, you'll deploy an application - broken by higher standards, and you will not know how to fix it. The php developers won't know how to fix it either because they're not any smarter than you are. Meanwhile, my servers will get hammered with udp floods from your attacker. You will cause me grief, and you'll weasel your way out of responsibility like you're doing right now.that at least I'm not Chris Thompson?
However, draconian approaches are possible: I wrote SiteSafe specifically to deal with this: Most PHP applications don't need to access the filesystem. They use MySQL calls so any access to the filesystem (besides sessions) is either the author updating the site, or its an attacker who has broken your application. SiteSafe can fix this problem easily by simply denying access to the filesystem.
PHP could do something more portably: Require a permissions mask be encoded at the top of every php tag that says what permissions would be required for the block. For example, <?php f=fopen("foo.txt","r") ?> could become <?php[open-existing-file-read] f=fopen("foo.txt","r") ?>. This would encourage programmers to do less in each block, and include better semantic signatures. Including all permissions would be more typing than they would ordinarily be willing, and automated tools could be made trivially to establish risk-vectors for PHP applications. Any attempt to set these permissions sitewide would put a red box at the top of every page that says This application is running with increased privileges so that the application author would be encouraged to audit and fix their application.
Of course, PHP developers don't know how to add two numbers so I doubt this would ever happen...
From the MySQL manual says that will pull in defaults from my.cnf which by default indicates a unix-domain socket for access.
If you call mysql_connect() with no arguments, it does this. The additional arguments are for backwards compatability- they shouldn't be used in new programs. I recommend instead people rely on PHP's runtime configuration to specify the behavior of mysql as it makes it much easier to manage your application.PHP versions prior to PHP 3.0.10 are irrelevant. Nobody should be using PHP 3.0.10 for new programs.
It's more secure than a password which can be brute-forced, and it can even be attacked by sideways vectors- maybe someone was able to read one of your files- something very common in a shared-hosting image. Any other user of that system could instruct apache to read out your database config file and steal your mysql password.
Learn to read. A good way to do this is to learn Lisp (CL). It has no syntax to speak of, so you will be forced to grasp well the concepts behind programming. You can introduce language features as it becomes necessary, they have an excellent development environment, and it's easy to build web applications with it. You don't even have to download anything, you can try it right now.
I would look at it differently: If I wanted to be successful, would I use the same tools that all those unsuccessful people are using? Or would I use the tools that the successful people are using?