That is not true, banks over here (UK) do phone you up and ask for personal information for security reasons because they cannot discuss your account due to data protection laws.
This is how a usual phone call goes: Bank: Good afternoon, I'm calling from Abc123 Bank, please can you confirm your date of birth and address. Me: Err, are you kidding. Which department are you in and what's your name and I'll call you back. Bank: I'm sorry, I can't go any further unless you confirm your date of birth and address. Me: Can I have a number to call you back on?.... bzzp....
When I do actually give my dob & address out they go on as normal with whatever issue they have with my account.
The real problem happens when I phone them up about my account, want to increase/decrease my overdraft? want to change my address? want to order a credit card?
Me: Hey, I'd like to increase the overdraft on my account. Bank: Ok, can we have your sort code, account number and for security your date of birth?
See the problem there? These are things that are widely accepted as security questions, and (in my experience atleast) it's fairly rare to have to go through a second line of security such as confirming previous addresses or account balance.
It's a catch 22 situation, banks wont talk about their account until you confirm your identity, they aren't allowed to answer security questions about my account to confirm their identity because of data protection.. and ANYBODY could phone me up at any time and pretend to be my bank given just a small amount of semi-public information, but it's me that's expected to give in and just tell them whatever they want.
And please don't say this doesn't happen in real life, I've seen it happen, I've nearly been a victim myself and another person I know had this happen to them.
Atleast two or three years ago in the UK a new type of lollypop started being sold, basicly you stick it in your mouth and it plays some cheesy music that only you can hear, this tech has been around for a while and is well developed enough to be made into a cheap throw away childrens toy.
Personally, $200 for this seems a bit expensive, and I can get closer to appearing more schizophrenic than when I'm wearing a bluetooth headset:D Nothing like raising your arms in anger and shouting 'what the fuck did you do that for!' to yourself in the middle of a crowded train carriage to get attention.
Although you're taking it to extremes with something that's designed souly to injure and/or kill, cellphones have lots of uses, and although it's possible to kill somebody with one I really don't think that's the issue here.
Lets stop people from carrying pornography on them as it may fall out of their bag and cause mental anguish to passers by for the rest of their lives.
The point is cellphones are widely accepted and used, but piss people off in cinemas, churches and other places where concentration or quiet is needed; schools need step back from their authoritarian power trip and just deal with it as they've been doing for the past few hundered years (e.g. if you piss of the teacher you get beaten/caned/detention depending on which century you were born in).
Everybody has things that other people don't and shouldn't need to know about, what if a teacher sees a picture of a 14 year olds girlfriend naked on their confiscated mobile phone or if a mother has sent a txt message about something highly confidential (e.g. clinic appointment, death etc.).
Is it the fault of the language when a lot of open source applications are written poorly?
To an extent yes, but it's one of those things that anybody with a clue will get past very quickly and get to a stage where these things are avoided. But you're forgetting that compared to Perl and the absolute crapload of different libraries available in the CPAN repository, you're essentially programming on a skeleton framework, much like Perl quite a few years ago.
I'm not trying to defend PHP - there are some weird things that people won't fix because there's too much code which already uses those bugs (although take a look at what their doing with PHP 6), but if something's tedious or error prone you do _your job_ as a programmer and make a better solution.
Prepared statements (either emulated or DB native) are trivial to implement a wrapper for (PDO, Creole etc.) and there are literally hundereds of others out there, mail().. a nice OO wrapper makes it more understandable to use and avoids those problems.
strict & warnings, not in the same way as it's implemented in Perl, but at the end of the day if the programmers is turning errors off then it's they that are at fault, not the language. As for tainted variables, I implemented tainted strings & arrays - take a look at a quick patch with the rest of it really ending up adding the taint flag to variables as their coming into the engine.
Trustudio's PHP IDE is ok, but way behind the competition and hardly a finished product (their charging licensing for a beta version!).
On the other hand I've been using NuSphere's PHPed and Zend's own ZendStudio for quite a while now, they both support remote debugging, the latest version of PHP, version control and code profiling and are both much more advanced and stable compared to Trustudio.
PHP is no longer a baby language, and although it really annoys me sometimes (hello! no multiple inheritance or large integer/floating point number support) big real world applications are being written in it and most times I consider it much cleaner than Java when you know what you're doing.
It's the age old thing, if you make it easier for good programmers to program, they'll get working code out of the door with much less bugs compared to a stricter language. It's quick and at times dirty, but it's understandable, you can apply [insert buzzword here] with little to no effort and it runs on most of the world's web hosting servers.
For example, move from C to C++ and you will almost certainly be more productive, from C to D, from C++ to Java, from Bash to TCL, from Java to PHP.. you get the picture. When I've got a tight deadline and lots of features to implement, I'm going to want to do it in whichever language is most productive, this is why you see people adding backend JavaScript/BSH support to their J2EE webapps *laugh*.
And the copy of Opera 9 I'm running now has been on the go for the past 4 days, I'm a 'heavy user' and it's seen some action.. yet it's still hovering at ~160mb usage.
If you take into consideration how much I use it compared to the other programs and how much I value it in my day to day business, I'm perfectly happy setting aside 5-10% of my systems memory. If it were to start climbing into the mid 300-400mb range *cough*firefox*cough* then I'd start to get concerned.
Uhh, this is a technology site for nerds isn't it? I was expecting a real review of a web browser, not this pseudo-tech magazine style 'yes this product exists' kind of review. The amount of times he mentions 'feature complete' also really bugs me.
Review Outline:
- They scraped some of the crap off IE 6
- They've "improved it under the cover".
- It's now got features that most other browsers have.
- It'll be released when vista comes around.
What the review should've had:
- Memory usage comparisons
- Backwards compatibility
- Some screenshots of how it miserably fails the ACID2 test.
- Does it finally have 32-bit colour PNG support?
- Whats all this 7+ crap and why is it different?
Sorry Paul you're coming across as a hardcore Microsoftie in it for the money rather than trying to give an honest opinion, hope you make lots of money from advertising, but this is a piss poor review.. maybe I should so it to my grandma so she's got something to discuss while she's getting her hair done!
Here here, this is the same company that fixed the price of most dialup services in the UK (read non-0845 services), then promoted their horribly under-reliable service with nightmarish support for just a little less (or trying to pursuade you to setup an account when you setup your phone line).
Then did the same with ADSL, while I could get 25mbit in France for 30 euro, I was paying ~30 euro for 256kbit in the UK when the bandwidth used by the people in France was likely passing THROUGH the UK before getting to America, so they can't bitch about bandwidth being too expensive.
In my latest flat I phoned up BT to get a phone line, 75 quid and about two weeks to get it installed.. Called up NTL instead and had phone and 2mbit cable within the week without any additional charges. BT can do anything they want to try and improve their image, but as long as they still fuck customers over there will still be web forums full of thousands of angry customers.
There was one of these late-night Open University* programs on a few years ago that covered something very similar (although I suspect a little less advanced).
Basicly people were sat infront of a screen and displayed keywords, pictures of people or places etc. and had the general level of electrical avtivity going on in their brains recorded. Later on the activity log was matched against the timeline of what they were looking at and you could very clearly see the difference between questions that had no relation to them and questions that did.
It's not a magic solution to interigation, but if you ask the right questions properly (which includes things that they know nothing about, or for example showing pictures of cute puppies or family members etc.) then it could really help as there's no known way to control these specific reactions (as it's possible with traditional lie detectors.
I'm sure the professor was an American, but I can't remember his name.. any help finding how this progressed and how it compares to what's discussed in the article would be cool.
* To you non-british people, the OU is a university in which you can study at home/abroad and shows educational material late at night on the 'public' TV channels.
I don't think the parent was referring to a banner advert for child porno, but legal over 18 porno. In the states (not sure about the UK) you need to have some sort of copy of the models ID and a statement of some sort before filming/photo session can start.
This is because women & men were entering the porn industry at 16/17 if they lied about their age, then people were being arrested under child porn laws later on. Sure now they can provide fake ID and just say their 18 or over, but the people producers/distributers have a signed statement and copy of the ID which should indemnify them from legal action.
Why on earth would anybody want to prosecute me for ripping my cds to play on my mp3 player or to listen to while I'm at work, or for burning my mp3s so I can listen to them in the car...
This isn't news here in the UK, I'm not really sure about the U.S. but if it is then whoah! there are seriously bigger issues that need to be looked at here.
Ok, so apart from a lot of native-language support for the product there's one other thing you have to consider.
Out of the two X11 'desktops' out there, KDE and Gnome which one is not an absolute pain in the arse to deploy and lock down in an enterprise?
I'd have though KDE's Kiosk mode would be a big factor considering their moving from CDE, along with the fact that custom apps in QT are a breeze compared to GTK.
I did that recently actually while in hospital, after about two weeks I was really starting to feel very very stressed.
I don't think that it was actually the lack of internet use that was causing it though, at the same time I'd given up smoking (after about 5 years of smoking heavily), and was under the impression that 1) there was a computer somewhere with internet access in the hospital and 2) I'd be able to find an internet cafe.
Neither worked out and I ended up being given the runaround by hospital workers who either didn't speak English or all gave me conflicting answers. But to this day I haven't started smoking again (and I'm presuming my willpower is a bit stronger than others).
There's a problem here, we already have an open standards based telephony standard, that allows custom application developers and users to customize their telephones.
"This is no small thing. Right now, for example, most of the mildly interesting stuff consumers can do with their phones - call waiting, caller ID, call forwarding - is programmed right into the big computers that route calls around the network. That makes it virtually impossible for some entrepreneur in a garage or some teenager tinkering at his computer to develop a new phone service."
While on the other hand, with SIP and IAX you can do whatever you want.. today! As we speak I have an Asterisk server with a Cepstral auto attendant connected to a PSTN gateway.. Voicemail. call forwarding, location tracking (e.g. at lunch it directs calls to my mobile/cell phone).
Knowing BT's history with pricing and service quality I'd stay fairly clear from this. (For the record, BT's customer support and internet services are appallingly bad, and compared to existing SIP to PSTN or even Skype their international calling rates are very high).
BT's problems are deeply routed in the way they do business with their infrastructure services, to mention a few: price fixing and their 'modular' internal structure... In short it means everybody offers ADSL at the same price, apart from them.. and their Billing, Broadband, Dialup and Telephone departments seem to rely in pidgeons or paper cups on strings to communicate with each other!
So your suggesting that security professionals will never experiment?
If I were trying to keep an edge in the mobile anti-virus market, one of the first thing I'd do would be to get out there and gather as much information as possible, work out some statistics, most popular models etc.
You must work at one of these new-fangled IP firms with zero R&D budget!
Ahah, then move to Egypt where you could live very happily for a whole lifetime on a million dollars with nothing but verbal contracts with Arabic farmers to track where it's all going.
A million dollars is great, but in most of the western world you can spend it too quickly (you should talk to Jennifer Lopez' accountant I'm sure he'll give you a few spending tips).
There is a huge difference, what you are suggesting is that AllofMp3.com is selling them at 'market rate' and we're just using their economy to our advantage. This would be similar to bringing back DVDs from your holiday in India, or buying cigarettes in Europe to avoid the extortionate UK taxes.
What AllofMp3.com are doing is completely different, it's like buying packets of cigarettes for 5p each, or 20 DVDs for a pound, prices that are well below what it actually cost to make/market.. simply because to them it's effectively free!
I agree that international sales are good, I used to be a user of cdnow or cdwow (or whatever it was called) which would ship DVDs/CDs to the UK at US (or was it Hong-Kong) prices, and from my perspective that's fine because it's still a legal product.
I'm not going to argue that every mp3 sold on AllofMp3.com is a lost sale of a legitimate copy, but considering how much money gets filtered out by the recording/music industry before it gets to the original artist means that you could very likely setup a legitimate artist to customer music selling website for say 10-20p a track and they'd be better off compared to now.
magic_quotes_gpc (GET/POST/COOKIES) automatically filters any data coming in from the user in the form of GET/POST (e.g. the querystring and form submissions) and cookies.
All it does is search for single quotes and escape them with a back slash, so if the variable were ever to be included in part of a SQL query it wouldn't be vulnerable to the more common types of SQL injection bug.
The problem is this promotes lazy coding and acts as (like I said) a safety net allowing programmers to pass user-input directly into a SQL query without worrying about the concequences.
It provides security, but the wrong kinda security.. it's the last-minute fix you'd do if you found out you made a huge design mistake a week after releasing a product, but which was included in for a number of years because some people now depend on it.
PHP is still relatively immature compared to Perl and Python, with (in my view) it only really becoming suitable for large commercial projects a year or two ago.
Your examples: - Google: They use whatever language they want, they've been around since ~1998 when PHP was still a little baby.
- bbc.co.uk - As far as I remember we're looking at progressive development from ~1995, around the time when PHP was only a sparkle in the postmans eye, they've got some very skilled Perl guys and smart sysadmins with years of work already in Perl.
- Slashdot - ~1997 and started out as slow as molasses regular Perl CGI, anybody working on the same website for ~9 years in any language should be able to make it run like a dream.
- Wikipedia ~2001, with initially being implemented in PHP in ~2002 and clustered in ~2003. Running large websites is damn hard, and your exaggeration of the problems is overrated.
When you run into large amounts of traffic the language becomes a small part of the equation, Microsoft.com was running on VBScript (and C++) for several years, most of Yahoo is running on PHP...
On a day to day basis I'm dealing with systems written by other people, which are held together by duct tape, spit and good-will. PHP is a productive language, just as to a C/C++ developer Python/Ruby etc. is also productive and can lead to very good results.
The problem is when you get pseudo-programmers writing code which uses 'magic_quotes_gpc' as a safety net among other things, and come PHP 6 the 'shit will hit the fan' when everybody realises that with this automatic escaping functionality isn't there any more and their web applications are open for the world to abuse.
I think MySQL should be kept out of the question as it's more coincidence that it ended up being a PHP bed fellow, when PostgreSQL could've been in with a chance given the right circumstances.
At the end of the day bad programmers will write bad code, it's just easy to learn languages (such as Basic and PHP) means they can write more bad code a lot quicker with (arguably) more negative impact when it folds in on it'self.
Slashdot Mirror
That is not true, banks over here (UK) do phone you up and ask for personal information for security reasons because they cannot discuss your account due to data protection laws.
.... bzzp ....
This is how a usual phone call goes:
Bank: Good afternoon, I'm calling from Abc123 Bank, please can you confirm your date of birth and address.
Me: Err, are you kidding. Which department are you in and what's your name and I'll call you back.
Bank: I'm sorry, I can't go any further unless you confirm your date of birth and address.
Me: Can I have a number to call you back on?
When I do actually give my dob & address out they go on as normal with whatever issue they have with my account.
The real problem happens when I phone them up about my account, want to increase/decrease my overdraft? want to change my address? want to order a credit card?
Me: Hey, I'd like to increase the overdraft on my account.
Bank: Ok, can we have your sort code, account number and for security your date of birth?
See the problem there? These are things that are widely accepted as security questions, and (in my experience atleast) it's fairly rare to have to go through a second line of security such as confirming previous addresses or account balance.
It's a catch 22 situation, banks wont talk about their account until you confirm your identity, they aren't allowed to answer security questions about my account to confirm their identity because of data protection.. and ANYBODY could phone me up at any time and pretend to be my bank given just a small amount of semi-public information, but it's me that's expected to give in and just tell them whatever they want.
And please don't say this doesn't happen in real life, I've seen it happen, I've nearly been a victim myself and another person I know had this happen to them.
Atleast two or three years ago in the UK a new type of lollypop started being sold, basicly you stick it in your mouth and it plays some cheesy music that only you can hear, this tech has been around for a while and is well developed enough to be made into a cheap throw away childrens toy.
:D Nothing like raising your arms in anger and shouting 'what the fuck did you do that for!' to yourself in the middle of a crowded train carriage to get attention.
Personally, $200 for this seems a bit expensive, and I can get closer to appearing more schizophrenic than when I'm wearing a bluetooth headset
I'm sorry that I wasn't able to teach myself to read and write English quite as well as everybody else.
Here Mr Nazi, 'Solely'
Although you're taking it to extremes with something that's designed souly to injure and/or kill, cellphones have lots of uses, and although it's possible to kill somebody with one I really don't think that's the issue here.
Lets stop people from carrying pornography on them as it may fall out of their bag and cause mental anguish to passers by for the rest of their lives.
The point is cellphones are widely accepted and used, but piss people off in cinemas, churches and other places where concentration or quiet is needed; schools need step back from their authoritarian power trip and just deal with it as they've been doing for the past few hundered years (e.g. if you piss of the teacher you get beaten/caned/detention depending on which century you were born in).
Everybody has things that other people don't and shouldn't need to know about, what if a teacher sees a picture of a 14 year olds girlfriend naked on their confiscated mobile phone or if a mother has sent a txt message about something highly confidential (e.g. clinic appointment, death etc.).
So I wake up this morning, slippers on, cuppa tea, bit of slashdot.. Australia Wants To..
Bwahahahaha
Seriously though, who's been playing buzzword bingo with the polititions again!
To an extent yes, but it's one of those things that anybody with a clue will get past very quickly and get to a stage where these things are avoided. But you're forgetting that compared to Perl and the absolute crapload of different libraries available in the CPAN repository, you're essentially programming on a skeleton framework, much like Perl quite a few years ago.
I'm not trying to defend PHP - there are some weird things that people won't fix because there's too much code which already uses those bugs (although take a look at what their doing with PHP 6), but if something's tedious or error prone you do _your job_ as a programmer and make a better solution.
Prepared statements (either emulated or DB native) are trivial to implement a wrapper for (PDO, Creole etc.) and there are literally hundereds of others out there, mail().. a nice OO wrapper makes it more understandable to use and avoids those problems.
strict & warnings, not in the same way as it's implemented in Perl, but at the end of the day if the programmers is turning errors off then it's they that are at fault, not the language. As for tainted variables, I implemented tainted strings & arrays - take a look at a quick patch with the rest of it really ending up adding the taint flag to variables as their coming into the engine.
Where's my clue-bat.. somebody needs a beating!
Trustudio's PHP IDE is ok, but way behind the competition and hardly a finished product (their charging licensing for a beta version!).
On the other hand I've been using NuSphere's PHPed and Zend's own ZendStudio for quite a while now, they both support remote debugging, the latest version of PHP, version control and code profiling and are both much more advanced and stable compared to Trustudio.
PHP is no longer a baby language, and although it really annoys me sometimes (hello! no multiple inheritance or large integer/floating point number support) big real world applications are being written in it and most times I consider it much cleaner than Java when you know what you're doing.
It's the age old thing, if you make it easier for good programmers to program, they'll get working code out of the door with much less bugs compared to a stricter language. It's quick and at times dirty, but it's understandable, you can apply [insert buzzword here] with little to no effort and it runs on most of the world's web hosting servers.
For example, move from C to C++ and you will almost certainly be more productive, from C to D, from C++ to Java, from Bash to TCL, from Java to PHP.. you get the picture. When I've got a tight deadline and lots of features to implement, I'm going to want to do it in whichever language is most productive, this is why you see people adding backend JavaScript/BSH support to their J2EE webapps *laugh*.
He he.. Hey .. Bevis.. He He.. Pull My Finger!
Nuff said!
And the copy of Opera 9 I'm running now has been on the go for the past 4 days, I'm a 'heavy user' and it's seen some action.. yet it's still hovering at ~160mb usage.
If you take into consideration how much I use it compared to the other programs and how much I value it in my day to day business, I'm perfectly happy setting aside 5-10% of my systems memory. If it were to start climbing into the mid 300-400mb range *cough*firefox*cough* then I'd start to get concerned.
Uhh, this is a technology site for nerds isn't it? I was expecting a real review of a web browser, not this pseudo-tech magazine style 'yes this product exists' kind of review. The amount of times he mentions 'feature complete' also really bugs me.
Review Outline:
- They scraped some of the crap off IE 6
- They've "improved it under the cover".
- It's now got features that most other browsers have.
- It'll be released when vista comes around.
What the review should've had:
- Memory usage comparisons
- Backwards compatibility
- Some screenshots of how it miserably fails the ACID2 test.
- Does it finally have 32-bit colour PNG support?
- Whats all this 7+ crap and why is it different?
Sorry Paul you're coming across as a hardcore Microsoftie in it for the money rather than trying to give an honest opinion, hope you make lots of money from advertising, but this is a piss poor review.. maybe I should so it to my grandma so she's got something to discuss while she's getting her hair done!
** roudy MP style cheers **
Here here, this is the same company that fixed the price of most dialup services in the UK (read non-0845 services), then promoted their horribly under-reliable service with nightmarish support for just a little less (or trying to pursuade you to setup an account when you setup your phone line).
Then did the same with ADSL, while I could get 25mbit in France for 30 euro, I was paying ~30 euro for 256kbit in the UK when the bandwidth used by the people in France was likely passing THROUGH the UK before getting to America, so they can't bitch about bandwidth being too expensive.
In my latest flat I phoned up BT to get a phone line, 75 quid and about two weeks to get it installed.. Called up NTL instead and had phone and 2mbit cable within the week without any additional charges. BT can do anything they want to try and improve their image, but as long as they still fuck customers over there will still be web forums full of thousands of angry customers.
There was one of these late-night Open University* programs on a few years ago that covered something very similar (although I suspect a little less advanced).
Basicly people were sat infront of a screen and displayed keywords, pictures of people or places etc. and had the general level of electrical avtivity going on in their brains recorded. Later on the activity log was matched against the timeline of what they were looking at and you could very clearly see the difference between questions that had no relation to them and questions that did.
It's not a magic solution to interigation, but if you ask the right questions properly (which includes things that they know nothing about, or for example showing pictures of cute puppies or family members etc.) then it could really help as there's no known way to control these specific reactions (as it's possible with traditional lie detectors.
I'm sure the professor was an American, but I can't remember his name.. any help finding how this progressed and how it compares to what's discussed in the article would be cool.
* To you non-british people, the OU is a university in which you can study at home/abroad and shows educational material late at night on the 'public' TV channels.
I don't think the parent was referring to a banner advert for child porno, but legal over 18 porno. In the states (not sure about the UK) you need to have some sort of copy of the models ID and a statement of some sort before filming/photo session can start.
This is because women & men were entering the porn industry at 16/17 if they lied about their age, then people were being arrested under child porn laws later on. Sure now they can provide fake ID and just say their 18 or over, but the people producers/distributers have a signed statement and copy of the ID which should indemnify them from legal action.
Jesus H and the Pussyfiction starring 'Innocent Mary'.
Please, stop me from typing before I offend somebody!
This is just common sense isn't it?
Why on earth would anybody want to prosecute me for ripping my cds to play on my mp3 player or to listen to while I'm at work, or for burning my mp3s so I can listen to them in the car...
This isn't news here in the UK, I'm not really sure about the U.S. but if it is then whoah! there are seriously bigger issues that need to be looked at here.
Ok, so apart from a lot of native-language support for the product there's one other thing you have to consider.
Out of the two X11 'desktops' out there, KDE and Gnome which one is not an absolute pain in the arse to deploy and lock down in an enterprise?
I'd have though KDE's Kiosk mode would be a big factor considering their moving from CDE, along with the fact that custom apps in QT are a breeze compared to GTK.
I did that recently actually while in hospital, after about two weeks I was really starting to feel very very stressed.
I don't think that it was actually the lack of internet use that was causing it though, at the same time I'd given up smoking (after about 5 years of smoking heavily), and was under the impression that 1) there was a computer somewhere with internet access in the hospital and 2) I'd be able to find an internet cafe.
Neither worked out and I ended up being given the runaround by hospital workers who either didn't speak English or all gave me conflicting answers. But to this day I haven't started smoking again (and I'm presuming my willpower is a bit stronger than others).
There's a problem here, we already have an open standards based telephony standard, that allows custom application developers and users to customize their telephones.
While on the other hand, with SIP and IAX you can do whatever you want.. today! As we speak I have an Asterisk server with a Cepstral auto attendant connected to a PSTN gateway.. Voicemail. call forwarding, location tracking (e.g. at lunch it directs calls to my mobile/cell phone).
Knowing BT's history with pricing and service quality I'd stay fairly clear from this. (For the record, BT's customer support and internet services are appallingly bad, and compared to existing SIP to PSTN or even Skype their international calling rates are very high).
BT's problems are deeply routed in the way they do business with their infrastructure services, to mention a few: price fixing and their 'modular' internal structure... In short it means everybody offers ADSL at the same price, apart from them.. and their Billing, Broadband, Dialup and Telephone departments seem to rely in pidgeons or paper cups on strings to communicate with each other!
Just my two pennies.
So your suggesting that security professionals will never experiment?
If I were trying to keep an edge in the mobile anti-virus market, one of the first thing I'd do would be to get out there and gather as much information as possible, work out some statistics, most popular models etc.
You must work at one of these new-fangled IP firms with zero R&D budget!
Ahah, then move to Egypt where you could live very happily for a whole lifetime on a million dollars with nothing but verbal contracts with Arabic farmers to track where it's all going.
A million dollars is great, but in most of the western world you can spend it too quickly (you should talk to Jennifer Lopez' accountant I'm sure he'll give you a few spending tips).
Probably legal.. are you nuts!
There is a huge difference, what you are suggesting is that AllofMp3.com is selling them at 'market rate' and we're just using their economy to our advantage. This would be similar to bringing back DVDs from your holiday in India, or buying cigarettes in Europe to avoid the extortionate UK taxes.
What AllofMp3.com are doing is completely different, it's like buying packets of cigarettes for 5p each, or 20 DVDs for a pound, prices that are well below what it actually cost to make/market.. simply because to them it's effectively free!
I agree that international sales are good, I used to be a user of cdnow or cdwow (or whatever it was called) which would ship DVDs/CDs to the UK at US (or was it Hong-Kong) prices, and from my perspective that's fine because it's still a legal product.
I'm not going to argue that every mp3 sold on AllofMp3.com is a lost sale of a legitimate copy, but considering how much money gets filtered out by the recording/music industry before it gets to the original artist means that you could very likely setup a legitimate artist to customer music selling website for say 10-20p a track and they'd be better off compared to now.
magic_quotes_gpc (GET/POST/COOKIES) automatically filters any data coming in from the user in the form of GET/POST (e.g. the querystring and form submissions) and cookies.
All it does is search for single quotes and escape them with a back slash, so if the variable were ever to be included in part of a SQL query it wouldn't be vulnerable to the more common types of SQL injection bug.
The problem is this promotes lazy coding and acts as (like I said) a safety net allowing programmers to pass user-input directly into a SQL query without worrying about the concequences.
It provides security, but the wrong kinda security.. it's the last-minute fix you'd do if you found out you made a huge design mistake a week after releasing a product, but which was included in for a number of years because some people now depend on it.
My count says 24m, with the dupe/abandoned/forgotten question taken into account I think 5 million is a perfectly reasonable estimate.
PHP is still relatively immature compared to Perl and Python, with (in my view) it only really becoming suitable for large commercial projects a year or two ago.
Your examples:
- Google: They use whatever language they want, they've been around since ~1998 when PHP was still a little baby.
- bbc.co.uk - As far as I remember we're looking at progressive development from ~1995, around the time when PHP was only a sparkle in the postmans eye, they've got some very skilled Perl guys and smart sysadmins with years of work already in Perl.
- Slashdot - ~1997 and started out as slow as molasses regular Perl CGI, anybody working on the same website for ~9 years in any language should be able to make it run like a dream.
- Wikipedia ~2001, with initially being implemented in PHP in ~2002 and clustered in ~2003. Running large websites is damn hard, and your exaggeration of the problems is overrated.
When you run into large amounts of traffic the language becomes a small part of the equation, Microsoft.com was running on VBScript (and C++) for several years, most of Yahoo is running on PHP...
Yuch, my mouth tastes like flame bait.
Ahah, to an extent I agree with this.
On a day to day basis I'm dealing with systems written by other people, which are held together by duct tape, spit and good-will. PHP is a productive language, just as to a C/C++ developer Python/Ruby etc. is also productive and can lead to very good results.
The problem is when you get pseudo-programmers writing code which uses 'magic_quotes_gpc' as a safety net among other things, and come PHP 6 the 'shit will hit the fan' when everybody realises that with this automatic escaping functionality isn't there any more and their web applications are open for the world to abuse.
I think MySQL should be kept out of the question as it's more coincidence that it ended up being a PHP bed fellow, when PostgreSQL could've been in with a chance given the right circumstances.
At the end of the day bad programmers will write bad code, it's just easy to learn languages (such as Basic and PHP) means they can write more bad code a lot quicker with (arguably) more negative impact when it folds in on it'self.
Just my $0.02.