It's not really PHP's *current* default settings that are the problem, it's the ones from as little as 2 years ago, which many, many web apps still require in order to work properly. I am of course talking about PHP_REGISTER_GLOBALS, which only recently started defaulting to OFF, and which must be left ON for many php apps. PHP does not go out of its way to let you write secure code. In fact, it is left up to the programmer to worry about security at every step along the way.
Perl allows you to use 'taint mode', which explicitly distrusts all user input. As far as I know, PHP does not have such a feature. Combined with 'use strict', which requires variables to be declared before you can use them, this will also help avoid the majority of stupid security holes in perl apps. You still need to avoid creating other security holes, but you can count on perl to watch your back.
Even ASP has "option explicit", which accomplishes much the same thing if used. While any language can have security holes, some make it far easier than others.
(note: I write PHP for a living, but I use perl for all personal projects).
Your argument appears to be thus: "we have the most money therefore we should be in charge". If this is not the case, you may wish to argue your actual point rather than bringing up economics.
Personally, I believe that a global internet should be controlled globally. If the USA wants their own USANet, then they can cut the wires to the rest of the world and go back to their isolationism. The rest of the world will generally be happier that way.
1) Firefox is an alternative web browser, which is what this book is trying to raise awareness of. If Firefox doesn't suit your purposes, use Opera, Konqueror, Safari... There is no excuse for using a webbrowser that can take down your entire OS.
2) Congratulations, you are one of the people who does indeed need to use Microsoft Windows. The other 90% of Windows users (i.e. home and corporate users) are the target audience of this book. It is meant to show people that there are alternatives.
Actually, I successfully convinced most of my friends to switch to google talk a week or two ago. Most people don't really care what client they use, so long as their friends are on it. You just have to get a certain number of people to switch, and then the rest will follow.
Not sure what version of Kopete he's using, but anything from the past year or so is pretty as can be and incredibly useable, and getting moreso with each release. It has very nice support for MSN avatars, fully customisable notifications, meta-contacts, tabbed chat... and they fixed up all of the bugs that made it hard to use quite a while ago. I agree that the file transfers and webcam capabilities aren't there, but that's not the UI, those are extras.
As well, people who take a trip to France often have trouble understanding what people are saying. If you take that trip, you either expect to be confused or you learn the language. The same goes with computers, cars, and the rest of your excellent examples.
Yes, thugs are thugs with or without guns. But if you were trying to survive in NO right now, which would you rather have come at you; a thug, or a thug with a gun? How about a thug who stole some other non-thug's "self-defense" gun?
The way to get around that is to not allow hotlinking of captcha images, and to make sure never to re-use the same captcha images. Each and every visitor should see a new captcha image.
I'm surprised that more papers haven't been written on the subject of captchas; it seems fairly similar to encryption/etc as far as ways to defeat it.
Exactly! If you *don't* want your dev team to walk out on you and start a fork, you have 2 options:
1) listen to their input, treat them like part of the foundation instead of just codemonkeys. 2) don't GPL your source code.
If you don't understand the consequences of GPLing something, then don't GPL it. The same goes for any other business decision you could possibly make.
Because firefox already has excellent standards support, and is actively improving that with each release. At the same time, IE hasn't improved for years, and the IE7 beta had fixed a grand total of 2 CSS rendering bugs. Firefox is *already* miles ahead of IE7 as far as support goes, and will only be better by the time IE7 is actually released.
Actually, for anyone who isn't a network administrator, the web *is* the internet. the internet is already being replaced by Internet2, so your claim that it would be too ahrd to replace doesn't hold water either.
The internet is drastically changing right now; you're just not paying attention. Compare a 'standard' web application, such as slashdot, with a 'new' one, like google maps. The web v2.0 is in beta right now, and it will forever change the way you use your browser.
Whether or not your desktop OS goes away is irrelevant; if 95% of what you do can be and is done in a browser, then the desktop OS itself is irrelevant.
you're confusing scanning vs logging, as well as data entry vs communication. For the first, there is usually no permanent store of incoming/outgoing messages, they are scanned in passing rather than stored and redirected. For the second, no one needs to know that I took six tries to spell 'nuclear payload', while at the same time they have reasonable cause to wonder why I am discussing such things with the outside world using company resources.
I prefer JuK; I have no idea what sort of black magic it uses to index files, but it sure isn't MySQL, and it is reasonably fast to index and blindingly fast to search/filter/organise.
Some of my less geeky friends are amazed when I order pizza online from pizza 73. The best part is filling in the "extra instructions" field with things like "deliver to the pool out back".:)
Slashdot Mirror
It's not really PHP's *current* default settings that are the problem, it's the ones from as little as 2 years ago, which many, many web apps still require in order to work properly. I am of course talking about PHP_REGISTER_GLOBALS, which only recently started defaulting to OFF, and which must be left ON for many php apps. PHP does not go out of its way to let you write secure code. In fact, it is left up to the programmer to worry about security at every step along the way.
Perl allows you to use 'taint mode', which explicitly distrusts all user input. As far as I know, PHP does not have such a feature. Combined with 'use strict', which requires variables to be declared before you can use them, this will also help avoid the majority of stupid security holes in perl apps. You still need to avoid creating other security holes, but you can count on perl to watch your back.
Even ASP has "option explicit", which accomplishes much the same thing if used. While any language can have security holes, some make it far easier than others.
(note: I write PHP for a living, but I use perl for all personal projects).
Your argument appears to be thus: "we have the most money therefore we should be in charge". If this is not the case, you may wish to argue your actual point rather than bringing up economics.
Personally, I believe that a global internet should be controlled globally. If the USA wants their own USANet, then they can cut the wires to the rest of the world and go back to their isolationism. The rest of the world will generally be happier that way.
1) Firefox is an alternative web browser, which is what this book is trying to raise awareness of. If Firefox doesn't suit your purposes, use Opera, Konqueror, Safari... There is no excuse for using a webbrowser that can take down your entire OS.
2) Congratulations, you are one of the people who does indeed need to use Microsoft Windows. The other 90% of Windows users (i.e. home and corporate users) are the target audience of this book. It is meant to show people that there are alternatives.
There are at least text adventure games out there already, linked from: http://oghc.blogspot.com/
oghc got a reply from Jack Thompson, and he is indeed a jerk.
Actually, I successfully convinced most of my friends to switch to google talk a week or two ago. Most people don't really care what client they use, so long as their friends are on it. You just have to get a certain number of people to switch, and then the rest will follow.
Not sure what version of Kopete he's using, but anything from the past year or so is pretty as can be and incredibly useable, and getting moreso with each release. It has very nice support for MSN avatars, fully customisable notifications, meta-contacts, tabbed chat... and they fixed up all of the bugs that made it hard to use quite a while ago. I agree that the file transfers and webcam capabilities aren't there, but that's not the UI, those are extras.
As well, people who take a trip to France often have trouble understanding what people are saying. If you take that trip, you either expect to be confused or you learn the language. The same goes with computers, cars, and the rest of your excellent examples.
Yes, thugs are thugs with or without guns. But if you were trying to survive in NO right now, which would you rather have come at you; a thug, or a thug with a gun? How about a thug who stole some other non-thug's "self-defense" gun?
The way to get around that is to not allow hotlinking of captcha images, and to make sure never to re-use the same captcha images. Each and every visitor should see a new captcha image.
I'm surprised that more papers haven't been written on the subject of captchas; it seems fairly similar to encryption/etc as far as ways to defeat it.
Exactly! If you *don't* want your dev team to walk out on you and start a fork, you have 2 options:
1) listen to their input, treat them like part of the foundation instead of just codemonkeys.
2) don't GPL your source code.
If you don't understand the consequences of GPLing something, then don't GPL it. The same goes for any other business decision you could possibly make.
You didn't RTFA? I'm shocked!
Because firefox already has excellent standards support, and is actively improving that with each release. At the same time, IE hasn't improved for years, and the IE7 beta had fixed a grand total of 2 CSS rendering bugs. Firefox is *already* miles ahead of IE7 as far as support goes, and will only be better by the time IE7 is actually released.
Spell Check. Just do it.
Actually, for anyone who isn't a network administrator, the web *is* the internet. the internet is already being replaced by Internet2, so your claim that it would be too ahrd to replace doesn't hold water either.
Technically, firefox is a modular implementation of mozilla.
The internet is drastically changing right now; you're just not paying attention. Compare a 'standard' web application, such as slashdot, with a 'new' one, like google maps. The web v2.0 is in beta right now, and it will forever change the way you use your browser.
Whether or not your desktop OS goes away is irrelevant; if 95% of what you do can be and is done in a browser, then the desktop OS itself is irrelevant.
you've got the syntax wrong. that should be: ./configure && make && make checkmate
Nuke them from orbit; it's the only way to be sure.
Javascript *used to be* crap. It's actually quite complete, well thought out, and well-supported these days.
you're confusing scanning vs logging, as well as data entry vs communication. For the first, there is usually no permanent store of incoming/outgoing messages, they are scanned in passing rather than stored and redirected. For the second, no one needs to know that I took six tries to spell 'nuclear payload', while at the same time they have reasonable cause to wonder why I am discussing such things with the outside world using company resources.
I prefer JuK; I have no idea what sort of black magic it uses to index files, but it sure isn't MySQL, and it is reasonably fast to index and blindingly fast to search/filter/organise.
So, sort of like a Debit card, then. Like are used heavily in most of Europe and Canada.
I'm pretty sure it'll taste like chicken, actually.
Some of my less geeky friends are amazed when I order pizza online from pizza 73. The best part is filling in the "extra instructions" field with things like "deliver to the pool out back". :)
New web technology is certainly "Stuff that matters" to webmasters. I am happy that inventions like this are covered on my primary geek news site.