Re:Is any work being done to improve security?
on
PHP 5.1.0 Released
·
· Score: 1
Gah! That is what I meant (honest). Magic quotes and addslashes seem worse and worse by the day.
Re:PHP5 deserves any criticism it gets
on
PHP 5.1.0 Released
·
· Score: 1
Namespaces would be nice, but I honestly don't see whats so bad about the current system. I've written some very nice projects without using namespaces at all, and guess what, entire operating systems have been built without namespaces!
Entire operating systems have been written in Assembly, too - so what? Just because you can do without a feature doesn't mean it shouldn't be included, or we'd all be coding in ASM.
Also, your inablity to memorize function names is not the fault of the language. You are obviously trying to turn php into something its not by suggesting that ABC naming system is not as good as XYZ naming system. Don't blame the language just because it does functions a little differently. It's part of learning the language. The more you use them, the better you'll know them and the more natural it will seem. Just try not to force that natural state you've come to acquire into another environment when learning a new language.
PHP has no naming system to learn! Some functions are ABC (isset), others are XYZ (is_null). It is far from natural - I keep having to look at the docs to find out how to spell the function I am trying to use. Having written some very nice projects, you should know that!
No one ever said magic quotes would make these things safe. NO ONE!
Then what are magic quotes supposed to do? Initially, they were designed to make scripts safer, despite what you want to think. Today everybody seems to have realised what a bad idea it is, and the PHP docs recommend turning them off. Hardly anybody does, though, because having them off by default would break all the poorly-coded scripts.
Any developer in their right mind knows mysql_query(input); is insecure... but again, how in the world do you think thats the fault of the language???
Do you really think that all PHP coders are in their right minds? PHP does not say that mysql_query() is secure, but it doesn't say it's insecure either. A big red "Use mysql_escape_string() first before using this function!" in the docs wouldn't go amiss. If a language doesn't warn about bad security, it's the language's fault, plain and simple.
three letters... wtf?! PHP does a fine job of educating people on good practices. If some noob comes along and copies and pastes crap code from a tutorial site on geocities whose fault is that? The developer's or the languages? That's like blaming Toyota because some jerk is a bad driver.
Car analogies, eh? It's like blaming Toyota because some jerk is a bad driver, when the accelerator and brake are ångstroms apart from each other.
The thing that really dropped my jaw on your statement is the part about php "just doing stuff for them". What are you talking about! What is it that php does for them?
Magic quotes! Register globals! For someone who commands others to do research, you're needing to do a bit yourself.
The reason MS got so much shit was because their IDE messed with people's code with their autocomplete feature.
Actually, I was talking about how Windows just presumes that you want automatic updates installs, assumes that you're too stupid to open ports for any services (it leaves them wide open) and assumed you want to run script attachments in outlook express. Stop putting words in my mouth.
You have no real world expierence with this kind of stuff and base your entire opinion on some goof-ball posted on a message board. Please... LEARN php and learn it well before stouting your uneducated opinion. And don't bring up MS references if you have no idea where they come from. Please, do some research.
Now that's just unkind. I have learnt PHP, and I have tried to use it, but it became so annoying (for reasons that I have already explained) that I stopped. Please, do some research.
Isnt it sad though that this plugin is so popular given what most people actually use it for? Wouldn't a better solution be to have Firefox simply not crash or not chew up so much memory.
Ever have a power outage turn off your computer? It's a shame that Firefox does not protect against power outages.
Re:Is any work being done to improve security?
on
PHP 5.1.0 Released
·
· Score: 1
Idiotic PHP features like magic-quoting of input strings seem to be those added in an attempt to improve security, and have ended up acting as a crutch for poor programmers when the 'correct', unchanged behaviour might have broken things more regularly and actually taught a bit of good programming practice.
Indeed! Microsoft is often criticised for trying to do things for the user, instead of showing the user how to do them. The same criticisms apply to PHP here.
PHP is renouned for having good documentation; would it not hurt to have Remember to use addslashes() on any query before running it! in big and bold on any sql-query-sending page?
PHP5 deserves any criticism it gets
on
PHP 5.1.0 Released
·
· Score: 2, Insightful
Since when has the "If you don't use it, stop complaining" attitude been acceptable? I don't use Windows, but I'm constantly pointing out its faults to people so they're less likely to get infected and have their computer send out spam. I don't smoke, but I'd rather point out the dangers of smoking to someone than let them cut ten years off their life.
A while ago, I tried writing my own blogging system using PHP, because it would be easy to find someone to host me. I kept having to look things up (isnull or is_null? arrlen or array_length? (neither, it's count)), typing mysql_this, mysql_that instead of using namespaces is annoying, lack of a good scoping system very annoying, etc etc. I did want to use PHP, but didn't, because I thought it sucks. Would you prefer it if I didn't say anything, and just let the PHP guys carry on with the mess they've made? Hint: that wouldn't accomplish anything.
"PHP is the web generations basic". Oh great, the web generation is growing up thinking that mysql_query( $_POST['input']) is a good idea. After all, magic quotes will make sure it's safe, so gets(input); system(input); in C should be safe! Intentionally or not, PHP is the first language learned by many people nowadays, so it should at least educate them into good practices instead of just doing stuff for them. (Doing things for the user is one of the things that Microsoft gets flak from here, too). PHP tried this before, with register_globals, and look what that turned out to be.
Surprisingly, people actually want to make PHP a better language, but apparently any complaints should be met with "Don't like it? Then get lost!", leaving PHP as it is. Oh well.
You're nearer to Microsoft's business plan than you think, there.
1) Microsoft creates horribly insecure software with a lot of features. 2) People buy software, use it, and standardise on it. 3) Flaws are uncovered, but people can't move away from software because they need the features. 4) Profit!
Seriously, it's worked for IE (sites testing for IE only and declaring anything else as broken) and Office (people not moving away because Office has some random esoteric thing that they so badly need)
Why not do what we did: make your office PDF free?
Because PDFs work, and if it ain't broke, don't fix it? Anything that's edited in-office is.rtf, anything sent outside the office gets converted to.pdf before sending. Your method makes you a troll, apparently.
The files are enormous
It depends how you make them. I can LaTeX up a file and the resulting pdf will be (typically) 30->100kB in size. Others are just comprised of scanned pictures, and the largest I've seen is 2.5MB. If you think that's enormous, get some more storage (it's really cheap nowadays) and then look at the.doc format.
the readers are bloated (and at 56+ Meg just to open a fucking file, I'd call "bloated" generous)
Evince is using 40.4MB to read a typical PDF with standard text/pictures for me, and that's hardly putting strain on the total memory. While Firefox is using over 100MB.
and they're a pain in the ass to alter
Some people might consider that a strong point. Try printing it out and writing on it if you need to edit it so badly.
Could somebody please tell me why people use PDF's in the first place?
Because they're what you see is what you get, anywhere? Compare that with almost all word processor formats where the layout is dependent on fonts, printers, the program, all sorts of things. Not to mention that it's well-supported.
Stop complaining about the file format just because you've been using them badly. PDFs were never intended to be a word-processor format, so stop treating them as one.
No, OpenCable refers to the method of stripping the safety plastic coating from the wires, lowering the product safety level to that of other Microsoft products.
Slashdot Mirror
Gah! That is what I meant (honest). Magic quotes and addslashes seem worse and worse by the day.
Namespaces would be nice, but I honestly don't see whats so bad about the current system. I've written some very nice projects without using namespaces at all, and guess what, entire operating systems have been built without namespaces!
Entire operating systems have been written in Assembly, too - so what? Just because you can do without a feature doesn't mean it shouldn't be included, or we'd all be coding in ASM.
Also, your inablity to memorize function names is not the fault of the language. You are obviously trying to turn php into something its not by suggesting that ABC naming system is not as good as XYZ naming system. Don't blame the language just because it does functions a little differently. It's part of learning the language. The more you use them, the better you'll know them and the more natural it will seem. Just try not to force that natural state you've come to acquire into another environment when learning a new language.
PHP has no naming system to learn! Some functions are ABC (isset), others are XYZ (is_null). It is far from natural - I keep having to look at the docs to find out how to spell the function I am trying to use. Having written some very nice projects, you should know that!
No one ever said magic quotes would make these things safe. NO ONE!
Then what are magic quotes supposed to do? Initially, they were designed to make scripts safer, despite what you want to think. Today everybody seems to have realised what a bad idea it is, and the PHP docs recommend turning them off. Hardly anybody does, though, because having them off by default would break all the poorly-coded scripts.
Any developer in their right mind knows mysql_query(input); is insecure... but again, how in the world do you think thats the fault of the language???
Do you really think that all PHP coders are in their right minds? PHP does not say that mysql_query() is secure, but it doesn't say it's insecure either. A big red "Use mysql_escape_string() first before using this function!" in the docs wouldn't go amiss. If a language doesn't warn about bad security, it's the language's fault, plain and simple.
three letters... wtf?! PHP does a fine job of educating people on good practices. If some noob comes along and copies and pastes crap code from a tutorial site on geocities whose fault is that? The developer's or the languages? That's like blaming Toyota because some jerk is a bad driver.
Car analogies, eh? It's like blaming Toyota because some jerk is a bad driver, when the accelerator and brake are ångstroms apart from each other.
The thing that really dropped my jaw on your statement is the part about php "just doing stuff for them". What are you talking about! What is it that php does for them?
Magic quotes! Register globals! For someone who commands others to do research, you're needing to do a bit yourself.
The reason MS got so much shit was because their IDE messed with people's code with their autocomplete feature.
Actually, I was talking about how Windows just presumes that you want automatic updates installs, assumes that you're too stupid to open ports for any services (it leaves them wide open) and assumed you want to run script attachments in outlook express. Stop putting words in my mouth.
You have no real world expierence with this kind of stuff and base your entire opinion on some goof-ball posted on a message board. Please... LEARN php and learn it well before stouting your uneducated opinion. And don't bring up MS references if you have no idea where they come from. Please, do some research.
Now that's just unkind. I have learnt PHP, and I have tried to use it, but it became so annoying (for reasons that I have already explained) that I stopped. Please, do some research.
Isnt it sad though that this plugin is so popular given what most people actually use it for? Wouldn't a better solution be to have Firefox simply not crash or not chew up so much memory.
Ever have a power outage turn off your computer? It's a shame that Firefox does not protect against power outages.
Idiotic PHP features like magic-quoting of input strings seem to be those added in an attempt to improve security, and have ended up acting as a crutch for poor programmers when the 'correct', unchanged behaviour might have broken things more regularly and actually taught a bit of good programming practice.
Indeed! Microsoft is often criticised for trying to do things for the user, instead of showing the user how to do them. The same criticisms apply to PHP here.
PHP is renouned for having good documentation; would it not hurt to have Remember to use addslashes() on any query before running it! in big and bold on any sql-query-sending page?
Since when has the "If you don't use it, stop complaining" attitude been acceptable? I don't use Windows, but I'm constantly pointing out its faults to people so they're less likely to get infected and have their computer send out spam. I don't smoke, but I'd rather point out the dangers of smoking to someone than let them cut ten years off their life.
A while ago, I tried writing my own blogging system using PHP, because it would be easy to find someone to host me. I kept having to look things up (isnull or is_null? arrlen or array_length? (neither, it's count)), typing mysql_this, mysql_that instead of using namespaces is annoying, lack of a good scoping system very annoying, etc etc. I did want to use PHP, but didn't, because I thought it sucks. Would you prefer it if I didn't say anything, and just let the PHP guys carry on with the mess they've made? Hint: that wouldn't accomplish anything.
"PHP is the web generations basic". Oh great, the web generation is growing up thinking that mysql_query( $_POST['input']) is a good idea. After all, magic quotes will make sure it's safe, so gets(input); system(input); in C should be safe! Intentionally or not, PHP is the first language learned by many people nowadays, so it should at least educate them into good practices instead of just doing stuff for them. (Doing things for the user is one of the things that Microsoft gets flak from here, too). PHP tried this before, with register_globals, and look what that turned out to be.
Surprisingly, people actually want to make PHP a better language, but apparently any complaints should be met with "Don't like it? Then get lost!", leaving PHP as it is. Oh well.
You must have some very angry affects! (look it up)
Wikipedia says they have $288bn. With bottles at at 99 cents each = 2909090910 bottles. If that doesn't do it the shareholders will.
(Have fun carrying the 5818182 tonnes of liquid home with you)
Game System?
You're nearer to Microsoft's business plan than you think, there.
1) Microsoft creates horribly insecure software with a lot of features. 2) People buy software, use it, and standardise on it. 3) Flaws are uncovered, but people can't move away from software because they need the features. 4) Profit!
Seriously, it's worked for IE (sites testing for IE only and declaring anything else as broken) and Office (people not moving away because Office has some random esoteric thing that they so badly need)
Don't touch that, it's the web server! (It was the first thing I thought of when I saw the post actually)
Or instead of picking out every submitter who does this, why doesn't Slashcode slap a ref="nofollow" on the link? Same link, no spam.
Why not do what we did: make your office PDF free?
.rtf, anything sent outside the office gets converted to .pdf before sending. Your method makes you a troll, apparently.
.doc format.
Because PDFs work, and if it ain't broke, don't fix it? Anything that's edited in-office is
The files are enormous
It depends how you make them. I can LaTeX up a file and the resulting pdf will be (typically) 30->100kB in size. Others are just comprised of scanned pictures, and the largest I've seen is 2.5MB. If you think that's enormous, get some more storage (it's really cheap nowadays) and then look at the
the readers are bloated (and at 56+ Meg just to open a fucking file, I'd call "bloated" generous)
Evince is using 40.4MB to read a typical PDF with standard text/pictures for me, and that's hardly putting strain on the total memory. While Firefox is using over 100MB.
and they're a pain in the ass to alter
Some people might consider that a strong point. Try printing it out and writing on it if you need to edit it so badly.
Could somebody please tell me why people use PDF's in the first place?
Because they're what you see is what you get, anywhere? Compare that with almost all word processor formats where the layout is dependent on fonts, printers, the program, all sorts of things. Not to mention that it's well-supported.
Stop complaining about the file format just because you've been using them badly. PDFs were never intended to be a word-processor format, so stop treating them as one.
You get an Abelian Soup.
No, OpenCable refers to the method of stripping the safety plastic coating from the wires, lowering the product safety level to that of other Microsoft products.
I'm not sure what filters they're using but when I search for porn, I get slashdot. What's going on there?
Don't worry, there's no 'arm in giving blood!
sorry, sorry...
John Cage, is that you?
They's doing what now?
The obfuscated web server was one of last year's entries, you know.
I know how to build flying cars. Put Ballmer in a car showroom, and tell him about this
It's like someone turning off the protective personal forcefield on their mini lunar spaceship. And then it gets burglarized, and explodes.
Nearly every country ignores the ISO 8601 and puts the date last. The highest value always goes on the left, people!
"Hey, don't switch just yet! Just hold on a few more years, and we'll provide something like what you want! No, really! Please don't forget about us!"
Firefox two thirds? Since when did it slip down five sixths of a version?
If you have an existing GMail account, try sending yourself an email at username@googlemail.com. You'll get the message.
Keep quiet about it, I'm trying to get people to buy all the new special GoogleMail invites I have