Sorry about that, but spamming is a big enough problem at this point that there will always be collateral damage no matter what is done. It's entirely accidental that with CAPTCHAs, it's mostly blind people. If it wasn't them, it would be someone else. Talking about "discriminazi admins" is just ridiculous hyperbole and helps nobody. If you want to be angry, be angry at the spammers who force admins into choosing between cutting out some percentage of their users, or having their site completely ruined.
And then it was sold together with a fitting OS, so you got computer and software as a complete functioning machine in stead of many loose ends in a PC.
So your entire argument is to blame the users instead of the product?
And I am ignoring your "existing codebase" blathering because it is quite frankly not an interesting discussion in any way. So you're already stuck in the bog due to making a bad decision at the start - what does that have to do with the merit of one language over another?
So the real problem here is inexperienced programmers not the language
So do you have a trick to make all programmers suddenly experienced? No? Well, how about we have programming languages try to catch their worst mistakes in the meanwhile?
I agree - I'm not hurting anybody with these pipe bombs I build and sell in home. Everybody involved in the transaction consents to me making and selling them!
And since the sea is over ten kilometers deep, a change of sea level of ten meters is less than 0.1%! It is completely negligible, so why are people worrying?
Right because not paying attention to security is what every programmer should do. Language doesn't make a secure program the programmer does.
So it is totally pointless for Java, or for that matter PHP, to protect against buffer overflows in the language? That is a utterly idiotic argument. Of course you can write insecure code in any language, but that doesn't mean it doesn't matter that it's much easier to accidentially make code insecure in one language than it is in another.
Especially when PHP's biggest market is inexperienced programmers, there is no excuse for the incredibly shoddy design and all the traps it contains that will make your code insecure if you do not know exactly what you are doing, such as the mysql functions which are just imported straight from C. No other language is so crazy as to do that.
That's not an answer. In fact, it's worse than a non answer. A language should let you create an application as insecure as you want it to be. It's not the job of a language to be secure, it's the job of a programmer to write applications that are secure, and the underlying platform/codebase to do what is says on the tin.
This is true of C, and no other langauge. It is very much the job of the language to take the burden of security off the programmer and implement as much as possible of it automatically. The only exceptions are low-level code and absolutely speed-critical code. A dynamic language like PHP is neither, and there is no exccuse for endangering programmers and users by doing things like directly importing C APIs for database access. No other dynamic language is so crazy as to do this.
I cannot see why I should learn RoR, or Perl, when I have what works.
Because it is painfully obvious that you have no idea what you are doing, and thanks to PHP's lack of secuirty measures against inexperienced programmers, you are very likely creating tons of highly vulnerable programs.
Other languages tend to have much more secure APIs, letting you get away with not paying as much attention to security. Do yourself a favour and switch to one of them.
Future-proof? Not nearly! You are assuming that commands will always be represented as simple strings! A much more comprehensive format would be something along the lines of:
This way, not only are you prepared for handling commands that are not defined by simple executables, but you can also use multiple ways of defining the location of an executable, such by a simple shell path, an absolute path, an URL for a remote host, a torrent source, and so on!
The reason one has editors, normally, is to catch such mistakes and fix them before the thing is published. Of course, Slashdot "editors" do not do any actual "editing".
Sorry about that, but spamming is a big enough problem at this point that there will always be collateral damage no matter what is done. It's entirely accidental that with CAPTCHAs, it's mostly blind people. If it wasn't them, it would be someone else. Talking about "discriminazi admins" is just ridiculous hyperbole and helps nobody. If you want to be angry, be angry at the spammers who force admins into choosing between cutting out some percentage of their users, or having their site completely ruined.
Quoting from a few posts up in the discussion:
And then it was sold together with a fitting OS, so you got computer and software as a complete functioning machine in stead of many loose ends in a PC.
I don't think you understood at all what this particular branch of the discussion is about.
Slashdot "editors" do not "edit" the submissions. According to CmdrTaco, this makes Slashdot "more real".
You want that, get a Mac.
Seriously, I did, and it's feeling just like the old days.
Science sure makes less mistakes than you.
I guess you simply are a hopeless elitist, then. I see no reason to continue the argument.
So your entire argument is to blame the users instead of the product?
And I am ignoring your "existing codebase" blathering because it is quite frankly not an interesting discussion in any way. So you're already stuck in the bog due to making a bad decision at the start - what does that have to do with the merit of one language over another?
Actually yes there is trick it's called a QA department
Yes, lots of people writing code in their parents' basements have a QA department. Brilliant idea.
Let me guess you are C hater
I have written hundreds of thousands of lines of code in C. It is one of my favourite languages.
My original point is that it's not just a matter of picking the "best" language.
No, it's about not picking the worst language - in this case, PHP.
Girls threaten his utter manliness.
So the real problem here is inexperienced programmers not the language
So do you have a trick to make all programmers suddenly experienced? No? Well, how about we have programming languages try to catch their worst mistakes in the meanwhile?
Let's all give a big hand to Captain Obvious here! Stellar work!
Maybe there is some kind of reason for them not editing, I dunno!
Thank you for that oh-so-relevant comment. We are all happy you took the time out of your busy day to make this important statement.
I agree - I'm not hurting anybody with these pipe bombs I build and sell in home. Everybody involved in the transaction consents to me making and selling them!
The "editors" do not "edit" articles. This make Slashdot "more real", according to CmdrTaco.
And since the sea is over ten kilometers deep, a change of sea level of ten meters is less than 0.1%! It is completely negligible, so why are people worrying?
Christ, man. This is not POLITICS or ETHICS or anything where OPINIONS is all that counts. This is SCIENCE.
I'll call a man crazy if he disagrees that the Earth orbits the sun, and it is not just because he disagrees with my "opinion".
I SAY WHAT IS LEGAL IN MY OWN HOME.
The preferred argument of wife-beaters everywhere!
Right because not paying attention to security is what every programmer should do. Language doesn't make a secure program the programmer does.
So it is totally pointless for Java, or for that matter PHP, to protect against buffer overflows in the language? That is a utterly idiotic argument. Of course you can write insecure code in any language, but that doesn't mean it doesn't matter that it's much easier to accidentially make code insecure in one language than it is in another.
Especially when PHP's biggest market is inexperienced programmers, there is no excuse for the incredibly shoddy design and all the traps it contains that will make your code insecure if you do not know exactly what you are doing, such as the mysql functions which are just imported straight from C. No other language is so crazy as to do that.
it can be a trial and error game to escape/unescape strings etc
This is absolutely critical to get right in PHP, or you will most likely be toast. And it is not easy.
That's not an answer. In fact, it's worse than a non answer. A language should let you create an application as insecure as you want it to be. It's not the job of a language to be secure, it's the job of a programmer to write applications that are secure, and the underlying platform/codebase to do what is says on the tin.
This is true of C, and no other langauge. It is very much the job of the language to take the burden of security off the programmer and implement as much as possible of it automatically. The only exceptions are low-level code and absolutely speed-critical code. A dynamic language like PHP is neither, and there is no exccuse for endangering programmers and users by doing things like directly importing C APIs for database access. No other dynamic language is so crazy as to do this.
I cannot see why I should learn RoR, or Perl, when I have what works.
Because it is painfully obvious that you have no idea what you are doing, and thanks to PHP's lack of secuirty measures against inexperienced programmers, you are very likely creating tons of highly vulnerable programs.
Other languages tend to have much more secure APIs, letting you get away with not paying as much attention to security. Do yourself a favour and switch to one of them.
Future-proof? Not nearly! You are assuming that commands will always be represented as simple strings! A much more comprehensive format would be something along the lines of:
< /shellpath></executable></command><args><regex>stu ff</regex><filespec>*< /filespec></commandline>
<commandline><command><executable><shellpath>grep
This way, not only are you prepared for handling commands that are not defined by simple executables, but you can also use multiple ways of defining the location of an executable, such by a simple shell path, an absolute path, an URL for a remote host, a torrent source, and so on!
The reason one has editors, normally, is to catch such mistakes and fix them before the thing is published. Of course, Slashdot "editors" do not do any actual "editing".
It makes Slashdot "more real", according to Taco!