Are you the same guy who recently was contemplating a CS degree at age 39? on Wednesday. Both have a history of programming business applications, both a year's difference in age, and both seeking advice from Slashdot. I thought it was a little odd to see such a similar post two days after the first:)
So William, as someone who practices what they preach, I suppose you'll be moving www.lrsehosting.com to a different registrar other than GoDaddy in a matter of days, right?
And had GoDaddy (or whoever) simply blocked/deleted the single webpage, it would have taken all of two minutes for the website to re-post the same page under a different name. And that accomplishes what?
In education? Everything. I've learned so much about topics I never had the means to easily research, or things I never knew existed. The amount of knowledge on Wikipedia is fascinating and a dream for someone who loves to learn. It can be a blessing for students.
In academics? It is obviously not suited for citing factual information, but it certainly helps students formulate and nurture ideas and theories. It can help point them in the right direction, and it can also lead them towards more factual sources.
A ban on citing Wikipedia is expected, but Wikipedia is far too powerful to dismiss as not having a role in education.
Bad example because GoDaddy was essentially acting like the police, taking the 'criminal' down without affecting any nearby citizens. They didn't place a chokehold on the Internet to shut down the website.
And even if you put the city under house-arrest, as you say, you still have to send the police in. So your analogy really doesn't apply here.
... And I'm certain you'd be saying the same thing if your bank or credit card agency had a security flaw in its system and your privacy was at stake. Wouldn't you want them to correct the situation asap?
Are you forgetting that, although the public thinks its just a MySpace account, many of those users probably have the same password for many other websites, programs, etc.
So consider this: you run a business and another website manages to get the usernames and passwords of your customers, and posts them online. Do you:
1) Contact the site maintainer and convince them them to take the page down. Keep in mind that the website owner obviously didn't care about the sensitivity of the information, otherwise the page(s) would have never been made public. Additionally, would you be willing to risk the time lag between a response and action -- anywhere from 24 hours and beyond -- knowing quite well that your customers private information is available?
2) If that fails, contact the hosting provider, and convince them to take the page down. (Just the page, not the whole site.) So now you've waited for a response from the site owner and probably didn't receieve one. Time goes by, you get even more frustrated, so you decide to contact the host. Same deal here. Wiping out a page probably isn't a high priority, so you wait.
3. If that fails, and only then, contact the registrar and convince them to suspend the site. Sounds like the best solution of them all! You get the problem solved without going through the two previous steps -- and the problem is solved much faster.
So to reiterate, if your customers login information is publicly available, do you diplomatically try to resolve the situation, or do you go straight to the top to slit this website's throat?
When it's a matter of business and protecting my customer's information, I'll take the knife over a kinder approach anyday, and this is exactly what MySpace did. And they did nothing wrong.
Given that most CEO's come from a financial background (accounting), and the position of CEO typically mandates this knowledge, it's probably one good reason why the transition to CEO from CIO is not as less common than from other positions.
Actually, that's wrong. Earlier last year I launched a new website and a corresponding AdWords campaign to spread the word. When searching the name of my product, I get hundreds of hits from parked domains that are running AdSense containing my ad on it. Now, the first five pages of results are legitimate websites, and the remaining 10-15 are parked domains. It is incredible how many empty domains get drawn into these search results.
Furthermore, most people search for websites rather than type them in the location bar because they usually don't know exactly what they're looking for. If parked domains only made their earnings from direct hits, I suspect it would not be nearly as profitable.
They didn't quote on the number of suspects -- the "121 suspects" was an additional fact mentioned a sentence after the McAfee sentence. And you are reading the Slashdot summary, not the actual article.
Also, McAfee did provide details on the trojan. Read the third, fourth and fifth paragraph of the article. Read the article next time.
What do you expect? North America is a cheap-shit culture. Almost everything we own is crap. We might spend billions on ourselves to improve our lifestyle, but we're just stockpiling crap. We produce cheap goods, so what should we expect in return? Cheap-shit goods!
Until people stop accepting cheapness, you'll continue to see millions spent on terrible movies that very few find worth their money.
How many times has this been said, and how many times do people need to point to examples like Wikipedia, YouTube (partially), Yahoo, Google, Facebook, and much more for proof of scalability?
And if you mean PHP doesn't scale architecturally, then you've demonstrated that you've never worked in an environment that did effectively scale PHP, or you simply failed at it. I'm going to guess both.
Security is primarily about education and not the language. I've been deploying public PHP applications for clients for years. In the early years problems were more abundant (registered globals, etc.), but in the later years (PHP5), the storm has calmed and common practices and patterns have been discussed, encouraged, and implemented so thoroughly that anyone making common mistakes these days simply hasn't educated themselves adequately.
And this isn't just the fault of the developer. Unfortunately there's too many resources and options available, all of which have differing and conflicting methods for accomplishing something. Letting an uneducated developer decide which option to pick, I would agree, is not desirable.
But let's be clear on something: I design, build, and deploy enterprise-grade PHP applications for multi-million dollar projects. If there's a security problem discovered, it is my or my team's fault that we didn't protect against it. It's my responsibility to be educated enough to diagnose and prevent security threats in an application. I cannot say to the client, "PHP is inherently insecure", and expect that reason to fly and absolve myself of all responsibility.
I clearly do not understand why this excuse is the predominant argument here. "PHP is inherently insecure" is simply not true. PHP certainly doesn't encourage proper programming practices from the beginning, but by the same token, I can't recall a programming manual that doubled as an education tool in design and security practices that, combined, allowed me to write bulletproof code from the very beginning.
Hold on a minute here. The inventions of science you listed simply do not compare to global warming. The need for eyeglasses is a tangible, testable, and empirical fact. Eyesight degenerates -- there is simply no dispute to this. The same applies to pretty much everything else you listed.
Global warming, on the other hand, is an assumption based on collections of data. It cannot be proven empirically and it's effect (if any) is not tangible. No, a temperature increases does not constitute global warming because it could just as likely be a result of a natural shift in the Earth's condition. Global warming is not fact.
You can trust science to lead you blindly to a conclusion just because of the previous advances it has made, but that's not a road I wish to travel, nor do many others.
I'm of the opinion that we have an effect on the climate but we are not necessarily the cause of warming. We haven't been around long enough, nor do we have enough data, to accurately pass judgement on the current and future climate.
It always seemed weird to me that kids were being taught the metric system (at least science oriented HS and college people) for a couple of decades now, yet step out on the street and everything's "miles this" or "feet that."
This is very true. I used to work at a hardware store and all measurements/calculations were done in imperial, despite the fact that this store is in Canada. Of course, many items (pipe, bolts, etc.) were labeled in imperial, so that just confirmed its usage. Even today, I measure things by the inch and foot. However, for long distances, I estimate by the kilometre. So my way of measuring is a hybrid of metric and imperial.
Slashdot Mirror
Are you the same guy who recently was contemplating a CS degree at age 39? on Wednesday. Both have a history of programming business applications, both a year's difference in age, and both seeking advice from Slashdot. I thought it was a little odd to see such a similar post two days after the first :)
In Soviet Russia, quitting sues you!
And back in my AOL days before it became the bane of the Internet
AOL plague transcends time, my friend.
So William, as someone who practices what they preach, I suppose you'll be moving www.lrsehosting.com to a different registrar other than GoDaddy in a matter of days, right?
Are you really trying to pass off comparing passwords to murder?
And had GoDaddy (or whoever) simply blocked/deleted the single webpage, it would have taken all of two minutes for the website to re-post the same page under a different name. And that accomplishes what?
In education? Everything. I've learned so much about topics I never had the means to easily research, or things I never knew existed. The amount of knowledge on Wikipedia is fascinating and a dream for someone who loves to learn. It can be a blessing for students.
In academics? It is obviously not suited for citing factual information, but it certainly helps students formulate and nurture ideas and theories. It can help point them in the right direction, and it can also lead them towards more factual sources.
A ban on citing Wikipedia is expected, but Wikipedia is far too powerful to dismiss as not having a role in education.
Bad example because GoDaddy was essentially acting like the police, taking the 'criminal' down without affecting any nearby citizens. They didn't place a chokehold on the Internet to shut down the website.
And even if you put the city under house-arrest, as you say, you still have to send the police in. So your analogy really doesn't apply here.
... And I'm certain you'd be saying the same thing if your bank or credit card agency had a security flaw in its system and your privacy was at stake. Wouldn't you want them to correct the situation asap?
Are you forgetting that, although the public thinks its just a MySpace account, many of those users probably have the same password for many other websites, programs, etc.
So consider this: you run a business and another website manages to get the usernames and passwords of your customers, and posts them online. Do you:
1) Contact the site maintainer and convince them them to take the page down. Keep in mind that the website owner obviously didn't care about the sensitivity of the information, otherwise the page(s) would have never been made public. Additionally, would you be willing to risk the time lag between a response and action -- anywhere from 24 hours and beyond -- knowing quite well that your customers private information is available?
2) If that fails, contact the hosting provider, and convince them to take the page down. (Just the page, not the whole site.) So now you've waited for a response from the site owner and probably didn't receieve one. Time goes by, you get even more frustrated, so you decide to contact the host. Same deal here. Wiping out a page probably isn't a high priority, so you wait.
3. If that fails, and only then, contact the registrar and convince them to suspend the site. Sounds like the best solution of them all! You get the problem solved without going through the two previous steps -- and the problem is solved much faster.
So to reiterate, if your customers login information is publicly available, do you diplomatically try to resolve the situation, or do you go straight to the top to slit this website's throat?
When it's a matter of business and protecting my customer's information, I'll take the knife over a kinder approach anyday, and this is exactly what MySpace did. And they did nothing wrong.
Our bacon is the way, the truth, and the life.
Given that most CEO's come from a financial background (accounting), and the position of CEO typically mandates this knowledge, it's probably one good reason why the transition to CEO from CIO is not as less common than from other positions.
Actually, that's wrong. Earlier last year I launched a new website and a corresponding AdWords campaign to spread the word. When searching the name of my product, I get hundreds of hits from parked domains that are running AdSense containing my ad on it. Now, the first five pages of results are legitimate websites, and the remaining 10-15 are parked domains. It is incredible how many empty domains get drawn into these search results.
Furthermore, most people search for websites rather than type them in the location bar because they usually don't know exactly what they're looking for. If parked domains only made their earnings from direct hits, I suspect it would not be nearly as profitable.
Not when my sexual history can be summed up in a four-letter word: NULL.
Completely off-topic because I was talking about the Lemmings video game :)
For the non-scientific among us, think Lemmings, only less suicidal.
I love that sensation of the probiotics crawling down my throat!
If I only I could get my wife to say the same thing.
They didn't quote on the number of suspects -- the "121 suspects" was an additional fact mentioned a sentence after the McAfee sentence. And you are reading the Slashdot summary, not the actual article.
Also, McAfee did provide details on the trojan. Read the third, fourth and fifth paragraph of the article. Read the article next time.
Ever consider that perhaps McAfee was consulted on this matter?
One way I've found to do this is to spend a lot of time with a group of people who prefer to speak a language I don't understand.
They are called women.
What do you expect? North America is a cheap-shit culture. Almost everything we own is crap. We might spend billions on ourselves to improve our lifestyle, but we're just stockpiling crap. We produce cheap goods, so what should we expect in return? Cheap-shit goods!
Until people stop accepting cheapness, you'll continue to see millions spent on terrible movies that very few find worth their money.
PHP is an awful language, doesn't scale
How many times has this been said, and how many times do people need to point to examples like Wikipedia, YouTube (partially), Yahoo, Google, Facebook, and much more for proof of scalability?
And if you mean PHP doesn't scale architecturally, then you've demonstrated that you've never worked in an environment that did effectively scale PHP, or you simply failed at it. I'm going to guess both.
Security is primarily about education and not the language. I've been deploying public PHP applications for clients for years. In the early years problems were more abundant (registered globals, etc.), but in the later years (PHP5), the storm has calmed and common practices and patterns have been discussed, encouraged, and implemented so thoroughly that anyone making common mistakes these days simply hasn't educated themselves adequately.
And this isn't just the fault of the developer. Unfortunately there's too many resources and options available, all of which have differing and conflicting methods for accomplishing something. Letting an uneducated developer decide which option to pick, I would agree, is not desirable.
But let's be clear on something: I design, build, and deploy enterprise-grade PHP applications for multi-million dollar projects. If there's a security problem discovered, it is my or my team's fault that we didn't protect against it. It's my responsibility to be educated enough to diagnose and prevent security threats in an application. I cannot say to the client, "PHP is inherently insecure", and expect that reason to fly and absolve myself of all responsibility.
I clearly do not understand why this excuse is the predominant argument here. "PHP is inherently insecure" is simply not true. PHP certainly doesn't encourage proper programming practices from the beginning, but by the same token, I can't recall a programming manual that doubled as an education tool in design and security practices that, combined, allowed me to write bulletproof code from the very beginning.
Hold on a minute here. The inventions of science you listed simply do not compare to global warming. The need for eyeglasses is a tangible, testable, and empirical fact. Eyesight degenerates -- there is simply no dispute to this. The same applies to pretty much everything else you listed.
Global warming, on the other hand, is an assumption based on collections of data. It cannot be proven empirically and it's effect (if any) is not tangible. No, a temperature increases does not constitute global warming because it could just as likely be a result of a natural shift in the Earth's condition. Global warming is not fact.
You can trust science to lead you blindly to a conclusion just because of the previous advances it has made, but that's not a road I wish to travel, nor do many others.
I'm of the opinion that we have an effect on the climate but we are not necessarily the cause of warming. We haven't been around long enough, nor do we have enough data, to accurately pass judgement on the current and future climate.
It always seemed weird to me that kids were being taught the metric system (at least science oriented HS and college people) for a couple of decades now, yet step out on the street and everything's "miles this" or "feet that."
This is very true. I used to work at a hardware store and all measurements/calculations were done in imperial, despite the fact that this store is in Canada. Of course, many items (pipe, bolts, etc.) were labeled in imperial, so that just confirmed its usage. Even today, I measure things by the inch and foot. However, for long distances, I estimate by the kilometre. So my way of measuring is a hybrid of metric and imperial.