Postfix is none of the above. Sendmail is incredibly simple to configure. You aren't trying to edit sendmail.cf are you? You are supposed to edit the mc file, which is very simple and easy to configure.
Sendmail has certainly had a bad history with regards to security, back in 1992 before postfix even existed. But its been hugely improved, with large parts rewritten even. Its track record in recent history has been fine, and the sendmail developers are at least responsive and proactive about security. When OpenBSD developers send them patches, they actually accept them!
I've never seen any benchmarks that put postfix significantly ahead of sendmail, even qmail is only faster when dealing with a mailing list type load, its local delivery is still around the same speed as sendmail and postfix.
And postfix is most definately less flexible than sendmail, I can't imagine how anyone could say something this obviously crazy. Learn sendmail before you make statements about how flexible it is.
It doesn't matter what OpenBSD includes in the base system, if you want to use another webserver, install it. That's what the ports/packages are for. And keep in mind, lighttpd is missing tons of functionality, and the author is outright hostile to suggestions to fix this.
Why would you want to use samba to give linux machines access to linux servers? Use NFS or AFS for network file storage, and *gasp* lpd for printing.
Don't reply if you can't bother to read
on
PHP 5.1.0 Released
·
· Score: 1
"The point is basically that it has nothing to do with newbies or experts doing the programming."
It has everything to do with this. PHP's mail function is very easy to misuse. PHP actively targets newbies. This is a bad combination.
"It's powerful, despite you saying that it's not."
I said that when exactly? Oh right, you are just making up bullshit to make yourself feel better.
"From the same token, one of the first rules to programming is to never trust the user!"
Rules that 99% of PHP's userbase don't know.
"Note that php doesn't set from by default because many mailers will set it for you to a safe default- often the user account who is sending the mail. So having a from of the user sending mail is a bad default? It's a custom header and shouldn't need to be specified in many cases."
Good lord you are fucking stupid. I didn't say it should set a from by default, I said IT SHOULD HAVE A WAY TO SET IT. It currently does not, there is no from arg. Hence people who have no idea what is and is not safe in a mail header must create mail headers themselves. This is complely retarded.
"And accepting a from address still means that it needs to validate it. Why should mail() validate it for you"
Because that's its job. PHP's mail() function is creating headers for to:, cc:, etc. It is therefore mail()'s job to ensure that the headers it creates are valid. The whole point of it is to remove the job of valid header creation from the user. It should offer a from arg to do this for the from: header as well. If the mail() function isn't going to create valid headers for people, then it should be removed and people can just pipe directly to sendmail. At least then its very clear that users must create valid headers themselves.
"If you want this kind of functionality, try a phpmailer class or make one."
As I already said, I don't use PHP. I want PHP to stop making it as easy as possible for people who don't know much to fuck things up, thus putting spam-abusable contact forms on their websites, on our servers.
You liking your jump to conclusions mat?
on
PHP 5.1.0 Released
·
· Score: 1
You sir, should never make rediculous claims based on absolutely nothing. I should never program because I think the PHP developers shouldn't write a language designed to be easy and appeal to newbies, and then make functions incredibly easy to misuse? Get your fucking head checked. I do validate my input, and I don't use PHP. How well I can program has nothing to do with it. PHP should not make their language as easy to create exploits in as possible, for no reason, and refuse to improve the situation despite constant abuse from the hordes of inexperienced programmers that PHP caters to.
And there is another way around this, PHP's mail function should take a "from" argument, instead of forcing people who don't know what a header is to create the from header themselves.
Ruby has the exact same problems he mentioned. How is a weak, dynamic typed language that is not compiled supposed to solve his complaint that PHP is a weak, dynamic typed language that is not compiled?
He is wrong though, PHP is compiled. Its just compiled every single time you request a page, making it slow. Accelerators exist to compile PHP once and then cache that. This is not possible with ruby because it is not compiled, it is interpreted.
Flamebait my ass, this is true.
on
PHP 5.1.0 Released
·
· Score: 2, Funny
Mod the poor guy back up, PHP's mail() function is completely retarded. I have never seen a single PHP contact form that isn't exploitable to send spam because of this nonsense.
Mysql's "amazing speed" is only for weak benchmarks of a single user running queries in serial. Once you start having many users running many different queries at the same time, its performance falls apart. This is where the mysql speed myth comes from, people comparing 100,000 simple select statements in serial for mysql and postgresql, and mysql being faster at it.
You give gcc too much credit.
on
GCC 4.1 Released
·
· Score: 0, Flamebait
They've dropped support for tons of architectures that people still use. Many platforms are still stuck with locally-patched, barely functional gcc2 installations because they have nothing else available.
And it doesn't actually produce stable AND well-optimized code. Its more a one or the other kinda deal. There's lots of hard to track down bugs involving GCC optimizations.
First of all, did you read the article yourself? Sega sold the saturn at a loss, that was before the xbox.
Second, he pretends that sega lost money on the dreamcast. They may have sold the console at a loss at first (I'm not sure), but the dreamcast and its games made sega millions. They didn't leave the business because of the dreamcast, they left the business cause they were already screwed, the dreamcast just couldn't save them.
First of all, performance varies wildly with what you are doing. Anyone can easily show that windows or linux outperforms the other just by testing the right things.
Second, the question is about credibility. The guy is outright lying. "More consistant, reliable and easier to manage"? You would have to be on serious drugs to believe that. Windows is famous for being flaky and unreliable, and its GUI tools are "acceptable" at best, "crippling" at worst. Its command line tools range from poorly documented to non-existant.
The point is people aren't deny all evidance that windows is better than linux. The point is there is no evidence that windows is more consistant, more reliable, or easier to manage. There is quite alot of evidance to the contrary though.
First of all, there's 5 times as many PS2s out there as Xboxs. So online gaming needs to be 5 times more popular among xbox owners just to be equal to ps2s numbers.
Second, SOCOM was the number one online console game for months, only being replaced at the top by SOCOM II when it came out. SOCOM was hitting 60,000 people per day when the Xbox live service all combined was getting 84,000 per day. Tons of people play PS2s online since its free and they don't have to subscribe to anything.
And the most recent 2005 figures I have found place Xbox live at 2 million, and ps2 online at 2 and half million.
Online gaming would never work without a central system like xbox live. I mean, look at the PC. Nobody ever plays PC games online. Why? Because PCs don't have xbox live. They just let each game do their online thing however they want. Obviously nobody wants that, but sony is doing it just like the PC anyways.
Learn to read. Why do you think apache runs as a non-root user? So that when an exploit is found its not a big deal. But if you have a dozen local root exploits on your system, then suddenly ANY remote exploit at all in any software running as any user becomes a remote root. I suggest you use your fucking brain for a change.
Yeah, local root exploits don't matter at all. Its not like they completely remove all the benefit of having squid or mysql or apache or whatever running as a non-priviledged user. Nobody has ever been able to run a command on a server without direct shell access, that's just unheard of right?
This attitude of "I'm not going to maintain my servers because I try to compensate for my tiny penis with a long uptime" seems common amoung linux admins. Remember all those "yet another local root exploit in the linux kernel" advisories? Maybe you should actually upgrade when that happens. Suddenly linux isn't so perfect.
The nonsense comments about the overhead of a GUI are retarded. Who cares if less than a fraction of 1% of my system is being used by something I don't care about? It simply doesn't matter.
However, there is no upside to a GUI. It offers a way for developers to write software that is difficult and time consuming to administer, and requires a much better connection for remote administration than ssh does. I have never found a single graphical tool that helps me admin anything, they are always a pain.
The severity of the flaws doesn't matter. The first time anyone spent any time looking at the code for flaws, they found a bunch of obvious and stupid flaws. Bugs that any reasonable programmer should have been smart enough not to create.
And tons of people run their client as root, they have to in order to add routes. Just dropping priv later doesn't solve everything.
OpenVPN has had several VERY STUPID security problems discovered recently. Why not just keep using ipsec, but don't buy a shitty broken implimentation from cisco? http://www.openbsd.org/
You have come to that conclusion because you want to. I never said XP is bad, I said its not agile. And agile development is not about meetings, that's my point. XP is meet then code then meet then code. Agile development is code with the customer there participating.
You are arguing that you can do agile development using XP. I never said otherwise. That doesn't mean XP is agile. Just because you can make very short iterations to mimic agile development, doesn't mean XP is suddenly agile. If it was, it would require very short iterations so you stay agile.
And try using XP with short iterations (1day). You spend more time in iteration meetings than coding and you end up with horrible productivity.
No, an iteration is where you leave the customer out of things, and develop. The stories do not change during the iteration, you come back to the customer after the iteration to have them redo their specs now that they can see how you did things (not the way they wanted). With a real agile development methodology, there is no iteration where you set requirements in stone and then go meet them. You do the least possible to show the customer, and then show them, and you keep working with them constantly. You could pretend that XP would qualify if you had 1 day or less long iterations I guess, but that's not how XP was designed.
Yes, the XP douches certainly do pretend that XP is agile. I am not saying they don't. I am saying they (Beck) are wrong. Calling something agile doesn't make it so. Agile means able to easily adapt to change, not able to blame the customer for changing the spec. XP is all about arbitrary rules, which you must follow even if they make no sense in your situation. The methodology itself isn't even flexible, nevermind using it.
Slashdot Mirror
Postfix is none of the above. Sendmail is incredibly simple to configure. You aren't trying to edit sendmail.cf are you? You are supposed to edit the mc file, which is very simple and easy to configure.
Sendmail has certainly had a bad history with regards to security, back in 1992 before postfix even existed. But its been hugely improved, with large parts rewritten even. Its track record in recent history has been fine, and the sendmail developers are at least responsive and proactive about security. When OpenBSD developers send them patches, they actually accept them!
I've never seen any benchmarks that put postfix significantly ahead of sendmail, even qmail is only faster when dealing with a mailing list type load, its local delivery is still around the same speed as sendmail and postfix.
And postfix is most definately less flexible than sendmail, I can't imagine how anyone could say something this obviously crazy. Learn sendmail before you make statements about how flexible it is.
It doesn't matter what OpenBSD includes in the base system, if you want to use another webserver, install it. That's what the ports/packages are for. And keep in mind, lighttpd is missing tons of functionality, and the author is outright hostile to suggestions to fix this.
Why would you want to use samba to give linux machines access to linux servers? Use NFS or AFS for network file storage, and *gasp* lpd for printing.
"The point is basically that it has nothing to do with newbies or experts doing the programming."
It has everything to do with this. PHP's mail function is very easy to misuse. PHP actively targets newbies. This is a bad combination.
"It's powerful, despite you saying that it's not."
I said that when exactly? Oh right, you are just making up bullshit to make yourself feel better.
"From the same token, one of the first rules to programming is to never trust the user!"
Rules that 99% of PHP's userbase don't know.
"Note that php doesn't set from by default because many mailers will set it for you to a safe default- often the user account who is sending the mail. So having a from of the user sending mail is a bad default? It's a custom header and shouldn't need to be specified in many cases."
Good lord you are fucking stupid. I didn't say it should set a from by default, I said IT SHOULD HAVE A WAY TO SET IT. It currently does not, there is no from arg. Hence people who have no idea what is and is not safe in a mail header must create mail headers themselves. This is complely retarded.
"And accepting a from address still means that it needs to validate it. Why should mail() validate it for you"
Because that's its job. PHP's mail() function is creating headers for to:, cc:, etc. It is therefore mail()'s job to ensure that the headers it creates are valid. The whole point of it is to remove the job of valid header creation from the user. It should offer a from arg to do this for the from: header as well. If the mail() function isn't going to create valid headers for people, then it should be removed and people can just pipe directly to sendmail. At least then its very clear that users must create valid headers themselves.
"If you want this kind of functionality, try a phpmailer class or make one."
As I already said, I don't use PHP. I want PHP to stop making it as easy as possible for people who don't know much to fuck things up, thus putting spam-abusable contact forms on their websites, on our servers.
You sir, should never make rediculous claims based on absolutely nothing. I should never program because I think the PHP developers shouldn't write a language designed to be easy and appeal to newbies, and then make functions incredibly easy to misuse? Get your fucking head checked. I do validate my input, and I don't use PHP. How well I can program has nothing to do with it. PHP should not make their language as easy to create exploits in as possible, for no reason, and refuse to improve the situation despite constant abuse from the hordes of inexperienced programmers that PHP caters to.
And there is another way around this, PHP's mail function should take a "from" argument, instead of forcing people who don't know what a header is to create the from header themselves.
Ruby has the exact same problems he mentioned. How is a weak, dynamic typed language that is not compiled supposed to solve his complaint that PHP is a weak, dynamic typed language that is not compiled?
He is wrong though, PHP is compiled. Its just compiled every single time you request a page, making it slow. Accelerators exist to compile PHP once and then cache that. This is not possible with ruby because it is not compiled, it is interpreted.
Mod the poor guy back up, PHP's mail() function is completely retarded. I have never seen a single PHP contact form that isn't exploitable to send spam because of this nonsense.
Mysql's "amazing speed" is only for weak benchmarks of a single user running queries in serial. Once you start having many users running many different queries at the same time, its performance falls apart. This is where the mysql speed myth comes from, people comparing 100,000 simple select statements in serial for mysql and postgresql, and mysql being faster at it.
They've dropped support for tons of architectures that people still use. Many platforms are still stuck with locally-patched, barely functional gcc2 installations because they have nothing else available.
And it doesn't actually produce stable AND well-optimized code. Its more a one or the other kinda deal. There's lots of hard to track down bugs involving GCC optimizations.
First of all, did you read the article yourself? Sega sold the saturn at a loss, that was before the xbox.
Second, he pretends that sega lost money on the dreamcast. They may have sold the console at a loss at first (I'm not sure), but the dreamcast and its games made sega millions. They didn't leave the business because of the dreamcast, they left the business cause they were already screwed, the dreamcast just couldn't save them.
First of all, performance varies wildly with what you are doing. Anyone can easily show that windows or linux outperforms the other just by testing the right things.
Second, the question is about credibility. The guy is outright lying. "More consistant, reliable and easier to manage"? You would have to be on serious drugs to believe that. Windows is famous for being flaky and unreliable, and its GUI tools are "acceptable" at best, "crippling" at worst. Its command line tools range from poorly documented to non-existant.
The point is people aren't deny all evidance that windows is better than linux. The point is there is no evidence that windows is more consistant, more reliable, or easier to manage. There is quite alot of evidance to the contrary though.
First of all, there's 5 times as many PS2s out there as Xboxs. So online gaming needs to be 5 times more popular among xbox owners just to be equal to ps2s numbers.
Second, SOCOM was the number one online console game for months, only being replaced at the top by SOCOM II when it came out. SOCOM was hitting 60,000 people per day when the Xbox live service all combined was getting 84,000 per day. Tons of people play PS2s online since its free and they don't have to subscribe to anything.
And the most recent 2005 figures I have found place Xbox live at 2 million, and ps2 online at 2 and half million.
Which part of this is microsoft leading exactly?
"And Microsoft continues to extend its lead in the online console marketplace."
They don't have a lead, Sony does. By a very large margin. "Close the gap on its competition" maybe?
Online gaming would never work without a central system like xbox live. I mean, look at the PC. Nobody ever plays PC games online. Why? Because PCs don't have xbox live. They just let each game do their online thing however they want. Obviously nobody wants that, but sony is doing it just like the PC anyways.
No its not new. No its not subtle. Yes its the same old "say you won't get modded up so people will mod you up" karma-whoring.
Learn to read. Why do you think apache runs as a non-root user? So that when an exploit is found its not a big deal. But if you have a dozen local root exploits on your system, then suddenly ANY remote exploit at all in any software running as any user becomes a remote root. I suggest you use your fucking brain for a change.
Only an incompetant admin who has no clue would think local root exploits aren't important just because you don't have people with shell accounts.
o ld=1&commentsort=0&tid=109&mode=thread&pid=1404747 5#14047525
http://slashdot.org/comments.pl?sid=168464&thresh
Yeah, local root exploits don't matter at all. Its not like they completely remove all the benefit of having squid or mysql or apache or whatever running as a non-priviledged user. Nobody has ever been able to run a command on a server without direct shell access, that's just unheard of right?
This attitude of "I'm not going to maintain my servers because I try to compensate for my tiny penis with a long uptime" seems common amoung linux admins. Remember all those "yet another local root exploit in the linux kernel" advisories? Maybe you should actually upgrade when that happens. Suddenly linux isn't so perfect.
The nonsense comments about the overhead of a GUI are retarded. Who cares if less than a fraction of 1% of my system is being used by something I don't care about? It simply doesn't matter.
However, there is no upside to a GUI. It offers a way for developers to write software that is difficult and time consuming to administer, and requires a much better connection for remote administration than ssh does. I have never found a single graphical tool that helps me admin anything, they are always a pain.
The severity of the flaws doesn't matter. The first time anyone spent any time looking at the code for flaws, they found a bunch of obvious and stupid flaws. Bugs that any reasonable programmer should have been smart enough not to create.
And tons of people run their client as root, they have to in order to add routes. Just dropping priv later doesn't solve everything.
OpenVPN has had several VERY STUPID security problems discovered recently. Why not just keep using ipsec, but don't buy a shitty broken implimentation from cisco? http://www.openbsd.org/
You have come to that conclusion because you want to. I never said XP is bad, I said its not agile. And agile development is not about meetings, that's my point. XP is meet then code then meet then code. Agile development is code with the customer there participating.
You are arguing that you can do agile development using XP. I never said otherwise. That doesn't mean XP is agile. Just because you can make very short iterations to mimic agile development, doesn't mean XP is suddenly agile. If it was, it would require very short iterations so you stay agile.
And try using XP with short iterations (1day). You spend more time in iteration meetings than coding and you end up with horrible productivity.
No, an iteration is where you leave the customer out of things, and develop. The stories do not change during the iteration, you come back to the customer after the iteration to have them redo their specs now that they can see how you did things (not the way they wanted). With a real agile development methodology, there is no iteration where you set requirements in stone and then go meet them. You do the least possible to show the customer, and then show them, and you keep working with them constantly. You could pretend that XP would qualify if you had 1 day or less long iterations I guess, but that's not how XP was designed.
Yes, the XP douches certainly do pretend that XP is agile. I am not saying they don't. I am saying they (Beck) are wrong. Calling something agile doesn't make it so. Agile means able to easily adapt to change, not able to blame the customer for changing the spec. XP is all about arbitrary rules, which you must follow even if they make no sense in your situation. The methodology itself isn't even flexible, nevermind using it.