While scientists say this is such a huge feat, with millions to billions of dollars spent on such machinary you would think these things would last for more than 90 days. Also with all of the people working on one project could they miss something to be so dentrimental to the operation?
While it may be good exploring other planets, I still do not see why we put so much funding into it. With the US debt only rising shouldn't we consider utilizing some of that money to pay off national debt. Thinking about it in a personal expense if we have a ton of debt could we still take most of our incomes and build new toys to play around with?
I think this is interesting nonetheless but we should really look at our own economy instead of exploring planets with millions apon billions of dollars.
He is talking about the protections that are automatically set in php.ini. There really isn't many and more of the security problems are due to the large undertaking of people that have no clue on how to really code php. Thus introducing a security problem. I could basically have the same thing happen with perl, asp, asp.net, cold fusion, etc. Security problems are more noteful on a specific case and not towords the language itself.
Rootkits are not nessesarily bad. They have good purposes such as in the enterprise world to watch what you are doing/logging what you are doing without you being able to find and terminate that process. You have to remember everything has a level of good and can be turned bad in an instant.
It is like a formatting tool, when used properly it deletes what you want but if someone wrote a program to access the formatting tool and run it on a drive that you wanted things on now it has just been turned into something bad.
This is obviously not about the PHP Language itself as you are definitely looking at your alternative as better... While I can program java, I can program python, etc etc... I use PHP for the web, and in an enterprise environment as that!
You claim PHP is the root of all evil, take a look at an operating system, whose job is it to make sure that any type of security whole is plugged? Yours.
Next lets talk about scalability, PHP is highly scalable as long as you understand the structure and logic of the language, which is not like your current language. That is why it bugs you.
Currently I have around 30 files that operate 70 websites (and no this is a single set they are not mirrored on all the sites). Pretty much they are mainly objects and a few controllers which the user can override the global scope in site of their local scope for pages.
The configuration is easy and sql injections can happen in just about any language. Programming for the web I can pretty much show you vunrible applications everywhere. This is not just a PHP thing.
How about the infamous buffer overflows with Java? Had that one happen? This thread is mainly all opinionated with no factoral history. And if you are going to call out something as huge security risks without providing a fact then you are just blowing steam up everyone for no reason.
Get a job, learn more about secure computing, and stop trying to advocate other languages as better than this or that when it is simple opinionated with out any benchmarks, security advisories, references.
Now heres my turn. Java has security problems because people code them in according to your philosophy, as for the tutorial on writing secure php code... well here is one for java:
http://www.javaworld.com/javaworld/jw-12-1998/jw-1 2-securityrules.html
Meanwhile here are the latest records for programming languages (latest versions)
php: http://secunia.com/product/3919/
asp.net: http://secunia.com/product/2173/
java jdk: http://secunia.com/product/4621/
j2ee: http://secunia.com/product/2644/
python: http://secunia.com/product/4604/
As for scalability :
http://www.onjava.com/pub/a/onjava/2003/10/15/php_ scalability.htmlhttp://www.oreillynet.com/pub/wlg/5155
there are numerous resources on the net on writing secure code for all programming languages, everything you mentioned in this entire "rant" is worthless and doesn't do anyone any good. Please go crawl back in your hole.
Slashdot Mirror
While scientists say this is such a huge feat, with millions to billions of dollars spent on such machinary you would think these things would last for more than 90 days. Also with all of the people working on one project could they miss something to be so dentrimental to the operation?
While it may be good exploring other planets, I still do not see why we put so much funding into it. With the US debt only rising shouldn't we consider utilizing some of that money to pay off national debt. Thinking about it in a personal expense if we have a ton of debt could we still take most of our incomes and build new toys to play around with?
I think this is interesting nonetheless but we should really look at our own economy instead of exploring planets with millions apon billions of dollars.
He is talking about the protections that are automatically set in php.ini. There really isn't many and more of the security problems are due to the large undertaking of people that have no clue on how to really code php. Thus introducing a security problem. I could basically have the same thing happen with perl, asp, asp.net, cold fusion, etc. Security problems are more noteful on a specific case and not towords the language itself.
Rootkits are not nessesarily bad. They have good purposes such as in the enterprise world to watch what you are doing/logging what you are doing without you being able to find and terminate that process. You have to remember everything has a level of good and can be turned bad in an instant.
:)
It is like a formatting tool, when used properly it deletes what you want but if someone wrote a program to access the formatting tool and run it on a drive that you wanted things on now it has just been turned into something bad.
There is a legitimate use to everything
This is obviously not about the PHP Language itself as you are definitely looking at your alternative as better... While I can program java, I can program python, etc etc... I use PHP for the web, and in an enterprise environment as that! You claim PHP is the root of all evil, take a look at an operating system, whose job is it to make sure that any type of security whole is plugged? Yours. Next lets talk about scalability, PHP is highly scalable as long as you understand the structure and logic of the language, which is not like your current language. That is why it bugs you. Currently I have around 30 files that operate 70 websites (and no this is a single set they are not mirrored on all the sites). Pretty much they are mainly objects and a few controllers which the user can override the global scope in site of their local scope for pages. The configuration is easy and sql injections can happen in just about any language. Programming for the web I can pretty much show you vunrible applications everywhere. This is not just a PHP thing. How about the infamous buffer overflows with Java? Had that one happen? This thread is mainly all opinionated with no factoral history. And if you are going to call out something as huge security risks without providing a fact then you are just blowing steam up everyone for no reason. Get a job, learn more about secure computing, and stop trying to advocate other languages as better than this or that when it is simple opinionated with out any benchmarks, security advisories, references. Now heres my turn. Java has security problems because people code them in according to your philosophy, as for the tutorial on writing secure php code... well here is one for java: http://www.javaworld.com/javaworld/jw-12-1998/jw-1 2-securityrules.html
Meanwhile here are the latest records for programming languages (latest versions)
php: http://secunia.com/product/3919/
asp.net: http://secunia.com/product/2173/
java jdk: http://secunia.com/product/4621/
j2ee: http://secunia.com/product/2644/
python: http://secunia.com/product/4604/
As for scalability :
http://www.onjava.com/pub/a/onjava/2003/10/15/php_ scalability.html
http://www.oreillynet.com/pub/wlg/5155
there are numerous resources on the net on writing secure code for all programming languages, everything you mentioned in this entire "rant" is worthless and doesn't do anyone any good. Please go crawl back in your hole.