Yeah, this isn't surprising at all. Apache still serves a much larger volume of the web than IIS, and quite a bit of that is aging, security-hole-ridden PHP software. This has nothing to do with the security of Apache, or IIS for that matter.
It may, however, have something to do with PHP.. or at least the quality of deployed PHP applications..
What about the possibility of using a filesystem with built-in history storage as the backend for a Subversion repository? Client access would not change at all; assuming the underlying versioned FS were at all scalable though, I would imagine that increased performance and decreased complexity over things like BDB and FSFS might be well worth it.
>>To the numbnuts who added "yes" and "no": Fuck off.
> No, YOU fuck off!
You make an interesting point.. or you would, if the purpose of tags were to answer arbitrary and pointless questions posted in the summary. The purpose of tags is to aid searching. Yes and no are meaningful answers; they are not functional tags.
approach to fighting media piracy. Your idea will not work. Here is why it won't work.
(X) Sales statistics reflect far more than the effects of piracy (X) Implementation would require expensive, industry-wide cooperation (X) Lack of centrally controlling authority for record stores (X) Business owners stand to profit by non-compliance (X) "Open relays" in foreign markets (X) Many businesses cannot afford to lose business or alienate potential employers
Specifically, your plan fails to account for
(X) Decreased music sales due to increase in bland, unimaginative content (X) Consumers will blacklist stores that participate (X) The internet is a *world-wide* network. You did know that, right? (X) The "industry" does not care about you as much as you care about it
and the following philosophical objections may also apply:
(X) I need to show ID to buy a CD about as much as I do to buy batteries, thanks (X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical (X) Blacklists suck (X) We should be able to talk about piracy without being punished (X) Feel-good measures do nothing to solve the problem (X) Piracy is largely due to the failure of "the industry" to adapt (X) The people affected by the over-litigiousness and mob-style scare tactics of "the industry" *are* victims
Furthermore, this is what I think about you:
(X) Your sob story has nothing to do with the issue at hand (X) You are a troll, and probably a shill (X) They have *not* fought the war on drugs with "skill" (X) Christian rock sucks (X) It is properly spelled "l33t" (X) Sorry dude, but I don't think it would work. (X) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
"if I had asked my customers what they wanted, they would have told me they wanted a faster horse.." (henry ford)
or, a more direct response: the ability to find "drawn together" amusing does not mean you are talented enough to create a similar show yourself, or could even articulate the necessary components/process/etc. Users might know ease-of-use when they see it; they might not be able to describe it beforehand.
"I firmly believe in updating server software only when you need to. If you don't need new features, and things are working, why change anything?"
I agree... so why does this preclude using Gentoo?
Because sometimes you *have* to update, to fix security problems. Ideally, you want those updates to change as little as possible, other than to patch the hole. This is why e.g. Debian stable releases are an *advantage*: if you're using stable, the versions of the software you have will never need to be updated - security fixes are *backported* into the versions tested and blessed for that stable release.
If your idea of fixing security problems is to update to the latest upstream version, you will eventually get bitten by this: either you'll end up updating dependencies to match upstream's expectations, or you won't and you'll end up with incompatibilities on your system.
The first time I ever saw one of those "forms", I thought it was interesting.
First time I saw one, I thought it was FUNNY. Because it is kinda funny.. not hilarious, but good for a chuckle.
The second time, I realized that it's actually useful. Spam is a problem that affects just about every user on the Internet, and anyone who's thought about it for a while is bound to come up with some sort of solution; these solutions will vary in quality based on how much technical expertise and familiarity with the people, protocols, and existing solutions one has.. ranging from "the guv'mint should do somethin'" to "here is my 65-part plan to extend the SMTP protocol".
The sad truth, of course, is that if there were a simple solution, we'd all be doing it. On the other hand, while it isn't the be-all and end-all of spam solution critiques, the form replies are a sort of litmus test; a checklist of the most common problems that plague proposed solutions. It's a general marker of exactly how unrealistic and wrongheaded a particular idea is, and (at least the first time one reads it) gives the person with the One True Solution an inkling of why this is a complicated issue (without someone having to delve into the various nuances of each checkbox - one could write a thesis on the subject if you used prose rather than ctrl-v).
I hate to say it, as a long time Gaim user, but I couldn't disagree more. I honestly cannot imagine the rationale, from a "usability" perspective, for almost all the major UI "improvements" in 2.0. I won't bother making a list, but for example: why on earth was the "online" checkbox removed from the accounts screen? (Having RTFA halfway through writing this, it seems the reviewer had a similar reaction..) Most people probably only have one account; if you DO have more than one, it makes sense that you want it to be easy to use them separately..
If you use DNSBLs to help filter incoming email, you probably a) use more than one, and b) use other anti-spam techniques later in the chain. For the (medium traffic) domains I manage, I can tell you that Spamhaus is our front-line; however, messages that get past it have other blacklists to pass, and that's before they even hit our content filters.
There will certainly be some increase, but the only reason to expect a four-fold increase is if Spamhaus is your only defense. And as any seasoned mail admin knows these days, a single strategy doesn't cut it any more..
(Cue the world's saddest song, being played on the world's smallest violin, by the world's greatest violinist, who is promptly sued into bankruptcy by the RIAA for copyright violation.)
To all the Symantecs, McAfees, RIAAs, MPAAs, and buggy whip manufacturers out there: progress happens. Progress changes things. When things change, sometimes we don't need things we once did. Sometimes, your entire business model will become obsolete, and once you're done moaning and litigating, all you can do about it is a) see it coming and shape your empire into more than a one-trick pony (eg. IBM); b) see it coming and adapt to the brave new world in which you find yourself (ie. find something else people need you to do); or c) return to the dust from whence you came.
On a more specific note, they really should have seen this coming. Expecting MS to outsource core security features for their flagship product indefinitely is the definition of short-sightedness. If the officers at Symantec, et al, didn't have a plan in place to move beyond this point, they should probably start looking for new jobs.
I don't think it's because the barrier to entry is too high, rather the barrier to do something cool is in the stratosphere.
Exactly. Who out there remembers Scorched Earth?
It was seriously the coolest game I had for my computer at the time, and it was free (well, shareware, but the author probably wasn't making a living off it). It was also pretty simplistic, but at the time, a free/shareware offering from some self-taught hobbyist was competetive enough to be "the best" for some of us, because things like HL2 didn't exist to compare it to.
The guy who wrote gorillas.bas probably had a similar sense of accomplishment; it was pretty basic (no pun intended), but visually similar to SE. The range of available software (at any price) has simply gotten wider, and its not as easy to impress your friends with a few hundred lines of.. well, anything. But without those interim victories to encourage a novice programmer, a far smaller percentage of hobbyists will go on to learn the (massively more complicated) set of skills necessary to take it to the next step.
If you're worried about use of undeclared variables, this is not impossible to detect, though slightly more complicated than "use strict".. set the error level to E_NOTICE and set up a custom error handler to throw an exception (or abort) when it gets called with the uninitialized variable code. (You could also set it to simply log a warning somewhere, as it is possible, and useful, in some cases to rely on uninitialized==false..)
(I know its not one line.. but its quite a bit more flexible, and after all, timtowtdi:)
Slashdot Mirror
or maybe just "thatsnotgoodenough"?
Yeah, this isn't surprising at all. Apache still serves a much larger volume of the web than IIS, and quite a bit of that is aging, security-hole-ridden PHP software. This has nothing to do with the security of Apache, or IIS for that matter.
It may, however, have something to do with PHP.. or at least the quality of deployed PHP applications..
No obvious fairy tales?
Sorry, but snopes says no.
(FWIW, I agree with your point.)
What about the possibility of using a filesystem with built-in history storage as the backend for a Subversion repository? Client access would not change at all; assuming the underlying versioned FS were at all scalable though, I would imagine that increased performance and decreased complexity over things like BDB and FSFS might be well worth it.
...this was posted before 4/1, wasn't it..
>>To the numbnuts who added "yes" and "no": Fuck off.
> No, YOU fuck off!
You make an interesting point.. or you would, if the purpose of tags were to answer arbitrary and pointless questions posted in the summary. The purpose of tags is to aid searching. Yes and no are meaningful answers; they are not functional tags.
Your post advocates a
(X) technical ( ) legislative (X) market-based (X) vigilante
approach to fighting media piracy. Your idea will not work. Here is why it won't work.
(X) Sales statistics reflect far more than the effects of piracy
(X) Implementation would require expensive, industry-wide cooperation
(X) Lack of centrally controlling authority for record stores
(X) Business owners stand to profit by non-compliance
(X) "Open relays" in foreign markets
(X) Many businesses cannot afford to lose business or alienate potential employers
Specifically, your plan fails to account for
(X) Decreased music sales due to increase in bland, unimaginative content
(X) Consumers will blacklist stores that participate
(X) The internet is a *world-wide* network. You did know that, right?
(X) The "industry" does not care about you as much as you care about it
and the following philosophical objections may also apply:
(X) I need to show ID to buy a CD about as much as I do to buy batteries, thanks
(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
(X) Blacklists suck
(X) We should be able to talk about piracy without being punished
(X) Feel-good measures do nothing to solve the problem
(X) Piracy is largely due to the failure of "the industry" to adapt
(X) The people affected by the over-litigiousness and mob-style scare tactics of "the industry" *are* victims
Furthermore, this is what I think about you:
(X) Your sob story has nothing to do with the issue at hand
(X) You are a troll, and probably a shill
(X) They have *not* fought the war on drugs with "skill"
(X) Christian rock sucks
(X) It is properly spelled "l33t"
(X) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
"if I had asked my customers what they wanted, they would have told me they wanted a faster horse.." (henry ford) or, a more direct response: the ability to find "drawn together" amusing does not mean you are talented enough to create a similar show yourself, or could even articulate the necessary components/process/etc. Users might know ease-of-use when they see it; they might not be able to describe it beforehand.
"I firmly believe in updating server software only when you need to. If you don't need new features, and things are working, why change anything?"
I agree... so why does this preclude using Gentoo?
Because sometimes you *have* to update, to fix security problems. Ideally, you want those updates to change as little as possible, other than to patch the hole. This is why e.g. Debian stable releases are an *advantage*: if you're using stable, the versions of the software you have will never need to be updated - security fixes are *backported* into the versions tested and blessed for that stable release.
If your idea of fixing security problems is to update to the latest upstream version, you will eventually get bitten by this: either you'll end up updating dependencies to match upstream's expectations, or you won't and you'll end up with incompatibilities on your system.
The first time I ever saw one of those "forms", I thought it was interesting.
First time I saw one, I thought it was FUNNY. Because it is kinda funny.. not hilarious, but good for a chuckle.
The second time, I realized that it's actually useful. Spam is a problem that affects just about every user on the Internet, and anyone who's thought about it for a while is bound to come up with some sort of solution; these solutions will vary in quality based on how much technical expertise and familiarity with the people, protocols, and existing solutions one has.. ranging from "the guv'mint should do somethin'" to "here is my 65-part plan to extend the SMTP protocol".
The sad truth, of course, is that if there were a simple solution, we'd all be doing it. On the other hand, while it isn't the be-all and end-all of spam solution critiques, the form replies are a sort of litmus test; a checklist of the most common problems that plague proposed solutions. It's a general marker of exactly how unrealistic and wrongheaded a particular idea is, and (at least the first time one reads it) gives the person with the One True Solution an inkling of why this is a complicated issue (without someone having to delve into the various nuances of each checkbox - one could write a thesis on the subject if you used prose rather than ctrl-v).
Besides, it IS funny. =)
Nope.. I think it's just an alternate spelling of "YHBT, HAND"..
..with all those tubes, they can build their own Internets! With blackjack, and hookers.. in fact, forget the YouTube and the blackjack.
I hate to say it, as a long time Gaim user, but I couldn't disagree more. I honestly cannot imagine the rationale, from a "usability" perspective, for almost all the major UI "improvements" in 2.0. I won't bother making a list, but for example: why on earth was the "online" checkbox removed from the accounts screen? (Having RTFA halfway through writing this, it seems the reviewer had a similar reaction..) Most people probably only have one account; if you DO have more than one, it makes sense that you want it to be easy to use them separately..
If you use DNSBLs to help filter incoming email, you probably a) use more than one, and b) use other anti-spam techniques later in the chain. For the (medium traffic) domains I manage, I can tell you that Spamhaus is our front-line; however, messages that get past it have other blacklists to pass, and that's before they even hit our content filters.
There will certainly be some increase, but the only reason to expect a four-fold increase is if Spamhaus is your only defense. And as any seasoned mail admin knows these days, a single strategy doesn't cut it any more..
(Cue the world's saddest song, being played on the world's smallest violin, by the world's greatest violinist, who is promptly sued into bankruptcy by the RIAA for copyright violation.)
To all the Symantecs, McAfees, RIAAs, MPAAs, and buggy whip manufacturers out there: progress happens. Progress changes things. When things change, sometimes we don't need things we once did. Sometimes, your entire business model will become obsolete, and once you're done moaning and litigating, all you can do about it is a) see it coming and shape your empire into more than a one-trick pony (eg. IBM); b) see it coming and adapt to the brave new world in which you find yourself (ie. find something else people need you to do); or c) return to the dust from whence you came.
On a more specific note, they really should have seen this coming. Expecting MS to outsource core security features for their flagship product indefinitely is the definition of short-sightedness. If the officers at Symantec, et al, didn't have a plan in place to move beyond this point, they should probably start looking for new jobs.
I don't think it's because the barrier to entry is too high, rather the barrier to do something cool is in the stratosphere.
Exactly. Who out there remembers Scorched Earth?
It was seriously the coolest game I had for my computer at the time, and it was free (well, shareware, but the author probably wasn't making a living off it). It was also pretty simplistic, but at the time, a free/shareware offering from some self-taught hobbyist was competetive enough to be "the best" for some of us, because things like HL2 didn't exist to compare it to.
The guy who wrote gorillas.bas probably had a similar sense of accomplishment; it was pretty basic (no pun intended), but visually similar to SE. The range of available software (at any price) has simply gotten wider, and its not as easy to impress your friends with a few hundred lines of.. well, anything. But without those interim victories to encourage a novice programmer, a far smaller percentage of hobbyists will go on to learn the (massively more complicated) set of skills necessary to take it to the next step.
If you're worried about use of undeclared variables, this is not impossible to detect, though slightly more complicated than "use strict".. set the error level to E_NOTICE and set up a custom error handler to throw an exception (or abort) when it gets called with the uninitialized variable code. (You could also set it to simply log a warning somewhere, as it is possible, and useful, in some cases to rely on uninitialized==false..) (I know its not one line.. but its quite a bit more flexible, and after all, timtowtdi :)