Hence me using the term bad PHP.
But there are enough problems in PHP core for me to want to avoid it if at all possible, and use the hardened version when I can't avoid it.
Originally posted by: nweaver
how many core PHP problems are there (i.e. the php code itself) versus how many home grown PHP devs don't understand what they are doing and don't learn to code correctly.
Originally posted by: M00T
Closed source equates to reinventing the wheel over and over again, unless you have the money to "license" the "invention."
Open source is the right direction for making human progress. I only wish the fundamental ideas could be implemented in other aspects of our lives.
If think it is very clear from looking at the state of linux desktop that is reinventing the square wheel over and over again.
But history doesn't seem to support that. Closed software has had just as many exploits, if not more, than open software over the years.
If you think it's to fight MS then you're probably wrong. Linux has been replacing commercial unix boxes much more than Windows over the years because the transition is easier. And IBM, HP and Sun are all losing business for their closed software by supporting Linux.
It works as well as WEP does for wifi, it'll probably protect you from the casual driver by but that's about it.
We're talking about Linux in general, it's just that the server end of the spectrum is already almost 100% covered by GPL'd drivers. OSS drivers are the only way to get good long-term support for the hardware, manufacturers have already proven that many times by discontinuing support for something and leaving everyone who owns it out to dry.
All that proves is that we need better programmers over all. And forums are one of the best examples because everyone seems to want to write their own and with the popularity of PHP and ASP.NET it's too easy to get one started without having any clue at all. But without knowing what exploit was used you can't determine if having the source would have helped, the forums could have been doing something really stupid like having a URL or POST data with admin=0/1 in it to determine admins.
You don't have to reimplement your entire company's business practices, but if you're going to release Linux software, especially kernel modules, you've got to either GPL your software or be prepared to defend your decision a lot.
Spoken like a true business man, but if you're going to spit in the face of the ideals of those you're trying to sell to, don't expect your products to be very popular.
Of course there is a standard and McDonald's food is barely above the "edible" line on that standard. Sure you'll eat it if you're hungry enough, but that doesn't make it good.
And most of them have paid the price in one way or another, how many people under 25 have actually heard of Lotus? MS lets them be successful for as long as they don't want to be in that market, once MS decides to go that route you need to start looking for alternative forms of income.
Of course they do with Vista, but you were talking about XP and in a few years Vista will be in the same position anyway. The only thing that works out of the box on this machine in XP is the hard disk and I'm actually surprised that did since it's SATA.
Originally posted by: yuchai
Originally posted by: Tick
Originally posted by: yuchai
First question to OP: Name one valuable skill that you have that did not require you to spend time reading about or have anyone teach you.
Second question to OP: When you started using Windows, did you have to install it yourself from scratch and also had to setup an FTP server right away?
Third question to OP: When "fumbling with Windows" to figure things out, did you end up with an unusable Windows installation at least once?
1) Cooking. Learned by trial and error. Think I've made maybe 2 unedible meals ever.
2) No, but I did install software right away. Besides, I was like 7 at the time.
3) I've never killed my install.
1. Before you started cooking, you have never eaten any food before? You have never seen someone cook before? You have never heard anyone talk about cooking methods before? Point is, you spent more time on it than you think you had.
2. Well, you partially proved my point here. I mean, what you're trying to do here (setting up an ftp server) isn't exactly a regular desktop activity. I bet most people who use Windows on a regular basis don't know how to share a file on a LAN.
3. You're either not being truthful or are very very lucky. But not everyone is as lucky as you are. Personally I have done it many times when trying to "figure things out" in Windows. No doubt the probability of it happening would have been much lower if I just read about it or if someone showed me how to do it.
If that is true then it is supportive of the idea, since there has been much more closed source software sold and used than open source.
Frankly, for a developer, it is so intuitive that access to source code makes it easier to understand how a program works, and thus easier to find places where it doesn't work, that you're going to have to work very hard to convince me that access to source doesn't increase the likelihood of exploits.
In retrospect I think you're right here. They definitely did need to convert off of their proprietary nix versions. Of course, they are well on their way to making their in-house Linux offerings into proprietary versions.
No correlation, not sure what your point is. You want to continue arguing that the best way to protect something is to make how it works public, then you still have a ways to go in my view.
Yeah, well you don't need all those OEM devices on most servers. Server applications are a natural for Linux. In fact, if the Linux community implemented .NET I would probably never use Windows on a server again.
That's like saying that all we need to prevent highway deaths is better drivers
Right, understood, but does this have anything to do with companies deciding to support or not support Linux? Inquiring minds want to know . If a company thinks a binary driver is the right way to go, shouldn't you still be happy that they are supporting Linux, rather than bashing them for daring to step off the dogma train?
It's mostly an economic statement, not a statement of business interest. The point is that the interests of a vendor and its customers are alligned around what the customer wants, and what the vendor provides. If the Linux "community" values certain ideals, and there are enough of them ready to pay to see those upheld, then there will be vendors there to do business. If, on the other hand, the Linux community is mostly about an anti-capitalist philosophy then it will become a footnote, as in that small type at the bottom of the page that nobody pays attention to.
No, there isn't, not from an economic perspective. You want to get twenty chefs together and have them establish a food quality standard that says McDonald's sucks, then fine. You'll get no objection from me.
Value is determined solely by the willingness of one party to pay another party for a good or service. Thus my assertion that for millions of people with certain needs, McDonalds makes the best hamburger.
So your point is that Microsoft killed Lotus? I don't think many observers over the last twenty years would agree. Lotus got distracted and left a huge hole for Excel to occupy. I wonder why MS hasn't been successful in killing off Intuit with Money, or Adobe with... umm... Acrylic?
I see this assertion from Linux types all the time. Rather than debate it with you, I'll simply state for the record that I have six windows XP machines here at the house, and have managed another fifty or sixty at various work sites, and with the exception of some HP printers and devices like TV Tuners, everything works out of the box. Those that don't either come with install disks, or are trivial to update from the web.
Originally posted by: Markbnj
Of course they do with Vista, but you were talking about XP and in a few years Vista will be in the same position anyway. The only thing that works out of the box on this machine in XP is the hard disk and I'm actually surprised that did since it's SATA.
I see this assertion from Linux types all the time. Rather than debate it with you, I'll simply state for the record that I have six windows XP machines here at the house, and have managed another fifty or sixty at various work sites, and with the exception of some HP printers and devices like TV Tuners, everything works out of the box. Those that don't either come with install disks, or are trivial to update from the web.
Just because you know how a lock works doesn't automatically mean that you can pick it. If the security of your device or software relies on the attacker not knowing what they're doing it's fundamentally flawed. And eventually someone will figure out how it works and you'll most likely have to redesign your product or seek legal methods to keep things under wraps and we saw how well that worked for DeCSS.
Figuring out how a lock works is the equivalent of disassembling a program to find holes in it. So how many lock makers publish detailed schematics of their locks on the web at release, to encourage people to figure out how to pick them? I don't know the answer, and I'm not looking, but I have my suspicions.
Even if I grant all your points, the FOSS world is still 50% driven by idegology, not technical or economic merit. That's enough for me to view it skeptically.
Originally posted by: MercenaryForHire
I'm shocked that this thread is still going. I thought the mods would have locked the trollfest by now.
- M4H
I don't doubt that many don't, but wouldn't you agree that if a lock relies on attacker ignorance as one of it's main features that it's misdesigned?
I never said obscurity was a "main feature." The main features of the lock, or any software program, don't rely on obscurity. But if security is a goal, then obscurity makes it easier.
Originally posted by: Tick
Linux SUCKS. Why? Because:
1) Command lines/Lack of GUI's
Why the fvck would I want to use a command line? I have a modern computer, capable of displaying color and icons. Why should their be a command line? And further, why doesn't everything have a gui? Gui's are good, and easy, and don't require me to learn commands. Yey for Gui's.
2)Root/sudo is stupid.
Why on earth should I have to deal with either using sudo or running as root to actually use my programs? I still can't get a lot of programs to run because they keep whining about permissions. What ever happened to good old admin accounts? Why does sudo break everything?
3)Apt-get
Now this is just plane stupid. Why is it so damn hard to install anything? I have a desktop, why not do it the way it should be done? I get the installer icon, click on it, press forward a few times, wait, and have a nice icon on my desktop. Why isn't it done this way?
4)Compiling
Again, stupid. Just give me a fvcking installer program. None of this compiling sh1t.
Come on Linux. The rest of the world has moved beyond 1990. It's time for you to do so also. I'm giving up and installing windows.
Originally posted by: EricMartello
[
In the context of using Linux as a desktop OS, both MacOS and Windows are far superior in just about every way, yes, even stability...but Linux has its place.
1) You can use the X Windowing system, which is like a slow version of Windows95, but the command line is pretty much where it's at in Linux. Yes, it sucks for anything other than running a server...but when you are using it for its intended purpose, server admin, believe it or not it is actually better. Compare remote admin using SSH vs using a graphical interface like TightVNC - the text only interface is faster and more reliable.
Not any harder then figuring out problems with services. Easier, tbh, as PS with switches is faster/easier (imho) then tesk manager, or some third party task list. Linux filesystem permissions are pretty easy imho (but then, so are NTFS permissions)2) Yeah I can't disagree with you here. Linux is secure when properly configured, but the increased security isn't deployed quite as gracefully as possible. It can make for some tedious trouble-shooting when you are trying to figure out why something isn't working due to security permissions being too high for one program or too low for another.
Yum isn't bad, but it's a cludgy addon compared to apt (again, imho). Apt is faster and easier. cludgy or not, it kicks the crap out of "download some random .exe from the internet, install, and hope it doesn't hork my system"3) Linux offers many choices here, and my preference is Yum. All you need is Yum and the URLs of the repository mirrors you want to use. Once you have this set up, installing, updating and uninstalling apps is pretty easy: yum install <app name> Yum also can be set up to automatically update all system software regularly, which I find handy.
Right there. There is so VERY little reason to need to compile programs from scratch. Binaries are quicker, easier, and usually work just fine. You compile when you have specific runtime options, need a bugfix in a nightly build, or are a developer.4) If you are using a popular version of Linux, chances are that most software is available in an RPM package - no compiling needed. Linux is, after all, open source, so many programs for it are released as source. Compiling the software is a bit more involved than an installer, but you do end up with software that is built for your system.
Sure, bucause I don't like running just the GUI app across the internet, or flipping windows, trasparency, eyecandy, reliablity (X hasn't crashed on me in months, and the one time it did was because I did something dumb), scalability (you can actully hook multiple boxes into the same x server and make one huge monitor from the dual head cards of multiple linux boxes, and play a game like Quake), etc. Explorer crashes on me several times in a week if I'm using windows heavily. Gnome hasn't ever, and random apps are easier to kill without killing the session (thanks for integrating EVERYTHING into explorer).I wouldn't use Linux on my desktop system - for that it's too clunky and UNSTABLE. You can argue that till your outta breath, but compared to WindowsXP or MacOS, the GUI implementation of Linux is far behind.
On the flipside, I wouldn't bother running Windows on a server...MacOS, being based on BSD, may work, but linux is my choice.
1) You can use the X Windowing system, which is like a slow version of Windows95, but the command line is pretty much where it's at in Linux. Yes, it sucks for anything other than running a server...but when you are using it for its intended purpose, server admin, believe it or not it is actually better. Compare remote admin using SSH vs using a graphical interface like TightVNC - the text only interface is faster and more reliable.
2) Yeah I can't disagree with you here. Linux is secure when properly configured, but the increased security isn't deployed quite as gracefully as possible. It can make for some tedious trouble-shooting when you are trying to figure out why something isn't working due to security permissions being too high for one program or too low for another.
I wouldn't use Linux on my desktop system - for that it's too clunky and UNSTABLE. You can argue that till your outta breath, but compared to WindowsXP or MacOS, the GUI implementation of Linux is far behind.
On the flipside, I wouldn't bother running Windows on a server...MacOS, being based on BSD, may work, but linux is my choice.
Originally posted by: Nothinman
Actually it's based on NeXT, the userspace is based on FreeBSD but the real core is based on Mach from NexT.
What I would give for a GUI device manager...
It's more complicated than that.
It is hard isolating a problem when you are not sure if the device is recognized or not and if the driver is working. I had fits with my D-Link not working, than magically working, then not working again. I gave up on the Orinoco the other night. It seems to be on and working, but it will not get a DHCP address. Works in XP with the WEP key. Hard to isolate the issue without something to consolidate what is working. I "have" a GUI for the network connection, but it is not that smart (or at least appears not to be - how to choose between WEP and WPA/WPA2 is not obvious.)Originally posted by: Nothinman
What I would give for a GUI device manager...
Why? I never have to fiddle with my devices in Linux. Occasionally you have to figure out and install an additional module, but that's about it. 95% of the functionality of the Windows device manager is useless these days since all of the resources are automatically setup for you and you can't change them anyway.
Originally posted by: dighn
command line is actually very powerful if you are familiar with it. you can chain up commands using pipes and IO redirection to do some pretty complex stuff on the fly. it also lends itself very well to automation by scripting. and commands are sometimes just plain easier to use, for example it's just quicker to type the grep command to search within a bunch of files than to right click a directory, press search, type in the text, set the parameters etc. or it's quicker to go mkdir blah than to right click, siwtch to keyboard and type in blah
It is hard isolating a problem when you are not sure if the device is recognized or not and if the driver is working. I had fits with my D-Link not working, than magically working, then not working again. I gave up on the Orinoco the other night. It seems to be on and working, but it will not get a DHCP address. Works in XP with the WEP key. Hard to isolate the issue without something to consolidate what is working. I "have" a GUI for the network connection, but it is not that smart (or at least appears not to be - how to choose between WEP and WPA/WPA2 is not obvious.)
Originally posted by: IdaGno
Originally posted by: dighn
command line is actually very powerful if you are familiar with it. you can chain up commands using pipes and IO redirection to do some pretty complex stuff on the fly. it also lends itself very well to automation by scripting. and commands are sometimes just plain easier to use, for example it's just quicker to type the grep command to search within a bunch of files than to right click a directory, press search, type in the text, set the parameters etc. or it's quicker to go mkdir blah than to right click, siwtch to keyboard and type in blah
IOW, & this is the thing to remember re *nix: it's BY Programmers & FOR programmers.
Windows is for everyone else.