Actually, he took the job at MySQL after CouchDB.

He worked on Lotus Notes (among other things) before CouchDB.

I'm a Sr dev / team lead at a .com that uses PHP predominately.

Let me tell you something about PHP developers that I've learned, myself included.

The good ones are Software Developers who just happen to know PHP. Without exception, of our 30 developers, the ones that know just PHP are Jr-Level and have much to learn.

The rest of us, there's no joy in PHP. It's a kludge of a language. The garbage collector is horrendous. The external libraries are more buggy and slower than their counterparts in python or ruby. (see: memcache).

My point is that, of all the truly good PHP developers on my team, my Team Lead colleagues, and the good devs on their teams, would much rather be programming in another language. Not necessarily .Net, but another language.

I guess my moral here is that picking off PHP developers probably isn't as hard as you're suggesting.

That is the only long-term solution to this problem.

And you're right in your last paragraph. IIRC, the entire value of all world stock markets is ~100tn. Real estate is 80tn. The idea we have 1qn in CDS contracts is absurd on its face.

Of course, the real problem with all derivatives (including CDS contracts) is that we don't really know what they're worth.

It's not the known-unknowns that kill us when trying to unwind these contracts. It's the unknown-unknowns.

The real tragedy I think is that the idea behind CDS--distributing risk across the globe--makes sense.

If I'm insuring houses in Florida it makes sense to do a CDS with an Insurance company in Japan. If I get hit by a hurricane, they're probably not going to be affected, so let's spread the risk. Likewise a natural disaster of their own.

The problem came down to unregulation and, natch, greed.

I've now heard this being called "The Great Unwind" by a few different publications. Looking back, I think that name might stick. It really is the best 3-word description I've heard of this crisis to date.

There's a quadrillion dollars in Derivatives. (That's not a hyperbole).

Many large banks hold over a trillion dollars in Credit Default Swaps.

All CDS contracts have a universal default provision.

As much as it pains us all, these banks really are too big to fail. That needs to be fixed. We simply cannot have corporations that are so essential that we taxpayers must "insure" them. But that's tomorrow's fight. Today we just need to survive.

All kidding aside, JS is a pretty good example of Functional programming.

There are far worse gigs than JS programming. Not something you want to do 40 hours a week but JS can be downright FUN compared to a lot of other web technologies.

SVN Blame, my friend. SVN Blame.

There's nothing wrong with the idea that the gross value of credit default swaps & derivatives is greater than the sum of the global product.

Global product is annualized.

It's like saying "His net worth was a few times more than his summed up household income, it had to crash"

That's a good illustration: You just injected content that I downloaded. In your case, it was the link.

Sure, there are a lot of apps that have some sort of facility for this. But there are just as many that don't.

For CSRF to work the attacker has to be able to inject his own content into your site that a victim can then come by and download.

Quite a few ways to do this, but if you take the precautions mentioned above, you'll be safe.

Tho, I would add one more IMPORTANT bullet point: Install the Suhosin Hardened PHP Patch.

And for fool-proof input sanitization, use filter_input() (and the other Filter functions PHP introduced at 5.something)

I wouldn't call it a poor design.

The design is to connect to the tower with the best reception.

The only real WTF was that the ship turned on their "tower" before it left port.

Come on, folks. The two most important things from this article are:

- It was INTRODUCED.
- By Republicans.

Do you have any idea how many bills are introduced that never make it to the floor, let alone the President's desk?

And it's introduced by Republicans. Do you really think Democratic leadership will let anything introduced by Republicans hit the floor?

Suggesting that you could replace a MS-SQL server with SQLite basically forces anybody in the know to ignore every other point you make.

MySQL is good, unless you need a highly performent query analyzer.

Postgres is good, unless you need actual replication features.

SQLite is good, if your datastore is less than 1GB.

Oracle is no-doubt a valid replacement and improvement upon SQL Server. And I use MySQL more than any other DB. But you need to hire Percona to get the same performance out of MySQL that you get from SQL Server out of the box.

Terriers are good Rat Dogs. I timeshare in St maarten and I've heard locals talk about this solution more than once.

I'm not advocating against prepared statements. But honestly, that's a proof of concept that is highly unlikely to find itself out of the lab anytime soon.

The issue would only happen if the user was advanced enough to want to change the Character Set IN SCRIPT and still not fully understand the effects on that on m_r_e_s().

I wouldn't go around telling people that using m_r_e_s() is not satisfactory and safe. Qualify it! "It's not safe IF you set the charset in the script."

A little like saying your car isn't safe if you crash it into a brick wall.

Ok, i'll bite... what makes them safer?

The only real safety issue with mysql_real_escape_string() is that you could forget to call it.

Past that, if you pass every param thru that function, you're safe from injection attacks.