Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment: Re:New HTTP daemon (Score 1) 80

by Aethedor (#49596585) Attached to: OpenBSD 5.7 Released

Seriously, man: OpenBSD? Really?

As you can see, pointless flaming can be done about anything. If you want to critcize PHP, come up with some proper and valid arguments. Otherwise, you're nothing more than a loudmouth fanboy. I have several PHP websites running for many years, without a single hack, without a any significant downtime (besides server maintaince) and with proper speed. PHP is just a tool, it's the developer that makes it a good or bad website.

Comment: Re:Already patched (Score 1) 89

by Aethedor (#49567737) Attached to: New Zero Day Disclosed In WordPress Core Engine

The issue described in this topic (cross-site scripting) is very old (about 15 years in this case). But so is its solution. The same goes for all other security issues. There is no reason and therefor no excuse to have such or any other known vulnerability in your website today. Specially because the solutions are very easy. Security is no rocket science!

The majority of all hack attempts are for SQL injection, cross-site scripting, cross-site request forgery, remote file inclusion, directory traversal, etc. You can look them up, there are even many websites dedicated to them (owasp.org for example). There is, I say it again, no excuse to not know about these vulnerabilities and to have one of them in your website.

The only web developers who still have such security bugs in their software are 1) lazy 2) incompetent 3) not interested in security or 4) have been asleep for 15 years. For whatever the reason is, it's not wise to use their software!/p.

Comment: Re:And still we don't learn (Score 0) 89

by Aethedor (#49567567) Attached to: New Zero Day Disclosed In WordPress Core Engine

I don't think you arguments are valid. There is much more between a free Wordpress website and a custom coded CMS + all the extra's. You know this. And sure you can setup a website in 20 minutes for free. But if that's the price you want to pay, than that's the quality you get. And btw, I also can setup a website within 20 minutes for free, but with a CMS that even the most skilled hacker will have a hard time with to hack.

Comment: Re:And still we don't learn (Score -1) 89

by Aethedor (#49567159) Attached to: New Zero Day Disclosed In WordPress Core Engine

Sorry, I'm not going to tell. Because everytime I did, the discussion ended in a useless flamewar with people coming up with all sorts of nonsense arguments that had nothing to do with security, just to criticize my framework. The framework I use is not 100% perfect. And of course it also can't be, because things like user-friendliness and shininess are very personal / subjective. But its security is good and I have years of hack-free websites to proof that. And several of those receive many daily attacks, because of the ICT-security-related content of the website.

My only point is: try to give security a higher priority and do some research before using a framework. There are many CMS'es out there which my not be as shiny as Wordpress but are more than good enough and have a better security than Wordpress.

Comment: And still we don't learn (Score 1, Insightful) 89

by Aethedor (#49566677) Attached to: New Zero Day Disclosed In WordPress Core Engine
And still we keep on using Wordpress. When will people start looking beyond a nice and shiny interface and put quality (which includes security) at the top of their priority list. When you made the first selection with that criterion, you can look for the most fancy interface. And don't give me the excuse of 'but my web editors have to be able to use it'. Bullshit, lame excuse. Fire them and hire more competent personnel or send them to a proper training.

Comment: We'll never learn (Score 3, Insightful) 460

by Aethedor (#49421479) Attached to: Planes Without Pilots

And when the first plane crashes due to a bug in the pilot software, we all start wondering again if removing the pilot was a wise decision.

This whole Germanwings plane crash shows, again, one important thing: people suck at dealing with risks. Several hundred thousands of flights went well. The last incident with a pilot causing a plane to crash was back in 1995. The Germanwings plane crash was an incident. We must learn to treat it that way, as an incident. No reason to panic and start changing policies, rules and procedures. With every change, new risks and new ways of things to go wrong will be introduced. When that happens and you again make changes, you end up in a loop of changing things. The result: the changes will cost a lot of time, energy and money while the risks are not reduced.

We need to start accepting that risks are part of our life. Unacceptable risks need to be dealt with, but more important: acceptable risks should be accepted, even when they occur!!!!

Computer Science is the only discipline in which we view adding a new wing to a building as being maintenance -- Jim Horning

Working...