Please create an account to participate in the Slashdot moderation system


Forgot your password?

Securing PHP Web Applications Screenshot-sm 229

Michael J. Ross writes "The owners and the developers of typical Web sites face a quandary, one often unrecognized and unstated: They generally want their sites' contents and functionality to be accessible to everyone on the Internet, yet the more they open those sites, the more vulnerable they can become to attackers of all sorts. In their latest book, Securing PHP Web Applications, Tricia and William Ballad argue that PHP is an inherently insecure language, and they attempt to arm PHP programmers with the knowledge and techniques for making the sites they develop as secure as possible, short of disconnecting them from the Internet." Keep reading for the rest of Michael's review.

Comment Re:Good (Score 1) 271

Here's a challenge for Slashdot: explain to me how standards compliance benefits the end-user of the browser.

Standards compliance allows web developers to spend less time in QA and more time developing new features in THEIR applications. So rather than Microsoft developing one or two new features per year in their browser, Every web developer on the planet can develop one or two new features for their site per year. (Those numbers are obviously terrible and asspulled, but you get my meaning I'm sure).

It's similar to being able to write in higher level languages, (Java, Python) over lower level (C, Assembly). Once you don't have to care if the processor is x86 or Sparc, or if the compiler is GCC or MSVCC you can spend more time working on the actual purpose of your application. (Sorry, I couldn't think of a car analogy)

Remember all those #ifdef's in lots of old C (And many C++ Programs)?, ever had to write the same program twice in assembly, targetting two different processors? Ever written something once in python or java, and been reasonably confident that it'll run on any machine? (Java's stil a bit quirky between JVM Versions, but they're making a real effort at least), By standardizing the "language" (Or runtime environment in the case of most new languages), the productivity of every single person who uses that language improves.

That makes the investment of time by those writing the languages or runtime environments seem very worthwhile to me.

Comment Re:Or.. (Score 1, Funny) 684

....Don't forget nutrition...

In general, any food "...ated" or "...ized" should be minimized. Refined sugar, white bread and especially high fructose corn syrup, such as found in most soft drinks should be mostly stricken from your diet. Live as much as possible on minimally processed, natural food.

Of course, you'll no longer WANT to be able to process or remember your joyless hell of a life, But you'll suffer it for a good and long time ;)


Spider Missing After Trip To Space Station 507

Garabito writes "A spider that had been sent to the International Space Station for a school science program was lost. Two arachnids were sent in order to know if spiders can survive and make webs in space, but now only one spider can be seen in the container. NASA isn't sure where the other spider could have gone. I, for one, welcome our new arachnid overlords."

Comment Re:Let me say this to you Linux guys (Score 1) 176

As someone who wants to build an HTPC based on a low power CPU, I can say that I am definitely interested in offloading hi-def video decoding to the GPU, being able to toss a fanless 8500 into a system with an intel atom or underclocked amd-le cpu, and knowing that 90% of the video decoding will be offloaded to the GPU certainly sets my mind at ease when I'm looking at 1080p streams.


EU Will Not Divulge Microsoft Contracts 219

Elektroschock writes "Marco Cappato, a Liberal member of the European Parliament, wanted to inspect the EU's contracts with Microsoft. His request was denied. '...the [divulging] of [this] information could jeopardize the protection of commercial interest of Microsoft.' Apparently the European Council sees no clear public interest in the release of such contractual material, and so 'the Secretariat general concludes that the protection of Microsoft's commercial interests, being one of the commercial partners of the European institutions, prevails on the [divulging] for the public interest.'"

Comment Re:Power != memory (Score 4, Interesting) 292

Coder Hate like that brought by the shitty, bug filled drivers that ATI has a long history with?

I think ATI/AMD is on the right path, but they have a long history of being on the wrong path, while NVIDIA has always been more towards the middle (Not completely right, but not too badly wrong). It'll take some time before I jump to the ATI Bandwagon as completely as you obviously have.

Comment Re:Free Is Good, But Quality Is Lacking (Score 4, Insightful) 310

Don't forget, lots of nightmarish IE specific stuff also "Just Works" for "The Majority", And ask any 64bit linux user exactly how much they love adobe for their support. (I think they have it now, after something like 4 years of waiting or running in emulation, or running a 32bit OS on their 64bit machines)

The magical wonderland I think of is one where anyone on any system can easily watch video online, not just the majority.

Comment Re:Free Is Good, But Quality Is Lacking (Score 1) 310

I think that in theory, the "free" part could be extremely enticing, after all, Opera, Safari, and IE could all just integrate this, no questions asked, and in this magical wonderland we could have cross platform video embedded in websites that "just works". Realistically though, that'll never happen. IE will support WMV and Safari will support Quicktime, and both will support theora through 3rd party plugins which will only be installed by people who know well enough to use firefox anyways.

Data Storage

Data Recovery & Solid State 249

theoverlay writes "With all of the recent hype about solid-state drives in both consumer applications and enterprise environments I have a real concern about data recovery on these devices. I know there are services for flash memory restoration but has anyone been involved in data restoration projects on ssd drives? What are the limits and circumstances that have surfaced so far? What tools will law enforcement and government use to retrieve data for investigations and the like?"

Firefly Lives - New Comics in 2008 117

gambit3 writes "'Serenity: Better Days' will be released as a 3 part comic in early 2008. The series is a step back in time to the early years of the Firefly crew, and the fledgling gang's turbulent attempts to cope with success after they pull off their first successful heist. It features the same creative team as Those Left Behind, with the story by Joss Whedon and Brett Matthews, art by Will Conrad, and Adam Hughes providing all three covers this time." Ironic, considering today's brand-new poll.

White House Ordered to Preserve All Email 259

Verunks writes "A federal judge Monday ordered the White House to preserve copies of all its e-mails in response to two lawsuits that seek to determine whether e-mails have been destroyed in violation of federal law. The issue surfaced in the leak probe of administration officials who disclosed Valerie Plame's CIA identity. ' The Federal Records Act details strict standards prohibiting the destruction of government documents including electronic messages, unless first approved by the archivist of the United States. Justice Department lawyers had urged the courts to accept a proposed White House declaration promising to preserve all backup tapes. The judge's order "should stop any future destruction of e-mails, but the White House stopped archiving its e-mail in 2003 and we don't know if some backup tapes for those e-mails were already taped over before we went to court. It's a mystery," said Meredith Fuchs, a lawyer for the National Security Archive.'"

How come everyone's going so slow if it's called rush hour?