Follow Slashdot stories on Twitter


Forgot your password?
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:I thought Mozilla had stopped development on Th (Score 3, Informative) 47

While Mozilla isn't the only one who develops it, Mozilla is in the process of requiring the Thunderbird project to be spun out and rely on its own infrastructure and funding. I know because I interviewed with Magnus and Jörg for the consulting project to setup the infrastructure.

Twitter post announcing the position:

Actual job posting: (mirror, Mozilla has already removed it from their site)

Mailing list post from Gervase announcing the split:

Comment Re:The reason I hate WordPress is PHP. (Score 1) 119

String comparison in PHP is broken between two strings. Nothing to do with types. You can't compare two strings with ==, it doesn't work properly (it works most of the time and becomes a security hole when you least expect it). Since clearly you think PHP is the bees' knees and documentation is everything, of course you knew this, right?

Now tell me in what universe it is reasonable for the == operator to be unable to compare two strings correctly.

Comment Re:The reason I hate WordPress is PHP. (Score 2) 119

PHP was slow as molasses until recently, and cleaning up compromised servers after you get pwned isn't cheap, nor is maintaining a legacy code-rotting PHP codebase, which is what PHP encourages.

PHP became popular because it was easy back when the dynamic web was getting started and people just wanted to write quick hacks. By the time people realized it was a terrible idea we had legions of PHP coders who thought they knew what they were doing, and tons of PHP frameworks evolving from toys to something that was trying to be serious, with the language following a similar path. But the foundation was rotten to the core, and as much as they've tried, nobody has yet managed to fix PHP, nor is it really possible without reinventing, effectively, a whole new language. Even deprecating completely batshit insane ideas like magic_quotes_gpc has taken years of effort.

Meanwhile Python 2 was pretty good, way better than PHP ever was (and probably ever will be), but even then the Python community knew that some things needed to be torn up and redone properly, and thus we got Python 3. Things work differently when the people designing and maintaining a language actually know what they're doing. The Python 2 to 3 transition has been long, but worth it in the long term.

Comment Re:The reason I hate WordPress is PHP. (Score 1) 119

Oh, I agree that JavaScript is full of WTFs. Not nearly as many as PHP, but plenty going around. I wouldn't write a web backend in node.js either, even though many people seem to think that's a good idea.

Joomla is just as bad as WordPress. I just spend last weekend cleaning up a compromised server that was running an outdated Joomla version managed by other people. Ended up sandboxing it in a VM to make sure that if it gets pwned again it doesn't start sending spam nor has access to any sensitive information.

Comment Re:The reason I hate WordPress is PHP. (Score 1) 119

That premise is nonsense. By your definition, there is no stupid design, as long as it is accurately documented.

Just because it's documented doesn't make it not stupid. There is such a thing as the principle of least surprise. PHP almost seems to try to be as surprising as possible, in all the wrong ways.

Comment Re:Plea for simplification: static HTML (Score 3, Insightful) 119


The irony is that any WordPress site getting any reasonable amount of traffic is already using WP-Super-Cache... which generates static HTML pages for public content to be served directly from the web server. So they get the worst of both worlds: caching issues and a dynamic backend that is still just as susceptible to exploits as without the cache.

Comment Re:Great. (Score 4, Interesting) 119

The only secure way to use WordPress is as a static site generator, where the live version is deployed with no dynamic functionality and the administration backend is secured by a layer above WordPress (e.g. HTTP BASIC authentication).

WordPress isn't particularly terrible code, but it is written in a particularly terrible programming language where it's practically impossible to write something secure because things are insecure-by-default and you're expected to defend against all the gotchas explicitly.

Comment Re:The reason I hate WordPress is PHP. (Score 5, Insightful) 119

The flaw was specifically made possible by PHP's eagerness to convert malformed strings to best-guess integers instead of raising an error like any sane programming language. You didn't read TFA, did you?

Parent is mostly correct, except where he lumps together all "scripting" languages. This isn't a problem with "scripting" languages, it's a problem with languages like PHP that were designed by people who had no idea what they were doing. Worse, PHP is designed to be deployed in a way that encourages mistakes (PHP files directly in the webroot). PHP security is a game of whack-a-mole where if you forget to whack all the moles in one of your scripts, your site is toast. This wouldn't have happened with a sane scripting language, like Python.

$ php7.1 -r 'echo (int) "123test";'
$ python3.5 -c 'print(int("123test"))'
Traceback (most recent call last):
    File "", line 1, in
ValueError: invalid literal for int() with base 10: '123test'

Comment Re:This could get interesting (Score 1) 267

If you want to worry about legacy stupidity bloating Intel chips, look at their cache model, not their instruction set. Their legacy "everything is coherent everywhere" requirement means they need snooping/invalidation logic around every single little cache block (e.g. the branch predictor). ISAs where, for example, you are not allowed to execute dynamic code without first flushing it from D cache and invalidating that range from I cache don't have this problem.

Comment Re:Walk before you run (Score 5, Interesting) 267

Except the A9X doesn't have an ARM core, which is what the parent was talking about. It's a chip that implements the ARM instruction set. Big difference.

IP cores from ARM Holdings Inc, today, do not compete with Intel. Nor do any of the other ARM cores around (e.g. Qualcomm's, Nvidia's). But it seems Apple right now has better engineers than all of those and is actually managing to design ARM-compatible cores that are starting to be comparable to Intel chips.

Comment Re:Why not buy Intel? (Score 1) 267

It isn't, but ARM is better at the low-power scale in absolute terms, and less complex chips have lower leakage. It's hard to build a single chip that can scale from high to low power, and Intel doesn't know how to build small chips. But yes, at desktop/server scale, Intel still smokes ARM. High-end POWER does better than ARM but Intel still wins.

Comment Re:hyper-v and don't install chrome extensions (Score 1) 352

You can make a VM look a lot like the host. I don't know if the license allows you to run Windows inside a VM on top of another instance of Windows with one license, but what I actually do is run the natively-installed Windows inside a VM running on my also-natively-installed Linux (so I can boot Windows natively, or boot it inside a VM on Linux) - a single instance of Windows 10, just with or without a hypervisor under it (this should be perfectly legal; I recall actually reading through the EULA and it being ambiguous about this usage). I made sure the VM had the same CPU settings, the same GUID, the same hard disk serial number, and a few other identifiers. Windows isn't complaining and claims it's correctly activated, regardless of whether I boot it on bare metal or on the VM.

This used to be sometimes problematic when I had Windows 7, but Windows 10 hasn't given me any trouble. Perhaps they loosened up the hardware checks.

Slashdot Top Deals

Possessions increase to fill the space available for their storage. -- Ryan