Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:The reason I hate WordPress is PHP. (Score 1) 119

String comparison in PHP is broken between two strings. Nothing to do with types. You can't compare two strings with ==, it doesn't work properly (it works most of the time and becomes a security hole when you least expect it). Since clearly you think PHP is the bees' knees and documentation is everything, of course you knew this, right?

Now tell me in what universe it is reasonable for the == operator to be unable to compare two strings correctly.

Comment Re:The reason I hate WordPress is PHP. (Score 2) 119

PHP was slow as molasses until recently, and cleaning up compromised servers after you get pwned isn't cheap, nor is maintaining a legacy code-rotting PHP codebase, which is what PHP encourages.

PHP became popular because it was easy back when the dynamic web was getting started and people just wanted to write quick hacks. By the time people realized it was a terrible idea we had legions of PHP coders who thought they knew what they were doing, and tons of PHP frameworks evolving from toys to something that was trying to be serious, with the language following a similar path. But the foundation was rotten to the core, and as much as they've tried, nobody has yet managed to fix PHP, nor is it really possible without reinventing, effectively, a whole new language. Even deprecating completely batshit insane ideas like magic_quotes_gpc has taken years of effort.

Meanwhile Python 2 was pretty good, way better than PHP ever was (and probably ever will be), but even then the Python community knew that some things needed to be torn up and redone properly, and thus we got Python 3. Things work differently when the people designing and maintaining a language actually know what they're doing. The Python 2 to 3 transition has been long, but worth it in the long term.

Comment Re:The reason I hate WordPress is PHP. (Score 1) 119

Oh, I agree that JavaScript is full of WTFs. Not nearly as many as PHP, but plenty going around. I wouldn't write a web backend in node.js either, even though many people seem to think that's a good idea.

Joomla is just as bad as WordPress. I just spend last weekend cleaning up a compromised server that was running an outdated Joomla version managed by other people. Ended up sandboxing it in a VM to make sure that if it gets pwned again it doesn't start sending spam nor has access to any sensitive information.

Comment Re:The reason I hate WordPress is PHP. (Score 1) 119

That premise is nonsense. By your definition, there is no stupid design, as long as it is accurately documented.

Just because it's documented doesn't make it not stupid. There is such a thing as the principle of least surprise. PHP almost seems to try to be as surprising as possible, in all the wrong ways.

Comment Re:Plea for simplification: static HTML (Score 3, Insightful) 119

This.

The irony is that any WordPress site getting any reasonable amount of traffic is already using WP-Super-Cache... which generates static HTML pages for public content to be served directly from the web server. So they get the worst of both worlds: caching issues and a dynamic backend that is still just as susceptible to exploits as without the cache.

Comment Re:Great. (Score 4, Interesting) 119

The only secure way to use WordPress is as a static site generator, where the live version is deployed with no dynamic functionality and the administration backend is secured by a layer above WordPress (e.g. HTTP BASIC authentication).

WordPress isn't particularly terrible code, but it is written in a particularly terrible programming language where it's practically impossible to write something secure because things are insecure-by-default and you're expected to defend against all the gotchas explicitly.

Comment Re:The reason I hate WordPress is PHP. (Score 5, Insightful) 119

The flaw was specifically made possible by PHP's eagerness to convert malformed strings to best-guess integers instead of raising an error like any sane programming language. You didn't read TFA, did you?

Parent is mostly correct, except where he lumps together all "scripting" languages. This isn't a problem with "scripting" languages, it's a problem with languages like PHP that were designed by people who had no idea what they were doing. Worse, PHP is designed to be deployed in a way that encourages mistakes (PHP files directly in the webroot). PHP security is a game of whack-a-mole where if you forget to whack all the moles in one of your scripts, your site is toast. This wouldn't have happened with a sane scripting language, like Python.


$ php7.1 -r 'echo (int) "123test";'
123
$ python3.5 -c 'print(int("123test"))'
Traceback (most recent call last):
    File "", line 1, in
ValueError: invalid literal for int() with base 10: '123test'

Comment Re:This could get interesting (Score 1) 267

If you want to worry about legacy stupidity bloating Intel chips, look at their cache model, not their instruction set. Their legacy "everything is coherent everywhere" requirement means they need snooping/invalidation logic around every single little cache block (e.g. the branch predictor). ISAs where, for example, you are not allowed to execute dynamic code without first flushing it from D cache and invalidating that range from I cache don't have this problem.

Comment Re:Walk before you run (Score 5, Interesting) 267

Except the A9X doesn't have an ARM core, which is what the parent was talking about. It's a chip that implements the ARM instruction set. Big difference.

IP cores from ARM Holdings Inc, today, do not compete with Intel. Nor do any of the other ARM cores around (e.g. Qualcomm's, Nvidia's). But it seems Apple right now has better engineers than all of those and is actually managing to design ARM-compatible cores that are starting to be comparable to Intel chips.

Comment Re:Why not buy Intel? (Score 1) 267

It isn't, but ARM is better at the low-power scale in absolute terms, and less complex chips have lower leakage. It's hard to build a single chip that can scale from high to low power, and Intel doesn't know how to build small chips. But yes, at desktop/server scale, Intel still smokes ARM. High-end POWER does better than ARM but Intel still wins.

Comment Re:hyper-v and don't install chrome extensions (Score 1) 352

You can make a VM look a lot like the host. I don't know if the license allows you to run Windows inside a VM on top of another instance of Windows with one license, but what I actually do is run the natively-installed Windows inside a VM running on my also-natively-installed Linux (so I can boot Windows natively, or boot it inside a VM on Linux) - a single instance of Windows 10, just with or without a hypervisor under it (this should be perfectly legal; I recall actually reading through the EULA and it being ambiguous about this usage). I made sure the VM had the same CPU settings, the same GUID, the same hard disk serial number, and a few other identifiers. Windows isn't complaining and claims it's correctly activated, regardless of whether I boot it on bare metal or on the VM.

This used to be sometimes problematic when I had Windows 7, but Windows 10 hasn't given me any trouble. Perhaps they loosened up the hardware checks.

Comment Re: Python? (Score 1) 114

Let's assume you're talking about CPython, because Python is a language, not an implementation.

Python explicitly runs as a single thread

No it doesn't. CPython supports threading.

and uses time slicing to simulate multi threading.

No it doesn't. CPython uses OS threads, it does not do its own time slicing.

What you're thinking about is the GIL, which ensures that only one (real) thread is running *inside the interpreter* at any one point. You can spawn multiple CPython threads and they will be *real* threads scheduled by the OS. However, they will mutex each other out of running the interpreter at once in multiple threads. You can make blocking OS calls, or calls out to C code that is thread-safe, and they will run concurrently on multiple cores. No time-slicing.

CPython has perfectly real threads. It just isn't suitable for concurrent computation in pure Python code due to the GIL.

The is also no such thing as a real time processor

There is, however, such a thing as a platform unsuitable for real-time processing. And commodity x86 platforms have been unsuitable for real-time processing ever since BIOSes decided to schedule code behind your back in SMM code without the OS being able to do anything about it. You need a very special BIOS to make sure this doesn't happen.

Slashdot Top Deals

The tao that can be tar(1)ed is not the entire Tao. The path that can be specified is not the Full Path.

Working...