Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Clinton should be in jail!!! (Score 1) 223

You say that as if the entire US government shouldn't be in jail.

That would require changing laws. The people responsible for the current situation are also the beneficiaries and the ones that have the power to change things. There are too many stupid people in this country for enough of them to ever see a problem with this.

Comment Re:Clinton should be in jail!!! (Score 0) 223

Mishandling classified can get you jail, and it has. Taking money for your foundation while granting favors from the state department, some to foreign entities. That should get you jail.

But taken in all, if not jail, certainly enough to question her judgement in handling classified information. Most that did what she did (own server, copies on thumb drives) would lose their security clearance immediately and would be banned from other government work pending trial.

And now the health comments, she is not fit for president.

Thats just rubbish. The entire US governments runs on "taking money ... while granting favors". Thats SOP. Seriously, yes. Health comments is Faux News BS.

Comment Re:~ best (Score 1) 222

WordPress (core) is probably the most secure CMS out there

Hahaha, seriously, no! If you know anything about secure software development, you would understand that Wordpress was not well written. I've used it during my Secure Web Development course to show students how NOT to write code. Although the code might look clean, it is the perfect example of spaghetti code. Mainly because it has no MVC structure. Business logic, HTML, Javascript, database queries, everything is mixed together in Wordpress. And although it might not contain a serious flaw at this moment, absolutely nothing guarantees that this will still be the case in the future.

Because of the mess, it's easy to make a mistake and introduce a security flaw when changing or extending something. If you ask me, that's exactly the reason why so many plugins are insecure. Because it's hard for the plugin developers to understand the logic and structure of the Wordpress main codebase. Wordpress the most secure CMS? With this codebase? No, not now, not ever!!

You obviously don't know what you are talking about. MVC is not a magic bullet, etc, etc, etc. I am asking you, and please provide concrete evidence of your allegations. Core is secure. If plugins aren't, its because plugins aren't. End of argument (unless you have real evidence and not some lame hypothetical situation).

Comment ~ best (Score 1) 222

"Best" requires some context. Its like "big", it doesn't mean much without the context its in. Some of the factors to consider:

- Who is managing the content, and what is their skill level.
- How many people need to authenticate, for managing content, and/or accessing protected content. Do we need permission levels (ie a full blown admin and then someone is allowed only to write content ... should they also have publish permissions?).
- How often does content typically change? An occasional page change is different than a site with an active events feed, active blog (maybe with comments, etc), promotions?
- The skill level of the person managing the site (ie the code and hosting environment)
- Features. This is a big one. If we are talking "basic page" type content, that can be handled by every CMS ever invented. Where it gets dicey, is building out potential CMS features from there ... ie blogs, selling something (ecommerce), news feed, event calendars, image sliders, RSS feed, caching, contact form, image management for galleries, SEO management features for meta tags and Open Graph, etc and on and on. As some code-challenged individuals have mentioned, you could write all this from scratch. But why? Just take writing a CMS based event calendar. Think of recurring events. Look at how Google calendar does that. How many hours to come close to that funcionality (probably in the 100's of hours of programming time to re-invent a f'n wheel).
- Documentation and support

Assuming there is an important client relationship here, the worst thing you could do is write this yourself. a) it will very unfeatureful b) it will be really difficult to extend or add features to and c) if you get hit by a bus many people will likely be cursing your one-off POS.

That said, I've done tons and tons of WordPress and Drupal. I've dabbled in Joomla and Expression engine. I've evaluated concrete5 and several others on behalf of clients. My opinions:

- Anyone that claims php is inherently insecure is either living way, way back in the past, or just regurgitating something they read on the internet and wasting their breadth and your time.

- I have never seen a good reason to use Joomla over the others. Ditto Expression Engine.

- WordPress has hands down the best management user interface. It is less painful for clients to learn.
- WordPress has the best support / documentation in their overall ecosystem (ie official and otherwise). Want to do something you've never done before? WP is a good choice.
- WordPress has the best third party integration tools.
- WordPress plugins can be great, or really awful. Be very discriminating, and that can be a big plus (but very much a double edged sword here).
- WordPress tends to be easy to upgrade. There is a lot of effort put into making that really simple and very backward compatibility.
- WordPress started as a blog builder, and is hands down the best blogging platform out there.
- WP has really good responsive image handling built in (using srcset).
- WordPress (core) is probably the most secure CMS out there, despite the perception of the uninformed who are being swayed by click-bait blog headlines. It is the most scrutinized. Its is also the most targeted because of its popularity. Be wary of any plugin. Keep a secure server environment, and if you don't want to do routine updates, then do what you can to harden the system. (I manage a bunch of WP sites for clients. I have one that is running WP 2.6, which probably dates to 2009, and its not been touched by anything malicious because its hardened to the bone).

- Drupal can do more "site building" type stuff from within the CMS. To get comparable from WordPress, you need to write code or use plugins (boo). Things like blocks, views, content types and taxonomies, and triggers, can be powerful tools to build and manage a site. Views is particularly powerful, but the learning curve really, really steep.
- Drupal has better built in user management tools and features.
- Drupal has better tools for doing stuff at a web service or API level, eg a decoupled CMS or supplying content for an app (WP is catching up).
- Drupal has a built in feed aggregator.
- Learning curve is steeper here for coders and content managers alike
- Documentation tends toward the anemic, or frustratingly just hard to find what you need when you need.
- Upgrading across major versions is a nightmare. In fact, you likely just need to start over.
- Drupal is a hacker target too, but not as much. And it doesn't make the blog headlines, like WP when there is something.

Comment Re:Authorities have not yet identified the hac.... (Score 1) 155

"Authorities have not yet identified the hacker behind the Panama Papers breach", well it was the CIA/NSA. Look at the lack of US based names, so far there has been nothing but known criminals, on the other hand Russia, Pakistan, Iceland, UK have huge names outted.

Reports I've seen said this is because basically this stuff is legal, or at least trivial, for US based people. Its a rigged system. No need to go offshore to have someone else do your dirty work.

Comment Re:Right for the job (Score 1) 127

If safari works and is right for the job, why change? I think I've had to open chrome only a handful of times and that was a Java issue.

Kudos. Safari is becoming the new IE in terms of compatibility, web standards, and for workarounds required due flaws / bugs / oddities / whathaveyou. So by using Safari, like the IE users before you, you are helping employ an untold number of web developers. Using inferior products is actually good for the global economy.

Comment Re:Never heard of it (Score 1) 101

The proprietor was a self-styled tech elite asshat. He impressed some people, but not enough apparently. He always struck me as a phony. Gigaom as a site had enough insider scoops that they were useful for breaking news in the actual tech industry (not the consumer tech industry that gets hashed and rehashed by Engadget, Slashdot, and a dozen others) so it had a little value, but it was never the tech thought leadership paragon that it pretended to be.

If you are referring to Om, he's sold out a year ago. So it could be said he did have enough, and his successors did not. (I don't know / don't care which .... I've read some of their stuff but not enough to have an opinion on the quality).

Comment Re:Come again? (Score 1) 225

[YouTube] now uses its HTML5 video player by default in Google's Chrome, Microsoft's IE11, Apple's Safari 8, and in beta versions of Mozilla's Firefox browser. At the same time, YouTube is now also defaulting to its HTML5 player on the web.

You mean the web you browse with Google's Chrome, Microsoft's IE11, Apple's Safari 8, and in beta versions of Mozilla's Firefox? Am I missing something here, or are these sentences completely redundant?

Its that dept of redundancy dept thing.

Comment Re:What is the problem here? (Score 1) 137

The problem is that the US courts ruled that US law does apply in Ireland because Microsoft has a presence in both countries.

And you think that somehow the ruling of a US court absolves Microsoft from Irish law?

Yes but these aren't 2 distinct entities. Does MS Ireland own MS US, or are they wholly separate entities, or does MS US own / control MS Ireland? It would seem the latter. I'm sure there's all kinds of shenanigans done for tax purposes, etc, but its part of MS, nonetheless, and the parent is US based, and under US legal jurisdiction. That said, I hope they loose on this. A really bad precedent would be set and probably be detrimental to long term US business doing anything outside the US.

Comment Re:from TFA (Score 1) 172

Yes, most Linux distributions seem to have used -tcp nolisten for quite a while. ssh -X still works fine and is very useful (IMHO).

Very long time. Most typical server installations don't even install X, so if you are wanting to exploit this, you are going to have to look really hard for somebody on your LAN running an ancient distro who's disabled the firewall and other remote auth stuff.

Slashdot Top Deals

"Maintain an awareness for contribution -- to your schedule, your project, our company." -- A Group of Employees