[BALUG-Talk] [BALUG-Admin] balug.org DNS review

Todd Hawley celticdm@gmail.com
Sun Oct 1 17:13:00 PDT 2017


On Fri, Sep 29, 2017 at 9:11 AM, Rick Moen <rick@linuxmafia.com> wrote:

Quoting Todd Hawley (celticdm@gmail.com):
>
> > I used to maintain a site that ran WordPress, we migrated it to DH and
> they
> > insisted
> > they could only run WP if our URL included the Dreamhost name in the URL.
>
> How funny.
>
> Yes. Looking back, I highly suspect they didn't want to have to do the
work involved in setting up WP
for the site and then said, "Oh. You want this? Well then you have to do
this for us." Free
advertising for them. What a concept. <sigh> Why didn't I realize this at
the time? Ah well.

> Aha! I wondered why WP had so many security issues. Although from what
> > I'd heard PHP was a nice scripting language and easy to learn. I had no
> idea
> > it was prone to security issues.
>
> Just for fun, here's a cranky rant giving a full rundown on the problems
> with PHP:  https://eev.ee/blog/2012/04/09/php-a-fractal-of-bad-design/


Interesting piece.

I suspect it's difficult verging on impossible to write good and
> reasonably secure public-facing PHP code if it does anything
> significant.  In any event, for whatever reason, there are continual,
> repeating security breakdowns in WordPress itself.  Troublingly, these
> tend to keep occurring over and over in the same areas, suggesting that
> there are deep architectural flaws that give rise to the recurring
> implementation flaws, i.e., the underlying problems don't ever get truly
> fixed, only this week's manifestation of the problem.
>
> If you've been around software for a while, you learn to recognise that
> pattern.  Fixed, this time for sure!  Oh darn, here's another one that's
> technically different, and we've fixed that.  Wait, here's another one
> and a fix for it....
>

Or you have programming teams on tight deadlines who aren't allowed time to
fix
a fundamental problem. Instead, they're told to find a patch for a bug and
then "when
time allows," they'll go back and fix the fundamental problem. Which of
course
never happens. Or they say, "that's not a bug, that's a new feature." :p

-th
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.balug.org/pipermail/balug-talk/attachments/20171001/607dd211/attachment.html>


More information about the BALUG-Talk mailing list