No DNS poisoning at Google (in case of trouble, blame the DNS)

Tei oscar.vives at gmail.com
Thu Jun 28 11:05:30 UTC 2012


On 27 June 2012 09:50, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>(<troll>specially for a Web site written in
> PHP</troll>)?
>

We software makers have a problem,  when a customer ask for a
application, often theres a wen project that already do it ( for the
most part is a round peg on a round hole). So a natural solution is to
install this project and customize it to his needs (theme, perhaps
some programming).  The other option is to create a code from scratch
(perhaps using a framework).

If you create the code from scratch, it will be safe.  A tree cant get
a human virus, and a human can't get a tree virus. You are not
unhackable,  bad practices will byte you on the long term, but you
don't see exploits made specifically for this custom made code  daily.
 Too bad, the features the code allow will be few, limited to the
budget to the project.  Programming sucks, and generate code and bugs,
and everybody suffer for it.  This option suck.

If you use these project that already do 99% of what the customer
need, plus a 120% the customer not need (and perhaps don't want). The
code quality will be normally be good, with **horrible** exceptions.
But sooner or later, (weeks) there will be exploits for this codebase,
to hack the site in horrible ways.  If the customer don't pay
maintenance and dont do the maintenance himself  the code will turn
comically outdated. Hacking the site will be easy for childrens age 5
and high. Maintenance suck.  This option suck.

All options suck.

Your browser will call you a idiot if you try to browse with a
outdated version.  But web projects are not this rude on owners. So
you have people browsing forums in Chrome 18, where the forums
software is a version of 2004 ("heavily customized", but this will not
save you).  Then a cracker comes, uses a know exploit from 2008, and
download  1.2 million unhashed passwords.  Where 98% of these
passwords are reused on facebook, twitter, linkedin and gmail.




-- 
--
ℱin del ℳensaje.




More information about the NANOG mailing list