[aklug] PC = Point and Click

I'm going to turn the following into blog, methinks. If I do, I will
remove any and all personal names. Something for all to chew on and
remember: You read it here first.
###################################################################

Recently I contributed to the thread opened by Bruce Hill with
subject line "web design help" with some comments regarding the use
of CMS (content management systems). I listed some issues pro and
con regarding the usage of CMS.

I received the following from Jim McDonald OTL :
"""
Learning curve? I had a wordpress website up and running with no
experience in less than two hours … there isn't really a learning
curve. it's all pointy clicky.
"""

I would urge Bruce to look closely at Word Press, because that is
what Jim was using. I note that wordpress can be installed pretty
much instantaneously from cpanel with the domain hoster that I use.
To be clear, the sites that I have hosted on this shared domain
hoster were built using drupal. (I primarily work on dedicated
servers with python frameworks). It might be that wordpress would be
an easy option for Bruce. __But__ read on:

I mean no personal aspersion to Jim when I use his comment above as
a talking point and a subject. Furthermore, I hope that he would not
be offended if I say that I believe that his words are illustrative
of something that I have found ominous for some time now.

I live in Palmer (Alaska) and we have seen two cases in which
websites were hacked in manners that got a lot of public attention.
According to our Parish priest, the Anchorage Archdiocese website
was at one time hacked so that it looked like a Baptist website. Not
a tragedy, really - one could even say that it was an ecumenical
activity. :)

Less funny and not much later, the Palmer Chamber of Commerce (PCOC)
was hacked within hours of going live. Talk about a real business
starter: the hack got written up on the local paper. The developer,
in the first breath "took full responsibility" and in the second
breath blamed Joomla (the CMS that they used). The second breath
pretty much cancelled the first IMHO.

If Bruce were to build a website to introduce a business that he was
restarting after a long hiatus and he wanted to appeal to the
parents of budding gymnasts __and__ if that site were hacked to make
it look like pornography, Bruce's business would be in great
jeopardy. In fact, that could be the death knell of his business.

Most certainly, if Bruce were not versed with the security vector of
dynamic websites, two hours would not be to much time for a learning
curve to address such vectors.

***
The possibility exists of a cyber intrusion attacking SCADA devices
through controller PCs and costing far more in both blood and
treasure than did 911. I think that possibility is about 50% and I
am not one of those "Black Helicopter Paranoids". And I'm sure that
going after SCADAs is not the only option of those who wish to do
evil. It goes without saying that such an intrusion might be made
through a web site.
***

Oh! New Flash! $45 million hiest through IT systems just committed.

When I went from "Straight C" to C++ in the Mid-90s I started using
the Borland C++ Builder. It was very "pointy-clicky". As was the
same for MS-Access systems that I was working on at the time. I
could see that the code generated by Builder was very redundant,
very large and contributed by other coders that I might have or
might not have trusted.

Pointy-clicky environments are now dominating website development.
I'm all for it. After all, I use drupal as well as hand rolling with
CGI and python frameworks. However, I'm afraid that making things so
easy and so quick can seduce developers into thinking that security
will be handled for them. Furthermore, such an approach makes it
easy for idiots who don't care about the details to create
dangerously compromised websites and web resources.

Present company excepted!

I would hope that responses to this would not go down the "PHP is
evil" route. (I don't give a damn about the arguments pro and con
about PHP core engineering vs perl/python/java core engineering. Bad
code is still bad code. Good PHP beats the crap out of bad
perl/python/java) But, what the heck! Posting a thread is like
peeing on the tundra (or the prairie). You're never sure where the
wind is going to come from.

The more important issue regarding code, I believe, is the API
(acronym for Application Pointy-clicky Interface)

Again: Jim, I'm sorry, but "pointy-clicky" was just to good to pass
up. :)

-- 
Tim 
tim at tee jay forty nine dot com or akwebsoft dot com
http://www.akwebsoft.com
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.