On Fri, May 10, 2013 at 10:52:59AM -0800, Tim Johnson wrote:
> I'm going to turn the following into blog, methinks. If I do, I will
> remove any and all personal names. Something for all to chew on and
> remember: You read it here first.
> ###################################################################
>
> Recently I contributed to the thread opened by Bruce Hill with
> subject line "web design help" with some comments regarding the use
> of CMS (content management systems). I listed some issues pro and
> con regarding the usage of CMS.
>
> I received the following from Jim McDonald OTL :
> """
> Learning curve? I had a wordpress website up and running with no
> experience in less than two hours … there isn't really a learning
> curve. it's all pointy clicky.
> """
>
> I would urge Bruce to look closely at Word Press, because that is
> what Jim was using. I note that wordpress can be installed pretty
> much instantaneously from cpanel with the domain hoster that I use.
> To be clear, the sites that I have hosted on this shared domain
> hoster were built using drupal. (I primarily work on dedicated
> servers with python frameworks). It might be that wordpress would be
> an easy option for Bruce. __But__ read on:
>
> I mean no personal aspersion to Jim when I use his comment above as
> a talking point and a subject. Furthermore, I hope that he would not
> be offended if I say that I believe that his words are illustrative
> of something that I have found ominous for some time now.
>
> I live in Palmer (Alaska) and we have seen two cases in which
> websites were hacked in manners that got a lot of public attention.
> According to our Parish priest, the Anchorage Archdiocese website
> was at one time hacked so that it looked like a Baptist website. Not
> a tragedy, really - one could even say that it was an ecumenical
> activity. :)
>
> Less funny and not much later, the Palmer Chamber of Commerce (PCOC)
> was hacked within hours of going live. Talk about a real business
> starter: the hack got written up on the local paper. The developer,
> in the first breath "took full responsibility" and in the second
> breath blamed Joomla (the CMS that they used). The second breath
> pretty much cancelled the first IMHO.
>
> If Bruce were to build a website to introduce a business that he was
> restarting after a long hiatus and he wanted to appeal to the
> parents of budding gymnasts __and__ if that site were hacked to make
> it look like pornography, Bruce's business would be in great
> jeopardy. In fact, that could be the death knell of his business.
>
> Most certainly, if Bruce were not versed with the security vector of
> dynamic websites, two hours would not be to much time for a learning
> curve to address such vectors.
>
> ***
> The possibility exists of a cyber intrusion attacking SCADA devices
> through controller PCs and costing far more in both blood and
> treasure than did 911. I think that possibility is about 50% and I
> am not one of those "Black Helicopter Paranoids". And I'm sure that
> going after SCADAs is not the only option of those who wish to do
> evil. It goes without saying that such an intrusion might be made
> through a web site.
> ***
>
> Oh! New Flash! $45 million hiest through IT systems just committed.
>
> When I went from "Straight C" to C++ in the Mid-90s I started using
> the Borland C++ Builder. It was very "pointy-clicky". As was the
> same for MS-Access systems that I was working on at the time. I
> could see that the code generated by Builder was very redundant,
> very large and contributed by other coders that I might have or
> might not have trusted.
>
> Pointy-clicky environments are now dominating website development.
> I'm all for it. After all, I use drupal as well as hand rolling with
> CGI and python frameworks. However, I'm afraid that making things so
> easy and so quick can seduce developers into thinking that security
> will be handled for them. Furthermore, such an approach makes it
> easy for idiots who don't care about the details to create
> dangerously compromised websites and web resources.
>
> Present company excepted!
>
> I would hope that responses to this would not go down the "PHP is
> evil" route. (I don't give a damn about the arguments pro and con
> about PHP core engineering vs perl/python/java core engineering. Bad
> code is still bad code. Good PHP beats the crap out of bad
> perl/python/java) But, what the heck! Posting a thread is like
> peeing on the tundra (or the prairie). You're never sure where the
> wind is going to come from.
>
> The more important issue regarding code, I believe, is the API
> (acronym for Application Pointy-clicky Interface)
>
> Again: Jim, I'm sorry, but "pointy-clicky" was just to good to pass
> up. :)
My needs are simple, but not desperate. There is nothing point-and-click that
we have used, nor probably will use in the future.
The whole fascination with flash and java in websites just increases the
attack vector, and frankly, for a little presence on the world wide web that
we want, HTML5 and CSS written in ViM will be enough.
I'm grateful for the replies from this list.
Bruce
-- Happy Penguin Computers >') 126 Fenco Drive ( \ Tupelo, MS 38801 ^^ support@happypenguincomputers.com 662-269-2706 662-205-6424 http://happypenguincomputers.com/ A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? Don't top-post: http://en.wikipedia.org/wiki/Top_post#Top-posting --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Fri May 10 11:14:05 2013
This archive was generated by hypermail 2.1.8 : Fri May 10 2013 - 11:14:05 AKDT