One does not use terms like "pointy clicky" in a Linux users group forum without anticipating hate mail, in fact you would be remiss in your duties as a Linux user if you failed to do so, that being said with the current rash of WP site hijacking occurring its probably not a bad thing to point out that if you rely on default settings in applications for security you're gonna have a bad time. As with anything in the IT industry there are few things that adequately substitute for research and a healthy dose of "hacker phobia"
Nough said?
On May 10, 2013, at 10:52, Tim Johnson <tim@akwebsoft.com> wrote:
> I'm going to turn the following into blog, methinks. If I do, I will
> remove any and all personal names. Something for all to chew on and
> remember: You read it here first.
> ###################################################################
>
> Recently I contributed to the thread opened by Bruce Hill with
> subject line "web design help" with some comments regarding the use
> of CMS (content management systems). I listed some issues pro and
> con regarding the usage of CMS.
>
> I received the following from Jim McDonald OTL :
> """
> Learning curve? I had a wordpress website up and running with no
> experience in less than two hours … there isn't really a learning
> curve. it's all pointy clicky.
> """
>
> I would urge Bruce to look closely at Word Press, because that is
> what Jim was using. I note that wordpress can be installed pretty
> much instantaneously from cpanel with the domain hoster that I use.
> To be clear, the sites that I have hosted on this shared domain
> hoster were built using drupal. (I primarily work on dedicated
> servers with python frameworks). It might be that wordpress would be
> an easy option for Bruce. __But__ read on:
>
> I mean no personal aspersion to Jim when I use his comment above as
> a talking point and a subject. Furthermore, I hope that he would not
> be offended if I say that I believe that his words are illustrative
> of something that I have found ominous for some time now.
>
> I live in Palmer (Alaska) and we have seen two cases in which
> websites were hacked in manners that got a lot of public attention.
> According to our Parish priest, the Anchorage Archdiocese website
> was at one time hacked so that it looked like a Baptist website. Not
> a tragedy, really - one could even say that it was an ecumenical
> activity. :)
>
> Less funny and not much later, the Palmer Chamber of Commerce (PCOC)
> was hacked within hours of going live. Talk about a real business
> starter: the hack got written up on the local paper. The developer,
> in the first breath "took full responsibility" and in the second
> breath blamed Joomla (the CMS that they used). The second breath
> pretty much cancelled the first IMHO.
>
> If Bruce were to build a website to introduce a business that he was
> restarting after a long hiatus and he wanted to appeal to the
> parents of budding gymnasts __and__ if that site were hacked to make
> it look like pornography, Bruce's business would be in great
> jeopardy. In fact, that could be the death knell of his business.
>
> Most certainly, if Bruce were not versed with the security vector of
> dynamic websites, two hours would not be to much time for a learning
> curve to address such vectors.
>
> ***
> The possibility exists of a cyber intrusion attacking SCADA devices
> through controller PCs and costing far more in both blood and
> treasure than did 911. I think that possibility is about 50% and I
> am not one of those "Black Helicopter Paranoids". And I'm sure that
> going after SCADAs is not the only option of those who wish to do
> evil. It goes without saying that such an intrusion might be made
> through a web site.
> ***
>
> Oh! New Flash! $45 million hiest through IT systems just committed.
>
> When I went from "Straight C" to C++ in the Mid-90s I started using
> the Borland C++ Builder. It was very "pointy-clicky". As was the
> same for MS-Access systems that I was working on at the time. I
> could see that the code generated by Builder was very redundant,
> very large and contributed by other coders that I might have or
> might not have trusted.
>
> Pointy-clicky environments are now dominating website development.
> I'm all for it. After all, I use drupal as well as hand rolling with
> CGI and python frameworks. However, I'm afraid that making things so
> easy and so quick can seduce developers into thinking that security
> will be handled for them. Furthermore, such an approach makes it
> easy for idiots who don't care about the details to create
> dangerously compromised websites and web resources.
>
> Present company excepted!
>
> I would hope that responses to this would not go down the "PHP is
> evil" route. (I don't give a damn about the arguments pro and con
> about PHP core engineering vs perl/python/java core engineering. Bad
> code is still bad code. Good PHP beats the crap out of bad
> perl/python/java) But, what the heck! Posting a thread is like
> peeing on the tundra (or the prairie). You're never sure where the
> wind is going to come from.
>
> The more important issue regarding code, I believe, is the API
> (acronym for Application Pointy-clicky Interface)
>
> Again: Jim, I'm sorry, but "pointy-clicky" was just to good to pass
> up. :)
>
> --
> Tim
> tim at tee jay forty nine dot com or akwebsoft dot com
> http://www.akwebsoft.com
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Fri May 10 13:49:38 2013
This archive was generated by hypermail 2.1.8 : Fri May 10 2013 - 13:49:38 AKDT