Why do I love /. (aka, Slashdot)? I’ve been a long-time reader of slashdot and have asked myself this question from time to time. I am a classic lurker (Forrester calls us “spectators”) in the sense that I have never contributed, but am a loyal follower. Why? Because it’s like a barcamp run amuck.
I learn something new every time I dive into the fascinating Slashdot headlines that hit my igoogle RSS feed. Like last Sunday the 19th, I caught this interesting headline: “Something may have just hit Jupiter”: http://science.slashdot.org/story/09/07/20/0114250/Something-May-Have-Just-Hit-Jupiter?from=rss. Then, three days later on Wednesday, the news about the Jupiter hit made the New York Times front page, after being confirmed by NASA.
What I love about it is the way every discussion entry begins with a bit of news and links to the originating sources. For example, I picked up a fascinating article about automatic game design months ago that still remains somewhat unique, in my opinion, about shedding light on the critical connection between gaming and learning: http://togelius.blogspot.com/2008/12/automatic-game-design.html.
But, more often than not, the real magic of Slashdot is the free-for-all that goes on in the discussion thread that extends for pages and pages below the story header. I find you learn, you laugh, you cringe, and you learn some more. For example, here is a typical exchange – in this example – answering a PHP web developer’s inquiry regarding taking reasonable steps to protect his websites: http://it.slashdot.org/article.pl?sid=09/02/09/2254232&from=rss
The replies ranged from technical:
OWASP is invaluable for learning the WHY and HOW behind security, but for an amateur, I think the first best thing he could do is apply the Suhosin patch for PHP: http://www.hardened-php.net/ [hardened-php.net]
This lets him worry about the why and how AFTER he’s already closed many of the attack vectors a default PHP install leaves open. Especially if he’s running below 5.2.x.
Furthermore, PHP has been more security focused since 5.01. You can learn a lot about security just by reading the release notes, even if you don’t think you’re learning about security!
For example, the filter_input() function. Instead of doing this:
$phone_number = $_POST[‘phone_number’];
do this:
$phone_number = filter_input(INPUT_POST, ‘phone_number’, FILTER_SANITIZE_STRING);
That simple change applied to all of your $_POST, $_GET (and/or $_REQUEST) look-ups will shut down most of your application-level attacks.
Any PHP developer should learn and ALWAYS use the new Filter features: http://us2.php.net/manual/en/ref.filter.php [php.net]
To the procedural:
It’s a few easy steps that keeps most of the knuckleheads at bay.
Set up your site on a hosting service with automated backups. Dreamhost has a great backup system that can restore your entire site with DB in minutes once it’s been compromised. This will satisfy your client while you figure out how the defacer did his trick. It also puts the burden of OS-level security on them, so any intrusion will be incredibly unlikely to escalate priveleges and purge the logs.
Minimize use of web software packages (forums, blogs, photo galleries, etc.). This will limit your site’s exposure to known exploits when you fail to keep these packages updated. If you must use such a package, edit the paths so that it won’t fall prey to automated script attacks spidering for these packages. This makes upgrades more complex, but it will repel the dumb script kids.
Use .htaccess to ban foreign IPs. Most small-time sites have no need to be visited from overseas IPs. The site you build for a dentist doesn’t need to be accessible to a kid sitting behind a computer in Brazil.
Check your form inputs. Plain and simple.
To the hysterical:
Buy a pony. [ To which another “slasher” replied: “I would use the protein.” ]
A last example of why I love Slashdot comes from an article about intellectual property rights, the WTO, and China, wherein there was a vigorous exchange about taxation, open source, the mixing of global politics and finance, and East-West relations. In the end, as so often occurs, after wading through the technical weeds and silly chaff, the discussion ends with some wonderful observations from people who at least claim to have on-the-ground experience in-country.
by Ritz_Just_Ritz (883997) on Wednesday January 28, @12:20AM (#26634721)
I spend a great deal of time in China. The real crux of the problem is that there is a WIDE gulf between the law and enforcement of the law (unless it involves anti-government behavior…then the gulf narrows quickly).
I can easily go to any one of hundreds of locations that I know of (and I’m a damn foreigner) in Beijing and buy openly pirated movies and software. Sure, it is illegal to sell that stuff per the law books, but the government just doesn’t care. And when they make some noise about caring, it’s VERY temporary, the press gets their story and photos, and then it’s back to business as usual.
Government officials are profiting directly from winking at this illicit trade so there’s little incentive for those lower on the totem poles to rock the boat.
It’s not uncommon for the owner of one of these illicit DVD/CD fabs to bring in the relative of some party official in as a “silent partner” to keep the heat off. Welcome to China. Now be quiet and enjoy your 10RMB DVD (complete with fancy packaging and liner notes) that can be had in most subway stations and street corners in Beijing…er…roughly 7% of the price I’d pay at my local Best Buy for the same title in similar packaging…..
[REPLY] by Sanat (702) on Wednesday January 28, @01:30AM (#26635213)
I was a visiting American Scientist during my prolonged stay in China and was the first American that many Chinese seen since the Chiang Kai-shek stuff from the 50’s and 60’s. I traveled some with the president of the American company where I worked (he was American Chinese) and so I had a lot of opportunities to explore many place that most Americans would not be admitted.
I literally traveled from one end of China to another. I am rather a low key guy but because of my title then each Chinese providence would hold a banquet in my honor and so we would drink wu-shing pigu (5 star beer) and a clear liquor that I forget the name of but it was potent… anyway, I found the Chinese to be a most proper group of individuals and were good to their word… except if government was involved then they followed the ticket that was being trailed out… probably for self preservation.
I really enjoyed the people and loved the environment… being raised originally on a farm in Ohio made me understand a lot more than if I was a city slicker. What I did find though was that the average person did what they had to do to get along in life. If it meant duplicating a song or a data file then it was not a problem for them… I must reiterate that their values were neither greater nor less than mine but rather that they did what they had to do to survive in the economy of that era.
Sometimes I wish that I had transferred there permanently. My heart is very similar to that of the typical Chinese individual and they had a warmth that I find missing in today’s life in America.
An anonymous reader writes “The World Trade Organization yesterday released its much-anticipated decision involving a US complaint against China over its protection and enforcement of intellectual property rights.
The US quickly proclaimed victory, with newspaper headlines trumpeting the WTO panel’s requirement that China reform elements of its intellectual property laws. Yet the reality is somewhat different. As Michael Geist notes, “the US lost badly on key issues such as border measures and criminal IP enforcement, with the international trade body upholding the validity of China’s laws.”
And that, my friends, are but a few examples of why I love Slashdot.
The BroadBrush Update 