LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Development page

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Quotes of the week

[Posted March 7, 2012 by corbet]

But PHP is the language of the unwashed masses, and that was, and is, part of why it is hugely popular. Somebody who barely understands programming can pound away at the keyboard and write a bloody useful web application, breaking 10,000 Computer Science rules along the way.

It's duct tape and bailing wire. And we love it for that.

If the app is useful enough, it might even get cleaned up. Or just more duct tape and bailing wire is applied, more likely. :-)

-- Richard Lynch

There's no need to explain anything to beginners, they just accept whatever rules you give them. It's the people who are no longer beginners but not quite experts you have to deal with. But a true zen master, even a zen-of-Python master, would just hit them over the head with a wooden plank.
-- Guido van Rossum

Changing CPython to make it truly secure is definitely either a lost cause or a real major effort, and pysandbox just gives another such example. My advise is to give up and move security at some other level.

(Or else, if you want to play this game, there is PyPy's sandboxing, which is just an unpolished proof a concept so far. I can challenge anyone to attack it, and this time it includes attempts to consume too much time or memory, to crash the process in any other way than a clean "fatal error!" message, and more generally to exploit issues that are dismissed by pysandbox as irrelevant.)

-- Armin Rigo
(Log in to post comments)

Quotes of the week

Posted May 15, 2012 3:05 UTC (Tue) by mfedyk (guest, #55303) [Link]

Perfect reason to not use php, even the core developers know it is the definition of a logical fallacy.

For this reason, I encourage you to remove php from all of your systems and find or create alternatives for any php apps you may be using in one of the other free languages.

Free as in has a non-profit owning any copyrights, trademarks and patents for that language.

The foundations behind perl, python, ruby, etc. are not going to sue you for reimplementing their api or for patent infringement.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds