Thursday, February 26, 2004


Patch ==> Exploit

Defending your digital assetsThe BBC is reporting that, "...malicious hackers and vandals are lazy and wait for Microsoft to issue patches before they produce tools to work out how to exploit loopholes in Windows... Exploits get written once patches appear... Instead of working it out for themselves, malicious hackers are reverse engineering the patches to better understand the vulnerabilities, said David Aucsmith, who is in charge of technology at Microsoft's security business and technology unit..."

Hackers exploit Windows patches

Orkut, PHP and ASP.NET

Google's OrkutThanks to a long-running thread in Google's PHP development community, found this interesting article on the web. A long-time PHP developer begins using ASP.NET... as for the results, well, read on.

"Hi, let me start off by saying I am biased towards PHP for the reasons you all have mentioned. you can run php just about anywhere. php is easy to use, and is totally optimized as a scripting language (that is, you can do so much with just a few lines of code). with PHP 5, we see the addition of much more functionality mostly in the realm of Object Oreientated Programming. existing OOP in PHP is made even more powerful with PHP 5.

However, I really encourage those of you who have never tried ASP.NET to give it a shot. Granted, you have to keep an open mind about it. Like PHP, ASP.NET (and the .NET framework) can be run on linux with the help of Mono. Unlike PHP, ASP.NET is NOT open source. (but then again, how often do we all rewrite the php engine and compile it... honestly?). yes, ASP.NET (and the .NET framework) WAS created by micro$oft... yes, they have the power to start license it accordingly, but let's look at the facts.

- the .NET framework is distributed for free.
- ASP.NET comes with IIS. IIS comes with windows server products. Windows server products cost money.
- you don't need anything else to program code in ASP.NET. just IIS (or maybe apache and mono? haven't looked into that much personally), and the .NET SDK. so that's it. that's your BASIC costs.

of course, where does microsoft make their big money? helping you write ASP.NET code better. what does that mean? you guessed it. the bomb-diggity .NET IDE: VisualStudio.NET. as i mentioned before, you don't NEED this IDE, you can do everything you need right from the .NET SDK. however, after you use this baby, you'll want to get a copy for yourself. and how much does that cost? here's a site that sells it for about $1,000

let me tell you... if you code high end ENTERPRISE-LEVEL web applications, VS.NET is worth every penny. here's a scenario: remember how you create a basic form validation script in php:

- create form tags (1 min)
- write all the html elements out in the form (15 mins - big form)
- write javascript to validate each field (10 mins)
- write the php code for the page the form will post to (30 mins)
- do more error checking on this page (10 mins)
- insert into database, email user, whatever... (20 mins)

total time: 56 mins

this is how it's traditionally done, right? well, ASP.NET takes a different approach alltogether. Programing a web applicaiton with ASP.NET is more like programming a software applicaiton. of course, you could write out html code and have it post to different pages just like in the php example... but web controls is where it's at! here's how you would do the simular form in ASP.NET using VS.NET as your IDE.

- create new webform (every page in ASP.NET - when using web controls - is a form that posts to itself) (5 seconds)
- drag and drop each textbox/checkbox/radio button, etc.. to the form (5 mins if you use the default names for text fields)
- drag and drop a "RequiredFieldValidator" on to the page, for each form element you want to be required (ASP.NET writes the javascript for you - 3 mins)
- wire the "submit" button to an event handler (this is in place of the traditional form posting to a page, and getting values from $_POST or $_GET - 1 min)
- because you used the RequiredFieldValidator, ASP.NET will do error checking for you on the client and on the server, automatically (0 mins)
- insert into database, email user, whatever... (ASP.NET offers a great deal in this deparment as well, but for now, let's just assume it takes you the same to do it in asp.net as it would in PHP - 20 mins)

total time: 29 mins, 5 seconds.

so there you have it... you've bit your tounge, you've "enslaved yourself to Micro$oft", maybe you've paid a bit, BUT... you've cut your work load in half. if you are doing this for a living, or working on a huge project, ASP.NET can really help you out.

There are lots of other controls that ASP.NET has, and LOTS more things it does automatically for you. here's a small sampling...
"

ASP.NET vs. PHP

VW Profits Plunge...

VW PhaetonI hate to say I told you so... but, damn, this press clipping from 18 Feb echoed much of what I wrote months ago.

"WOLFSBURG – Europe's biggest carmaker, Volkswagen, reported Wednesday that its operating results plunged nearly one-half in 2003 to EUR 2.49 billion, forcing the company to lower its dividend to shareholders... At the same time, while expecting its business performance to improve this year, VW declined to give a specific forecast. It spoke only of a more positive outlook for earnings "over the medium term"...

VW employee council chairman Klaus Volkert... criticised the company's moves into the luxury segment with the new Phaeton and the sports utility vehicle Toureg, which had required large-sized investments...
"

VW Losses Mount

No comments: