|
Just wondering what the main reason for WordPress having so many more security vulnerabilities vs. other systems is?
My assumptions would be
1. because it is so widely used, it's a much bigger target
2. because it allows for the plugins like it does, this could also open up php security holes galore from improperly tested plugins/inexperienced plugin authors
3. php tends to be a "jump right in" type of language, with coders not fully understanding all of the implications of what they are doing. This is not to say it is PHP's fault, but there certainly seems to be a "get coding quick" type of philosophy with PHP out there moreso than with other languages.
Did WordPress start out with a lousy PHP foundation and then it's kinda sorta been all hacked together since then? Or is it truly just because it's the biggest target thanks to so many websites operating on it? About 10 years ago, my first website used WordPress and a few months after I made it, it was attacked and destroyed by what I now know is SQL Injection.
It seems that ASP.NET MVC/Entity Framework doesn't really suffer from these vulnerabilities and in fact, when I searched for exploits, I found very few for ASP.NET MVC and a zillion for WordPress. So what's the deal?
modified 30-Aug-16 16:59pm.
|
|
|
|
|
It's pretty much a combination of all of the points you mentioned.
Part of it is due to the popularity of Wordpress, as you mentioned. The large number of sites running Wordpress results in a high ROI for attackers who work to compromise it.
Plugins are a huge attack vector. Although the Wordpress core code has become much more professionally built and more secure, there are still lots of horribly written plugins out there.
PHP was also a much worse language when Wordpress first got started than it is now. It has since gained features that help in the creation of well engineered software. It now has namespaces and (optional) static typing for function parameters and return types.
The barrier to entry is still low, though, which is why we'll continue to see lots of really insecure plugins out there. My girlfriend did a college program that mostly taught web design, but also taught just enough PHP for the students to be dangerous. I suspect that a lot of the bad plugins are a result of situations like that; people are able to hack together something that works, but they don't entirely understand why or how the it works, or how it interoperates with the rest of Wordpress. That's not to say that all designers who learn to code do it badly, but there are a subset who do.
|
|
|
|
|
You miss out a lot outdated plugin that is not fixed because no long support
|
|
|
|
|
Are they not one in the same? It's all XAML for Win/Phone/Tablets isn't it?
If it's not broken, fix it until it is
|
|
|
|
|
They are similar but not exactly the same. Yes, they both use XAML. UWP uses a subset of the entire WPF framework. Some new features/UIElements/properties are added to fully support the touch screen nature of the UWP applications.
|
|
|
|
|
|
Read Apple's letter to Europe on Irish tax decision | The Verge[^]
Personally I hope foreign companies and foreign governments proceed with a scorched earth reaction. Pull all European investment, shutter all European facilities, fire all European employees (based in Europe and elsewhere) , shut-down services to all European citizens / businesses and fine / tax the f*** out of all European companies operating outside of Europe.
Let Europeans live with the monster they've created.
In this present crisis, government is not the solution to our problem; government is the problem. ~ Ronald Reagan
|
|
|
|
|
Just because it's "legal" doesn't mean it's right: that is tax evasion / avoidance (I'm never clear on the difference) on a massive scale using practices they probably repeat in all territories. Which means that they don't contribute to the societies they depend on to provide the customers: they don't pay for the police, fire, or other emergency services; the legal system that protects their copyrights, that prosecutes those who steal from them; the penal system that jails people that contravene. They don't pay for the armed forces, and financial systems that provide them with a more-or-less stable society to buy their products. Instead, their share of that burden falls on you, me, and everybody else who does pay taxes whether they use Apple products or not.
Is that right and fair? Legality be damned - any person or company rich enough seems to make it's own law, and protest like heck when it seems that protection should be removed.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
OriginalGriff wrote: tax evasion / avoidance (I'm never clear on the difference
The general distinction I see is the evasion is blatantly illegal and is generally known to be at the time, while avoidance involves actions that are either legal (but potentially unintended consequences of a law to encourage something else) or in gray areas where there isn't any established case law allowing lawyers to credibly argue that the action is completely lawful until such time as the courts pick a test case and run it through the system.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
Ireland and Apple agreed to a rate. Apple paid it and became the largest taxpayer in Ireland. Now... years later your lovely EU decides they want more money. How on Earth is that fair?
Why would any business want to do business in Europe when they can retroactively change the rules.
In this present crisis, government is not the solution to our problem; government is the problem. ~ Ronald Reagan
|
|
|
|
|
Because the original agreement was unfair: in 2014 Apple paid £12M taxes in the UK, on profits estimated at £2,000M because it's "head office" where tax was paid (at a rate of 0.005% instead of 36%) was in Ireland thanks to that agreement.
Yes, that made it the largest tax payer in Ireland - but that's like being the person paying the most personal income tax in Greece: £20 per annum instead of £19.50!
And remember: Ireland and Greece were two of the countries that the EU had to bail out because their tax revenues weren't big enough after the crash. If Apple et al had been paying "fair" taxes instead of "legal" taxes the bail outs would have been a lot smaller...
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
So you'll be OK if the UK tax man comes to your door and says "Sorry Griff but we're charging you back taxes despite the fact that you paid the exact amount owed at the time. We decided it really wasn't "fair"?
Right?
In this present crisis, government is not the solution to our problem; government is the problem. ~ Ronald Reagan
|
|
|
|
|
You mean the Internal Revenue Service doesn't do that?
The Inland Revenue can revue any tax info you submit and change how much you owe them up or down. Down is rare.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
OriginalGriff wrote: You mean the Internal Revenue Service doesn't do that?
If the IRS thinks a mistake was made or they believe someone fudged numbers they can and will audit you. But they NEVER change the rate retroactively. That would be illegal!
In this present crisis, government is not the solution to our problem; government is the problem. ~ Ronald Reagan
|
|
|
|
|
If the EU forced Ireland to close whatever loophole or rate deal they have with Apple thus forcing Apple to pay more taxes going forward you wouldn't hear very much complaint (other than from Apple themselves I'm sure). It's the retroactive taxation that stinks of government corruption.
In this present crisis, government is not the solution to our problem; government is the problem. ~ Ronald Reagan
|
|
|
|
|
You completely misunderstand what is going on. The Commission has no say about the tax rate in Ireland. It's not the tax rate itself that is the problem. The problem is that they have decided that Apple has gotten a market-disrupting government subsidy in the form of extremely low tax rates.
Or are you in favour of government subsidies for the biggest earning company in the world?
|
|
|
|
|
Jeroen_R wrote: Or are you in favour of government subsidies for the biggest earning company in the world? Not at all. but when the taxing body (in this case Ireland) sets the rate and the tax payer (in this case Apple) pays it, I don't expect a 3rd party to come in 20+ years later and demand more money.
If the EU wants to force Ireland to change the rate going forward that's Ireland's business.
In this present crisis, government is not the solution to our problem; government is the problem. ~ Ronald Reagan
|
|
|
|
|
Think about it like this, maybe that'll make more sense: Ireland gave state aid to a private company, and now that it turns out it's illegal state aid, the company has to pay it back.
The form in which the state aid was given (in this case tax breaks, but it could just as well be cash or something else) is irrelevant.
|
|
|
|
|
I'm going to the extreme here, because, it's what I do. But if a person went to a country where child prostitution was legal, does that make it any less unethical? Apple made this deal so that it wouldn't have to pay taxes in the United States, where they use the roads and other public benefits without paying their fair share because of this.
|
|
|
|
|
Actually, with this decision by the EU, Apple will likely now pay less taxes in the United States due to the tax credit they get for the increased taxes in Europe. This is why you'll find articles (such as this[^]) talking about the US Treasury being angry about this decision.
The United States invariably does the right thing, after having exhausted every other alternative. -Winston Churchill
America is the only country that went from barbarism to decadence without civilization in between. -Oscar Wilde
Wow, even the French showed a little more spine than that before they got their sh*t pushed in.[^] -Colin Mullikin
|
|
|
|
|
Of course they will. Their profits will be less, or like you noted, their product prices will go up. Tax is tax regardless of which country it's going to. The crux of it for me is that they essentially paid off the Irish government for a substantially reduced tax while they, the Irish, had none of the liabilities of having the physical company there. Don't get me wrong, I get what you're saying. What they did was 'legal'. What they really need to do is call this a fine for unethical business practice instead of back taxes. I do like the fact that the EU stands up to these big companies vs the US government where they've become more like an oligarchy.
|
|
|
|
|
You just responded to a whole bunch of points, none of which were the point I was actually making.
In the US, corporations get tax credits based off of how much taxes they pay in other countries. Since they weren't paying very much in taxes in Europe, they weren't receiving much of a tax credit in the US. If this decision by the EU commission stands, their taxes in Europe will go up by a substantial amount, leading to a substantial tax credit here in the US, thus decreasing the amount of taxes they pay here, regardless of anything else that changes (profits/company structure/etc.). With this decision, the EU is essentially taking money directly from the US Federal government and giving it to Ireland (who, in my opinion, is equally complicit in this business agreement and deserve nothing more than has already been paid to them).
The United States invariably does the right thing, after having exhausted every other alternative. -Winston Churchill
America is the only country that went from barbarism to decadence without civilization in between. -Oscar Wilde
Wow, even the French showed a little more spine than that before they got their sh*t pushed in.[^] -Colin Mullikin
|
|
|
|
|
While Ireland is a sovereign nation and in theory 'should' be able to set their own tax rates to incentivize a large business concern like Apple to settle there as they did with the favorable tax status they have. They signed on to a conflicting agreement with the EU in which the have apparently surrendered part or all of that sovereignty, or so it would seem.
It sounds to me like if they want to keep their good friend Apple they need to do the same thing that the Brits did and pull out of the EU and tell them to take their tax bill and shove it as Apple represents jobs and gainful employment for a large segment of the Irish population, that could be in jeopardy if Apple is forced to fork over this money. They might better be back in the good Ole USA after Trump is done with things.
|
|
|
|
|
Well this just explained the gun ban! LOL
|
|
|
|
|
Does this mean Apple can come knocking on my door and tell me I owe them lots of money for the iPhone I bought two years ago?
We're philosophical about power outages here. A.C. come, A.C. go.
|
|
|
|