[geeklog-devel] Hmm ...

Mark Howard mark at the-howards.net
Wed Jun 25 13:13:30 EDT 2008


I was reading some of the righteously-indignant comments to this article - I
don't see what the big deal is. I think this is sound security practice -
eg. disable all potentially dangerous features, but go ahead and provide the
ability to re-enable them through the configuration interface.

For instance, I know that I have to go out of my way to configure 'su' to
root to operate without a password, but I can still do it.  

Anyway - the article is written from the perspective of the folks that are
trying to 'market' a $30 editor which utilizes this open interface, and they
are annoyed that their users will be inconvenienced. 

(Yawn)

I think that taking the problem to the level where you are creating an
application-specific API (eg. what Flickr did) is frankly using the
(probably real issue) to your own advantage, eg. I am sure there is a whole
potential future market in 'Wordpress-enabled' applications which cost $20,
etc., and I'm quite sure that Red Sweater would like this as well.  

Let's hope Matt doesn't buy into this - I mean he was able to raise $29.5M
by sticking with open standards and interfaces so far, so why would he need
to do anything differently?

http://gigaom.com/2008/01/22/wordpresscom-creator-raises-29m/

It will be interesting to see whether they take the high road or low road,
but shipping the thing with AtomPub disabled by default?  No big deal -
sound security practices - I know how to click a mouse on a check box, and
if I don't, then the darn thing should be disabled ...

;^)

-m


-----Original Message-----
From: geeklog-devel-bounces at lists.geeklog.net
[mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Dirk Haun
Sent: Tuesday, June 24, 2008 4:05 PM
To: geeklog-devel
Subject: [geeklog-devel] Hmm ...

<http://daringfireball.net/linked/2008/06/24/wordpress-jalkut>

Long version:

<http://www.red-sweater.com/blog/512/wordpress-to-disable-remote-access>

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://eight.pairlist.net/mailman/listinfo/geeklog-devel




More information about the geeklog-devel mailing list