WordPress consumes a considerable amount of my time, not blogging, but updating this wonderful blogging tool, but is it not time yet to create some sort of Auto-Updating software ?
And by auto updating, i mean in a safe way that does not involve allowing apache to write to all files, i mean a bit of a more complex machanisim where one of the files is owned by a user allowed to edit the contents of PHP files or something creative that does not end up being itself a security vulnerability.
Security Volnerabilities are sometimes more commonly found in code that is distributed free (Like GPL), the code is distributed, then someone who has just learned a bit on regular expressions (A search mechanisim that can be used in most advanced editors to look for strings in files) searches the code for some sort of volnerability prone syntax, and then scrutenises it in order to inject links into popular websites for the purpose of fooling google into thinking they own an important website about some important medication
Truth be told, the guys at wordpress are doing a lovely job in updating there software as soon as a volnerability is found, Microsoft and other propertiary software vendors on the other hand enjoy the Security through obscurity principal and have to worry much less until disaster strikes, Like when IE brought the world destruction with a bunch of flaws that crippled most internet users and caused my dad to accuse me of vandalizing his PC on purpose, no doubt GPL is for the brave amongst us (And the generous).
But it may be time to write my own blogging software, as fond as i am of wordpress, i need a captcha system that i can trust (With no need for API keys and releying on other people’s uptime), i need a privilages system that does not classify people to Anon, User, and Admin, and a system that can be tailored to my needs easy by being simple and pluggable.
I have already found a name for it (TEKSTS.COM) and a nice hosting service for it (ALLSPOT.COM), once i finish the first beta release, i will open it for testing, then i will start adding functionality to it.
Surely, This is the main reason i was talking AJAX in the last post, because such an application without AJAXIFICATION is obsolete from day 1
Click here for an explanation of what AJAX is