In your very long forthcoming career you will find very few moments of clarity. Take it from a veteran of this industry - take it easy , have fun , keep the focus on being productive and objective. You cannot control much more than that and there are always many forces at work which you might not even have an idea about. So relax and don’t take it too personally. Good luck!
Well that opens up a niche to actually start a rental car business called “Real Reservations” and charge extra for actually reserving the car the customer is willing to pay extra premium for.
You could actually offer discounts and still come out ahead, likely far ahead as you’d be both guaranteeing a car and offering a cheaper car. Win-win, you just lose the terrible customers acting unethically.
I think they mean don't play a light show while driving. You need things like blinkers, tail lights, etc. to function as intended for safety reasons. Many places have strict laws about exactly what kinds of lights can and can't be on a car in motion.
I just grabbed by copy of CGI Programming on the World Wide Web by Gundavaram from 1996, and on page 368 it says:
> Most servers are set up to run with the user identification (UID) of "nobody," which means that your scripts have to be world executable. The reason for this is that "nobody" has minimal privileges.
Sure, there would always have been a few idiots who ran everything as root, but my recollection, backed up by the well-respected O'Reilly & Associates here, is that running internet-facing services with restricted privileges was the majority position for at least as long as web servers have had version numbers of 1.0+.
I think this might be a newer problem than 1996 actually. I have seen an awful lot of "modern" (2010s at least) devops which runs everything as root because the developer could not be bothered to understand the unix permissions model. I would guess that focus on security is something that waxes and wanes, rather than something that monotonically becomes more important in the culture.
It should because if you can exploit the root user, it is much easier to use that machine as a lunching point for a secondary attack. Further, root will let you cover your tracks much more easily than an unprivileged user.
It takes real effort to run most of the LAMP stack as root. If you don't understand Unix permissions it's not easy. Apache, mysql, (and therefore php) all run by default as a low-privileged user. I have plenty of real world experience and haven't seen apache or mysql run as root outside of embedded devices, and even that was maybe a handful of times.
But the book isn't saying "You should try to make sure your web server runs as nobody". It's saying "when you're deploying your CGI programs, take into account the fact that the web server you're deploying to likely runs as nobody".
