Won't anyone think of the poor Europeans who make only 2.4c per liter(litre)?
Profit per gallon is meaningless, it's profit per dollar invested that counts. My understanding is that this is relatively low for gas but that that is balanced by it being a very safe investment and that if prices rise to quickly, govt makes noises about getting involved (note that this latter is probably not especially a good thing).
Best thing is for govt to lower taxes on gas and then let the market fix prices. We'll have our solar powered flying cars sooner and oil can be kept for more useful things like plastics instead of just burning it.
It depends where you encode it. I've seen where people HTML escape input before putting it into a database which has cause problems later. Input should be validated and stored raw in a database (passed suitably escaped for database input of course) HTMLencoding should be reserved for the output since you don't necessarily know that HTML is what you will need to output.
Then again, there are situations where you may want to output HTML that has been input. That is easier to decide on the output side of things than the input.
Of course, that may be what you are doing. It's not clear from what you wrote.
Actually, I spoke to soon since < and > are valid XML characters. It's been a while since I worked with XML closely so I'm not sure what the correct way to handle them are. Most of the point still stands though, the fields should be treated as XML encoded plain text.
An RSS feed does not include HTML. The issue is therefore that any reader that interprets the feed directly should not process any HTML tags (and hence not interpret Javascript) and any agregator that takes a feed and inserts it into an HTML page should escape all HTML special characters.
That is not to say that the feed can not contain HTML characters, a deiscription "Microsoft says the <a> tag to be depreciated in Vista" is fully valid but should be treated as plain text, *not* html.
Sites which take formatting from their headlines and/or descriptions and include them in the RSS feed *are* broken but the real security bug lies where the text within is not treated as plain text by whatever reads the feed.
Here's the issue though... Say the field is supposed to have no markup. "<" and ">" are now valid characters. That means is is now the browser's fault if it interprets the tags as valid HTML (and thus capable of containing Javascript).
I don't know how to read XML document templates well enough. Can anyone confirm or deny if the elements are supposed to be able to contain HTML markup or whether they should be treated as plain text?
Hot on the heels of the Amazon "one-click" patent, Microsoft have announced patents on the following technologies:
"Three click" - For newbies "Four click" - For software that takes a long time to load "Ten click" - For people who are expecting an important email real soon. "Unlimited click" - Reserved specifically for "Ignore Retry Fail" dialog boxes.
The box that it happens repeatedly on is a slightly old version of Slackware with a slightly old version of KDE. But I have also had it occur on a brand-sparkly-new version of Debian with a brand-sparkly-new version of KDE on a more powerful box. It may be an OS thing but I have only ever had it happen in Konsole.
Mod parent up. Outlook is particularly bad about this... PST file hidden away in a hard-to-reach place and locked if Outlook is open which prevents automated backups. There's no excuse for not making it trivial to back up important information (particularly email) to CD or USB drive. Unless that excuse is "We want you to buy our Exchange product" perhaps.
Some ISPs won't let you run a SMTP server though, in which case there really isn't much you can do (especially if it's the only ISP in your area as seems to be frequently the case in the US).
There are services out there that will accept email as your MX and forward it to your smtp server on a port other than 25. These people for example (no affiliation, no recommendation).
Of course as the story illustrates, there is no absolute security. Your house may burn down, an asteroid may obliterate your region,
Offsite backups...
or you might just type a space in the wrong place in your "rm" command;)
Or, as happened to me, when a system gets loaded heavily, konsole will rearrange characters in its input buffer. "rm -rf/var/tmp/some_obsolete_folder<enter>" somehow became "rm -rf/var<enter>//ttmpssoooomeeee_bll_fdr"
What I mean is that maybe there was (relatively) unbiased media but they were unprofitable and hence failed. Market forces at work.
The point about bias being inescapable is that it is disengenuous for a news outlet to claim to be unbiased or even attempting to be so. Best to recognise the biases and just try not to go too wild with them.
The/symptom/ is anti-social behavior, the/cause/ is too much government involvement in private affairs causing people to abdicate responsibility to government. ASBOs are just more government involvement and will only exacerbate the problem (as can be seen where they have been used inappropriately).
Bemoaning the lack of unbiased sources is putting the cart before the horse. And believing that real lack of bias is even possible is simple naivety
That said, my parents got the Daily Mail and I would usually read it every day. Looking back, it was a pretty crap newspaper and, having read it again recently, it is now even worse than it was (late 70s/early 80s). And who in heck thought Fred Basset was ever funny?
Short of crippling the OS, you will never, ever, get a 100% safe configuration.
So what's Microsoft's excuse?
(Sorry, couldn't resist)
Rich
Me too.
Won't anyone think of the poor Europeans who make only 2.4c per liter(litre)?
Profit per gallon is meaningless, it's profit per dollar invested that counts. My understanding is that this is relatively low for gas but that that is balanced by it being a very safe investment and that if prices rise to quickly, govt makes noises about getting involved (note that this latter is probably not especially a good thing).
Best thing is for govt to lower taxes on gas and then let the market fix prices. We'll have our solar powered flying cars sooner and oil can be kept for more useful things like plastics instead of just burning it.
Rich
It depends where you encode it. I've seen where people HTML escape input before putting it into a database which has cause problems later. Input should be validated and stored raw in a database (passed suitably escaped for database input of course) HTMLencoding should be reserved for the output since you don't necessarily know that HTML is what you will need to output.
Then again, there are situations where you may want to output HTML that has been input. That is easier to decide on the output side of things than the input.
Of course, that may be what you are doing. It's not clear from what you wrote.
Rich
Actually, I spoke to soon since < and > are valid XML characters. It's been a while since I worked with XML closely so I'm not sure what the correct way to handle them are. Most of the point still stands though, the fields should be treated as XML encoded plain text.
Rich
An RSS feed does not include HTML. The issue is therefore that any reader that interprets the feed directly should not process any HTML tags (and hence not interpret Javascript) and any agregator that takes a feed and inserts it into an HTML page should escape all HTML special characters.
That is not to say that the feed can not contain HTML characters, a deiscription "Microsoft says the <a> tag to be depreciated in Vista" is fully valid but should be treated as plain text, *not* html.
Sites which take formatting from their headlines and/or descriptions and include them in the RSS feed *are* broken but the real security bug lies where the text within is not treated as plain text by whatever reads the feed.
Rich
Here's the issue though... Say the field is supposed to have no markup. "<" and ">" are now valid characters. That means is is now the browser's fault if it interprets the tags as valid HTML (and thus capable of containing Javascript).
I don't know how to read XML document templates well enough. Can anyone confirm or deny if the elements are supposed to be able to contain HTML markup or whether they should be treated as plain text?
Rich
Hot on the heels of the Amazon "one-click" patent, Microsoft have announced patents on the following technologies:
"Three click" - For newbies
"Four click" - For software that takes a long time to load
"Ten click" - For people who are expecting an important email real soon.
"Unlimited click" - Reserved specifically for "Ignore Retry Fail" dialog boxes.
Rich
The box that it happens repeatedly on is a slightly old version of Slackware with a slightly old version of KDE. But I have also had it occur on a brand-sparkly-new version of Debian with a brand-sparkly-new version of KDE on a more powerful box. It may be an OS thing but I have only ever had it happen in Konsole.
Rich
Might be more insightful to interview the bean-counter who undoubtedly refused to finance enough resources for the job to be done properly.
Rich
Mod parent up. Outlook is particularly bad about this... PST file hidden away in a hard-to-reach place and locked if Outlook is open which prevents automated backups. There's no excuse for not making it trivial to back up important information (particularly email) to CD or USB drive. Unless that excuse is "We want you to buy our Exchange product" perhaps.
Rich
Aha, but "offsite backups" does not necessarily mean within your region...
Nothing is ever certain but it is possible to reduce the risk substantially.
Rich
But I understand plusnet is starting their own google-alike search engine
Rich
Some ISPs won't let you run a SMTP server though, in which case there really isn't much you can do (especially if it's the only ISP in your area as seems to be frequently the case in the US).
;)
/var/tmp/some_obsolete_folder<enter>" somehow became "rm -rf /var<enter>//ttmpssoooomeeee_bll_fdr"
There are services out there that will accept email as your MX and forward it to your smtp server on a port other than 25. These people for example (no affiliation, no recommendation).
Of course as the story illustrates, there is no absolute security. Your house may burn down, an asteroid may obliterate your region,
Offsite backups...
or you might just type a space in the wrong place in your "rm" command
Or, as happened to me, when a system gets loaded heavily, konsole will rearrange characters in its input buffer. "rm -rf
I was not amused.
Rich
What I mean is that maybe there was (relatively) unbiased media but they were unprofitable and hence failed. Market forces at work.
The point about bias being inescapable is that it is disengenuous for a news outlet to claim to be unbiased or even attempting to be so. Best to recognise the biases and just try not to go too wild with them.
"Knocked down all the plumbs" is not the equivalent of "chopped the damn tree down".
The /symptom/ is anti-social behavior, the /cause/ is too much government involvement in private affairs causing people to abdicate responsibility to government. ASBOs are just more government involvement and will only exacerbate the problem (as can be seen where they have been used inappropriately).
Rich
And I was a fucking fry cook!
Eww. I hope you washed your hands.
Rich
"Good, bad, I'm the guy with the gun".
Rich
Incredibly, you seem to be both knocking "think of the children" and espousing "think of the children". In the same sentence even.
Rich
for every soviet union, I'll show you a Germany. For every Cuba, I'll show you an Italy. Extremism is extreme -- Duh.
Actually, I think what you proved is that socialism is socialism. Or maybe that statism is statism.
Rich
I don't care if the kids chopped the d@mn tree down. Their actions do Not warrant the response.
If one of the trees had been yours, I don't think you would be making that statement.
Rich
Bemoaning the lack of unbiased sources is putting the cart before the horse. And believing that real lack of bias is even possible is simple naivety
That said, my parents got the Daily Mail and I would usually read it every day. Looking back, it was a pretty crap newspaper and, having read it again recently, it is now even worse than it was (late 70s/early 80s). And who in heck thought Fred Basset was ever funny?
Rich
It's getting pretty good.
Click
Warning: plugin required, probably not work safe, funny.
Rich
It's been done