No, that's a worthless metric. People take different amounts of time for wildly varying reasons. When I was in school, it often took me a ridiculous amount of time to actually solve problems, not because I was struggling, but because the problems were so freaking boring that I would spend ten seconds working on a problem, then five minutes daydreaming, then ten more seconds working on it, then five more minutes daydreaming, etc.
And the more bored I was, the more distracted I was. The lowest grade I ever made on a test was in American history, when I was placed over next to the door to the next classroom. So I was hearing discussions of more interesting subjects than what I was working on, and a few minutes before the end of the class, I realized I was nowhere near finished. I started panicking and got finished, minus the bits I didn't know (and there were certainly some of those), but to this day, I still have problems focusing when there are pretty much any other noises to distract me.
Unfortunately, this means that your overly simplistic time-based metric would have predicted that I needed extra tutoring, extra practice work, and needed to be placed in a remedial class, whereas in point of fact, the opposite was true. I was in the smart class, and I was still bored out of my mind. So if your goal is to utterly torture many of your best and brightest, do exactly what you've proposed. If your goal is to identify struggling students, you need a much better metric than time spent.
If an instructor can't detect who is struggling, they are not a very good teacher and should find another job where ignoring people they are there to help is ok.
The problem with suburbs in general, and Silicon Valley in particular, is that suburbs don't scale. This wasn't as much of a problem for previous generations, but these days Silicon Valley has grown to a point where it is. The traffic along highway 101 is terrible and is not easy to avoid. Caltrain doesn't go everywhere and the connecting buses are slow and poorly timed. The place is too sparse to get by without a car, so you absolutely have to get one.
The suburbs scale just fine. You do have to choose employment within a reasonable distance or move. You can arbitrarily extend suburbia out for hundreds of miles in every direction. Just look at almost the entire northeastern seaboard for proof of this. The only reason the suburbs can't spread quite as well in the Silicon Valley area is because there are too many mountains. Even still, there's no fundamental reason that it can't expand out in directions where it is feasible to do so.
The South Bay traffic problems would be significantly reduced if we eliminated Prop 13. Under Prop 13, a home's value is reevaluated only when the owner sells it (for the most part). As a result, homeowners who change jobs are forced to commute because selling their homes and buying otherwise identical homes closer to work would result in a huge property tax increase.
That said, for the most part, I've found 101's traffic easy to avoid. Highway 280 parallels it just a few miles away, and usually has fewer problems. And in the South Bay, 85 is frequently a better choice than either one. The only time I've been unable to avoid bad traffic on 101 is when I'm going down towards Salinas, and that stretch is only bad because A. the road desperately needs to be eight lanes all the way to Salinas, B. SR-156 needs to be widened to four lanes all the way to Castroville (greater Monterey), and C. there is no good parallel route beyond where 280 and 85 merge into 101 other than taking 17 down to Santa Cruz and going across Highway 1 (which always has serious traffic problems because it also needs to be 4+ lanes all the way to Monterey).
Also you may disagree with this, but to me it's also a much more pleasant environment - the Victorian housing, the city skyline, the parks and the waterfront along the Embarcadero and the Marina look beautiful compared to the suburban houses, office parks, shopping plazas and the freeways that connect them.
Attractiveness, perhaps, though that varies widely, depending on where you are, both in the city and in the suburbs. Functionality-wise, definitely not. In my standalone house, I can play my grand piano at 2 a.m. without the neighbors calling the police. In a multi-family dwelling, that would almost never be the case, because properly soundproofing the walls between two units dramatically increases the cost of construction. I can build a house that (assuming no HOA rules) looks like what I want it to look like, without the design decisions being limited by trying to cram square footage onto a postage stamp, resulting in hard-to-use three- and four-story buildings that use space inefficiently. There are large parks with actual trees and lakes. The schools are better (which isn't important until you have kids, but give it time). And so on.
The article is not great, but it's more based around the idea that there is a generational trend towards urban living. It's wrong to think of it as either "everyone wants to live in the suburbs" or "everyone wants to live in the city", but when compared to previous generations more of Generation Y prefers city living.
The problem with that assertion is that youth have always had a strong preference to city living. The author is suggesting that this is somehow new, but it isn't. That was true even forty or fifty years ago. On the average, that preference starts to change when people have their first kid, and people tend to strongly prefer the suburbs by the time their first kid reaches school age. I see no evidence that the pattern is changing significantly, notwithstanding people choosing to have kids a bit later in life than they used to.
Inelegantly worded, and I wouldn't go quite that far, but I tend to agree with your dislike of the city life in general.
Full disclosure: I live in the Silicon Valley.
I can't imagine the allure of places like San Francisco. They're dirty, overcrowded, and getting around requires insane amounts of walking because you're never going to find a place to park and you're taking your life in your hands if you actually drive up there. Half the places you want to walk, you're constantly being hit up by people begging for money (despite an ever-increasing homeless services budget—homeless are drawn to SF by the availability of those services, so the more they spend, the more homeless they get; you can't solve homelessness one city at a time—it must be fixed at the national level—but I digress). There are drugged out people lying in the streets. There are drug deals going down on the corner, and prostitutes drumming up business. And for this, people pay more to rent a small apartment than I pay in space rent for an 1800 square foot mobile home. Seriously, what the f***?
I know some people like the "hip" culture of bars and clubs in larger cities, but once those people get a few years older, the desire to go clubbing usually wears off, and they find themselves wanting to live somewhere safe and comfortable. Cities are not that sort of place. The young workers who still haven't figured that out can live in their San Francisco. That's the thing about the Silicon Valley: It's an easy commute from there. Companies that want to attract those young workers would do well to follow the lead of companies like Apple and Google, who provide buses down from the city, where workers can get work done while they commute.
As for the companies that decide to move to San Francisco, it's only a matter of time before they figure out that they need a balance between the young workers and their older, wiser elders, most of whom don't want to move to a city, will be much less willing to commute than their younger counterparts, and will be much less able to commute on commute buses because they are spread over a larger geographical area. It's easy to set up commute buses from a highly populated area to your campus in the suburbs. It's much harder to set up commute buses from the suburbs to a company in the city.
In short, the entire notion of this article is fundamentally founded in a false dichotomy and an incorrect assumption that everyone likes cities. Oh, and one final point: Anyone who says that "Workers want to be in Oakland" is probably holding on to real estate in that city that they can't sell because of Oakland having one of the highest violent crime rates of any city in this country. As far as I can tell, nobody wants to be in Oakland....:-)
This is what archive.org is for. If anything, having stale blogs lying around forever clutters up search listings with less relevant, outdated content.
Before the "HD Video" connector, there was the DB-15 analog video connector they used, though that was a proprietary pinout for an industry standard connector shell so I guess you're not counting it?
In much the same way that I'm not counting the mini-DIN-8 that they used for serial ports. Standard connector, trivially adapted.
They also did a custom video connector much more recently, the Apple Display Connector.
Oh, yeah. I forgot about that one. Still ancient history, but slightly less ancient.;-)
Apple never actually sold Pippin hardware; it just licensed the design to other manufacturers.
I have no idea what sort of connector the Duo used for its dock, but it probably was proprietary.
Either way, the main point I was trying to make is that with the exception of iOS devices and power cords, the last time Apple used a truly proprietary connector (as in, designed by Apple and exclusive to Apple devices) was some time around the mid-1990s, unless I'm deliberately repressing something.;-)
It seems like these days, I find myself making a comment about every two weeks saying that people should not trust Google not to take away services that they depend on. "I am altering the deal. Pray I don't alter it any further." This is actually getting rather tedious at this point, and yet people still get up in arms about something they should have expected. How many times does this have to happen before everyone recognizes Google for what it is—a search engine and advertising firm that uses the promise of free services as a means to get more eyes on their ads?
The bottom line is this: If you want to provide something to the public, you really only have two viable options—set up a server yourself or set up an account with a hosting provider and back it up regularly to your own machine so that if they decide they don't want you there, you can migrate rapidly and nearly transparently to a different hosting provider. The entire notion of relying on a free web service is a fundamentally flawed concept. You cannot truly trust anything that can be taken away on a whim. You get what you pay for, and you do not get what you do not pay for, at least in the long term.
If you do not own the software that is used to provide access to your data, you do not really own the data in any meaningful sense.
First, this is not a proprietary port, as that implies that it takes proprietary plus. It is a proprietary connector that takes standard plugs and SD cards.
Second, to the best of my recollection, not counting power connectors or internal card slots, Apple products have used only four truly proprietary ports in its entire history: the two iPhone dock connectors, the Apple high density video connector (early PowerPC desktops), and the HDI-30 external SCSI connector (68k era laptops).
All the other connectors that you seem to think are proprietary are either existing industry standard connectors (e.g. mini-DIN-8 serial and DB25 SCSI) or are connectors that Apple designed and made available as part of industry standards that it helped define (e.g. FireWire 400/800, Mini DisplayPort, and Thunderbolt).
Even women are more likely to want to talk to a well-dressed, attractive woman than the pushy marketdroid or worse, the obese engineer wearing a t-shirt and ripped jeans who smells like he hasn't bathed in a week. It's not just about appearance; it's also about appearance. Know what I mean?
Home security systems are meant to stop the small time thieves. If you are smart enough to hack into my home automation stuff and turn off my lights its probably not worth your time.
This is the same flawed argument that makes DRM seem useful. The fundamental flaw in your logic is that you assume that each crook must learn about the systems and learn how to crack them for each home.
In reality, all that is required is for a single person to crack the security scheme once, and then develop a tool to reproduce the attack. He or she can then sell that tool to all the small-time crooks, and before long, they're as ubiquitous as lock picks. To make matters worse, you don't have to stand there looking suspicious while you pick an insecure digital lock or disable an insecure digital alarm system.
No, in the long term, easily cracked electronic door locks and alarm systems are going to make those small-time burglars very happy.
And then disable the alarm system, and if the home is really automated, unlock the door. Devices intended to provide security should, first and foremost, be secure. If they aren't, they are worthless—doubly so if they actually open up additional vulnerabilities that otherwise would not have existed.
And it's pretty ridiculous to then say, "the US government is lying!" when they're actually taking concrete steps to get this right and doing so as transparently as possible.
And the politician caught embezzling money rapidly begins taking concrete steps to determine how such an accounting mistake could have happened. And the politician caught getting blow jobs in the Oval Office makes a contrite apology to the American people and begins taking concrete steps to fix his marriage. And so on.
News flash: When politicians get caught with their pants down (literally or figuratively), they begin taking concrete steps to fix the problem. The thing is, it was still a problem before they were caught, and they were doing nothing about it then. Therefore, it is safe to assume that they are only fixing the things that they were caught doing, and that they are probably doing other things that are just as wrong, but because they have not yet been caught, they won't clean up their act.
The fact of the matter is that most politicians, CEOs, and other leaders are sociopaths. They got into positions of power through not caring who they hurt on the way up. They have absolutely no morals, and cannot be trusted to do the right thing. They must be treated like little children, and watched constantly by a vigilant public. The absence of that watchful eye can only result in tyranny. We've been looking the other direction for far too long, both as a society and individually. It is time to remove the veil of secrecy and show these leaders for what they are: traitors against the United States, its Constitution, and its people. Some crimes just cannot be forgiven with a simple apology and a "We promise not to do it again." But even if it could, they already tried that once before, back in the Bush administration. And although once is a mistake, twice is a pattern of abuse.
This is required for a democracy: you need to be informed before you can make the informed choice.
For the most part, I would agree with you. However, there is the need for temporary operational secrets, particularly where the revelation of those secrets would compromise the identity of operatives in the field, or would reveal our attack strategies on the battlefield during a time of war. There should, however, be time limits to such secrets.
How, then, do you explain China? They remain content to make copies.
They're starting out further behind than those other countries, under a regime that doesn't really encourage free thinking, so for now, they're still trying to catch up in areas like process improvements. Give them another decade.
In Electronics and computers you have the same situation. Why would anyone develop some totally new technology at the expense of years in the lab and millions of dollars of salary and equipment with no way to assure a payment?
They do now. Have you seen how blatantly China and other developing nations ignore patents and produce blatant knock-offs of American goods? And before that, it was Korea, then before that, Japan, and I'd imagine somebody else before that, and at some point, if you look back far enough, it was America making knock-offs of patented continental goods.
So throughout pretty much the entire history of the industrial world, you had some developing nation ignoring patents and making the products anyway, and before very long, those nations were the ones doing much of the innovation, because they weren't content to just make exact copies for long, unlike the lumbering companies with patents, who basically sat on their butts and tried to milk their inventions for every penny they could while doing as little as they could to improve things. All of modern technology, ultimately, exists in large part because patents were ignored.
Just to be clear, I meant that statement in the context of the parent poster, which was talking about the U.S. I'm not at all surprised that there are countries who actually maintain their infrastructure where power is that reliable.:-)
Relatively few web apps require allowing the user to write raw HTML anywhere.
Including, among others, the website we're writing this with, one website I recently created.... Yes, more websites use BBCode these days, but not every website.
With that said, you're both wrong; string literals (I'm assuming GP meant JavaScript strings) are just one of many places that XSS can be found.
I never said anything about JavaScript or string literals, FWIW.
IIRC, XSS vulnerabilities usually fall into one of the following categories:
Arbitrary content containing HTML is accepted by the server as part of a query and is reemitted in the response page as though it came from the server. This is caused by an incorrect security assumption—that the user himself/herself produced the content in question using your site. This sort of mistake quite frequently implies much more serious security problems under the hood, like trusting user IDs sent in by "trusted" JavaScript code, and other insanity. Sadly, this is the most common form of XSS vulnerability, which is scary as heck.
HTML written by one user gets stored and later shown to other users. This is common in bulletin-board-style apps
Non-HTML content written by one user gets emitted inside an HTML tag (common) or stylesheet (rare). For example, in an app that uses BBCode, the contents of an [img] tag are turned into an src attribute in the HTML, and if not properly sanitized, can result in arbitrary HTML injection.
Either way, you're emitting something that the user submitted that is supposed to be or become a fragment of HTML (potentially as small a fragment as just the contents of an attribute), so you have to make sure that it is sane for the context. If it's in an attribute, plain text needs to be quoted one way. If it's in the body of a tag, plain text needs to be quoted in a different way. If it is a blob of HTML, it needs to be heavily sanitized. And so on. But the most common case, by far, involves the server just parroting what was submitted, which falls into the "raw HTML in, raw HTML out" category. Fixing that requires either sanitizing a blob of arbitrary HTML (hard) or not parroting the data (easy, but not always workable).
Let me know if I'm missing some other common cases.
Cardinal Richelieu said it best when he said, "Who commits treason is only a matter of the date," or something to that effect.
They say it was released, but I won't believe it until I see it. And incidentally, does the OS release kill the cat just as well as a particle?
Name one K-12 school that allows students to leave before the closing bell. :-)
No, that's a worthless metric. People take different amounts of time for wildly varying reasons. When I was in school, it often took me a ridiculous amount of time to actually solve problems, not because I was struggling, but because the problems were so freaking boring that I would spend ten seconds working on a problem, then five minutes daydreaming, then ten more seconds working on it, then five more minutes daydreaming, etc.
And the more bored I was, the more distracted I was. The lowest grade I ever made on a test was in American history, when I was placed over next to the door to the next classroom. So I was hearing discussions of more interesting subjects than what I was working on, and a few minutes before the end of the class, I realized I was nowhere near finished. I started panicking and got finished, minus the bits I didn't know (and there were certainly some of those), but to this day, I still have problems focusing when there are pretty much any other noises to distract me.
Unfortunately, this means that your overly simplistic time-based metric would have predicted that I needed extra tutoring, extra practice work, and needed to be placed in a remedial class, whereas in point of fact, the opposite was true. I was in the smart class, and I was still bored out of my mind. So if your goal is to utterly torture many of your best and brightest, do exactly what you've proposed. If your goal is to identify struggling students, you need a much better metric than time spent.
Government employee, it is, then.
The suburbs scale just fine. You do have to choose employment within a reasonable distance or move. You can arbitrarily extend suburbia out for hundreds of miles in every direction. Just look at almost the entire northeastern seaboard for proof of this. The only reason the suburbs can't spread quite as well in the Silicon Valley area is because there are too many mountains. Even still, there's no fundamental reason that it can't expand out in directions where it is feasible to do so.
The South Bay traffic problems would be significantly reduced if we eliminated Prop 13. Under Prop 13, a home's value is reevaluated only when the owner sells it (for the most part). As a result, homeowners who change jobs are forced to commute because selling their homes and buying otherwise identical homes closer to work would result in a huge property tax increase.
That said, for the most part, I've found 101's traffic easy to avoid. Highway 280 parallels it just a few miles away, and usually has fewer problems. And in the South Bay, 85 is frequently a better choice than either one. The only time I've been unable to avoid bad traffic on 101 is when I'm going down towards Salinas, and that stretch is only bad because A. the road desperately needs to be eight lanes all the way to Salinas, B. SR-156 needs to be widened to four lanes all the way to Castroville (greater Monterey), and C. there is no good parallel route beyond where 280 and 85 merge into 101 other than taking 17 down to Santa Cruz and going across Highway 1 (which always has serious traffic problems because it also needs to be 4+ lanes all the way to Monterey).
Attractiveness, perhaps, though that varies widely, depending on where you are, both in the city and in the suburbs. Functionality-wise, definitely not. In my standalone house, I can play my grand piano at 2 a.m. without the neighbors calling the police. In a multi-family dwelling, that would almost never be the case, because properly soundproofing the walls between two units dramatically increases the cost of construction. I can build a house that (assuming no HOA rules) looks like what I want it to look like, without the design decisions being limited by trying to cram square footage onto a postage stamp, resulting in hard-to-use three- and four-story buildings that use space inefficiently. There are large parks with actual trees and lakes. The schools are better (which isn't important until you have kids, but give it time). And so on.
The problem with that assertion is that youth have always had a strong preference to city living. The author is suggesting that this is somehow new, but it isn't. That was true even forty or fifty years ago. On the average, that preference starts to change when people have their first kid, and people tend to strongly prefer the suburbs by the time their first kid reaches school age. I see no evidence that the pattern is changing significantly, notwithstanding people choosing to have kids a bit later in life than they used to.
Inelegantly worded, and I wouldn't go quite that far, but I tend to agree with your dislike of the city life in general.
Full disclosure: I live in the Silicon Valley.
I can't imagine the allure of places like San Francisco. They're dirty, overcrowded, and getting around requires insane amounts of walking because you're never going to find a place to park and you're taking your life in your hands if you actually drive up there. Half the places you want to walk, you're constantly being hit up by people begging for money (despite an ever-increasing homeless services budget—homeless are drawn to SF by the availability of those services, so the more they spend, the more homeless they get; you can't solve homelessness one city at a time—it must be fixed at the national level—but I digress). There are drugged out people lying in the streets. There are drug deals going down on the corner, and prostitutes drumming up business. And for this, people pay more to rent a small apartment than I pay in space rent for an 1800 square foot mobile home. Seriously, what the f***?
I know some people like the "hip" culture of bars and clubs in larger cities, but once those people get a few years older, the desire to go clubbing usually wears off, and they find themselves wanting to live somewhere safe and comfortable. Cities are not that sort of place. The young workers who still haven't figured that out can live in their San Francisco. That's the thing about the Silicon Valley: It's an easy commute from there. Companies that want to attract those young workers would do well to follow the lead of companies like Apple and Google, who provide buses down from the city, where workers can get work done while they commute.
As for the companies that decide to move to San Francisco, it's only a matter of time before they figure out that they need a balance between the young workers and their older, wiser elders, most of whom don't want to move to a city, will be much less willing to commute than their younger counterparts, and will be much less able to commute on commute buses because they are spread over a larger geographical area. It's easy to set up commute buses from a highly populated area to your campus in the suburbs. It's much harder to set up commute buses from the suburbs to a company in the city.
In short, the entire notion of this article is fundamentally founded in a false dichotomy and an incorrect assumption that everyone likes cities. Oh, and one final point: Anyone who says that "Workers want to be in Oakland" is probably holding on to real estate in that city that they can't sell because of Oakland having one of the highest violent crime rates of any city in this country. As far as I can tell, nobody wants to be in Oakland.... :-)
This is what archive.org is for. If anything, having stale blogs lying around forever clutters up search listings with less relevant, outdated content.
This.
Indeed, they were foremost on my mind.
In much the same way that I'm not counting the mini-DIN-8 that they used for serial ports. Standard connector, trivially adapted.
Oh, yeah. I forgot about that one. Still ancient history, but slightly less ancient. ;-)
In order:
Either way, the main point I was trying to make is that with the exception of iOS devices and power cords, the last time Apple used a truly proprietary connector (as in, designed by Apple and exclusive to Apple devices) was some time around the mid-1990s, unless I'm deliberately repressing something. ;-)
It seems like these days, I find myself making a comment about every two weeks saying that people should not trust Google not to take away services that they depend on. "I am altering the deal. Pray I don't alter it any further." This is actually getting rather tedious at this point, and yet people still get up in arms about something they should have expected. How many times does this have to happen before everyone recognizes Google for what it is—a search engine and advertising firm that uses the promise of free services as a means to get more eyes on their ads?
The bottom line is this: If you want to provide something to the public, you really only have two viable options—set up a server yourself or set up an account with a hosting provider and back it up regularly to your own machine so that if they decide they don't want you there, you can migrate rapidly and nearly transparently to a different hosting provider. The entire notion of relying on a free web service is a fundamentally flawed concept. You cannot truly trust anything that can be taken away on a whim. You get what you pay for, and you do not get what you do not pay for, at least in the long term.
If you do not own the software that is used to provide access to your data, you do not really own the data in any meaningful sense.
Okay, that's just trolling right there.
First, this is not a proprietary port, as that implies that it takes proprietary plus. It is a proprietary connector that takes standard plugs and SD cards.
Second, to the best of my recollection, not counting power connectors or internal card slots, Apple products have used only four truly proprietary ports in its entire history: the two iPhone dock connectors, the Apple high density video connector (early PowerPC desktops), and the HDI-30 external SCSI connector (68k era laptops).
All the other connectors that you seem to think are proprietary are either existing industry standard connectors (e.g. mini-DIN-8 serial and DB25 SCSI) or are connectors that Apple designed and made available as part of industry standards that it helped define (e.g. FireWire 400/800, Mini DisplayPort, and Thunderbolt).
Even women are more likely to want to talk to a well-dressed, attractive woman than the pushy marketdroid or worse, the obese engineer wearing a t-shirt and ripped jeans who smells like he hasn't bathed in a week. It's not just about appearance; it's also about appearance. Know what I mean?
Agreed. The entire notion of secret courts should be anathema to any free society.
This is the same flawed argument that makes DRM seem useful. The fundamental flaw in your logic is that you assume that each crook must learn about the systems and learn how to crack them for each home.
In reality, all that is required is for a single person to crack the security scheme once, and then develop a tool to reproduce the attack. He or she can then sell that tool to all the small-time crooks, and before long, they're as ubiquitous as lock picks. To make matters worse, you don't have to stand there looking suspicious while you pick an insecure digital lock or disable an insecure digital alarm system.
No, in the long term, easily cracked electronic door locks and alarm systems are going to make those small-time burglars very happy.
And then disable the alarm system, and if the home is really automated, unlock the door. Devices intended to provide security should, first and foremost, be secure. If they aren't, they are worthless—doubly so if they actually open up additional vulnerabilities that otherwise would not have existed.
And can we please, please, please get a similar demand for Facebook?
And the politician caught embezzling money rapidly begins taking concrete steps to determine how such an accounting mistake could have happened. And the politician caught getting blow jobs in the Oval Office makes a contrite apology to the American people and begins taking concrete steps to fix his marriage. And so on.
News flash: When politicians get caught with their pants down (literally or figuratively), they begin taking concrete steps to fix the problem. The thing is, it was still a problem before they were caught, and they were doing nothing about it then. Therefore, it is safe to assume that they are only fixing the things that they were caught doing, and that they are probably doing other things that are just as wrong, but because they have not yet been caught, they won't clean up their act.
The fact of the matter is that most politicians, CEOs, and other leaders are sociopaths. They got into positions of power through not caring who they hurt on the way up. They have absolutely no morals, and cannot be trusted to do the right thing. They must be treated like little children, and watched constantly by a vigilant public. The absence of that watchful eye can only result in tyranny. We've been looking the other direction for far too long, both as a society and individually. It is time to remove the veil of secrecy and show these leaders for what they are: traitors against the United States, its Constitution, and its people. Some crimes just cannot be forgiven with a simple apology and a "We promise not to do it again." But even if it could, they already tried that once before, back in the Bush administration. And although once is a mistake, twice is a pattern of abuse.
For the most part, I would agree with you. However, there is the need for temporary operational secrets, particularly where the revelation of those secrets would compromise the identity of operatives in the field, or would reveal our attack strategies on the battlefield during a time of war. There should, however, be time limits to such secrets.
They're starting out further behind than those other countries, under a regime that doesn't really encourage free thinking, so for now, they're still trying to catch up in areas like process improvements. Give them another decade.
They do now. Have you seen how blatantly China and other developing nations ignore patents and produce blatant knock-offs of American goods? And before that, it was Korea, then before that, Japan, and I'd imagine somebody else before that, and at some point, if you look back far enough, it was America making knock-offs of patented continental goods.
So throughout pretty much the entire history of the industrial world, you had some developing nation ignoring patents and making the products anyway, and before very long, those nations were the ones doing much of the innovation, because they weren't content to just make exact copies for long, unlike the lumbering companies with patents, who basically sat on their butts and tried to milk their inventions for every penny they could while doing as little as they could to improve things. All of modern technology, ultimately, exists in large part because patents were ignored.
Ob. Futurama:
Add a one and two zeros in front of that or we pass.
How much did we get?
A thousand and one pesos.
Just to be clear, I meant that statement in the context of the parent poster, which was talking about the U.S. I'm not at all surprised that there are countries who actually maintain their infrastructure where power is that reliable. :-)
Including, among others, the website we're writing this with, one website I recently created.... Yes, more websites use BBCode these days, but not every website.
I never said anything about JavaScript or string literals, FWIW.
IIRC, XSS vulnerabilities usually fall into one of the following categories:
Either way, you're emitting something that the user submitted that is supposed to be or become a fragment of HTML (potentially as small a fragment as just the contents of an attribute), so you have to make sure that it is sane for the context. If it's in an attribute, plain text needs to be quoted one way. If it's in the body of a tag, plain text needs to be quoted in a different way. If it is a blob of HTML, it needs to be heavily sanitized. And so on. But the most common case, by far, involves the server just parroting what was submitted, which falls into the "raw HTML in, raw HTML out" category. Fixing that requires either sanitizing a blob of arbitrary HTML (hard) or not parroting the data (easy, but not always workable).
Let me know if I'm missing some other common cases.