"I'm out of touch with reality, and honestly, we killed off our fanbase when we starting whining about napster... So, hey guys! Look at me!! I'm relevant again!!! SERIOUSLY!!! I download stuff too!!"
No doubt, not everybody lives up to their own hype. Some people aren't nearly as qualified as they think they are. I'm sure neither you nor I are exempt from this. It's easier to find something wrong with somebody's code, than to code it correctly in the first place. It's nice to have a second pair of eyes for that reason.
That being said, it's still not rocket science, or magic. It's just tedious, and requires forethought. Considering all the angles is important. When you get into the habit, it becomes second nature.
Surely this is not a limitation of PHP or the PHP programmer. Just coincidental evidence against particular instances you've encountered make it seem as if it is so. (Anecdotes)
My list wasn't exhaustive, but you can eliminate XSS by scrubbing all your inputs. If the only thing a user can post is plaintext and some bbcode, that's all they'll post.
Another cool one that I'm surprised Myspace hasn't used: A great way to kill phishers is using the out-bound warning page. Re-code all outbound hyperlinks to a "Warning, this is no longer myspace" page, then allow them to click the url.
As a programmer, I probably couldn't do what a heart surgeon would do. But as a programmer, I can do what programmers do. Part of my job is security. Some times its tedious, sometimes I miss things. But it's not magic or voodoo. And I believe the heart surgeon doesn't beleve what he does is voodoo either.
Things like this always surprise me when I hear them.
Making a secure PHP web app is not that hard.
-Make sure to keep globals off (or initialize all variables before using them. -Sanitize all inputs before getting to the database. -Always sanitize user-inputted data before displaying it on screen (strip_tags) -Check permissions on every page. (Make sure I can't change id=17 to id=18 and see things I shouldn't.)
And so on...
Honestly, it's not some mysterious voodoo, it's very basic procedures (like these) that all programmers should get in the habit of doing, no matter what language you use.
The only complaint I have about your site, Kenn, is that your links are not underlined and is therefore confusing. People shouldn't have to wander about your site with their mouse looking for mystery navigation.
As a current NH resident, I must disagree with this sentiment. MASS drivers are horrible. It's easy to spot them, especially when they're in NH- they stand out like a sore thumb.
A trip down 93 to Boston on any given day will show just how non-nonchalant everybody in MA is about horrible driving. There's always a few people pulled over, but nobody slows down below 80 near cops. Accidents are common, (although usually minor), but it seems in a non-fault state such as MA, it's all in a day's commute.
I agree. I have customers who misquote me all the time when I'm giving them a pitch of sorts. If they don't like the way things turned out, they always lie about what I said.
Of course, where I work, our phone system is recorded (and disclosed as such). I usually apologize for the misunderstanding and offer to have the customer come to my office and review the phone logs with me if they truely believe that I've changed a price or my story. They usually back down at that point.
The problem is, people get angry, and often times it's their own ignorance that sets them up... "What? I never approved $200! That's ridiculous!"
They'll spend a fair amount of time griping to friends and family about how we agreed on a different price, and that those guys are up to no good. It's easy to twist the facts when you're defensive. Especially when they think it's a my-word-against-his ordeal.
Maybe national inflation is only.09%, but 'round these parts (north east boston area) the average cost of things has gone up considerably. I'm not making (much) more money, but I'm paying twice the price for groceries than I did 3 years ago. Resturants have all increased their prices- I'm paying around $10 more per meal. Even Mc Donalds got rid of their dollar menu.
It downgrades video quality if your videocard or monitor isn't HDCP compatible?
I keep hearing this, and honest question- how can I tell when this happens? Is there a test file I can download and try that won't work? Is there a set of circumstances that I can replicate? I keep hearing all this DRM built into windows, but it's never actually affected me...
Do you hear the sound of the words echo through your head as you read words, like me? Well, as the copyright owner of this comment, I forbid such usage- and deny you the ablity to read this comment out loud to your friends either.
Seriously though, despite this being a rediculous idea, what is the Authors' Guild actually trying to do here? I mean, if anybody is really pushing to create more copyright holder rights, it's Amazon and the Kindle. Let's review...
-The right to not let my friends borrow my book when I'm finished reading it? Check.
-The right to not resell my book on the used books market when I'm done? Check.
-The right to having access to my books revoked on a whim if my provider goes out of business, or *gasp* decides it's not a profitable market (MSN Music, I'm looking at you)? Check.
With all these rights landgrabs that Amazon is making with their digital books on Amazon (and heck, digital media in general), I'd assumed they were colluding with the Author's Guild. I mean, if nobody can share your books, and nobody can help spread the buzz surrounding your great ideas or fiction... that means you'll make more sales... right?
To hell with all of them. I'll read quietly, or out loud when ever I please. And just for being assholes, I'm going to pirate the next book published by a guild author. And I'm going to listen to Microsoft Sam read it to me. And I'm going to pretend to like it.
Slashdot Mirror
"I'm out of touch with reality, and honestly, we killed off our fanbase when we starting whining about napster... So, hey guys! Look at me!! I'm relevant again!!! SERIOUSLY!!! I download stuff too!!"
And filesharing is useful for rare stuff.
Filesharing on a small darknet may not be useful for rare stuff, unless your friends happen to have it. -1 Downside.
Well clearly my hello world app is running as 99/99, but seriously. I've posted this unassuming php script on a webserver. You going to hack me now?
<?
print("hello world");
?>
So, uh, you think you can improve my security?
No doubt, not everybody lives up to their own hype. Some people aren't nearly as qualified as they think they are. I'm sure neither you nor I are exempt from this. It's easier to find something wrong with somebody's code, than to code it correctly in the first place. It's nice to have a second pair of eyes for that reason.
That being said, it's still not rocket science, or magic. It's just tedious, and requires forethought. Considering all the angles is important. When you get into the habit, it becomes second nature.
Surely this is not a limitation of PHP or the PHP programmer. Just coincidental evidence against particular instances you've encountered make it seem as if it is so. (Anecdotes)
My list wasn't exhaustive, but you can eliminate XSS by scrubbing all your inputs. If the only thing a user can post is plaintext and some bbcode, that's all they'll post.
Another cool one that I'm surprised Myspace hasn't used:
A great way to kill phishers is using the out-bound warning page. Re-code all outbound hyperlinks to a "Warning, this is no longer myspace" page, then allow them to click the url.
As a programmer, I probably couldn't do what a heart surgeon would do. But as a programmer, I can do what programmers do. Part of my job is security. Some times its tedious, sometimes I miss things. But it's not magic or voodoo. And I believe the heart surgeon doesn't beleve what he does is voodoo either.
Things like this always surprise me when I hear them.
Making a secure PHP web app is not that hard.
-Make sure to keep globals off (or initialize all variables before using them.
-Sanitize all inputs before getting to the database.
-Always sanitize user-inputted data before displaying it on screen (strip_tags)
-Check permissions on every page. (Make sure I can't change id=17 to id=18 and see things I shouldn't.)
And so on...
Honestly, it's not some mysterious voodoo, it's very basic procedures (like these) that all programmers should get in the habit of doing, no matter what language you use.
Not only any phone browser, but No phone neccessary. You could just log on with your computer.
The only complaint I have about your site, Kenn, is that your links are not underlined and is therefore confusing. People shouldn't have to wander about your site with their mouse looking for mystery navigation.
Aside from that, congrats!
Your ideas intrigue me. I would like to subscribe to your newsletter.
Not as bad as the first and third movie, though. Better than the second.
So you're saying it's the best of the 4?
As a current NH resident, I must disagree with this sentiment. MASS drivers are horrible. It's easy to spot them, especially when they're in NH- they stand out like a sore thumb.
A trip down 93 to Boston on any given day will show just how non-nonchalant everybody in MA is about horrible driving. There's always a few people pulled over, but nobody slows down below 80 near cops. Accidents are common, (although usually minor), but it seems in a non-fault state such as MA, it's all in a day's commute.
New Hampshire drivers aren't that bad, but NH is a dangerous place to drive, thanks to all the massholes. GO HOME MASSHOLES!
Self Censoring Web servers! Automatically removes all politically sensitive info for you! This will catch on quick, I bet!
I'm not sure if I'm playing into a woosh moment, but paypal has a free "secure card" service that generates such one-time-use credit card numbers..
Paypal introduces secure cards
I agree. I have customers who misquote me all the time when I'm giving them a pitch of sorts. If they don't like the way things turned out, they always lie about what I said.
Of course, where I work, our phone system is recorded (and disclosed as such). I usually apologize for the misunderstanding and offer to have the customer come to my office and review the phone logs with me if they truely believe that I've changed a price or my story. They usually back down at that point.
The problem is, people get angry, and often times it's their own ignorance that sets them up... "What? I never approved $200! That's ridiculous!"
They'll spend a fair amount of time griping to friends and family about how we agreed on a different price, and that those guys are up to no good. It's easy to twist the facts when you're defensive. Especially when they think it's a my-word-against-his ordeal.
But the recording always says differently.
Maybe national inflation is only .09%, but 'round these parts (north east boston area) the average cost of things has gone up considerably. I'm not making (much) more money, but I'm paying twice the price for groceries than I did 3 years ago. Resturants have all increased their prices- I'm paying around $10 more per meal. Even Mc Donalds got rid of their dollar menu.
Inflation seems pretty real to me here.
If the man is abusive, he usually loses custody.. So, yeah, stay off the phone ladies. If you're really itching to call somebody, call me. ;)
They don't have a stake in music hardware, but I'm sure they see how the IPOD and ITUNES keep themselves in business.
If I buy ebooks that are DRM'd for kindles only, I'm likely to continue buying kindles in the future.
If I have a kindle, I'm likely to buy kindle formats only.
It's a self-perpetuating loop, which I think amazon very much wants to continue.
It downgrades video quality if your videocard or monitor isn't HDCP compatible?
I keep hearing this, and honest question- how can I tell when this happens? Is there a test file I can download and try that won't work? Is there a set of circumstances that I can replicate? I keep hearing all this DRM built into windows, but it's never actually affected me...
This is clearly the only reasonable solution to this quandary.
You can't space-shift a DRM laiden product, because that requires breaking the encryption, which is against the DMCA.
Do you hear the sound of the words echo through your head as you read words, like me? Well, as the copyright owner of this comment, I forbid such usage- and deny you the ablity to read this comment out loud to your friends either.
Seriously though, despite this being a rediculous idea, what is the Authors' Guild actually trying to do here?
I mean, if anybody is really pushing to create more copyright holder rights, it's Amazon and the Kindle. Let's review...
-The right to not let my friends borrow my book when I'm finished reading it? Check.
-The right to not resell my book on the used books market when I'm done? Check.
-The right to having access to my books revoked on a whim if my provider goes out of business, or *gasp* decides it's not a profitable market (MSN Music, I'm looking at you)? Check.
With all these rights landgrabs that Amazon is making with their digital books on Amazon (and heck, digital media in general), I'd assumed they were colluding with the Author's Guild. I mean, if nobody can share your books, and nobody can help spread the buzz surrounding your great ideas or fiction... that means you'll make more sales... right?
To hell with all of them. I'll read quietly, or out loud when ever I please. And just for being assholes, I'm going to pirate the next book published by a guild author. And I'm going to listen to Microsoft Sam read it to me. And I'm going to pretend to like it.
8mb?? Where?? I'll take it!