You know, I would agree with you *if* Linux had not shot itself in the foot by making it nearly impossible for hardware vendors to write drivers that work across kernels. But by removing any guarantee that a binary driver written today will work tomorrow, Linux has made closed source hardware almost impossible to support. Therefore adoption of Linux is blocked until the hardware industry itself adopts open source which may well be *never*.
So say goodbye to your dreams of an open source world until the zealots ruling Linux development overcome their insane religious beliefs and start allowing a small hint of practicality into their world.
> The real solution is for sites using AJAX to get away from this habit of requiring hundreds of kilobytes of scrip just to visit the home page.
Good AJAX libraries support this out of the box (YUI certainly does). Just download the minimal YUI Loader in your main page and then all your other code just has to wrap it in a call to the YUI loader to load the needed YUI modules on the fly. I'm sure other libraries are doing this too.
As many others have noted, though, when the library is cached it's still often preferable to just take the hit to load everything in 1 http transaction. Gzipped, minimized javascript is very small, probably far less than all the flash or image data you already are splurging onto the user's page.
I agree though that sites need to get out of the habit of just dumping tags in the header to load everything and start using these techniques (at least put them at the foot of the page instead of the head!).
> It would be nice if they provided a way to export my health information to their CCR/G format so I could save it locally.
Agree - I was turned off by this service the moment I saw that it has no export facility. None whatsoever - unbelievable! You can't even print the freakin thing. How is this supposed to be useful if I want to take it along to my doctor? As far as I can tell, if you want your data back after giving it all to Google you're going to have to "link up" with one of the 3rd party providers, which I hope at least one of will let me *print*, but who I trust even less than Google.
It's the same old game as we've had with IM and email and you name it - they take your data, create a walled garden and then fight like hell to stop you ever being able to escape their little prison. As soon as you see that in a service, you know they do not have your best interests at heart.
> When driven safely, there's nothing wrong with a ford pinto.
That's exactly my point. The inexperienced driver is unable to drive safely. Therefore it is especially important that they do not drive a vehicle which explodes on impact.
Re: your note about 'default' - yes, in the context I was writing I consider the first to be the "default". I understand that wouldn't apply to all contexts. But I don't think you can so readily separate the language and the community. Yes the tutorials could teach one of the more correct ways to do it - but it's much harder. It means people have to know all about what escaping is and when to apply it, or they have to install and grok PDO which their hosting provider might not even have. So they start with the easiest way. In other languages the easiest way is likely to be the (more) secure way.
NB: I assume you meant mysql_real_escape_string rather than mysql_real_escape_quote, but in case not... make sure you're escaping much more than quote's in your database input;-)
> Name a language that can be used for web development that isn't dangerous in the hands of inexperienced developers.
Why? Nothing I said assumes or even implies there is such a language.
Can you name a car that's not dangerous in the hands of an inexperienced driver? Does that mean you would recommend inexperienced drivers learn to drive in Ford Pintos?
> but that doesn't magically make the language crap in the hands of more experienced developers.
No, it makes the language total crap.
* In the hands of inexperienced developers, (it's primary user base), it's horrible because almost everything you do the default way is insecure.
* In the hands of experienced developers it's missing all kinds features that nearly any serious application needs.
The segment of people for which the language is not crap is really very small.
> Make my own cables, understand multimeters, perhaps assemble a simple robot or two
I had to chuckle when you jump from how to make a cable and understand your multimeter to building a robot in one sentence. That's like saying "I'd like to climb that small mound of dirt in the sand pit, maybe figure out how to use the slide, perhaps climb mt everest a couple of times".
This has all the hallmarks of a classic PR maneuver - Sun wants to figure out how they can extract more $$ from the high end users of MySQL. They need to find out how the market will react if they start selling closed source MySQL extensions without committing themselves if it goes horribly wrong. So they sprinkle some unsubtantiated vague rumours around and look for the reaction. The reaction was: PostgreSQL. So now they can kill the whole idea with minimal losses and try their next plan for how to "monetize" MySQL some more without pissing off their entire user base and killing the golden goose.
I don't believe for a second that things like this are an accident. These folks are far too smooth to just accidently let this kind of thing drop and run for a week.
What makes you think they are going out of business?
Seriously, they are making $500m / yr on $2billion revenue. They are #1 in web email, they have several sites in the top 10 most visited sites on the internet.
They may not be sexy right now, but this idea that they have *nothing* and are just going out of business is completely bananas.
Yep. My ipod touch also came with Weather and Stocks delivered from Yahoo (including liberal sprinklings of Yahoo logos). They were very much dealt into the iPhone.
Your highly modded recommendation is really an incredibly stupid thing to do.
The minute you have lied to the customs officer by giving the incorrect password you have basically committed an offense and could be liable for any kind of penalty or refusal of entry.
The chances are extremely good that if they aren't already, these officers will be trained specifically to look for encrypted partitions and when found to immediately check for telltale signs that a hidden volume may be present. A person lying about the presence of such a hidden volume will be automatically designated as a threat. And just one such a designation will last you a life time and may even be communicated internationally making your life quite difficult thereafter.
Bottom line: do not assume people are / always will be idiots. Tell the truth.
My guess - most of the big players are more than happy to watch PayPal as an experiment and only come in when most of the risk has been eliminated through experience by PayPal. A good example is the long running battle that PayPal has faced not to be considered a bank and therefore under (quite burdensome) banking laws.
Other services do exist - Google Checkout, Amazon DevPay - but they seem like they are deliberately constrained. Perhaps they are waiting in the wings for a future battle that no side wants to initiate right now.
I've shown people photos on my iPod Touch and had them ask "Oh, could I get copies of those" and the answer is, of course, "no, Steve wouldn't like that, and I only do what Steve would like".
As a technologist there's something inherently evil to me about deliberately crippling a product to further your own ends (which basically translates to making money). It's akin to a doctor deliberately failing to treat all of an illness so that you keep coming back.
My anecdotal experience is that this problem is fixed (or vastly improved).
I used to drop back to IE to look at certain web sites where I would open many tabs containing flash, because FF would simply lock up entirely if I opened 4 new simultaneous tabs.
FF3 Beta 4 does not seem to have this problem at all.
I'm not saying it's not fair commercially - I'm sure hosting your app at the apple's store is by far the best thing to do if you want to make money from it.
What I am saying though is that you should not HAVE to host it there - freedom is more important than that. If Microsoft made a kick-ass software download site but then locked windows to only install software from that site would you be full of praise for what a reasonable deal it was or complaining about your lack of freedom in going elsewhere?
You have completely the wrong focus here.
Hire someone with a broad range of experience across multiple platforms, languages and a generally open mind.
Then ask them to help evaluate the system and whether you should migrate off it or not.
You should stop being such a weak minded sheep and start using designs that don't involve all the crud. There's plenty of the java community who do likewise. With the ability to drop into more dynamic languages at will (jython, jruby, rhino-javascript) it's just about the best of all worlds these days.
Lockin by a monopoloy is never ever fair. You'd think slashdot would have learned that by now but then it looks like most of slashdot dispensed with critical thinking skills a long time ago.
Not to disagree, but do have a look at YUI's file upload control which is (yes evil) flash based, but very nice and at least cross platform and not some evil activex control.
It should be unnecessary for any site to be shoving activex controls down your throat to do decent file uploading.
The censorship tag is appropriate. This idea is the thin end of an extremely dangerous wedge. It sets up all the machinery necessary for censorship - an Australia wide filter that enables complete government control of what is accessible via the internet. Once this technological step is in place it's a very small step to make it non-optional for certain kinds of content (after all, why *should* people be able to "opt in" to view child pornography or "terrism" websites?). From there - it's purely a matter of policy to include political parties, activist groups, religious affiliated sites or a myriad of other categories that are more subtle but just as dangerous.
Absolute power corrupts absolutely, and the absolute power of control of this facility will most certainly be abused in the future by governments that may have vastly different ideologies than the current relatively benign one. The price of freedom really is eternal vigilance and that vigilance includes rejecting idiotic, boneheaded, pointless freedom-reducing notions such as country-wide internet filters.
I really don't care what comes standard with my notebook, but I do care very much about how much I can expand it to later on.
According to my recent enquiry to Dell they do not have a single notebook that will take more than 4 Gig RAM. Not even with 64bit vista can you order a notebook with more than 4 Gig. So now is the standard also going to be the maximum or will I finally be able to get enough RAM to reasonably run all the VM's I want at once?
Slashdot Mirror
You know, I would agree with you *if* Linux had not shot itself in the foot by making it nearly impossible for hardware vendors to write drivers that work across kernels. But by removing any guarantee that a binary driver written today will work tomorrow, Linux has made closed source hardware almost impossible to support. Therefore adoption of Linux is blocked until the hardware industry itself adopts open source which may well be *never*.
So say goodbye to your dreams of an open source world until the zealots ruling Linux development overcome their insane religious beliefs and start allowing a small hint of practicality into their world.
Why would they try to "affect" better communication when they could actually put it into effect instead?
> The real solution is for sites using AJAX to get away from this habit of requiring hundreds of kilobytes of scrip just to visit the home page.
Good AJAX libraries support this out of the box (YUI certainly does). Just download the minimal YUI Loader in your main page and then all your other code just has to wrap it in a call to the YUI loader to load the needed YUI modules on the fly. I'm sure other libraries are doing this too.
As many others have noted, though, when the library is cached it's still often preferable to just take the hit to load everything in 1 http transaction. Gzipped, minimized javascript is very small, probably far less than all the flash or image data you already are splurging onto the user's page.
I agree though that sites need to get out of the habit of just dumping tags in the header to load everything and start using these techniques (at least put them at the foot of the page instead of the head!).
> It would be nice if they provided a way to export my health information to their CCR/G format so I could save it locally.
Agree - I was turned off by this service the moment I saw that it has no export facility. None whatsoever - unbelievable! You can't even print the freakin thing. How is this supposed to be useful if I want to take it along to my doctor? As far as I can tell, if you want your data back after giving it all to Google you're going to have to "link up" with one of the 3rd party providers, which I hope at least one of will let me *print*, but who I trust even less than Google.
It's the same old game as we've had with IM and email and you name it - they take your data, create a walled garden and then fight like hell to stop you ever being able to escape their little prison. As soon as you see that in a service, you know they do not have your best interests at heart.
> When driven safely, there's nothing wrong with a ford pinto.
... make sure you're escaping much more than quote's in your database input ;-)
That's exactly my point. The inexperienced driver is unable to drive safely. Therefore it is especially important that they do not drive a vehicle which explodes on impact.
Re: your note about 'default' - yes, in the context I was writing I consider the first to be the "default". I understand that wouldn't apply to all contexts. But I don't think you can so readily separate the language and the community. Yes the tutorials could teach one of the more correct ways to do it - but it's much harder. It means people have to know all about what escaping is and when to apply it, or they have to install and grok PDO which their hosting provider might not even have. So they start with the easiest way. In other languages the easiest way is likely to be the (more) secure way.
NB: I assume you meant mysql_real_escape_string rather than mysql_real_escape_quote, but in case not
Cheers,
Simon.
> Name a language that can be used for web development that isn't dangerous in the hands of inexperienced developers.
Why? Nothing I said assumes or even implies there is such a language.
Can you name a car that's not dangerous in the hands of an inexperienced driver? Does that mean you would recommend inexperienced drivers learn to drive in Ford Pintos?
No, it makes the language total crap.
* In the hands of inexperienced developers, (it's primary user base), it's horrible because almost everything you do the default way is insecure.* In the hands of experienced developers it's missing all kinds features that nearly any serious application needs.
The segment of people for which the language is not crap is really very small.
I had to chuckle when you jump from how to make a cable and understand your multimeter to building a robot in one sentence. That's like saying "I'd like to climb that small mound of dirt in the sand pit, maybe figure out how to use the slide, perhaps climb mt everest a couple of times".
This has all the hallmarks of a classic PR maneuver - Sun wants to figure out how they can extract more $$ from the high end users of MySQL. They need to find out how the market will react if they start selling closed source MySQL extensions without committing themselves if it goes horribly wrong. So they sprinkle some unsubtantiated vague rumours around and look for the reaction. The reaction was: PostgreSQL. So now they can kill the whole idea with minimal losses and try their next plan for how to "monetize" MySQL some more without pissing off their entire user base and killing the golden goose.
I don't believe for a second that things like this are an accident. These folks are far too smooth to just accidently let this kind of thing drop and run for a week.
Seriously, they are making $500m / yr on $2billion revenue. They are #1 in web email, they have several sites in the top 10 most visited sites on the internet.
They may not be sexy right now, but this idea that they have *nothing* and are just going out of business is completely bananas.
Yep. My ipod touch also came with Weather and Stocks delivered from Yahoo (including liberal sprinklings of Yahoo logos). They were very much dealt into the iPhone.
Your highly modded recommendation is really an incredibly stupid thing to do.
The minute you have lied to the customs officer by giving the incorrect password you have basically committed an offense and could be liable for any kind of penalty or refusal of entry.
The chances are extremely good that if they aren't already, these officers will be trained specifically to look for encrypted partitions and when found to immediately check for telltale signs that a hidden volume may be present. A person lying about the presence of such a hidden volume will be automatically designated as a threat. And just one such a designation will last you a life time and may even be communicated internationally making your life quite difficult thereafter.
Bottom line: do not assume people are / always will be idiots. Tell the truth.
My guess - most of the big players are more than happy to watch PayPal as an experiment and only come in when most of the risk has been eliminated through experience by PayPal. A good example is the long running battle that PayPal has faced not to be considered a bank and therefore under (quite burdensome) banking laws.
Other services do exist - Google Checkout, Amazon DevPay - but they seem like they are deliberately constrained. Perhaps they are waiting in the wings for a future battle that no side wants to initiate right now.
I've shown people photos on my iPod Touch and had them ask "Oh, could I get copies of those" and the answer is, of course, "no, Steve wouldn't like that, and I only do what Steve would like". As a technologist there's something inherently evil to me about deliberately crippling a product to further your own ends (which basically translates to making money). It's akin to a doctor deliberately failing to treat all of an illness so that you keep coming back.
My anecdotal experience is that this problem is fixed (or vastly improved).
I used to drop back to IE to look at certain web sites where I would open many tabs containing flash, because FF would simply lock up entirely if I opened 4 new simultaneous tabs.
FF3 Beta 4 does not seem to have this problem at all.
I'm not saying it's not fair commercially - I'm sure hosting your app at the apple's store is by far the best thing to do if you want to make money from it. What I am saying though is that you should not HAVE to host it there - freedom is more important than that. If Microsoft made a kick-ass software download site but then locked windows to only install software from that site would you be full of praise for what a reasonable deal it was or complaining about your lack of freedom in going elsewhere?
You have completely the wrong focus here. Hire someone with a broad range of experience across multiple platforms, languages and a generally open mind. Then ask them to help evaluate the system and whether you should migrate off it or not.
You should stop being such a weak minded sheep and start using designs that don't involve all the crud. There's plenty of the java community who do likewise. With the ability to drop into more dynamic languages at will (jython, jruby, rhino-javascript) it's just about the best of all worlds these days.
Lockin by a monopoloy is never ever fair. You'd think slashdot would have learned that by now but then it looks like most of slashdot dispensed with critical thinking skills a long time ago.
Not to disagree, but do have a look at YUI's file upload control which is (yes evil) flash based, but very nice and at least cross platform and not some evil activex control. It should be unnecessary for any site to be shoving activex controls down your throat to do decent file uploading.
The censorship tag is appropriate. This idea is the thin end of an extremely dangerous wedge. It sets up all the machinery necessary for censorship - an Australia wide filter that enables complete government control of what is accessible via the internet. Once this technological step is in place it's a very small step to make it non-optional for certain kinds of content (after all, why *should* people be able to "opt in" to view child pornography or "terrism" websites?). From there - it's purely a matter of policy to include political parties, activist groups, religious affiliated sites or a myriad of other categories that are more subtle but just as dangerous.
Absolute power corrupts absolutely, and the absolute power of control of this facility will most certainly be abused in the future by governments that may have vastly different ideologies than the current relatively benign one. The price of freedom really is eternal vigilance and that vigilance includes rejecting idiotic, boneheaded, pointless freedom-reducing notions such as country-wide internet filters.
I really don't care what comes standard with my notebook, but I do care very much about how much I can expand it to later on.
According to my recent enquiry to Dell they do not have a single notebook that will take more than 4 Gig RAM. Not even with 64bit vista can you order a notebook with more than 4 Gig. So now is the standard also going to be the maximum or will I finally be able to get enough RAM to reasonably run all the VM's I want at once?