Now a judge has decided that sharing between users for no profit via P2P doesn't breach copyright laws and sites should be presumed innocent until proved otherwise
Thank you, captain obvious. It's nothing new. It has always been like that, and worldwide.
I wonder why people believe this is not true. Misinformation spread by RIAA and its friends perhaps?
virtualbox is pretty nifty but inside a JVM is pretty impressive from a engineering point of view
I don't see how this is impressive at all, I've written several emulators myself, it's pretty easy stuff.
Also, it seems you're confusing virtualization and emulation, which are totally different things. Emulation: instructions are interpreted (or JIT-compiled), as if they were a programming language Virtualization: instructions run directly on the machine, either being patched to reroute some stuff elsewhere or being managed by a hardware supervisor that is basically a super MMU.
I do however disagree with you that it's a "a real struggle" to find a decent WRPG lately and that good JRPGs are everywhere and that they contain more content. Recent, excellent WRPGs that I would point to are Mass Effect, Fallout 3 and The Witcher, all of which are pushing combat for the modern WRPG into something more real-time.
Two of those games are already two years old, actually, which doesn't make them games I meant when I said I were playing "these days". I never played The Witcher though, I might give it a go.
to be certain there are more JRPGs out there, but I find many of them to be somewhere in the middle, I enjoyed them, but they weren't incredible. Modern WRPGs tend to be less common now, but higher in overall quality when released.
I'm a believer that quality comes from diversity. On the WRPG market, there is basically only Bioware and Bethesda, and that's a bad thing. Lionhead's Fable 2 was also a commercial success and brings the company into the game, albeit a slightly different one.
I guess this is becoming a bit the case with JRPGs as well unfortunately, with Square Enix gaining control over everything (but is that more like what EA is doing?). Anyway there are still quite a few other works, mostly tactics though.
Modern WRPGs tend to be less common now, but higher in overall quality when released. As far as content, JRPGs tend to have a lot of content for 1-2 playthroughs (usually 1, realistically), you play through once and find all the nooks and crannies, "finish" the game and maybe playthrough every great while to experience the story again. WRPGs tend to focus on multiple playthroughs, it's impossible in most for you to experience everything the game has to offer in one playthrough as one type of character, you have to go through multiple times and that's where the content really shines.
I usually just play a single playthrough, but I make sure I do all side quests and crafting whenever they become available (for quite a few games, the side quests are sometimes more interesting and certainly more challenging than the main one). I use websites such as gamefaqs to ensure I haven't missed anything. I judge the content by the time I played the game. For WRPGs, it is usually under 100 hours, while it is not that unusual for JRPGs to reach 200. (Note that I'm not especially fast, I like taking my time.) Of course, for most RPGs, if you just stick to the main quest, which is unfortunately often quite easy and takes little time to complete, you're missing everything.
This article seems to have quite a bias towards "western" computer role-playing games (even the naming, CRPG vs JRPG, makes this obvious). The quality of the comments for JPRGs is much poorer, and it really feels like the WRPGs are more noble in the eyes of the author, even though these days it's a real struggle finding a decent WRPG while there are very good JRPGs everywhere (which are actually challenging and well-balanced, unlike most western ones, and contain much more content), which have also much more titles, are more popular, sell more, etc.
Why the hell he even tries to compare everything back to D&D as the True Source of Origin is beyond me.
It was said the legacy of Tales was poor, even though Star Ocean is a rather big one IMO. Putting Zelda while discussing Tales is also nothing more but a joke.
Time to travel is part of war campaigns. Plan in advance and strategize.
If the game doesn't require meaningful input for 30 minutes, the game would have been more fun without those 30 minutes.
For those 30 minutes, you don't play, so that's irrelevant.
See games like ogame.org for example. You launch your army at someone, it takes hours for it to arrive, meanwhile you stop playing and go live your life.
If it is more interesting to have a bot play instead of you all the time, then the game simply sucks. Moreover, if farming is required, the game sucks even more.
Suddenly people stop playing because they can't farm anywhere near as fast as people with more subscriptions...
Since they pay more money, I see no problem with allowing them to control and combine multiple agents of the world. Another possibility would to disallow people to have multiple accounts, but I'm not sure it is really justified.
A better alternative would be automated transportation. You tell the game you want to go to X, and your character starts moving to X on its own and is there 30 minutes later (or whatever time it takes to get there), without requiring your input.
However, since games like world of warcraft are strongly against bots of any kind, it's not likely to come. I say allowing players to run arbitrary bots to automate what can be automated would make MMORPGs much better.
Metric's good for making some calculations by hand, but, any more, the alignment of metric units, like all relations around water to its mass and volume, all don't really hold that accurately any more, and you still need goofy constants.
How could you link mass and volume without a mass-per-volume material-specific constant that also depends on atmospheric pressure and temperature? Magic?
The Windows ABI is cheaper: every relocated symbol in Linux is resolved at runtime by loading the PIC register and going a GOT lookup. Windows avoids PIC code by loading the code at a "known" address and relocating it at startup only if it conflicts with another DLL.
If you find the shared object system slow, you could simply choose not to use it.
Mozilla code runs fastest when 99% of it is compiled for space savings, not "speed". Because of the sheer amount of code involved in a web browser, most of the code will be "cold".
I have never developed applications where codebases are huge enough that optimization ends up causing more cache misses than anything else, to put in perspective what I said earlier. PGO is however supposed to undo such optimizations.
Interestingly, while Mozilla advocates compiling its javascript engine with -Os, Google compiles V8 with -O3 -fomit-frame-pointer (i.e. the usual recommended flags for performance for i386).
The GCC register allocator sucks, at least on register-starved x86
It seems to do better with -fomit-frame-pointer.
We spent a lot of time in Firefox 3 with libxul reducing startup time by making symbols hidden and reducing the number of runtime relocations...
You mean you spent a lot of time duplicating what the "prelink" program does?
Maybe the Intel compiler could be used, but it breaks on anything non-trivial.
No it doesn't. Also, Mozilla uses a subset of C++ that only contains trivial features. (not that it would be a problem, ICC uses the most standard conforming C++ frontend there is)
The hardware acceleration of h264 is nothing more the acceleration of discrete cosine transform. It's basically usable to accelerate any video codec except experimental wavelet stuff.
The rest could be made a lot easier with a static type system where you can create a type HtmlString and offer htmlspecialchars() as the only conversion from String to HtmlString, and only allow instances of HtmlString to be output. Similarly for SQL.
Could be interesting. I guess you could implement that approach in any language with support for user-defined implicit conversions (C++ comes to mind, albeit I've heard Scala does it too).
Now, don't get me wrong. I don't like typing type names all the time.
Typing the types explicitly is only possible for statically typed variables, and PHP is dynamically typed (well, it does allow to add explicit type information, but it's nothing more than a runtime check).
Which is why type inference is for the win. It's a shame it hasn't become popular outside the ML family (ML, OCaml, Haskell, probably others).
Type inference (lambda calculus style) is not really compatible with implicit conversions, if I remember correctly. That is why for example you need to explicit upcast objects in OCaml, for example.
Saying that a user should not be able to put in html is a cop out. As a versed software engineer, you should be completely perfect with parsing data and validating it
I never said it was problematic to implement, I said it was a terrible idea from an usability point of view, and this was between parentheses, which shows it was nothing more than a side note. Can't you read at all? I said that if you wanted to allow this, you should parse, which you should do anyway if you used a different input format than HTML.
Creating your own language (bbcode or wiki-code) defeats the purpose of the standards that are out there (HTML), especially to the extent that a CMS needs.
I find HTML, just like XML, totally ill-suited to content writing using a plain-text medium, and I'm not alone. ReST and wiki-like syntaxes are so much more practical. To write documentation, for example, I use Quickbook which is basically Docbook (XML) with a wiki-like syntax, and it is really much more comfortable. I also write my emails, messages to Usenet, mailing lists, etc. in plain text using wiki-like syntax that some user agents know how to render and that degrade gracefully if they don't.
Even LaTeX is much nicer to use than XML.
Well, you attempted to fix your problem in this response but my first statement is correct. mysql_escape_string does have some problems. You have to use mysql_real_escape_string to be sure if you are inserting binary data into the database as there can be potential injection attacks done otherwise.
I said mysql_escape_string like I could have said sqlite_escape_string or your_rdbms_escape_string. The actual function name matters little.
If you think that most PHP developers are extremely bad, I think that you need to look around at all developers. You find really bad code in all languages
In my experience, the average C++ programmer is very bad. Yet he is way better than the average Java programmer, which is in turn way better than the average PHP programmer. It seems that the more the language requires skill to use, the more the actual average programmer is skilled (this is obviously a big generalization).
As a matter of fact, I doubt the average PHP programmer is able to parse some data according to some grammar (PHP doesn't even have built-in support for lex/yacc-like functionality, so it does not make it any easier). If the average PHP programmer even understands PCRE, he's above average. (as a matter of fact, a lot of PHP applications implement parsers using them, even when they're totally ill-suited and far from asymptotically optimal -- a potential justification is that PHP is so slow it's much faster to rely on an engine coded in C anyway)
I think that you are sadly mistaken, especially if you think this "Web 2.0" thing is a hype
It's a new name for a concept that is not new at all, the web has always been like this, people are just rediscovering it. Hence it is nothing more than a buzz.
Unfortunately you are incorrect at how easy it is to prevent these issues
Sure it is easy to circumvent XSS, I just gave a way that always works. I never said that way covered all uses you may want to do of your input, however. Indeed, if you want to treat your input as a HTML fragment to include verbatim into your document (which in my opinion, is a terrible idea, just look at how annoying that is on slashdot, this messed up my message elsewhere in this thread because I naively wrote & instead of & -- but why not), you must ensure that the code, when included into your document, may only lead to 100% valid HTML and that it may not contain certain "harmful" facilities of HTML (i.e. JavaScript that gets access to cookies and forwards the session information contained in them to an external server which in turns exploits any account reading the page). This is no different that if you used a wiki-like or bbcode-syntax, which is what I'd call a saner approach for text-based content management. You have a given format in entry, you must parse it, validate it, and convert it if relevant, in order to enforce the conditions your output has to validate.
Furthermore, mysql_escape_char is not the industry preferred method of preventing MySQL injection attacks as it still allows some to occur
No, it doesn't allow any to occur. Of course, using libraries that generate the query for you and do the necessary conversions is easier, but that is irrelevant. Yes I know of PDO, I actually implemented similar tools (well, it was more similar to PEAR::MDB2, but you get the point) way before it made it to PHP, like any sane programmer used back then. Concatenating string literals and results of mysql_(real_)?escape_char directly isn't really what I'd call maintainable.
I consider myself a PHP developer (amongst other languages) and take offense to that;)
I'm afraid you'll have to live with it. The fact that most PHP developers are extremely bad is a mere fact, inherently giving bad reputation to that language (which isn't really unmotivated, the language did take quite a few bad design decisions in the first place), and even to the whole field of web development to an extent. I know of several businesses that purposely chose J2EE in order to cater to more serious developers, for example.
Thankfully thanks to the Web 2.0 hype, you should still be able to find jobs without any real issue.
Suppose a user is able to insert 0xC0 in your output. IE 6 will interpret this byte as the start of a multibyte character, effectively swallowing subsequent characters (eg a quote) and allowing the user to escape the attribute context.
Good point. I suppose that is why htmlspecialchars actually takes a character encoding argument. That way it will check the input string is valid UTF-8.
My bad, I relied on some properties of UTF-8 which only hold if the string is in valid UTF-8, which is certainly not guaranteed.
Thank you, captain obvious.
It's nothing new. It has always been like that, and worldwide.
I wonder why people believe this is not true. Misinformation spread by RIAA and its friends perhaps?
My bad, I thought this was some kind of self-balancing tree.
I don't see how this is impressive at all, I've written several emulators myself, it's pretty easy stuff.
Also, it seems you're confusing virtualization and emulation, which are totally different things.
Emulation: instructions are interpreted (or JIT-compiled), as if they were a programming language
Virtualization: instructions run directly on the machine, either being patched to reroute some stuff elsewhere or being managed by a hardware supervisor that is basically a super MMU.
Zomg, logarithmic complexity to update a tree! What a tradeoff...
I really hate SQL. It failed at being a natural language search tool for business people. Others think this too: The Third Manifesto
Business people shouldn't be programming.
Also, what your link does is say SQL is inappropriate with Object Oriented Programming. Maybe the problem is OOP, actually, that is inappropriate.
Why it lags is funnily enough because they're using a file-based RDBMS instead of a server.
Indeed, what causes the lag is the constant disk locking and syncing, which isn't needed with a client/server architecture.
I filed a bug to request allowing to toggle between SQLite and other RDBMS but was refused.
There are even several states where non-vaginal sex is prohibited. Now, whether those laws are actually enforced is a different thing.
Two of those games are already two years old, actually, which doesn't make them games I meant when I said I were playing "these days".
I never played The Witcher though, I might give it a go.
I'm a believer that quality comes from diversity. On the WRPG market, there is basically only Bioware and Bethesda, and that's a bad thing. Lionhead's Fable 2 was also a commercial success and brings the company into the game, albeit a slightly different one.
I guess this is becoming a bit the case with JRPGs as well unfortunately, with Square Enix gaining control over everything (but is that more like what EA is doing?). Anyway there are still quite a few other works, mostly tactics though.
I usually just play a single playthrough, but I make sure I do all side quests and crafting whenever they become available (for quite a few games, the side quests are sometimes more interesting and certainly more challenging than the main one). I use websites such as gamefaqs to ensure I haven't missed anything.
I judge the content by the time I played the game. For WRPGs, it is usually under 100 hours, while it is not that unusual for JRPGs to reach 200. (Note that I'm not especially fast, I like taking my time.)
Of course, for most RPGs, if you just stick to the main quest, which is unfortunately often quite easy and takes little time to complete, you're missing everything.
This article seems to have quite a bias towards "western" computer role-playing games (even the naming, CRPG vs JRPG, makes this obvious).
The quality of the comments for JPRGs is much poorer, and it really feels like the WRPGs are more noble in the eyes of the author, even though these days it's a real struggle finding a decent WRPG while there are very good JRPGs everywhere (which are actually challenging and well-balanced, unlike most western ones, and contain much more content), which have also much more titles, are more popular, sell more, etc.
Why the hell he even tries to compare everything back to D&D as the True Source of Origin is beyond me.
It was said the legacy of Tales was poor, even though Star Ocean is a rather big one IMO.
Putting Zelda while discussing Tales is also nothing more but a joke.
It also lacks mention of quite of few other important JRPGs (and a few western ones as well) while too many similar games are mentioned.
Furthermore, it puts too much credit on Pokémon which is nothing more than a copy/paste of classics.
Time to travel is part of war campaigns.
Plan in advance and strategize.
For those 30 minutes, you don't play, so that's irrelevant.
See games like ogame.org for example. You launch your army at someone, it takes hours for it to arrive, meanwhile you stop playing and go live your life.
If it is more interesting to have a bot play instead of you all the time, then the game simply sucks.
Moreover, if farming is required, the game sucks even more.
Since they pay more money, I see no problem with allowing them to control and combine multiple agents of the world.
Another possibility would to disallow people to have multiple accounts, but I'm not sure it is really justified.
A better alternative would be automated transportation.
You tell the game you want to go to X, and your character starts moving to X on its own and is there 30 minutes later (or whatever time it takes to get there), without requiring your input.
However, since games like world of warcraft are strongly against bots of any kind, it's not likely to come.
I say allowing players to run arbitrary bots to automate what can be automated would make MMORPGs much better.
It is perfectly legal to do whatever you fucking want with an electronic device you own, at least in most countries.
I meant "And 1 kg of water = 0.001 m^3 is only [...]" of course.
Liters are not part of SI.
The SI unit for volume is m^3.
And 1 kg of water = 10 m^3 is only true for certain atmospheric pressure and temperature parameters.
I also fail to see how your answer is relevant.
How could you link mass and volume without a mass-per-volume material-specific constant that also depends on atmospheric pressure and temperature?
Magic?
If you find the shared object system slow, you could simply choose not to use it.
I have never developed applications where codebases are huge enough that optimization ends up causing more cache misses than anything else, to put in perspective what I said earlier. PGO is however supposed to undo such optimizations.
Interestingly, while Mozilla advocates compiling its javascript engine with -Os, Google compiles V8 with -O3 -fomit-frame-pointer (i.e. the usual recommended flags for performance for i386).
It seems to do better with -fomit-frame-pointer.
You mean you spent a lot of time duplicating what the "prelink" program does?
No it doesn't.
Also, Mozilla uses a subset of C++ that only contains trivial features. (not that it would be a problem, ICC uses the most standard conforming C++ frontend there is)
This is a myth.
I have barely ever noticed a performance increase when comparing code compiled with equivalent options on GCC, ICC and MSVC.
Quite the contrary, GCC is faster more often than you'd think.
The hardware acceleration of h264 is nothing more the acceleration of discrete cosine transform.
It's basically usable to accelerate any video codec except experimental wavelet stuff.
Could be interesting.
I guess you could implement that approach in any language with support for user-defined implicit conversions (C++ comes to mind, albeit I've heard Scala does it too).
Typing the types explicitly is only possible for statically typed variables, and PHP is dynamically typed (well, it does allow to add explicit type information, but it's nothing more than a runtime check).
Type inference (lambda calculus style) is not really compatible with implicit conversions, if I remember correctly.
That is why for example you need to explicit upcast objects in OCaml, for example.
I never said it was problematic to implement, I said it was a terrible idea from an usability point of view, and this was between parentheses, which shows it was nothing more than a side note.
Can't you read at all? I said that if you wanted to allow this, you should parse, which you should do anyway if you used a different input format than HTML.
I find HTML, just like XML, totally ill-suited to content writing using a plain-text medium, and I'm not alone.
ReST and wiki-like syntaxes are so much more practical. To write documentation, for example, I use Quickbook which is basically Docbook (XML) with a wiki-like syntax, and it is really much more comfortable.
I also write my emails, messages to Usenet, mailing lists, etc. in plain text using wiki-like syntax that some user agents know how to render and that degrade gracefully if they don't.
Even LaTeX is much nicer to use than XML.
I said mysql_escape_string like I could have said sqlite_escape_string or your_rdbms_escape_string. The actual function name matters little.
In my experience, the average C++ programmer is very bad. Yet he is way better than the average Java programmer, which is in turn way better than the average PHP programmer.
It seems that the more the language requires skill to use, the more the actual average programmer is skilled (this is obviously a big generalization).
As a matter of fact, I doubt the average PHP programmer is able to parse some data according to some grammar (PHP doesn't even have built-in support for lex/yacc-like functionality, so it does not make it any easier).
If the average PHP programmer even understands PCRE, he's above average. (as a matter of fact, a lot of PHP applications implement parsers using them, even when they're totally ill-suited and far from asymptotically optimal -- a potential justification is that PHP is so slow it's much faster to rely on an engine coded in C anyway)
It's a new name for a concept that is not new at all, the web has always been like this, people are just rediscovering it.
Hence it is nothing more than a buzz.
Sure it is easy to circumvent XSS, I just gave a way that always works. I never said that way covered all uses you may want to do of your input, however.
Indeed, if you want to treat your input as a HTML fragment to include verbatim into your document (which in my opinion, is a terrible idea, just look at how annoying that is on slashdot, this messed up my message elsewhere in this thread because I naively wrote & instead of & -- but why not), you must ensure that the code, when included into your document, may only lead to 100% valid HTML and that it may not contain certain "harmful" facilities of HTML (i.e. JavaScript that gets access to cookies and forwards the session information contained in them to an external server which in turns exploits any account reading the page).
This is no different that if you used a wiki-like or bbcode-syntax, which is what I'd call a saner approach for text-based content management. You have a given format in entry, you must parse it, validate it, and convert it if relevant, in order to enforce the conditions your output has to validate.
No, it doesn't allow any to occur.
Of course, using libraries that generate the query for you and do the necessary conversions is easier, but that is irrelevant.
Yes I know of PDO, I actually implemented similar tools (well, it was more similar to PEAR::MDB2, but you get the point) way before it made it to PHP, like any sane programmer used back then. Concatenating string literals and results of mysql_(real_)?escape_char directly isn't really what I'd call maintainable.
I'm afraid you'll have to live with it.
The fact that most PHP developers are extremely bad is a mere fact, inherently giving bad reputation to that language (which isn't really unmotivated, the language did take quite a few bad design decisions in the first place), and even to the whole field of web development to an extent.
I know of several businesses that purposely chose J2EE in order to cater to more serious developers, for example.
Thankfully thanks to the Web 2.0 hype, you should still be able to find jobs without any real issue.
Good point. I suppose that is why htmlspecialchars actually takes a character encoding argument. That way it will check the input string is valid UTF-8.
My bad, I relied on some properties of UTF-8 which only hold if the string is in valid UTF-8, which is certainly not guaranteed.
When will supposedly global companies, especially Internet-based ones, provide global services instead of USA-specific ones?