You want to make extra sure none of that validation that you are offloading onto the client will be security-related. Otherwise someone can just write their own client to spit the form data at you without the validation, and bang - there goes your security.
Ahh, but I think (correct me if I'm wrong) that's the beauty (at least in theory) of XForms. You effectively define a form and a validation schema. The client can then use the validation schema to check the form input is OK before they submit it. Someone wants to hack the form and send invalid data? Fine. But you can then use the same validation schema to check the data on the server end. Better than the old way, which was (a) do all validation server-side, which might mean multiple roundtrips to the server, or (b) write the same validation code twice, once in JavaScript and once in PHP/ASP/whatever.
Fortunately, the word "prove" in that saying is used in an archaic sense with the meaning of "test" and the implication of "find wanting".
Think back to your maths. One counterexample is enough to write off a hypothesis.
Actually, "the exception proves the rule" -- while not standing up as logical to even a moment's thought -- IS actually correct. It's just that it doesn't mean what people think it means, having been distorted over time. It is (caveat: I'm not a linguist or a lawyer) a legal theory, that the presence of a stated exception or exemption proves the presence of a corresponding rule.
Example: if there's a street sign that says "No Parking, 7AM-9AM weekdays" with no other signage, then the legal implication is that you're more than welcome to park there during the other 158 hours of the week. The government can't then turn around and go "hey, we never said you could park there at 11PM! Parking fine for you!", as the presence of the exception proves (well... implies) that there's a rule to be excepted from.
I'm reminded of a quote from British comedian Alexei Sayle, which of course I can't remember, but I'll paraphrase:
The famous Spanish revolutionary 'la Pasionaria' used to say "it is better to die on your feet than live on your knees". That's rubbish. It's better to live on your knees than die in ANY position. I don't want to die at all. In fact, I'd rather spend the rest of my life
face down in a bucket of shit than die even a little bit...
Ahhh, the old slashdot tradition of whacky, unbelievable, totally impossible April Fools' Day stories. I never get tired of them! Every year, Slashdot produce stories so totally ridiculous that...
What? What? What's today's date!?!? Oh dear god no...
Well, not technically true, despite the fact that it's commonly believed to be so. NT is short for 'N-Ten', the codename of the Intel i860 processor on which it was originally intended to run.
Define "Liberal" if you mean it in the small "l" sense then Im right with you but if you mean it as the large "L" then Im sorry I think I will take the next bus.
Oh dear god yes. Damn the 'Liberal' party and their ridiculous nomenclature.
The other thing I would mention is that very rarely do one policy parties get up. Even the greens had to expand from the just the environment before people would start taking them seriously.
Great point. Perhaps an even more sensible idea is to find an existing party which leans towards your views -- the Greens might be a good place to start -- join them, and start influencing their IT and IP policies. From what I've seen of their IT policies, they certainly seem intelligent. That way, you've got the might of a semi-major party behind you, don't have to worry as much about fundraising etc., and can have a real effect on party policy (maybe -- I'm not sure how much the Greens listen to the hoi polloi, but I believe that's one of their big 'selling points')
Look, the idea of a "Liberal Geek" party is a great one, and though it would be difficult to get any real support, it might well be worth a try.
Obviously, you realise that running as a true independent is a long shot to succeed, and hence the idea to form a party. However, a suggestion: if you want to form a party, don't form it around the basis that you'll be the one running for the Senate. A truly democratic and open party can be founded by you, sure, but the members might want someone else among their ranks to run instead. To prove how open and free you are, set up the party, come up with a fair and open party constitution and rules, get some members, and THEN see what happens with preselection.
Anyway, hell: I'd run in Victoria for the party if the party was appropriately set up, with appropriate policies. I'd certainly vote for you (them?).
Breaks alternate MX handling if the top priority mailserver's domain is/becomes unregistered.
There's a hypothetical privacy violation here. Even though the newly-enabled primary MX will not receive any actual email, it will still receive the MAIL FROM and RCPT TO. If you had a dodgy primary MX which has now been 'taken over' by Verisign, they might well be able to log that a message was sent to you from a certain email address.
Knowing that an email was sent from george.w@whitehouse.gov to anonymous.helpline@sexualdysfunction.org, just because of a formerly-non-working primary MX for sexualdysfunction.org, is in itself a privacy violation.
What sort of monetary damages is this action by Verisign incurring for people and businesses everywhere?
I've thrown together some astoundingly rough figures on my personal site. They're not much, but at least it's a number. Anyone who wishes to is welcome to make them more accurate.
I was very conservative in my figures, and came up with something like 2.2 million a day in lost productivity -- and that's not touching on bandwidth etc.
Ten SSL certificates cost you $3000? Rackshack do them for $25 a piece (total of $250).
Yeah, but....
QuickSSL is compatible with Microsoft Internet Explorer(TM) 5.01 and higher and Netscape/AOL Web browsers version 4.51 and higher, comprising an estimated 90% or more of all Web browsers in use today.
Sorry, 90% doesn't cut it for us. For our application, we need IE3+ and NS4.01+. Unfortunately, the 'big players' in SSL either owned the root certs from IE3 and NS4 in the first place, or have since bought them out anyway. Good luck finding IE3/NS4-compatible certs for a low price... (though if you do, let me know).
Email your Thawte rep to explain why you or, better yet, your huge organization:) won't be renewing your certificates with Thawte.
Superb idea, ajks. Have a cookie (or a certificate).
Here's a form-letter version of the email I'm about to shoot off to our rep, the delightful(!) Barbara:
Dear [Thawte Rep Name],
I am an employee (and listed CSO) of [company name], which purchases 128-bit SSL certificates from Thawte. We purchase approximately [x] certificates a year, which works out to approximately $US[y] per year.
As you might be aware, Verisign, parent company of Thawte, has recently introduced a deceptive and misleading practise with regards to DNS resolution of non-existent domains. Any attempt to locate the IP address of a domain which is not registered (www.non-existent-domain.com) will, rather than returning an error message, return the address of a Verisign advertising server.
This practice is not only ethically dubious, it is also something which promises to cause untold headaches for network administrators all over the world, as well as confusion for end-users of the Internet, all purely for the financial benefit of Verisign.
I am not writing this letter to you in an official capacity as representative of my company: however, I wish to advise you that come certificate renewal time, I will be strongly recommending to my company that we change to an alternate SSL certificate provider, rather than Thawte, if this practice of Verisign's is still in place.
As the listed CSO of this company, I strongly expect that my stance will result in the direct and immediate loss of this $US[y] worth of annual business to Thawte.
This is an selfish and narrow-minded move on the part of Verisign, and I have no hesitation in recommending that my company withdraw its business from Thawte.
Kind Regards,
[Your Name], [Your location]
We're a small company: but even in our case, [x] and [y] are are 10 and 3000 respectively. It won't take that many to make a sizeable hole in Thawte's pockets.
VeriSign is doing the correct thing with regards to SMTP.
Indeed. But not as right a thing, surely, as not returning IPs for these non-existent domains anyway.
If nothing else, they're sucking bandwidth. It's not much, surely, but -- OK. We send out an email newsletter at work (legitimate, opt-in, unsubscribable -- calm down) which goes to 200,000+ people. Say 5,000 people have their domain wrong -- htomail.com or something (no idea if that's accurate, but it's probably not massively far off).
As it was, our mail server would do 5000 dns lookups, get 5000 NXDOMAINs, and ignore them. Instead, it does 5000 lookups, gets this address, connects to the mail server, sends a HELO, gets a response, sends a MAIL FROM, gets a response, sents a RCPT TO, gets a 550. That's an extra... what... couple of hundred bytes of network traffic? Say in the order of 1-2 MB for the lot. Down here in expensive-bandwidth-land, that's about 30 cents Australian it costs us. Not much, I know, but even so, it's there. Not to mention the additional load on our servers for trying to send, making port-25 connections, etc, compared to just giving up.
It's not much, but it IS costing us some small amount of bandwidth and some server time. Screw them.
This is the most #@^%ed-up #@#$ of @#*&ing !@%^ that I've ever #$@@ed in my %$#*.
SCOTT CHARNEY: Good morning. So how do you become the Chief Security Strategist of the Microsoft Corporation? Well, I was an English and History major, then I went to law school and my first job was an assistant district attorney in Bronx County, New York doing rapes and murders and robberies.
There are several party-independent mebers of US Congress and many more at the state and local levels. This is a legal impossibility in most Euroepan countries (as well as other democracies around the world, such as Australia).
No party-independent parliamentary members in Australia?
Another natural partnership might have been with Webvan or one of the other grocery-delivery companies -- scan a package when you run out and have it added automatically to your next grocery list.
Oddly enough, an Australian current affairs show ran a story on this very topic last night... shopfast.com.au, an Australian online grocery store, is trialling this very thing. It works more or less exactly as you state above. No idea how effective it would be, as long as the interface was useful and easy to correct (no, I want the 1kg package this week, not the 500g), then it's quite a good idea.
They talk about how easy it is to scan as you throw away the empty packet; however, you probably want to order new toilet paper just BEFORE you use the very last roll up, so you'd need to scan some things before you run out, and then make sure someone else in the house doesn't do the same.
Still, beats spending forever in a supermarket (which, incidentally, is precisely what would have been happening in my personal circle of hell, had Dante written about me, which thankfully he didn't).
I've been frantically googling for the list of names that Homer requested before the judge gave him the only one he spelled correctly. It's episode AABF09 ("Homer to the Max") but none of the databases have the names.
Judge: What name would you prefer? Homer: Any of these will be fine. Judge: Hmm. "Hercules Rockefeller". "Rembrandt Q. Einstein". "Handsome B. Wonderful". Huh, I'm going to give you the only name you spelt correctly. From this day forward, your name shall be... [cut to a shot of Lisa, reading from a sheet of paper on the Simpsons' couch] Lisa: "Max Power"?
I know of one case in Australia where someone tried that. Instead of reading out the question, he first read out keywords to be used on google. Oh and the phone was on speaker phone so it could be heard at the computer.
Oh dear god.
Ummm.. that was me. Seriously.
I was on $16K, going for $32K. I knew the answer to the question before the choices even came up ('what colour flag does a ship fly when it's in a state of quarantine?'). I knew the damn answer: and then spent the next 3 minutes second-guessing myself because it seemed too easy. I threw away a lifeline. Then I tried my 'phone a friend' stunt.
Google couldn't give us a good answer -- and it was all my fault. I used shitty keywords. I mean, I didn't even give them 'colour', because of the "optional 'U'" spelling thing" which I thought might confuse things. Then I panicked, and didn't think to get them to try Google Image search.
I stupidly didn't take the 16K, totally second-guessed myself, gave the wrong answer, and walked out with a measly grand.
Didn't work though. They ran out of time before they could get an answer.
Yep. And not that it counts for shit, but we used the "WWTBAM quiz book" as practise material beforehand; we missed maybe one or two out of twenty or thirty questions, a strike rate I considered good enough. Most of the time in practise, we had the result from google inside 10-15 seconds, let alone 30.
When they say "it's different when you're in the chair", believe me, they're not shitting you. I lost my nerve -- and I've performed well under pressure on game shows before. Eddie McGuire (host of Australian version) is bloody good at what he does: don't let anyone tell you otherwise.
ok, explain to me how you can have postive cash flow (over time) and be unprofitable?
Buy 10 widgets a month from your supplier at $1100/pop. Put them on your account.
Sell 10 widgets a month for $1000/pop, cash only.
????
LOSS!!!
You're taking in $10K a month cash, with no cash outflows = $10K/month positive cash flow. You're racking up $11K a month in expenses though, which is a $1K/month loss. You're just letting debt build up, rather than cash reserves go down.
(incidentally, three years ago, you could have IPOd on that business plan)
Slashdot Mirror
Ahh, but I think (correct me if I'm wrong) that's the beauty (at least in theory) of XForms. You effectively define a form and a validation schema. The client can then use the validation schema to check the form input is OK before they submit it. Someone wants to hack the form and send invalid data? Fine. But you can then use the same validation schema to check the data on the server end. Better than the old way, which was (a) do all validation server-side, which might mean multiple roundtrips to the server, or (b) write the same validation code twice, once in JavaScript and once in PHP/ASP/whatever.
Actually, "the exception proves the rule" -- while not standing up as logical to even a moment's thought -- IS actually correct. It's just that it doesn't mean what people think it means, having been distorted over time. It is (caveat: I'm not a linguist or a lawyer) a legal theory, that the presence of a stated exception or exemption proves the presence of a corresponding rule.
Example: if there's a street sign that says "No Parking, 7AM-9AM weekdays" with no other signage, then the legal implication is that you're more than welcome to park there during the other 158 hours of the week. The government can't then turn around and go "hey, we never said you could park there at 11PM! Parking fine for you!", as the presence of the exception proves (well... implies) that there's a rule to be excepted from.
I'm reminded of a quote from British comedian Alexei Sayle, which of course I can't remember, but I'll paraphrase:
'Chernobyl Orange' is a primary colour now?
Running screamingly offtopic, but when it comes to all-time best KB article headlines, here's yer winner:
Earth Rotates in Wrong Direction
Ahhh, the old slashdot tradition of whacky, unbelievable, totally impossible April Fools' Day stories. I never get tired of them! Every year, Slashdot produce stories so totally ridiculous that...
What? What? What's today's date!?!? Oh dear god no...
They're still around, along with E, F, G, J, N, and 6, according to Cecil.
Well, not technically true, despite the fact that it's commonly believed to be so. NT is short for 'N-Ten', the codename of the Intel i860 processor on which it was originally intended to run.
'New Technology' is a later marketing retrofit.
Oh dear god yes. Damn the 'Liberal' party and their ridiculous nomenclature.
Great point. Perhaps an even more sensible idea is to find an existing party which leans towards your views -- the Greens might be a good place to start -- join them, and start influencing their IT and IP policies. From what I've seen of their IT policies, they certainly seem intelligent. That way, you've got the might of a semi-major party behind you, don't have to worry as much about fundraising etc., and can have a real effect on party policy (maybe -- I'm not sure how much the Greens listen to the hoi polloi, but I believe that's one of their big 'selling points')
Look, the idea of a "Liberal Geek" party is a great one, and though it would be difficult to get any real support, it might well be worth a try.
Obviously, you realise that running as a true independent is a long shot to succeed, and hence the idea to form a party. However, a suggestion: if you want to form a party, don't form it around the basis that you'll be the one running for the Senate. A truly democratic and open party can be founded by you, sure, but the members might want someone else among their ranks to run instead. To prove how open and free you are, set up the party, come up with a fair and open party constitution and rules, get some members, and THEN see what happens with preselection.
Anyway, hell: I'd run in Victoria for the party if the party was appropriately set up, with appropriate policies. I'd certainly vote for you (them?).
There's a hypothetical privacy violation here. Even though the newly-enabled primary MX will not receive any actual email, it will still receive the MAIL FROM and RCPT TO. If you had a dodgy primary MX which has now been 'taken over' by Verisign, they might well be able to log that a message was sent to you from a certain email address.
Knowing that an email was sent from george.w@whitehouse.gov to anonymous.helpline@sexualdysfunction.org, just because of a formerly-non-working primary MX for sexualdysfunction.org, is in itself a privacy violation.
I've thrown together some astoundingly rough figures on my personal site. They're not much, but at least it's a number. Anyone who wishes to is welcome to make them more accurate.
I was very conservative in my figures, and came up with something like 2.2 million a day in lost productivity -- and that's not touching on bandwidth etc.
Sorry, 90% doesn't cut it for us. For our application, we need IE3+ and NS4.01+. Unfortunately, the 'big players' in SSL either owned the root certs from IE3 and NS4 in the first place, or have since bought them out anyway. Good luck finding IE3/NS4-compatible certs for a low price... (though if you do, let me know).
Superb idea, ajks. Have a cookie (or a certificate).
Here's a form-letter version of the email I'm about to shoot off to our rep, the delightful(!) Barbara:
We're a small company: but even in our case, [x] and [y] are are 10 and 3000 respectively. It won't take that many to make a sizeable hole in Thawte's pockets.
Indeed. But not as right a thing, surely, as not returning IPs for these non-existent domains anyway.
If nothing else, they're sucking bandwidth. It's not much, surely, but -- OK. We send out an email newsletter at work (legitimate, opt-in, unsubscribable -- calm down) which goes to 200,000+ people. Say 5,000 people have their domain wrong -- htomail.com or something (no idea if that's accurate, but it's probably not massively far off).
As it was, our mail server would do 5000 dns lookups, get 5000 NXDOMAINs, and ignore them. Instead, it does 5000 lookups, gets this address, connects to the mail server, sends a HELO, gets a response, sends a MAIL FROM, gets a response, sents a RCPT TO, gets a 550. That's an extra... what... couple of hundred bytes of network traffic? Say in the order of 1-2 MB for the lot. Down here in expensive-bandwidth-land, that's about 30 cents Australian it costs us. Not much, I know, but even so, it's there. Not to mention the additional load on our servers for trying to send, making port-25 connections, etc, compared to just giving up.
It's not much, but it IS costing us some small amount of bandwidth and some server time. Screw them.
This is the most #@^%ed-up #@#$ of @#*&ing !@%^ that I've ever #$@@ed in my %$#*.
That was YOU? Thanks heaps, you bastard.
"Like millions of sysadmins cried out in terror -- then were silenced."
So, uh... what's changed, exactly?
No party-independent parliamentary members in Australia?
I don't know that I would exactly say that...
Admittedly, the majority of them are total fruit loops, but hey, someone voted for them.
Oddly enough, an Australian current affairs show ran a story on this very topic last night... shopfast.com.au, an Australian online grocery store, is trialling this very thing. It works more or less exactly as you state above. No idea how effective it would be, as long as the interface was useful and easy to correct (no, I want the 1kg package this week, not the 500g), then it's quite a good idea.
They talk about how easy it is to scan as you throw away the empty packet; however, you probably want to order new toilet paper just BEFORE you use the very last roll up, so you'd need to scan some things before you run out, and then make sure someone else in the house doesn't do the same.
Still, beats spending forever in a supermarket (which, incidentally, is precisely what would have been happening in my personal circle of hell, had Dante written about me, which thankfully he didn't).
snpp.com does...
Judge: What name would you prefer? ...
Homer: Any of these will be fine.
Judge: Hmm. "Hercules Rockefeller". "Rembrandt Q. Einstein". "Handsome B. Wonderful". Huh, I'm going to give you the only name you spelt correctly. From this day forward, your name shall be
[cut to a shot of Lisa, reading from a sheet of paper on the Simpsons' couch]
Lisa: "Max Power"?
Yep, just you. Everyone else knows what the word 'ironic' actually means.
Oh dear god.
Ummm.. that was me. Seriously.
I was on $16K, going for $32K. I knew the answer to the question before the choices even came up ('what colour flag does a ship fly when it's in a state of quarantine?'). I knew the damn answer: and then spent the next 3 minutes second-guessing myself because it seemed too easy. I threw away a lifeline. Then I tried my 'phone a friend' stunt.
Google couldn't give us a good answer -- and it was all my fault. I used shitty keywords. I mean, I didn't even give them 'colour', because of the "optional 'U'" spelling thing" which I thought might confuse things. Then I panicked, and didn't think to get them to try Google Image search.
I stupidly didn't take the 16K, totally second-guessed myself, gave the wrong answer, and walked out with a measly grand.
(I wrote up my initial post-disaster thoughts on the matter on my site, if you're interested. Contains foul language.)
Yep. And not that it counts for shit, but we used the "WWTBAM quiz book" as practise material beforehand; we missed maybe one or two out of twenty or thirty questions, a strike rate I considered good enough. Most of the time in practise, we had the result from google inside 10-15 seconds, let alone 30.
When they say "it's different when you're in the chair", believe me, they're not shitting you. I lost my nerve -- and I've performed well under pressure on game shows before. Eddie McGuire (host of Australian version) is bloody good at what he does: don't let anyone tell you otherwise.
Ahh well, live and learn, I guess.
You're taking in $10K a month cash, with no cash outflows = $10K/month positive cash flow. You're racking up $11K a month in expenses though, which is a $1K/month loss. You're just letting debt build up, rather than cash reserves go down.
(incidentally, three years ago, you could have IPOd on that business plan)
That would be South Africa, and it's called The Blaster.