According to Section 10.4.4 of RFC 2616, 403 means:
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.
Before 1972, "leaps" were fractions of a second; a UTC second (Universal Time Coordinated) did not have the same duration as a TAI second (the French acronym for International Atomic Time); and "leaps" occurred as often as four times a year. The current form of leap-seconds has been in effect since 1972. By then, software (mostly main frames) handled leap-seconds quite easily.
The reason for leap-seconds is that the earth's rotation is gradually slowing while many critical operations require precise time indicators. Thus, noon at Greenwich -- even average noon, which takes into account annual and semi-annual variations in the earth's rotation -- cannot be used. Instead, those critical operations use TAI. TAI is a uniform, never-varying time system while UTC is coordinated with noon at Greenwich. Since 1972, however, a UTC second has exactly the same duration as a TAI second; and a UTC clock ticks its seconds exactly at the same time as a TAI clock. If this continued indefinitely, noon on a UTC clock would gradually deviate from noon at Greenwich. Since 1972, if the deviation approaches a whole second, an extra second -- a leap-second -- is added to a UTC clock at the end of the last minute of either 30 June or 31 December.
All this became a problem in 2006. During the 7 years from 1 January 1999 until 1 January 2006, the slowing of the earth's rotation was so slight that there were no leap-seconds. Too many young software engineers and other technologists failed to learn about leap-seconds and thus ignored them (just the the Y2K issue was ignored until it was almost too late). A situation that was handled quite well in the 1970s, 1980s, and 1990s was no longer handled at all in new systems. But on 1 January 2006, there was indeed a leap-second. By then, many of those who were familiar with leap-seconds and how to handle them had retired (including me).
I feel that OCR-A and OCR-B are so stylized that they are somewhat distracting. Thus, it takes more effort to read text in such fonts than reading text in (for example) Georgia or Verdana. Even my recommended Trebuchet is somewhat stylized, but I find it easier to read than either of the OCR fonts.
One way to look at this issue is whether an individual is aware that a font is "different". If so, then more concentration is required to grasp the meaning of the text, concentration to avoid distraction.
For printing, pick a font that has no ambiguous characters. This makes OCR easier if you have to retrieve the data back into a computer. I suggest Trebuchet, in which I (upper-case eye), l (lower-case ell), and 1 (one) are distinct. Alternatively, use either the OCR-A or OCR-B font, which are not easily read by humans. Place the hard copy in a sealed envelope and store it in a bank safe-deposit box.
Also in the same safe-deposit box, store electronic copies using at least two different media (two so that, if one becomes obsolete and unreadable, the other might still be used). You might want to change the media -- or at least review them -- annually to ensure they are still useable.
That service is still operating. I used it over 10 years ago to establish priority for a business concept that I then presented to my employer.
All that is needed is a detached digital signature -- via an OpenPGP application, such as PGP or Gnu Privacy Guard (GPG) -- for the file in question. The signature file is E-mailed to the PGP Digital Timestamping Service as described at http://www.itconsult.co.uk/stamper.htm. The service digitally signs the signature file, creating another detached signature that is E-mailed back to the user. Contained in that returned signature file is the date-time it was signed.
Test files can be sent to the PGP Digital Timestamping Service. The return is still a detached signature that is E-mailed back to the user. The date-time can then be checked to verify that the clock at the PGP Digital Timestamping Service is current.
In the meantime, your own detached digital signature file establishes proof that you possessed the signed file prior to the date-time in the PGP Digital Timestamping Service's detached digital signature file.
1. If you were an employee of the former company, show paystubs or Forms W2 showing dates prior to the copyright date.
2. If you were an independent contractor on that work, show invoices.
3. In the future, make copies of the source files. ZIP, Gzip, or otherwise combine them into a single file. Use an OpenPGP application to create a detached digital signature of that single file. Send the digital signature file to a time-stamping service such as pgp@stamper.itconsult.co.uk and save the result. All this will provide proof of the prior nature of your work and also invalidate and later claim of copyright or patent.
Since CSS 1 and still in CSS 2.1, blink has been a recognized value of the text-decoration property. For accessibility, browsers should blink slowly so as not to trigger epilepsy events in susceptible individuals.
I spent over 20 years of my career (now retired) working for a company that did independent verification and validation (IV&V) of software used by the military to operate its unmanned space satellites. Not once was a satellite lost from an error in the software if we were involved.
There were some 10 or more other, unrelated companies developing software for various space satellites. We did more than merely test the resulting products. We started by reviewing the developers' design documents; our reviews required responses or revisions before any coding could occur. Next we reviewed the developers' programming documents; our reviews required responses or revisions before programming could be completed. Then we reviewed the developers' test documents; our reviews required responses or revisions before the developers could conduct their own internal unit tests. We attended the conduct of those internal tests and audited the results to ensure that the purposes and criteria of the tests were satisfied.
Finally, the developers would deliver their software to us. We would test the products at the package and system level. We looked at how products from different developers interfaced with each other, whether human interfaces were reasonable, and whether the government's requirements had been met. Our test documents were reviewed by the military organizations that would be using the software, and we did not start testing until we responded or revised our test documents.
This IV&V process approximately doubled the cost of providing software. However, no such software caused a satellite to land on the White House or (worse) on the Kremlin. In the early 1990s, the Pentagon decided to save money by eliminating IV&V. I continued testing software for military satellites, but then it was within the companies that developed the software. When schedules or costs were at risk, testing was cut short.
For home users of Windows XP, Microsoft's Security Essentials has a AV-Test certified seal with a test date in August 2012. For corporate users of Windows XP, Microsoft's Forefront Endpoint Protection has a AV-Test certified seal with a test date also in August 2012. Neither product has the certified seal for Windows 8. But then how many corporate users have actually adopted Windows 8?
Besides AV-Test, there is also ICSA Labs at https://www.icsalabs.com/. ICSA Labs also reports on Norman.
ICSA Labs certifies Microsoft Security Essentials for home users of Windows XP and Microsoft Forefront Endpoint Protection for Windows 7 without any dates indicated. Apparently, ICSA has not certified any anti-virus applications for Windows 8.
I use AVG 2013 Free, which is certified by AV-Test but has not been evaluated by ICSA Labs since 2005 (many versions ago). I also prefer to go to the original sources of information on software -- AV-Test and ICSA Labs in this case -- not to news reports often written by reporters who might not understand the subject.
In this case it doesn't cache the decrypted key, it caches the passphrase. When it need to access the key again it will load it from disk and decrypt it with the passphrase. If you always purge the cache after decryption, why not just turn the caching feature off?
When I do a backup of my PC, I encrypt and sign the backup files before storing them on a removable hard drive, which I then store remotely. The version of PGP that I use needs my pass phrase for the signature at the end of the process, but it has to be input at the start. Thus, the pass phrase is cached. The files are so large that the cache was expiring before PGP was done. I extended the expiration interval to 25 minutes to get a good completion of the process. Since the process always takes less than 25 minutes, I then purge the cache.
OpenPGP as implemented in Pretty Good Privacy (PGP), Gnu Privacy Guard (GPG), and possibly other applications is a private-key/public-key encryption method. You encrypt with the public key, which cannot decrypt what it encrypts. Thus, the whole world can have copies of your public key. You decrypt only with your private key, which does not encrypt. Thus, you try to keep your private key truly private.
However, there is another consideration. You have a pass phrase that is used to encrypt your private key for storage on your computer. That is, your private key exists on your computer only in an encrypted form that cannot be used without first decrypting it with your pass phrase. My pass phrase has well over 30 characters (over 240 bits), including blank spaces and special characters. It exists only in my head plus on a piece of paper in a very secure and remote location in case I drop dead.
I use PGP. To decrypt a file, I must enter my pass phrase, which PGP then uses to decrypt my private key. PGP then uses the decrypted private key to decrypt the file. The decrypted key is in a cache and can be reused so that I do not have to keep typing my pass phrase. The cache is automatically purged after a user-set interval of time. I can also manually purge the cache, which I always do when I am through decrypting. Purging the cache should be standard procedure for anyone concerned about keeping encrypted data secure.
Thus: (1) Even if my private key is compromised (e.g., captured), it is really useless without my pass phrase, which does not exist electronically. (2) Proper procedures prevent access to the cached decrypted copy of my private key.
Of course, all this is overcome if a key-logger or other means is used to capture the input of my pass phrase. If that happens, I have greater problems than someone decrypting files I want to protect.
The Web page at http://openpublicapp.com/ has 85 HTML errors and 92 CSS errors. How many errors will OpenPublic leave in the town's Web site? How will different browsers treat those errors? Will any of those errors adversely impact audio browsers used by the blind and thus cause the town to violate the Americans with Disabilities Act?
The home page for Code for America has 9 CSS errors. The HTML could not be tested because it appears to have used HTML 5, which is still under development, unstable, and not yet approved for general use. I say "appears" because the DOCTYPE declaration fails to indicate an HTML or XHTML version.
If that home page is a sample of what you get with Code for America, you will be revising and revising again as the specification for HTML 5 changes, until that specification is finally approved. Furthermore, the CSS errors would make me leery since they indicate other errors might enter your result. This could make your Web site look strange in some browsers.
First, get written specifications from a town official who has the authority to approve the results. The specifications should indicate the sources of content and how the town expects the Web site to be hosted. The specifications should be testable; that is, it should be possible to determine whether or not the result indeed implements what was wanted. You definitely do not want to put in any effort that will then be rejected. If you get a negative response, you want to point to the specification as justification for what you created.
Second, read what experts have said about proper Web design. The most important thing is to adhere to W3C specifications; see http://www.w3.org/. That way, any problems by end-users in viewing the result can be attributed to the users' browsers and not to your creation. Also peruse Jacob Nielsen's Web site at http://www.useit.com/, especially his http://www.useit.com/alertbox/9605.html and http://www.useit.com/homepageusability/guidelines.html. While the Viewable with Any Browser Campaign at http://www.anybrowser.org/campaign/index.html is somewhat dated, much of it is still relevant. Finally, there are my own "Professional" Web Developers at http://www.rossde.com/internet/Webdevelopers.html (where I dissect the errors committed by professional Web developers) and My Web Page Design Criteria at http://www.rossde.com/internet/web_design.html (where I describe how I design my own Web pages). In my "Professional" Web Developers, pay special attention to Accessibility to make sure you do not violate the Americans with Disabilities Act. My two Web pages that I cite here contain links to external Web sites with more information that may prove quite valuable.
Suing an employer for age discrimination is very difficult. Proving it in a court of law is almost impossible. Worse, a former head of the federal Equal Employment Opportunity Commission sat on some 20,000 age discrimination complaints until the statute of limitations expired. That person is now a justice on the U.S. Supreme Court -- Clarence Thomas.
When seeking a job, however, there are things you can do on your own to reduce the likelihood of age discrimination. In your resume (electronic or hardcopy), omit any experience more than 10-12 years old. While listing schools attended and degrees earned, omit the years. Both men and women should use hair dye to "cover the gray", but men should not hide their baldness. (Young men are often bald by choice; but a comb-over, weave, or toupee too easily indicates an older man.)
I truly dislike Web-based forums. They require the user to connect to a specific Web site, which is sometimes down. Although Facebook is rarely down, a forum based there requires users to have Facebook accounts; similar requirements exist for other forum hosting services. Threaded discussions are often difficult to follow on Web-based forums, and threads usually cannot be sorted (both are also problems with mailing lists). To find a specific topic or thread, the user must use the forum's own search capability, which is too often rudimentary and insufficient for real-world use. Then, there is the fact that some Web-based forums work well only with certain browsers.
I much prefer the newsgroups hosted by NNTP (network news transfer protocol) servers. There are several NNTP service providers (NSPs), both free and paid; users only have to use one NSP to participate even when other users use other NSPs. That is, users are not required to connect and login to any one specific site.
A number of different NNTP applications also exist, mostly freeware. Those applications generally handle threaded discussions quite well. Search capabilities are built into the applications and are not needed for the newsgroup itself. If spam, flame wars, trolls, and other problems are a concern, a moderated newsgroup is also possible.
If your topic is limited, I would suggest creating an alt.* newsgroup. See the text document at http://ftp.isc.org/pub/usenet/CONFIG/README. However, many NSPs no longer host alt.* newsgroups because so many of them contained child pornography.
If your topic might have broad public appeal, you might consider creating a newsgroup under one of comp.*, news.*, sci.*, humanities.*, rec.*, soc.*, talk.*, or misc.*. See http://www.big-8.org/wiki/Main_Page.
In California, "handling" is taxed but not "shipping". If the two are bundled into a single charge, it is taxed. That is the law in California. At least, we do not have a value added tax, which would include "shipping" even if it were separately charged.
This problem has been reported by the US-CERT (part of the US Department of Homeland Security [Insecurity?]) at http://www.kb.cert.org/vuls/id/268267. See that link for an authoritative report on the meaning of this problem and how to avoid it.
Backing up your hard drives was already suggested. Additionally, you shouldould either encrypt financial records using PGP or use a secure disc erasing application to remove them from your hard drive. By "financial records", you should include bank statements, tax returns, a list of your logon IDs and passwords, and bookmarks ("favorites") that include financial institutions. You might have other sensitive personal data that should be similarly treated.
You should also encrypt the backup files to a portable medium, which you should hand-carry or include in your luggage. However, you should have to be prepared to decrypt those files at your destination for customs and explain why they are encrypted.
Finally, you should put into your luggage all your accumulated CDs containing software that you have installed along with a flash drive containing the installer files that you downloaded and installed. This is in case your PC is lost in shipping and you have to recreate your configuration. These should NOT be encrypted since you would need the unencrypted software to decrypt your encrypted backups.
Of course, you need to carry your private PGP key on a flash drive or memory chip hidden in your wallet. This will show up in X-rays at airport security when you depart. When you arrive at your destination, however, X-raying your wallet or body is generally not done.
This morning's Los Angeles Times reports that Governor Brown signed the bill yesterday. It often takes about 2-3 days for the Web site that tracks California legislation to be updated. At this time of year, when the Governor is facing a deadline to sign or veto all bills passed during the just-concluded legislative session, the backlog can be a week or more.
Along with AB 1844, which applies only to employers, the Governor signed SB 1349, which applies to colleges and universities and prohibits them from requiring students to expose their social networking. Unfortunately, neither bill provides any penalty for violating these new laws.
If I found that one of my PGP keys were compromised, I would revoke it in less than 5 minutes. Why does it take a week to revoke a code-signing certificate? How much more damage might occur in that week?
No Web server can determine whether a do-not-track (DNT) setting was the inherent default or explicitly set by the end-user. Apache is specifically blocking recognition of DNT for Internet Explorer 10 only because they discovered that Microsoft made DNT the default.
By the way, telemarketing is as important to commerce as are Web ads. But in the U.S., I can (and did) put my phone number in the government's do-not-call list. It is illegal for a telemarketer to call me. (Some still do. I report them to the Federal Trade Commission for enforcement.) How is do-not-call different from do-not-track? Apparently, they are not very different since a bill is in Congress to require Web sites to honor DNT, which (of course) will make Apache's patch illegal.
Slashdot Mirror
According to Section 10.4.4 of RFC 2616, 403 means:
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.
Before 1972, "leaps" were fractions of a second; a UTC second (Universal Time Coordinated) did not have the same duration as a TAI second (the French acronym for International Atomic Time); and "leaps" occurred as often as four times a year. The current form of leap-seconds has been in effect since 1972. By then, software (mostly main frames) handled leap-seconds quite easily.
The reason for leap-seconds is that the earth's rotation is gradually slowing while many critical operations require precise time indicators. Thus, noon at Greenwich -- even average noon, which takes into account annual and semi-annual variations in the earth's rotation -- cannot be used. Instead, those critical operations use TAI. TAI is a uniform, never-varying time system while UTC is coordinated with noon at Greenwich. Since 1972, however, a UTC second has exactly the same duration as a TAI second; and a UTC clock ticks its seconds exactly at the same time as a TAI clock. If this continued indefinitely, noon on a UTC clock would gradually deviate from noon at Greenwich. Since 1972, if the deviation approaches a whole second, an extra second -- a leap-second -- is added to a UTC clock at the end of the last minute of either 30 June or 31 December.
All this became a problem in 2006. During the 7 years from 1 January 1999 until 1 January 2006, the slowing of the earth's rotation was so slight that there were no leap-seconds. Too many young software engineers and other technologists failed to learn about leap-seconds and thus ignored them (just the the Y2K issue was ignored until it was almost too late). A situation that was handled quite well in the 1970s, 1980s, and 1990s was no longer handled at all in new systems. But on 1 January 2006, there was indeed a leap-second. By then, many of those who were familiar with leap-seconds and how to handle them had retired (including me).
The Slashdot Web site makes extensive use of JavaScript. If the article is accurate, does that mean Slashdot will abandon such use?
I feel that OCR-A and OCR-B are so stylized that they are somewhat distracting. Thus, it takes more effort to read text in such fonts than reading text in (for example) Georgia or Verdana. Even my recommended Trebuchet is somewhat stylized, but I find it easier to read than either of the OCR fonts.
One way to look at this issue is whether an individual is aware that a font is "different". If so, then more concentration is required to grasp the meaning of the text, concentration to avoid distraction.
For printing, pick a font that has no ambiguous characters. This makes OCR easier if you have to retrieve the data back into a computer. I suggest Trebuchet, in which I (upper-case eye), l (lower-case ell), and 1 (one) are distinct. Alternatively, use either the OCR-A or OCR-B font, which are not easily read by humans. Place the hard copy in a sealed envelope and store it in a bank safe-deposit box.
Also in the same safe-deposit box, store electronic copies using at least two different media (two so that, if one becomes obsolete and unreadable, the other might still be used). You might want to change the media -- or at least review them -- annually to ensure they are still useable.
That service is still operating. I used it over 10 years ago to establish priority for a business concept that I then presented to my employer.
All that is needed is a detached digital signature -- via an OpenPGP application, such as PGP or Gnu Privacy Guard (GPG) -- for the file in question. The signature file is E-mailed to the PGP Digital Timestamping Service as described at http://www.itconsult.co.uk/stamper.htm. The service digitally signs the signature file, creating another detached signature that is E-mailed back to the user. Contained in that returned signature file is the date-time it was signed.
Test files can be sent to the PGP Digital Timestamping Service. The return is still a detached signature that is E-mailed back to the user. The date-time can then be checked to verify that the clock at the PGP Digital Timestamping Service is current.
In the meantime, your own detached digital signature file establishes proof that you possessed the signed file prior to the date-time in the PGP Digital Timestamping Service's detached digital signature file.
1. If you were an employee of the former company, show paystubs or Forms W2 showing dates prior to the copyright date.
2. If you were an independent contractor on that work, show invoices.
3. In the future, make copies of the source files. ZIP, Gzip, or otherwise combine them into a single file. Use an OpenPGP application to create a detached digital signature of that single file. Send the digital signature file to a time-stamping service such as pgp@stamper.itconsult.co.uk and save the result. All this will provide proof of the prior nature of your work and also invalidate and later claim of copyright or patent.
No, the did not. The police and wireless companies both denied that cell service was turned off.
Since CSS 1 and still in CSS 2.1, blink has been a recognized value of the text-decoration property. For accessibility, browsers should blink slowly so as not to trigger epilepsy events in susceptible individuals.
I spent over 20 years of my career (now retired) working for a company that did independent verification and validation (IV&V) of software used by the military to operate its unmanned space satellites. Not once was a satellite lost from an error in the software if we were involved.
There were some 10 or more other, unrelated companies developing software for various space satellites. We did more than merely test the resulting products. We started by reviewing the developers' design documents; our reviews required responses or revisions before any coding could occur. Next we reviewed the developers' programming documents; our reviews required responses or revisions before programming could be completed. Then we reviewed the developers' test documents; our reviews required responses or revisions before the developers could conduct their own internal unit tests. We attended the conduct of those internal tests and audited the results to ensure that the purposes and criteria of the tests were satisfied.
Finally, the developers would deliver their software to us. We would test the products at the package and system level. We looked at how products from different developers interfaced with each other, whether human interfaces were reasonable, and whether the government's requirements had been met. Our test documents were reviewed by the military organizations that would be using the software, and we did not start testing until we responded or revised our test documents.
This IV&V process approximately doubled the cost of providing software. However, no such software caused a satellite to land on the White House or (worse) on the Kremlin. In the early 1990s, the Pentagon decided to save money by eliminating IV&V. I continued testing software for military satellites, but then it was within the companies that developed the software. When schedules or costs were at risk, testing was cut short.
Sic transit gloria mundi.
I went to the AV-Test Web site at http://www.av-test.org/en/home/. First of all, there is indeed a Norman Security Suite at http://safeground.norman.com/us/home_and_small_office. AV-Test listed Norton under Symantec. Yes, AV-Test evaluated both Norton and Norman.
For home users of Windows XP, Microsoft's Security Essentials has a AV-Test certified seal with a test date in August 2012. For corporate users of Windows XP, Microsoft's Forefront Endpoint Protection has a AV-Test certified seal with a test date also in August 2012. Neither product has the certified seal for Windows 8. But then how many corporate users have actually adopted Windows 8?
Besides AV-Test, there is also ICSA Labs at https://www.icsalabs.com/. ICSA Labs also reports on Norman.
ICSA Labs certifies Microsoft Security Essentials for home users of Windows XP and Microsoft Forefront Endpoint Protection for Windows 7 without any dates indicated. Apparently, ICSA has not certified any anti-virus applications for Windows 8.
I use AVG 2013 Free, which is certified by AV-Test but has not been evaluated by ICSA Labs since 2005 (many versions ago). I also prefer to go to the original sources of information on software -- AV-Test and ICSA Labs in this case -- not to news reports often written by reporters who might not understand the subject.
In this case it doesn't cache the decrypted key, it caches the passphrase. When it need to access the key again it will load it from disk and decrypt it with the passphrase. If you always purge the cache after decryption, why not just turn the caching feature off?
When I do a backup of my PC, I encrypt and sign the backup files before storing them on a removable hard drive, which I then store remotely. The version of PGP that I use needs my pass phrase for the signature at the end of the process, but it has to be input at the start. Thus, the pass phrase is cached. The files are so large that the cache was expiring before PGP was done. I extended the expiration interval to 25 minutes to get a good completion of the process. Since the process always takes less than 25 minutes, I then purge the cache.
OpenPGP as implemented in Pretty Good Privacy (PGP), Gnu Privacy Guard (GPG), and possibly other applications is a private-key/public-key encryption method. You encrypt with the public key, which cannot decrypt what it encrypts. Thus, the whole world can have copies of your public key. You decrypt only with your private key, which does not encrypt. Thus, you try to keep your private key truly private.
However, there is another consideration. You have a pass phrase that is used to encrypt your private key for storage on your computer. That is, your private key exists on your computer only in an encrypted form that cannot be used without first decrypting it with your pass phrase. My pass phrase has well over 30 characters (over 240 bits), including blank spaces and special characters. It exists only in my head plus on a piece of paper in a very secure and remote location in case I drop dead.
I use PGP. To decrypt a file, I must enter my pass phrase, which PGP then uses to decrypt my private key. PGP then uses the decrypted private key to decrypt the file. The decrypted key is in a cache and can be reused so that I do not have to keep typing my pass phrase. The cache is automatically purged after a user-set interval of time. I can also manually purge the cache, which I always do when I am through decrypting. Purging the cache should be standard procedure for anyone concerned about keeping encrypted data secure.
Thus: (1) Even if my private key is compromised (e.g., captured), it is really useless without my pass phrase, which does not exist electronically. (2) Proper procedures prevent access to the cached decrypted copy of my private key.
Of course, all this is overcome if a key-logger or other means is used to capture the input of my pass phrase. If that happens, I have greater problems than someone decrypting files I want to protect.
The Web page at http://openpublicapp.com/ has 85 HTML errors and 92 CSS errors. How many errors will OpenPublic leave in the town's Web site? How will different browsers treat those errors? Will any of those errors adversely impact audio browsers used by the blind and thus cause the town to violate the Americans with Disabilities Act?
The home page for Code for America has 9 CSS errors. The HTML could not be tested because it appears to have used HTML 5, which is still under development, unstable, and not yet approved for general use. I say "appears" because the DOCTYPE declaration fails to indicate an HTML or XHTML version.
If that home page is a sample of what you get with Code for America, you will be revising and revising again as the specification for HTML 5 changes, until that specification is finally approved. Furthermore, the CSS errors would make me leery since they indicate other errors might enter your result. This could make your Web site look strange in some browsers.
First, get written specifications from a town official who has the authority to approve the results. The specifications should indicate the sources of content and how the town expects the Web site to be hosted. The specifications should be testable; that is, it should be possible to determine whether or not the result indeed implements what was wanted. You definitely do not want to put in any effort that will then be rejected. If you get a negative response, you want to point to the specification as justification for what you created.
Second, read what experts have said about proper Web design. The most important thing is to adhere to W3C specifications; see http://www.w3.org/. That way, any problems by end-users in viewing the result can be attributed to the users' browsers and not to your creation. Also peruse Jacob Nielsen's Web site at http://www.useit.com/, especially his http://www.useit.com/alertbox/9605.html and http://www.useit.com/homepageusability/guidelines.html. While the Viewable with Any Browser Campaign at http://www.anybrowser.org/campaign/index.html is somewhat dated, much of it is still relevant. Finally, there are my own "Professional" Web Developers at http://www.rossde.com/internet/Webdevelopers.html (where I dissect the errors committed by professional Web developers) and My Web Page Design Criteria at http://www.rossde.com/internet/web_design.html (where I describe how I design my own Web pages). In my "Professional" Web Developers, pay special attention to Accessibility to make sure you do not violate the Americans with Disabilities Act. My two Web pages that I cite here contain links to external Web sites with more information that may prove quite valuable.
Third, test your results. Use the W3C validators. Use http://validator.w3.org/ to make sure you have no HTML/XHTML errors. Use http://jigsaw.w3.org/css-validator/ to make sure you have not CSS errors.
Suing an employer for age discrimination is very difficult. Proving it in a court of law is almost impossible. Worse, a former head of the federal Equal Employment Opportunity Commission sat on some 20,000 age discrimination complaints until the statute of limitations expired. That person is now a justice on the U.S. Supreme Court -- Clarence Thomas.
When seeking a job, however, there are things you can do on your own to reduce the likelihood of age discrimination. In your resume (electronic or hardcopy), omit any experience more than 10-12 years old. While listing schools attended and degrees earned, omit the years. Both men and women should use hair dye to "cover the gray", but men should not hide their baldness. (Young men are often bald by choice; but a comb-over, weave, or toupee too easily indicates an older man.)
I truly dislike Web-based forums. They require the user to connect to a specific Web site, which is sometimes down. Although Facebook is rarely down, a forum based there requires users to have Facebook accounts; similar requirements exist for other forum hosting services. Threaded discussions are often difficult to follow on Web-based forums, and threads usually cannot be sorted (both are also problems with mailing lists). To find a specific topic or thread, the user must use the forum's own search capability, which is too often rudimentary and insufficient for real-world use. Then, there is the fact that some Web-based forums work well only with certain browsers.
I much prefer the newsgroups hosted by NNTP (network news transfer protocol) servers. There are several NNTP service providers (NSPs), both free and paid; users only have to use one NSP to participate even when other users use other NSPs. That is, users are not required to connect and login to any one specific site.
A number of different NNTP applications also exist, mostly freeware. Those applications generally handle threaded discussions quite well. Search capabilities are built into the applications and are not needed for the newsgroup itself. If spam, flame wars, trolls, and other problems are a concern, a moderated newsgroup is also possible.
If your topic is limited, I would suggest creating an alt.* newsgroup. See the text document at http://ftp.isc.org/pub/usenet/CONFIG/README. However, many NSPs no longer host alt.* newsgroups because so many of them contained child pornography.
If your topic might have broad public appeal, you might consider creating a newsgroup under one of comp.*, news.*, sci.*, humanities.*, rec.*, soc.*, talk.*, or misc.*. See http://www.big-8.org/wiki/Main_Page.
A moderated newsgroup can have more than a single moderator, which would be appropriate if your forum is not related to your own personal Web site. See http://www.eyrie.org/~eagle/faqs/mod-pitfalls.html for the negatives of moderated newsgroups. The "Moderator's Handbook" at http://www.eyrie.org/~eagle/usefor/other/moderators-handbook is quite old but still useful. See also http://www.big-8.org/wiki/Changing_Moderation_Status.
In California, "handling" is taxed but not "shipping". If the two are bundled into a single charge, it is taxed. That is the law in California. At least, we do not have a value added tax, which would include "shipping" even if it were separately charged.
This problem has been reported by the US-CERT (part of the US Department of Homeland Security [Insecurity?]) at http://www.kb.cert.org/vuls/id/268267. See that link for an authoritative report on the meaning of this problem and how to avoid it.
Backing up your hard drives was already suggested. Additionally, you shouldould either encrypt financial records using PGP or use a secure disc erasing application to remove them from your hard drive. By "financial records", you should include bank statements, tax returns, a list of your logon IDs and passwords, and bookmarks ("favorites") that include financial institutions. You might have other sensitive personal data that should be similarly treated.
You should also encrypt the backup files to a portable medium, which you should hand-carry or include in your luggage. However, you should have to be prepared to decrypt those files at your destination for customs and explain why they are encrypted.
Finally, you should put into your luggage all your accumulated CDs containing software that you have installed along with a flash drive containing the installer files that you downloaded and installed. This is in case your PC is lost in shipping and you have to recreate your configuration. These should NOT be encrypted since you would need the unencrypted software to decrypt your encrypted backups.
Of course, you need to carry your private PGP key on a flash drive or memory chip hidden in your wallet. This will show up in X-rays at airport security when you depart. When you arrive at your destination, however, X-raying your wallet or body is generally not done.
Sorry.
This morning's Los Angeles Times reports that Governor Brown signed the bill yesterday. It often takes about 2-3 days for the Web site that tracks California legislation to be updated. At this time of year, when the Governor is facing a deadline to sign or veto all bills passed during the just-concluded legislative session, the backlog can be a week or more.
Along with AB 1844, which applies only to employers, the Governor signed SB 1349, which applies to colleges and universities and prohibits them from requiring students to expose their social networking. Unfortunately, neither bill provides any penalty for violating these new laws.
The celebration over AB 1844 is premature. Governor Brown has not yet signed it.
If I found that one of my PGP keys were compromised, I would revoke it in less than 5 minutes. Why does it take a week to revoke a code-signing certificate? How much more damage might occur in that week?
No Web server can determine whether a do-not-track (DNT) setting was the inherent default or explicitly set by the end-user. Apache is specifically blocking recognition of DNT for Internet Explorer 10 only because they discovered that Microsoft made DNT the default.
By the way, telemarketing is as important to commerce as are Web ads. But in the U.S., I can (and did) put my phone number in the government's do-not-call list. It is illegal for a telemarketer to call me. (Some still do. I report them to the Federal Trade Commission for enforcement.) How is do-not-call different from do-not-track? Apparently, they are not very different since a bill is in Congress to require Web sites to honor DNT, which (of course) will make Apache's patch illegal.