I think GP might mean he started young at programming C, not in the industry. But regardless, it is kinda ridiculous to expect someone to have 10 years of C by the time they are 20.
A friend of mine once had a router that used javascript based authentication that could be hacked using Greasemonkey. So don't do that, is sorta what I was trying to say. I suppose I could have said it better though....
I'm not very practiced in developing "hardened" web apps (mostly I've just worked with already written code that is secure), but:
Use as little javascript as possible (if you're planning to use web2.0 AJAX type stuff). It's almost laughably easy to change javascript after the webpage has loaded (Greasemonkey for example). If you're super good at programming clean secure C/C++ you might want to program your own webserver (servers like Apache are easier to use, yes, but they release security patches to them all the time, so they aren't THAT secure. A dedicated single program that only does a few things is likely to have less vulnerabilities). Barring that, make sure your webserver installation is up to date, this includes the PHP/Perl installation (or whatever language you are using), as well as your database server. Sanitize any input from the outside before putting it into a database (or really doing anything with it).
That's for your own server. Now, I assume you'll have users. You should implement a login "token" that expires after a certain time. This token can be any number of things. For apps I've worked on we usually use a hash that contains the login email, among other things, for easy checking. Make sure that every single request by the user contains this hash, and the hash is verified before any data is changed.
Use SSL or some other form of secure transport (https). This will insure (well not insure, but make it more difficult) that even if someone is able to snatch your user's packets (like if they are in Starbucks or something), they will have to decrypt them before they get a token (by which time it will have expired).
That's pretty much all I know as far as general security goes. I'd have to know more about what kind of application you are trying to create to be able to offer any more advice (and please, if someone sees something wrong with what I've written, don't hesitate to correct me. Like I said, I don't have a ton of experience with app security).
I didn't say it was illegal. OP pointed out that occupy rallies were more violent (though the ones I watched on tv didn't appear to be so), but isn't bringing a gun to a rally slightly more dangerous? Mob mentalities being what they are. You can't use a gun that you don't have with you. And why would you bring a gun to a rally unless you either intended to use it or wanted to scare someone with it. Unless they felt like they would be harmed during the rally and needed to defend themselves? That I could understand, but the very presence of the guns would amplify the tension.
Fact is, the US constitution isn't nearly the perfect document that you would be led to believe.
True. Though also bear in mind a lot of those holes are because the founding fathers never dreamed of the ability to wrangle words lawyers have developed today. A lot of phrases in the constitution can be interpreted a dozen different ways today simply because the meaning was clear back then and they didn't feel the need to clarify every single thing. I suspect if such a document were written today it would be 100 times as long.
That's a really good question, but considering that OP has been married 37 years that makes them at least 55 (assuming they were 18 when they married). So it's probably A or B. But then again I don't know OP so I have no idea:P
Heh. I really shouldn't jump into a political discussion like this but...
Socialists believe in government by the people. The form of government they push IS intrusive, I agree, but it is supposed to be completely by the people, so its not big. At least as far as I understand it (and if I'm wrong feel free to correct me). Civil rights violations like GP mentions are not supposed to happen in that kind of society.
A handful of them may be rotten to the core, but most of them are good.
What is "good" is relative depending on culture/religion. The hijackers who flew a plane into the twin towers thought they were doing good. A good portion of the world would probably disagree, but "good" can't be measured by popular vote either. From my (obviously pessimistic) point of view, a large number of people are NOT good, and there are very few who are. Again, just my opinion, but I agree with GP.
They have basically the same competition everywhere in the USA
Not everywhere. When I got my first cell phone, they were the only carrier that offered service where I lived (and they still are, but thankfully I don't live there anymore). For folks in that area who want cell service, there's one option.
The carrier needs to maintain SMSC infrastructure, carrier interconnect agreements, billing infrastructure, and no doubt government enforced interception infrastructure.
They'd have to maintain interconnect agreements anyway for phone traffic, wouldn't they?
Most phone companies charge some sort of "regulatory" ot "legal" fees, that if you look closely are fees allowed by law. It's totally sleazy, but would you expect outherwise from a phone company?
The company I work for just started reselling a phone service to customers. They are used to a flat price from us, and we have to keep telling them that there will be sometimes up to $10 in taxes. We don't want to charge them taxes, we'd rather just give them a flat fee (since its more honest and up front), but regulations require that we do, since there are something like 15 taxes that all go to different things.
While I agree that most phone companies will charge whatever they can in "fees", there are a lot of fees that they are REQUIRED to charge, and they see none of.
Slashdot Mirror
I think GP might mean he started young at programming C, not in the industry. But regardless, it is kinda ridiculous to expect someone to have 10 years of C by the time they are 20.
A friend of mine once had a router that used javascript based authentication that could be hacked using Greasemonkey. So don't do that, is sorta what I was trying to say. I suppose I could have said it better though....
One was an organized effort, the other is an effort to organize.
Very well said.
The USSR and the People's Republic are not Socialist (the USSR was, early on, but became Communist very rapidly). This is a common fallacy.
I'm not very practiced in developing "hardened" web apps (mostly I've just worked with already written code that is secure), but:
Use as little javascript as possible (if you're planning to use web2.0 AJAX type stuff). It's almost laughably easy to change javascript after the webpage has loaded (Greasemonkey for example). If you're super good at programming clean secure C/C++ you might want to program your own webserver (servers like Apache are easier to use, yes, but they release security patches to them all the time, so they aren't THAT secure. A dedicated single program that only does a few things is likely to have less vulnerabilities). Barring that, make sure your webserver installation is up to date, this includes the PHP/Perl installation (or whatever language you are using), as well as your database server. Sanitize any input from the outside before putting it into a database (or really doing anything with it).
That's for your own server. Now, I assume you'll have users. You should implement a login "token" that expires after a certain time. This token can be any number of things. For apps I've worked on we usually use a hash that contains the login email, among other things, for easy checking. Make sure that every single request by the user contains this hash, and the hash is verified before any data is changed.
Use SSL or some other form of secure transport (https). This will insure (well not insure, but make it more difficult) that even if someone is able to snatch your user's packets (like if they are in Starbucks or something), they will have to decrypt them before they get a token (by which time it will have expired).
That's pretty much all I know as far as general security goes. I'd have to know more about what kind of application you are trying to create to be able to offer any more advice (and please, if someone sees something wrong with what I've written, don't hesitate to correct me. Like I said, I don't have a ton of experience with app security).
I didn't say it was illegal. OP pointed out that occupy rallies were more violent (though the ones I watched on tv didn't appear to be so), but isn't bringing a gun to a rally slightly more dangerous? Mob mentalities being what they are. You can't use a gun that you don't have with you. And why would you bring a gun to a rally unless you either intended to use it or wanted to scare someone with it. Unless they felt like they would be harmed during the rally and needed to defend themselves? That I could understand, but the very presence of the guns would amplify the tension.
Well if it didn't matter then why didn't he take a stand and stick by his guns? I mean if the outcome is the same either way...
Oh thanks. I didn't even think to look there.
I thought you were joking at first... Was it always like that?
>
Fact is, the US constitution isn't nearly the perfect document that you would be led to believe.
True. Though also bear in mind a lot of those holes are because the founding fathers never dreamed of the ability to wrangle words lawyers have developed today. A lot of phrases in the constitution can be interpreted a dozen different ways today simply because the meaning was clear back then and they didn't feel the need to clarify every single thing. I suspect if such a document were written today it would be 100 times as long.
That's a really good question, but considering that OP has been married 37 years that makes them at least 55 (assuming they were 18 when they married). So it's probably A or B. But then again I don't know OP so I have no idea :P
Didn't the Tea Party bring guns to some place or other? I remember hearing about that somewhere on here. Or was that a ./ myth?
Heh. I really shouldn't jump into a political discussion like this but...
Socialists believe in government by the people. The form of government they push IS intrusive, I agree, but it is supposed to be completely by the people, so its not big. At least as far as I understand it (and if I'm wrong feel free to correct me). Civil rights violations like GP mentions are not supposed to happen in that kind of society.
he did release a signing statement specifically stating that he didn't like it.
Then why did he sign it?
Citation (that goes for GP as well)?
For one thing houses don't have magma currents under them
That would be a kick-ass house. I'd put in a glass floor.
Unfortunately, no. There are other chemicals and minerals dissolved in the water which render the water unacceptable to dump into the ocean.
Correct me if I'm wrong, but haven't we ALREADY dumped a shitton of chemicals into the ocean?
We also know that fracking poisons the water by dumping 254 chemicals into the ground that find their way to the water table.
Wow... That's a lot of chemicals. Can you name them all? :D
In Europe, AFAIK, they have a much wider variety of public services available to compensate them for higher taxes.
A handful of them may be rotten to the core, but most of them are good.
What is "good" is relative depending on culture/religion. The hijackers who flew a plane into the twin towers thought they were doing good. A good portion of the world would probably disagree, but "good" can't be measured by popular vote either. From my (obviously pessimistic) point of view, a large number of people are NOT good, and there are very few who are. Again, just my opinion, but I agree with GP.
an online payment by credit card costs them 2% of whatever the transaction amount is.
So when I pay my $104 bill, they pay $2.08 to Visa? I'm sure that cuts heavily into their profit margin.
They have basically the same competition everywhere in the USA
Not everywhere. When I got my first cell phone, they were the only carrier that offered service where I lived (and they still are, but thankfully I don't live there anymore). For folks in that area who want cell service, there's one option.
The carrier needs to maintain SMSC infrastructure, carrier interconnect agreements, billing infrastructure, and no doubt government enforced interception infrastructure.
They'd have to maintain interconnect agreements anyway for phone traffic, wouldn't they?
Most phone companies charge some sort of "regulatory" ot "legal" fees, that if you look closely are fees allowed by law. It's totally sleazy, but would you expect outherwise from a phone company?
The company I work for just started reselling a phone service to customers. They are used to a flat price from us, and we have to keep telling them that there will be sometimes up to $10 in taxes. We don't want to charge them taxes, we'd rather just give them a flat fee (since its more honest and up front), but regulations require that we do, since there are something like 15 taxes that all go to different things.
While I agree that most phone companies will charge whatever they can in "fees", there are a lot of fees that they are REQUIRED to charge, and they see none of.
Nah, they give whatever the opposite of a discount is if you pay late though.