"There seems to be no study too fragmented, no hypothesis too trivial, no literature too biased or too egotistical, no design too warped, no methodology too bungled, no presentation of results too inaccurate, too obscure, and too contradictory, no analysis too self-serving, no argument too circular, no conclusions too trifling or too unjustified, and no grammar and syntax too offensive for a paper to end up in print."
Incidentally, Wikipedia pointed me to that source.
> Otherwise, you know, you couldn't be prosecuted for faking a bill of sale for a car, or a life insurance policy, or printing counterfeit currency, or most other forms of fraud that involve a printed document -- and you surely can.
If you read the summary, you would note that he hasn't actually printed a fake boarding pass; he's just saying how to. Publishing a paper on how to do something is protected speech, it's that simple. (Go to wikipedia; there are instructions for building an atomic bomb. Detonating one would be illegal, reading about how to build one is not.)
> a) Are you violating a policy for using a USB device? and > b) When then USB is plugged-in, it's part of the machine (see above)
Most companies use smartcards for this sort of thing. Unless you physically have the card and physically enter the PIN on the PIN pad, you can't use it to decrypt or sign. If you guess the PIN wrong 3 times, the card destroys the key. Considering a PIN can be an arbitrary length, it's doubtful that anyone is going to guess it in three tries.
The disadvantage is that destroying the key destroys any messages encrypted to that key. You're probably not archiving confidental messages though.
What's nice about easynews is that their servers reassemble split RARs and extract the enclosure. So if you find something you want to watch, you can just click download and the.avi (or whatever) immediately starts downloading. It's really an awesome interface.
If the RIAA/MPAA/TV Networks provided a site like that (for a similar price; $10/month), I think piracy would be stamped out forever.
> You can reset the list of allowed computers in your iTunes account. There's absolutely no good valid reason that your friends "lost" their iTunes-bought songs. They should contact Apple if they need help with this.
Really? I switched from OS X to OpenBSD, and now my iTunes music doesn't work. Can I have iTunes for OpenBSD/PPC, please?
> As a security-conscious programmer with a lot of corporate development history, I support Vista's blocking of non-signed drivers 100%. It's actually the first time I've agreed with Microsoft's plans and features since suffering the pains of Windows 3.1 development and support.
Then you're an idiot. Let's say I'm "SPAMMERS R US, Inc.", and I want to rootkit your system so I can make your machine a spam zombie. From this activity, I will profit, so $500 is nothing to me. MS signs the "driver", and bang, you're rooted.
The $500 does, however, ensure that there won't be any open source Windows drivers. That's fine with me, though, because the less that works on Windows, the fewer people there are that will use Windows. This is the beginning of the end, finally. In a few years, Microsoft will be irrelevant.
> it is not all that clearcut when to use Latex or MS Word as you make it seem
For your bibliography example, you shouldn't ever have to screw around with the fonts. You should include the proper template and LaTeX will do the work for you. You mark up the information, LaTeX makes it look nice. XML, but 20 years earlier:)
Some people are control freaks that feel good about tweaking every last font and margin, but I like to leave that to the experts and worry instead about the content of the document.
That aside, the difference is that perl doesn't come bundled with a junk database interface that everyone is told to use. If you want to use a database at all, you have to do a little research. In that process, you learn how to do things properly (i.e. read the docs while DBD::mysql is compiling), and write better code as a result.
PHP is "easy to use", so people do whatever the fuck they think is right, and ususally get it wrong. If you actually had to read something before using PHP, we wouldn't have all these insecure PHP sites around. Of course, at that point PHP would have lost its advantage, and everyone would be using Perl/Python/Ruby:) Catch 22.
As for PHP's addons, it there are like 300 in PEAR, and none come with unit tests. Compare this to 10000 in CPAN, most of which come with a wide array of tests and documentation. PEAR is a good idea, but there's no community around PHP that cares about high-quality reusable code. Perl has that community, and that's why it's a much better programming platform. (Look at thinks like the CPAN Testing Service, CPAN Ratings, CPAN RT, etc. PEAR doesn't have any of that.)
It's easy if you use good tools. PHP is not a good tool. Rather than hacks like mysql_replace_the_string_with_things_that_wont_com primise_my_database(), you should be using tools that make it impossible to inject SQL.
Some ideas:
Perl's DBI, whose docs tell you to ALWAYS write SQL like:
$sth = $dbh->preprare('SELECT foo,bar FROM baz WHERE something=? AND another = ?') $sth->execute(q{''Some\ things"'}, 10);
Notice that the programmer can't forget to escape the SQL -- because there's no escaping.
Even better is something like DBIx::Class, which lets you write
$resultset = $table->search({something => q{''Some\ things"'}, another => 10});
Again, no opportunity for the programmer to fuck up the SQL in any way. It's just like getting data out of the hash... DBIx::Class will generate the SQL (for any backend), run the query, stream in the results as needed, etc. It's easier and it's better!
Ruby on Rail's ActiveRecord is similar, but it's impossible to do certain types of joins. DBIx::Class is better in this regard. (And Perl is faster than Rails, and Catalyst is more complete rhan Rails:)... but both Ruby and Perl are MUCH better choices than PHP.
PHP makes it easy to write insecure code. Perl makes it hard! (With taint mode, a selection of ORMs, 10000+ well-tested modules, and nicities like Moose, Moose::Autobox, etc.)
> You don't see this discussion about the GIMP, Apache, even Emacs
Uh, there was a similar discussion around Apache around the time when they changed their license. Debian decided to keep it, OpenBSD dropped it on the floor. That's how things work in the free software community. If something isn't free enough, you get rid of it and find something else. (OpenBSD used Apache 1.3.x which is still Free.)
This is not at all what's happening. Debian wants to patch firefox so that it works with the Debian OS. Mozilla says that if you do that, you can't use the logos. Debian says, fine, we won't use your logos. Mozilla then replies, well if you don't use the logos, you can't use the name either.
Debian is not allowed to ship software which can't be modified by users of the distro, it's against their policy (the Debian Free Software Guidelines). Since Mozilla won't cooperate with Debian, Debian has to rename Mozilla's software. That makes everyone happy. Debian can follow its own guidelines, and Mozilla can choke the life out of their software with their tight iron-fist. Everyone wins.
This is not a new issue, either. Nearly every distro dumped XFree86 when they started acting this way. They forked it and now we have X.org. (XFree86 is completely dead now.) OpenBSD ditched Apache for the same reason.
> What quality are you referring to that makes them not suitable for business?
No way to dock them properly. It is kind of inconvenient to attach a monitor, keyboard, mouse, USB hub, etc. every morning at work. That's why Dells with docking stations are preferred for the business environment.
> If you couldn't, and the only way to get more was illegal, would you do it?
Well, probably not.
But I don't understand what's illegal about clicking ads. You can only click an ad if you want to buy something? You can only click certain links once?
Slashdot Mirror
Have you looked at their website? It's just a static page saying "call us for details". Their business can do fine without the website.
And gun manufacturers are "aiding in the commission of a crime" when someone murders someone else with a gun, right?
Maybe you shouldn't be using such a shitty programming language, then?
PHP + "I write my own text-parsing routines because PHPs may be insecure, but mine definitely aren't" = kook.
On peer review:
http://www.aaskolnick.com/naswmav.htm
"There seems to be no study too fragmented, no hypothesis too trivial, no literature too biased or too egotistical, no design too warped, no methodology too bungled, no presentation of results too inaccurate, too obscure, and too contradictory, no analysis too self-serving, no argument too circular, no conclusions too trifling or too unjustified, and no grammar and syntax too offensive for a paper to end up in print."
Incidentally, Wikipedia pointed me to that source.
> Otherwise, you know, you couldn't be prosecuted for faking a bill of sale for a car, or a life insurance policy, or printing counterfeit currency, or most other forms of fraud that involve a printed document -- and you surely can.
If you read the summary, you would note that he hasn't actually printed a fake boarding pass; he's just saying how to. Publishing a paper on how to do something is protected speech, it's that simple. (Go to wikipedia; there are instructions for building an atomic bomb. Detonating one would be illegal, reading about how to build one is not.)
gah. I meant:
:)
gpg --encrypt < in.mp3 > out.mp3
but you know what I mean
Sure:
gpg --encrypt out.mp3
It isn't a real mp3 any more, but it is after you decrypt it (possibly with your TPM's key).
> a) Are you violating a policy for using a USB device? and
> b) When then USB is plugged-in, it's part of the machine (see above)
Most companies use smartcards for this sort of thing. Unless you physically have the card and physically enter the PIN on the PIN pad, you can't use it to decrypt or sign. If you guess the PIN wrong 3 times, the card destroys the key. Considering a PIN can be an arbitrary length, it's doubtful that anyone is going to guess it in three tries.
The disadvantage is that destroying the key destroys any messages encrypted to that key. You're probably not archiving confidental messages though.
What's nice about easynews is that their servers reassemble split RARs and extract the enclosure. So if you find something you want to watch, you can just click download and the .avi (or whatever) immediately starts downloading. It's really an awesome interface.
If the RIAA/MPAA/TV Networks provided a site like that (for a similar price; $10/month), I think piracy would be stamped out forever.
> You can reset the list of allowed computers in your iTunes account. There's absolutely no good valid reason that your friends "lost" their iTunes-bought songs. They should contact Apple if they need help with this.
Really? I switched from OS X to OpenBSD, and now my iTunes music doesn't work. Can I have iTunes for OpenBSD/PPC, please?
People are donating to open source projects so that the developers can buy hardware (or coffee), not so they can fork that cash over to Microsoft.
Besides, can you really call it open source software when some magic third party has to "approve" your software. No, you can't.
OSS on Windows is gone.
> As a security-conscious programmer with a lot of corporate development history, I support Vista's blocking of non-signed drivers 100%. It's actually the first time I've agreed with Microsoft's plans and features since suffering the pains of Windows 3.1 development and support.
Then you're an idiot. Let's say I'm "SPAMMERS R US, Inc.", and I want to rootkit your system so I can make your machine a spam zombie. From this activity, I will profit, so $500 is nothing to me. MS signs the "driver", and bang, you're rooted.
The $500 does, however, ensure that there won't be any open source Windows drivers. That's fine with me, though, because the less that works on Windows, the fewer people there are that will use Windows. This is the beginning of the end, finally. In a few years, Microsoft will be irrelevant.
> it is not all that clearcut when to use Latex or MS Word as you make it seem
:)
For your bibliography example, you shouldn't ever have to screw around with the fonts. You should include the proper template and LaTeX will do the work for you. You mark up the information, LaTeX makes it look nice. XML, but 20 years earlier
Some people are control freaks that feel good about tweaking every last font and margin, but I like to leave that to the experts and worry instead about the content of the document.
International treaties cover that particular act. There's no UN Resolution on the Abolition of Spam Blocking. Sorry.
2.x doesn't really have any exciting features, though. I guess mod_cache looks cool, but it's still experimental.
What's PERL?
:) Catch 22.
That aside, the difference is that perl doesn't come bundled with a junk database interface that everyone is told to use. If you want to use a database at all, you have to do a little research. In that process, you learn how to do things properly (i.e. read the docs while DBD::mysql is compiling), and write better code as a result.
PHP is "easy to use", so people do whatever the fuck they think is right, and ususally get it wrong. If you actually had to read something before using PHP, we wouldn't have all these insecure PHP sites around. Of course, at that point PHP would have lost its advantage, and everyone would be using Perl/Python/Ruby
As for PHP's addons, it there are like 300 in PEAR, and none come with unit tests. Compare this to 10000 in CPAN, most of which come with a wide array of tests and documentation. PEAR is a good idea, but there's no community around PHP that cares about high-quality reusable code. Perl has that community, and that's why it's a much better programming platform. (Look at thinks like the CPAN Testing Service, CPAN Ratings, CPAN RT, etc. PEAR doesn't have any of that.)
The database we're stuck with at work doesn't support prepared statements. Every SQL query looks like:
$query = "SELECT something,anotherthing FROM ". sqlClean($foo). " WHERE bar=". sqlClean($bar). "AND baz=$baz";
Could you spot the two bugs?
We're using some junk ODBC interconnect, because someone had the brilliant idea that the M in LAMP is "Microsoft SQL Server". Sigh.
> Writing secure software is never easy.
m primise_my_database(), you should be using tools that make it impossible to inject SQL.
:)... but both Ruby and Perl are MUCH better choices than PHP.
It's easy if you use good tools. PHP is not a good tool. Rather than hacks like mysql_replace_the_string_with_things_that_wont_co
Some ideas:
Perl's DBI, whose docs tell you to ALWAYS write SQL like:
$sth = $dbh->preprare('SELECT foo,bar FROM baz WHERE something=? AND another = ?')
$sth->execute(q{''Some\ things"'}, 10);
Notice that the programmer can't forget to escape the SQL -- because there's no escaping.
Even better is something like DBIx::Class, which lets you write
$resultset = $table->search({something => q{''Some\ things"'}, another => 10});
Again, no opportunity for the programmer to fuck up the SQL in any way. It's just like getting data out of the hash... DBIx::Class will generate the SQL (for any backend), run the query, stream in the results as needed, etc. It's easier and it's better!
Ruby on Rail's ActiveRecord is similar, but it's impossible to do certain types of joins. DBIx::Class is better in this regard. (And Perl is faster than Rails, and Catalyst is more complete rhan Rails
PHP makes it easy to write insecure code. Perl makes it hard! (With taint mode, a selection of ORMs, 10000+ well-tested modules, and nicities like Moose, Moose::Autobox, etc.)
Your comment suggests that you should consider dropping out of school. Soon.
> You don't see this discussion about the GIMP, Apache, even Emacs
Uh, there was a similar discussion around Apache around the time when they changed their license. Debian decided to keep it, OpenBSD dropped it on the floor. That's how things work in the free software community. If something isn't free enough, you get rid of it and find something else. (OpenBSD used Apache 1.3.x which is still Free.)
This is not at all what's happening. Debian wants to patch firefox so that it works with the Debian OS. Mozilla says that if you do that, you can't use the logos. Debian says, fine, we won't use your logos. Mozilla then replies, well if you don't use the logos, you can't use the name either.
Debian is not allowed to ship software which can't be modified by users of the distro, it's against their policy (the Debian Free Software Guidelines). Since Mozilla won't cooperate with Debian, Debian has to rename Mozilla's software. That makes everyone happy. Debian can follow its own guidelines, and Mozilla can choke the life out of their software with their tight iron-fist. Everyone wins.
This is not a new issue, either. Nearly every distro dumped XFree86 when they started acting this way. They forked it and now we have X.org. (XFree86 is completely dead now.) OpenBSD ditched Apache for the same reason.
I have a Model M at home and at work. When they get dirty, I stick 'em in the dishwasher and let the detergent work its magic.
I hear this can be bad for the keyboards, but It Works For Me (tm)....
[24-SEP-2006 16:45:02] heart0: sternum is on fire!
> What quality are you referring to that makes them not suitable for business?
No way to dock them properly. It is kind of inconvenient to attach a monitor, keyboard, mouse, USB hub, etc. every morning at work. That's why Dells with docking stations are preferred for the business environment.
> If you couldn't, and the only way to get more was illegal, would you do it?
Well, probably not.
But I don't understand what's illegal about clicking ads. You can only click an ad if you want to buy something? You can only click certain links once?