I think ASP is a pretty good framework for developing web based applications. Don't get me wrong, I *LOVE* PERL, but there are a lot of times when ASP is a good tool for the job.
While I enjoy the admin interface to IIS, I'm not intimidated by.CONF files. I hate the fact that IIS is so insecure (the amount of various IIS automated exploit attacks that my SNORT detects is amazing). I would love to migrate from IIS to Apache *IF* I could be able to port the ASP code with a minimum of changes.
I've heard a few people make some generalized comments about this -- the general gist of which seem to be that it works for small and simple pages but not more complicated applications. Can anyone provide me with some more specific examples?
For example, what about a fictitious VBscript O.O. (i.e. using VBscript classes) application that uses ADO to call stored procedures on a SQL server?
Another example, what about a VBscript-based application that made use of COM objects?
What sort of caveats have you ran into when porting?
I enjoyed watching Blade 2. I think trying to pick apart the science, etc is missing the point. I regarded watching Blade 2 as being somewhat akin to watching a fun anime. I get pissy when movies try and take themselves seriously and have glaring plot/science/etc errors. I don't get pissy when I have similar experiences in comics, anime, etc. I suppose it is just a matter of expectation.
I found a few things a bit cheezy (the suplex -- please!) -- but the fighting was a lot of fun, the music was good, and I enjoyed watching it.
My comments about Terminal Services client being superior to VNC were intended to be limited in scope to the administration of Windows boxes. You get much better responses when using RDS then VNC on low or high bandwidth connections.
That said, I love VNC because servers and clients exist on so many platforms and I regularly use it for a remote desktop to my Linux box. But, if I'm going to admin a Windows box -- I'll take the terminal services in a heartbeat.
Here is what the article quotes (I don't have XP so I'm not sure about it's license agreement)
The way I read this is that this prohibits software from remotely driving the computer - whether it is for serving applications or for administrative purposes.
Microsoft's XP license agreement says, "Except as
otherwise permitted by the NetMeeting, Remote Assistance, and Remote Desktop features described below, you may not use the Product to permit any Device to use, access, display, or run other executable software residing on the Workstation Computer, nor may you permit any Device to use, access, display, or run the Product or Product's user interface, unless the Device has a separate license for the Product."
I don't think it is even possible to set up VNC to be used on the Windows platform to set up application sharing -- the VNC instance is tied to the desktop -- IMHO that means it is only good for a single user and I don't see why it matters whether that single user is at the KB on the console or a remote console.
I also agree with an earlier poster -- for the Windows platform, the Terminal Services client is *FAR* superior to VNC -- of course it is -- VNC works by sending bitmaps across the pipe -- the terminal services client can send API calls -- same principle as behind Xwindows.
I often like to install both as there has been times when Terminal services has croaked but VNC hasn't and vice-versa.
I'm not proposing a HTML based interface that would pop up for the user when making these decisions. This would be Windows/XWindows/Mac based GUI application -- probably built into the browser.
I think that it would be difficult to code a java applet or some other HTML that would pop up and obfuscate a portion of another window.
For one thing, you need to know exactly where the "PIW" is sitting on the user's screen -- which by itself is probably not possible. Then you would need to be able to render out an interface that would obfuscate just a portion of the message.
I'm glad that thought is being given to a standard that defines a standard for a personal information object -- I'm just not sure that I agree with what the plans are to use that information.
I haven't read the full specifications -- so take anything I write with a grain of salt. I've spent years building web applications, authored a popular anti-spam package, and have done some work building an advertising filtering & privacy enhancement proxy server-based package.
It seems to me that a better approach would be something like this (call it Personal Information Widget):
User puts all of their personal information into some form of a "wallet" (yes - I know there are technologies similar to this) -- the information resides on their computer not in a passport on a third party server.
When a user goes to a site and wishes to sign up for registration, to purchase something, etc -- there should be a mechanism where that site is able to formulate a list of the fields that it wants + requires for registration. The site will send this (i.e. XML) to the Personal Information Widget.
The PIW will pop a window on the user's screen showing them what information the site wants + requires. The other can then choose to "deny" "allow all" "allow required" or "custom".
If they deny -- end of transaction. Allow all -- give the site everything it wants Allow required - give the site only required fields Custom - chose to give the site information different than in your profile.
This sort of approach would solve one of the major problems of building registration-based sites -- the pain in the ass factor of getting people to type in their information for the Xth time -- without doing anything sneaky about privacy.
In an ideal world, I would be able to choose to allow cookies that are required for a web application to funciton, but deny cookies used to track my viewing habits (especially across multiple sites). I don't think that a "protocol" can really solve this problem though.
Once a site uses cookies, they inherently have the ability to track you -- whether or not that is there intent -- this protocol doesn't really protect your privacy.
I'm not really opposed to cookies -- as a web developer, it is painful for me to imagine coding without them! That said, I don't like the idea of someone tracking my usage habits across multiple sites and then potentially correlating that back w/ registration information to me.
I tend to disallow third party cookies. I know that this breaks a number of 1x1 pixel tracking tools -- but this same sort of technology could be ran off the web servers of the clients or if it was really necessary to outsource it -- you could use DNS (i.e. tracking.yourcompany.com points to webtrendslive.com ) to limit the tracking cookies to a single domain.
You can disallow third party cookies and protect your privacy that way w/o this extra layer of technology added.
I am a priori (guess I'm being closed minded) opposed to anything that facilitates that automatic transfer of information. I just can't wait to see someone find an exploit....
I was taken in my an employment counseling / job listing service about 6 months ago. They got me for $1800. I was pretty pissed off.
I was able to figure out that the job leads that they were giving me were being pirated from Execunet. I contacted them and they put me in contact with other people who had the connection. I then began to learn that I wasn't alone.
I published a web site containing all of the information about the company that took me in including their phone numbers, names of the employees, etc and then did a lot of key word optimization and online marketing. Now when you do a search on Google, I show up in the top few.
As soon as Google indexed it, I started getting in a steady stream of emails from people who had just met with them but haven't given them their money yet as well as others who were also taken in and were pursuing their own individual actions against them.
We now have assembled a decent size group of people and have been coordinating legal research, action, contact with the media, etc.
Go Web!
It's been a while, but I've been building web based applications since 1994. Many of these were template based.
I still have source code w/ dated versioning information from mid '1996.
I'm quite sure that the amount of "prior art" for this sort of system is quite extensive.
I did my undergraduate degree at Harvey Mudd College. While HMC doesn't have some of the same name recognition as CalTech or MIT, it is arguably one of the best math/science/engineering schools. Their engineering program is rather different than most. I graduated with a multidisciplinary degree in Engineering. Students don't graduate from HMC as Chemical, Electrical, etc Engineers. In addition to the broad approach to Engineering, HMC students' curriculum was divided 1/3 major, 1/3 math and sciences, and 1/3 humanities. The humanities program was structured to balance breadth and depth.
Now that years have passed and I can reflect upon my education, I am very satisfied with their approach. Did my average class teach me skills that were directly transferable to the workplace? No. However, their academic strategy did give me exposure to solving a wider breadth of challenges and problems. If there is one thing that I have come to believe about working in the internet/technology industry is that the most important skill is the ability to continuously learn.
I believe that if my education had been focused too strongly on the immediate issues of the day that I might not have developed some of the learning and problem solving skills that I find invaluable.
That said, I do think that schools should look for programs to bridge the significant gap between the academic and commercial worlds.
For example, at HMC, they pioneered an Engineering Clinic program. As a mandatory part of the engineering curriculum, Engineering majors would spend 1.5 years working on Clinic projects. Companies and government agencies would give ~$30K to the school to fund a team of students to do "real world" research or development projects. In addition to delivering something of value to the company, we were taught project management, documentation, and presentation skills that I found immensely valuable.
Personally, I get very tired of overly "academic" prose and teaching styles. I believe in hands-on learning and problem solving. I would love to see more schools adopt or adapt programs similar to HMC's clinic program. Hell, maybe more Engineering schools should enter BattleBots competitions.. J
-My $.03
I have an Inspiron 7500 w/ one of their 15.4" LCD screens that is broken. I checked out Dell's site to find out the replacement cost. It was ~$1200! Ouch - hard to believe that a replacement LCD costs about as much as a new laptop.
So now I am using it as a server.:)
Unfortunately, I just bought some 802.11 cards from Egghead about a week ago.
I can't believe that hacking their web servers could compromise credit card numbers. If credit card numbers need to be stored in a database that is potentially exposed to the Internet, then they should be encrypted.
I know this isn't revolutionary, but I've been mach happier since I started running my own mail server on my DSL line. I now create a new email address for each service I register for so I can keep track of who is spamming me.
BTW -- if you are ever in the job market, I suggest using this tactic with the job engines. It is *very* interesting to see which job sites actually get you responses from real companies vs recruiters vs job-related spam.
Unfortunately, this isn't an option available to most people, but since I have control over my own mail server, I create an email address (actually I create a new Microsoft Exchange public folder that has an email address associated with it) for each new company that asks me for one. I then can track how my email addresses are passed around/spread.
BTW - this if you are ever in the job market - this is a great tactic for measuring the success (or lack thereof) of a number of the job posting sites.
Slashdot Mirror
I think ASP is a pretty good framework for developing web based applications. Don't get me wrong, I *LOVE* PERL, but there are a lot of times when ASP is a good tool for the job.
.CONF files. I hate the fact that IIS is so insecure (the amount of various IIS automated exploit attacks that my SNORT detects is amazing). I would love to migrate from IIS to Apache *IF* I could be able to port the ASP code with a minimum of changes.
While I enjoy the admin interface to IIS, I'm not intimidated by
I've heard a few people make some generalized comments about this -- the general gist of which seem to be that it works for small and simple pages but not more complicated applications. Can anyone provide me with some more specific examples?
For example, what about a fictitious VBscript O.O. (i.e. using VBscript classes) application that uses ADO to call stored procedures on a SQL server?
Another example, what about a VBscript-based application that made use of COM objects?
What sort of caveats have you ran into when porting?
I enjoyed watching Blade 2. I think trying to pick apart the science, etc is missing the point. I regarded watching Blade 2 as being somewhat akin to watching a fun anime. I get pissy when movies try and take themselves seriously and have glaring plot/science/etc errors. I don't get pissy when I have similar experiences in comics, anime, etc. I suppose it is just a matter of expectation.
I found a few things a bit cheezy (the suplex -- please!) -- but the fighting was a lot of fun, the music was good, and I enjoyed watching it.
My comments about Terminal Services client being superior to VNC were intended to be limited in scope to the administration of Windows boxes. You get much better responses when using RDS then VNC on low or high bandwidth connections. That said, I love VNC because servers and clients exist on so many platforms and I regularly use it for a remote desktop to my Linux box. But, if I'm going to admin a Windows box -- I'll take the terminal services in a heartbeat.
The way I read this is that this prohibits software from remotely driving the computer - whether it is for serving applications or for administrative purposes.
I don't think it is even possible to set up VNC to be used on the Windows platform to set up application sharing -- the VNC instance is tied to the desktop -- IMHO that means it is only good for a single user and I don't see why it matters whether that single user is at the KB on the console or a remote console.
I also agree with an earlier poster -- for the Windows platform, the Terminal Services client is *FAR* superior to VNC -- of course it is -- VNC works by sending bitmaps across the pipe -- the terminal services client can send API calls -- same principle as behind Xwindows.
I often like to install both as there has been times when Terminal services has croaked but VNC hasn't and vice-versa.
I'm not proposing a HTML based interface that would pop up for the user when making these decisions. This would be Windows/XWindows/Mac based GUI application -- probably built into the browser. I think that it would be difficult to code a java applet or some other HTML that would pop up and obfuscate a portion of another window. For one thing, you need to know exactly where the "PIW" is sitting on the user's screen -- which by itself is probably not possible. Then you would need to be able to render out an interface that would obfuscate just a portion of the message.
I'm glad that thought is being given to a standard that defines a standard for a personal information object -- I'm just not sure that I agree with what the plans are to use that information.
I haven't read the full specifications -- so take anything I write with a grain of salt. I've spent years building web applications, authored a popular anti-spam package, and have done some work building an advertising filtering & privacy enhancement proxy server-based package.
It seems to me that a better approach would be something like this (call it Personal Information Widget):
User puts all of their personal information into some form of a "wallet" (yes - I know there are technologies similar to this) -- the information resides on their computer not in a passport on a third party server.
When a user goes to a site and wishes to sign up for registration, to purchase something, etc -- there should be a mechanism where that site is able to formulate a list of the fields that it wants + requires for registration. The site will send this (i.e. XML) to the Personal Information Widget.
The PIW will pop a window on the user's screen showing them what information the site wants + requires. The other can then choose to "deny" "allow all" "allow required" or "custom".
If they deny -- end of transaction.
Allow all -- give the site everything it wants
Allow required - give the site only required fields
Custom - chose to give the site information different than in your profile.
This sort of approach would solve one of the major problems of building registration-based sites -- the pain in the ass factor of getting people to type in their information for the Xth time -- without doing anything sneaky about privacy.
In an ideal world, I would be able to choose to allow cookies that are required for a web application to funciton, but deny cookies used to track my viewing habits (especially across multiple sites). I don't think that a "protocol" can really solve this problem though.
Once a site uses cookies, they inherently have the ability to track you -- whether or not that is there intent -- this protocol doesn't really protect your privacy.
I'm not really opposed to cookies -- as a web developer, it is painful for me to imagine coding without them! That said, I don't like the idea of someone tracking my usage habits across multiple sites and then potentially correlating that back w/ registration information to me.
I tend to disallow third party cookies. I know that this breaks a number of 1x1 pixel tracking tools -- but this same sort of technology could be ran off the web servers of the clients or if it was really necessary to outsource it -- you could use DNS (i.e. tracking.yourcompany.com points to webtrendslive.com ) to limit the tracking cookies to a single domain.
You can disallow third party cookies and protect your privacy that way w/o this extra layer of technology added.
I am a priori (guess I'm being closed minded) opposed to anything that facilitates that automatic transfer of information. I just can't wait to see someone find an exploit....
I was taken in my an employment counseling / job listing service about 6 months ago. They got me for $1800. I was pretty pissed off. I was able to figure out that the job leads that they were giving me were being pirated from Execunet. I contacted them and they put me in contact with other people who had the connection. I then began to learn that I wasn't alone. I published a web site containing all of the information about the company that took me in including their phone numbers, names of the employees, etc and then did a lot of key word optimization and online marketing. Now when you do a search on Google, I show up in the top few. As soon as Google indexed it, I started getting in a steady stream of emails from people who had just met with them but haven't given them their money yet as well as others who were also taken in and were pursuing their own individual actions against them. We now have assembled a decent size group of people and have been coordinating legal research, action, contact with the media, etc. Go Web!
I saw the same thing. I did a search for my name and only saw a few recent postings in the results.
It's been a while, but I've been building web based applications since 1994. Many of these were template based. I still have source code w/ dated versioning information from mid '1996. I'm quite sure that the amount of "prior art" for this sort of system is quite extensive.
I did my undergraduate degree at Harvey Mudd College. While HMC doesn't have some of the same name recognition as CalTech or MIT, it is arguably one of the best math/science/engineering schools. Their engineering program is rather different than most. I graduated with a multidisciplinary degree in Engineering. Students don't graduate from HMC as Chemical, Electrical, etc Engineers. In addition to the broad approach to Engineering, HMC students' curriculum was divided 1/3 major, 1/3 math and sciences, and 1/3 humanities. The humanities program was structured to balance breadth and depth. Now that years have passed and I can reflect upon my education, I am very satisfied with their approach. Did my average class teach me skills that were directly transferable to the workplace? No. However, their academic strategy did give me exposure to solving a wider breadth of challenges and problems. If there is one thing that I have come to believe about working in the internet/technology industry is that the most important skill is the ability to continuously learn. I believe that if my education had been focused too strongly on the immediate issues of the day that I might not have developed some of the learning and problem solving skills that I find invaluable. That said, I do think that schools should look for programs to bridge the significant gap between the academic and commercial worlds. For example, at HMC, they pioneered an Engineering Clinic program. As a mandatory part of the engineering curriculum, Engineering majors would spend 1.5 years working on Clinic projects. Companies and government agencies would give ~$30K to the school to fund a team of students to do "real world" research or development projects. In addition to delivering something of value to the company, we were taught project management, documentation, and presentation skills that I found immensely valuable. Personally, I get very tired of overly "academic" prose and teaching styles. I believe in hands-on learning and problem solving. I would love to see more schools adopt or adapt programs similar to HMC's clinic program. Hell, maybe more Engineering schools should enter BattleBots competitions.. J -My $.03
I have an Inspiron 7500 w/ one of their 15.4" LCD screens that is broken. I checked out Dell's site to find out the replacement cost. It was ~$1200! Ouch - hard to believe that a replacement LCD costs about as much as a new laptop. So now I am using it as a server. :)
Unfortunately, I just bought some 802.11 cards from Egghead about a week ago. I can't believe that hacking their web servers could compromise credit card numbers. If credit card numbers need to be stored in a database that is potentially exposed to the Internet, then they should be encrypted.
I know this isn't revolutionary, but I've been mach happier since I started running my own mail server on my DSL line. I now create a new email address for each service I register for so I can keep track of who is spamming me.
BTW -- if you are ever in the job market, I suggest using this tactic with the job engines. It is *very* interesting to see which job sites actually get you responses from real companies vs recruiters vs job-related spam.
Unfortunately, this isn't an option available to most people, but since I have control over my own mail server, I create an email address (actually I create a new Microsoft Exchange public folder that has an email address associated with it) for each new company that asks me for one. I then can track how my email addresses are passed around/spread.
BTW - this if you are ever in the job market - this is a great tactic for measuring the success (or lack thereof) of a number of the job posting sites.