As it stands, this isn't a story big enough to make the news. All the cookies are kept over HTTPS, so when getting a user's cookie is as easy as truly "breaking" HTTPS, there is little risk and numerous other websites will have this same "problem"
Also, what do you bet they have at least some protection against replay attacks like ensuring client side IP address or some such matches along with other unique identifiers. Although, making cookies like this last for a month or more at a time does feel pretty unsafe. Web security 101 is to ensure cookies ALWAYS expire. (ie, by hashing the expiration date with the auth token or some such)
This is called a Replay Attack. And protecting against it is very difficult without either (a) requiring huge server overhead or (b) making a user prone to "session invalid" type errors when making multiple tabs on the website
...No you wouldn't. The *game logic* is on the server. You'd have to create your own server to play it. This makes it very hard to pirate, AND very tied to having a good internet connection even in "private" mode
This! When the next big content company that competes against Apple decides to take a move in the right direction to make their customers happy, Apple will be waiting with this patent, lawyers ready to pounce.
I've given up all hope that Apple actually wants it's users to be happy
This. I hate having to use a VPN. They are usually overly slow and generally screwy. For instance, at my house my internet is 20Mbit/2Mbit up/down. At work, it's 100MBit down/up (fiber). Over the VPN I'm lucky to get 300Kbyte/s download speeds, and much more often they are in the less than 100 range. I use SSH tunnels when I can because I can actually max out my connection with them, even with a third intermediate server involved
Because of these problems, I switched from using TFS (which requires always on connection, or things get stupid) to using git-tfs, which lets me use git and then "push" to TFS. Now I hardly ever use the VPN, other than to get on our private IRC server
Very **VERY** frequently the biggest problems I see on MSDN isn't finding the documentation. It's finding completely inadequate or incorrect documentation
Example: DefaultOverLoadAttribute -- "Indicates that a method is the default overload method" Wow, that's informative! And of course they don't give ANY links as to what the purpose of including this was, or saying when to use it
I commonly will have questions on Stackoverflow asking for help understanding what the hell MSDN is trying to say. For instance this question It's a question asking "MSDN says this, but I see this. Why?" with the answer boiling down to "MSDN is very misleading"
Or there is crap like DependencyProperty.RegisterAttached "here's a hint at what this does..." oh, btw, there's a magic naming convention we're not going to explain at all HAR HAR HAR
Of all the people criticizing these copyright trolls, why would they strike back at the guys who know what they're talking about and have the means to defend themselves(lawyers). Waiting for someone to come here soon and say "And....it's gone" with a link to their statement about going bankrupt and closing shop.
Yea, I'll believe that. When I started programming at age 13 the only thing I had in mind was my future job prospects. I didn't care if I enjoyed solving problems or creating stuff. The only thing I cared about was getting a head start on the career ladder and the future money I'd make, typical I think of all teenagers. I mean, every kid in school gets good grades and plans for college so they can make money right?
Yea, if you don't detect the sarcasm in the above, you shouldn't be here. Oddly enough, I started programming at 13, but it wasn't until I was 16 and someone asked me what kind of career I wanted that it actually clicked that I could do this as a job. Also, didn't finish college, but at an entry level programming job (a junior, but every other junior is a college graduate), less than $1000 in debt, making decent money, and only 21 years old.... Oh, and I wake up every morning happy that I actually am doing something interesting.
You have a good idea in targeting non-profits. However, I want to make the point that doing work for non-profits doesn't mean it has to be non-profit for you. Most non-profits get money through government grants and/or private donations in order to operate. Hiring a programmer to take care of their software needs would certainly qualify as an operational expense they could justify. It most likely isn't going to be the going rate, however, since budgets for non-profits are usually very tight.
Exactly, at my previous job we actually made software exclusively for non-profits. The key there is to make software which can be used by multiple non-profits of the same type... but I don't intend to make something like that because of the associated support required
Once someone offhand asked me if I could write something like that quickbooks has(managing rental properties). I said "probably for the subset of it that you need, but it'd take a lot of time." And then he said "Could you do it for under $100? Quickbooks is too expensive for me to buy." Literal facepalm.
This is why I specified "short-term". I wouldn't want to do this every weekend. I enjoy the time that I get to do my own thing with my own projects. However, sometimes a bit of pocket cash is worth not having that freedom... for a while. Personal projects also help me avoid burn-out so I wouldn't dedicate every weekend for 2 years to it or something.
I also have a friend who has a similar setup to what I use to have... but instead of the public wifi AP going to the internet, it made every HTTP request serve shock images(goatse, etc). I'm sure that's a good way to get sued though if some teen got onto your AP
I run my own OpenBSD router. I had this setup at one time, but after an upgrade I decided not to set it up again. Basically, it requires a ton of crap. A 3rd network interface, a wireless AP, and a ton of knowledge on how to configure it.
I'm very surprised that someone hasn't came out with a simple already setup wireless AP that segregates the guests from your local network, restricts it to some configurable bandwidth, and is secure enough to not be easily hacked through.
It's called not caring what people do with your code(ie, not assuming GPL is the only open source license). Your point is wrong, if people don't list a license, then (in the US anyway) it defaults to being very restrictive and you basically can't use it reliably. However, the point you make that "what ensures that people contributes back". Maybe I don't care if they contribute back? I write code because I enjoy it and want it to be genuinely useful to people. If my BSD licensed code becomes a key part in some million dollar product(see also Mac OSX and BSD kernels), then good for them. Makes me glad my code was that useful.
Also, it makes sense most of the time for companies to give back their changes to the open source product, so that they can then refine them or expand upon them. However, I could care less that you have some super specialized thing you built to hook into it. That doesn't need to be contributed back, where GPL would require it to be.
So, in summary: chill out about everyone "stealing" your code. If you're lax with your belief in code == IP, then GPL makes much less sense. GPL says the IP must remain open, even if you extend it or adapt it, basically it always belongs to me. BSD says take it and use it. Hide it, shove it in some top secret algorithm, I could care less. Just don't take a direct rip of my IP and then say it's your IP under your license.
College graduates tend to stay away from factories usually because they're afraid of becoming too comfortable. I didn't graduate college, but I've been programming since I was 13. Landed a programming job right out of high school. Got laid off(temporarily) for about a year and half. After savings ran out, I had to work somewhere. A factory job was my only choice. Sure, it was a living. But, while I was there, I didn't come home wanting to program. I couldn't just work there and pursue other interests. The work was too demanding of me physically. (although, I'd usually program some on the weekends).
The primary problem I had with working there though was the mentality of my coworkers and management. Managements view was that everyone was replaceable. Right before I quit a person who had been working there for 10 years go hurt (pretty seriously) on the job. Turns out he had went around a safety guard because of a defect in the machine (couldn't do something easily without going around the guard). It had been mentioned to management, but they never did anything. Day after he go hurt he came in bandaged up and on pain killers ready to attempt to do some work. They fired him. At that point I decided I'd never go back there. Put in two weeks notice a month later and stopped showing up the day after
I know I'll get modded into oblivion, but this actually makes sense somewhat. You get on a contract and buy a subsidized phone for $50 and pay 1 month of your bill. Then you cancel your contract, don't return the phone etc etc. You'll owe the carrier a lot of money, but they'll have to go through the debt-collection stuff to get it back. So, assuming you don't pay the collectors, you might have a $600 phone that you effectively paid $100 for
Note: this doesn't cover prepaid OR unsubsidized phones. What it covers is the situation I described and then unlocking the phone and going prepaid on another carrier. It doesn't "fix" the problem, it just encourages people to stick with their contract. I assume that there is also some clause that if you cancel the contract AND pay early-termination fees, then you can unlock the phone as well. Also, the article is quite vague in details, but I don't suspect it's the end of the world like most of you are saying.
if only it came true. Even if politics weren't involed, it still wouldn't be easy at all I imagine. It'd require processors to either rely on a standard memory controller, or to implement their own, along with all sorts of other similar challenges with performance vs. compatibility.
This is definitely an apple to oranges comparison as far as the CLR vs JVM because you're not just comparing them. You're also comparing IIS/Apache and MVC/whatever java has performance.
I suspect that one of the major reasons for C# being slower though is because Microsoft insists on making everything very magical and very fragily tied together with reflection. Why are views not compiled at compile time? No one knows. Why is reflection required to hook views to models to controllers? "because it's cool". Microsoft tries to make their statically typed language work with a pseudo-dynamically typed framework, and it ends up having crap performance(out of the box) as a result
I actually made an alternative framework("BarelyMVC") because of this. In my framework, I use reflection magic only once, and only because doing it manually is difficult, has no benefit, and has a marginal performance impact. I have staticly compiled views that have nearly no performance impact(it's just string concatenation). My routing engine doesn't rely on transversing folders and searching for specially named classes with attributes, you pass in a lambda to get the model/controller you need. I don't rely on magical attributes and naming schemes for core functionality. Now, of course, my framework isn't as "pretty", but when debugging time comes, it's very clear how everything is connected.
Am I the only person seriously wondering how Bash went from position 72 to 20? Bash is in the top 20 programming languages... Something is wrong with the programming universe
I don't quite get how this qualifies as news. This story points toward arstechnica which basically just summarizes(wrongly) the question and answers from programmers.stackexchange... The actual question name was "Unwritten rules of rewriting another team member's code" and covered rewrites, not just plain deletion.
Slashdot Mirror
As it stands, this isn't a story big enough to make the news. All the cookies are kept over HTTPS, so when getting a user's cookie is as easy as truly "breaking" HTTPS, there is little risk and numerous other websites will have this same "problem"
Also, what do you bet they have at least some protection against replay attacks like ensuring client side IP address or some such matches along with other unique identifiers. Although, making cookies like this last for a month or more at a time does feel pretty unsafe. Web security 101 is to ensure cookies ALWAYS expire. (ie, by hashing the expiration date with the auth token or some such)
This is called a Replay Attack. And protecting against it is very difficult without either (a) requiring huge server overhead or (b) making a user prone to "session invalid" type errors when making multiple tabs on the website
You're a single mother trying to put your kid through college...
...No you wouldn't. The *game logic* is on the server. You'd have to create your own server to play it. This makes it very hard to pirate, AND very tied to having a good internet connection even in "private" mode
This! When the next big content company that competes against Apple decides to take a move in the right direction to make their customers happy, Apple will be waiting with this patent, lawyers ready to pounce.
I've given up all hope that Apple actually wants it's users to be happy
This. I hate having to use a VPN. They are usually overly slow and generally screwy. For instance, at my house my internet is 20Mbit/2Mbit up/down. At work, it's 100MBit down/up (fiber). Over the VPN I'm lucky to get 300Kbyte/s download speeds, and much more often they are in the less than 100 range. I use SSH tunnels when I can because I can actually max out my connection with them, even with a third intermediate server involved
Because of these problems, I switched from using TFS (which requires always on connection, or things get stupid) to using git-tfs, which lets me use git and then "push" to TFS. Now I hardly ever use the VPN, other than to get on our private IRC server
Example: DefaultOverLoadAttribute -- "Indicates that a method is the default overload method" Wow, that's informative! And of course they don't give ANY links as to what the purpose of including this was, or saying when to use it
I commonly will have questions on Stackoverflow asking for help understanding what the hell MSDN is trying to say. For instance this question It's a question asking "MSDN says this, but I see this. Why?" with the answer boiling down to "MSDN is very misleading"
Or there is crap like DependencyProperty.RegisterAttached "here's a hint at what this does..." oh, btw, there's a magic naming convention we're not going to explain at all HAR HAR HAR
Of all the people criticizing these copyright trolls, why would they strike back at the guys who know what they're talking about and have the means to defend themselves(lawyers). Waiting for someone to come here soon and say "And....it's gone" with a link to their statement about going bankrupt and closing shop.
Yea, I'll believe that. When I started programming at age 13 the only thing I had in mind was my future job prospects. I didn't care if I enjoyed solving problems or creating stuff. The only thing I cared about was getting a head start on the career ladder and the future money I'd make, typical I think of all teenagers. I mean, every kid in school gets good grades and plans for college so they can make money right?
Yea, if you don't detect the sarcasm in the above, you shouldn't be here. Oddly enough, I started programming at 13, but it wasn't until I was 16 and someone asked me what kind of career I wanted that it actually clicked that I could do this as a job. Also, didn't finish college, but at an entry level programming job (a junior, but every other junior is a college graduate), less than $1000 in debt, making decent money, and only 21 years old.... Oh, and I wake up every morning happy that I actually am doing something interesting.
Slashdot ... is much more annoying, since to disable ads you have to download AdBlock.
Or just get positive Karma and check the "disable advertisements" options :)
You have a good idea in targeting non-profits. However, I want to make the point that doing work for non-profits doesn't mean it has to be non-profit for you. Most non-profits get money through government grants and/or private donations in order to operate. Hiring a programmer to take care of their software needs would certainly qualify as an operational expense they could justify. It most likely isn't going to be the going rate, however, since budgets for non-profits are usually very tight.
Exactly, at my previous job we actually made software exclusively for non-profits. The key there is to make software which can be used by multiple non-profits of the same type... but I don't intend to make something like that because of the associated support required
Once someone offhand asked me if I could write something like that quickbooks has(managing rental properties). I said "probably for the subset of it that you need, but it'd take a lot of time." And then he said "Could you do it for under $100? Quickbooks is too expensive for me to buy." Literal facepalm.
This is why I specified "short-term". I wouldn't want to do this every weekend. I enjoy the time that I get to do my own thing with my own projects. However, sometimes a bit of pocket cash is worth not having that freedom... for a while. Personal projects also help me avoid burn-out so I wouldn't dedicate every weekend for 2 years to it or something.
I think we've all moved on to Steve Ballmer being an idiot rather than Bill Gates being evil
Could forward everything over Tor or some such so that their activity isn't traceable to you (kinda)
I also have a friend who has a similar setup to what I use to have... but instead of the public wifi AP going to the internet, it made every HTTP request serve shock images(goatse, etc). I'm sure that's a good way to get sued though if some teen got onto your AP
I run my own OpenBSD router. I had this setup at one time, but after an upgrade I decided not to set it up again. Basically, it requires a ton of crap. A 3rd network interface, a wireless AP, and a ton of knowledge on how to configure it.
I'm very surprised that someone hasn't came out with a simple already setup wireless AP that segregates the guests from your local network, restricts it to some configurable bandwidth, and is secure enough to not be easily hacked through.
It's called not caring what people do with your code(ie, not assuming GPL is the only open source license). Your point is wrong, if people don't list a license, then (in the US anyway) it defaults to being very restrictive and you basically can't use it reliably. However, the point you make that "what ensures that people contributes back". Maybe I don't care if they contribute back? I write code because I enjoy it and want it to be genuinely useful to people. If my BSD licensed code becomes a key part in some million dollar product(see also Mac OSX and BSD kernels), then good for them. Makes me glad my code was that useful.
Also, it makes sense most of the time for companies to give back their changes to the open source product, so that they can then refine them or expand upon them. However, I could care less that you have some super specialized thing you built to hook into it. That doesn't need to be contributed back, where GPL would require it to be.
So, in summary: chill out about everyone "stealing" your code. If you're lax with your belief in code == IP, then GPL makes much less sense. GPL says the IP must remain open, even if you extend it or adapt it, basically it always belongs to me. BSD says take it and use it. Hide it, shove it in some top secret algorithm, I could care less. Just don't take a direct rip of my IP and then say it's your IP under your license.
College graduates tend to stay away from factories usually because they're afraid of becoming too comfortable. I didn't graduate college, but I've been programming since I was 13. Landed a programming job right out of high school. Got laid off(temporarily) for about a year and half. After savings ran out, I had to work somewhere. A factory job was my only choice. Sure, it was a living. But, while I was there, I didn't come home wanting to program. I couldn't just work there and pursue other interests. The work was too demanding of me physically. (although, I'd usually program some on the weekends).
The primary problem I had with working there though was the mentality of my coworkers and management. Managements view was that everyone was replaceable. Right before I quit a person who had been working there for 10 years go hurt (pretty seriously) on the job. Turns out he had went around a safety guard because of a defect in the machine (couldn't do something easily without going around the guard). It had been mentioned to management, but they never did anything. Day after he go hurt he came in bandaged up and on pain killers ready to attempt to do some work. They fired him. At that point I decided I'd never go back there. Put in two weeks notice a month later and stopped showing up the day after
I know I'll get modded into oblivion, but this actually makes sense somewhat. You get on a contract and buy a subsidized phone for $50 and pay 1 month of your bill. Then you cancel your contract, don't return the phone etc etc. You'll owe the carrier a lot of money, but they'll have to go through the debt-collection stuff to get it back. So, assuming you don't pay the collectors, you might have a $600 phone that you effectively paid $100 for
Note: this doesn't cover prepaid OR unsubsidized phones. What it covers is the situation I described and then unlocking the phone and going prepaid on another carrier. It doesn't "fix" the problem, it just encourages people to stick with their contract. I assume that there is also some clause that if you cancel the contract AND pay early-termination fees, then you can unlock the phone as well. Also, the article is quite vague in details, but I don't suspect it's the end of the world like most of you are saying.
if only it came true. Even if politics weren't involed, it still wouldn't be easy at all I imagine. It'd require processors to either rely on a standard memory controller, or to implement their own, along with all sorts of other similar challenges with performance vs. compatibility.
This is definitely an apple to oranges comparison as far as the CLR vs JVM because you're not just comparing them. You're also comparing IIS/Apache and MVC/whatever java has performance.
I suspect that one of the major reasons for C# being slower though is because Microsoft insists on making everything very magical and very fragily tied together with reflection. Why are views not compiled at compile time? No one knows. Why is reflection required to hook views to models to controllers? "because it's cool". Microsoft tries to make their statically typed language work with a pseudo-dynamically typed framework, and it ends up having crap performance(out of the box) as a result
I actually made an alternative framework("BarelyMVC") because of this. In my framework, I use reflection magic only once, and only because doing it manually is difficult, has no benefit, and has a marginal performance impact. I have staticly compiled views that have nearly no performance impact(it's just string concatenation). My routing engine doesn't rely on transversing folders and searching for specially named classes with attributes, you pass in a lambda to get the model/controller you need. I don't rely on magical attributes and naming schemes for core functionality. Now, of course, my framework isn't as "pretty", but when debugging time comes, it's very clear how everything is connected.
If I had points I'd mod this down so hard
Am I the only person seriously wondering how Bash went from position 72 to 20? Bash is in the top 20 programming languages... Something is wrong with the programming universe
I don't quite get how this qualifies as news. This story points toward arstechnica which basically just summarizes(wrongly) the question and answers from programmers.stackexchange... The actual question name was "Unwritten rules of rewriting another team member's code" and covered rewrites, not just plain deletion.
Whoops accidentally posted as AC. mehhh