Although in it's current state, MMS is a little too tied into the University of St. Andrews' systems and methods. Does make good example code though, and we'd love to hear from anyone interested in working to adapt it for use in their university. Key features:
Ties directly into central data storage, to make importing students and assigning them to the correct modules essentially a single click operation. Provides coursework upload, grading, per student file space, enrollment, tutorial and lecture attendance monitoring. Works well with both MySQL and Oracle.
I think there's too much of a tolerance of sloppy code writing practices. I've seen far too much code where people don't check values they get from the user, don't bother to do encoding (to avoid cross site scripting, for example), use sprintf() with fixed size buffers, etc. These are not things which take any significant amount of time to avoid when writing the code, but can be a nightmare to track down later, and are a sign of either developer laziness or incompetence. At the worst, I've seen people think connections were secure because they called the remote host 'secure.', or carefully encrypt data from the web server to the back office systems, but leave it in plaintext across the Internet.
I'm not saying programmers should be financially liable for their code, but I think a lot of companies would do better if they ensured their coders knew what they were doing, in terms of security, and fire/move to the Freecell project any coders that show a consistant inability to write secure code.
I've got to say, cross-scripting exploits are typically someone going "I have a string to send to the user, and I'm just going to assume it doesn't contain dangerous (in an HTML sense) characters because typing encodeHTML() everywhere is really dull". Which, if you think it's dull doing at the time, is mind bogglingly tedious to do after the fact.
I don't know what the situation is with renting TV show DVDs, in the US, but I rent 6 DVDs from Amazon.co.uk each month, for about $16 (doing the conversion in my head). So, for my money I get ad-free TV, which I can watch whenever I want.
I've got some less technical friends, who appreciate having a physical copy of photos, which is the main reason for me printing off photos. It's also useful if I want to take photos somewhere to show; sure, I could take a CD/laptop/whatever, but physical prints are generally easier to deal with (at least in small numbers).
Having said that, I still only print out a tiny fraction of all the photos I take...
Seriously here people, most free software is complete tripe. The popular projects you hear about, Linux, Firefox, etc. are just a small fraction of what's out there. Peer review only works if people are interested in your project.
Open source tends to be written by/for people who care more about stability than features, and that's a major help, but it is not miraculously better. How many people here have actually sat down, and looked over the source of an open source project to check for bugs/exploits?
Re:This sort of thing...
on
RIAA Sues a Child
·
· Score: 2, Informative
Wish I had mod points. People saying "I copy music illegally because the RIAA are evil" drives me nuts; all they're doing is re-inforcing the RIAA's arguments that music piracy is a major problem. If you want to make an actual impact, neither buy nor copy the music. Same goes for people who complain movies/video games/etc are overpriced; stop copying, start going without, you'll make an actual impact.
Re:it's all just rumor...
on
Video iPod Oct 12?
·
· Score: 2, Interesting
I like the idea of an video streaming device; have quite fancied getting one, but really haven't been confident enough about any implementation so far. I can't see Apple not including a remote control, it's such an obvious add-on and they're hardly one to cut corners...
Keeping track of graphics card naming schemes is giving me a headache. I had an ATI 9700 Pro, and at the time the 9800 Pro was the fastest. There was also the 9500 and 9600, which were mid range cards, and something below.
Then we hit the X series. Suddenly X800 Pro is the lowest of the high end cards, and there's an X800 XT (or something) which is the higher one. Now we've got XL, GT, GTX, X700s, X300s, and X1n00 somethings.
I want a name that clearly indicates the generation of card (which '9', then 'X' and now 'X1' pretty much do), but also target audience (typically the second digit of the card number does this, but they need to be consistant between generations), and then I want a clear indication of where the card lies in that generation/target combination.
So, for example, the latest Nvidia graphics cards might be 7830 instead of 7800 GT, and 7870 instead of 7800 GTX. This gives room above and below for expansion, and means that I know a card is faster, in that brand/generation, if the number is higher. I'd also like Nvidia and ATI to sit down, and agree on these numbering schemes, so all I have to do is remember the brand I want, and the rest if just a case of comparing model numbers and looking for one that's high, and I can still afford.
Instead, I have to currently remember what numbers each brand uses to designate which generation, target audience, current weather, and just what the GTLXPro on the end means.
Then some guy with a digger breaks the network connection, and then the screaming starts...
Sorry, spent a month without Internet access at home, because of various problems (including but not limited to someone with a digger), haven't quite got over the shock yet.
Seriously though, okay, there may be less work to do in keeping computers up, running and virus free, but this would make companies far more dependent on keeping their network infrastructure up. Network disruptions suddenly mean that everyone is staring blankly at their little black box, rather than getting on with non-network critical work. So those jobs will probably more change, rather than disappear.
Oh, certainly I have to pick where I live carefully, and pay extra, to be able to walk to work and the shops. This is not a choice I'd ever claim is easy (particularly at any point I want to get anywhere after midnight).
However, cold shouldn't be written off so easily. Carefully picking where I live and work is a nuisance, but the cold can be actually dangerous (particularly, what would be merely rather unpleasant most of the time, can be a real issue if you're ill).
Veering wildly off topic: as part of the non car driving crowd (part trying to help the environment, part trying to make the point you don't need to, and part I like living close to everything, and couldn't afford to live close and drive), I'm curious to know how feasible getting everywhere on foot would there, or does it just get too cold?
Sorry, allow me to clarify what I meant. AJAX provides a brilliant way to work around client-pull. However, a lot of people seem to see it as inherently making things better, and that's what bugs me.
Don't get me wrong, I'll really impressed by the apps listed in this article. They're not something I'd use, myself, but quite a few people here seem to like the idea, and that's good for them. It was just, I've never really looked for server-push in my word processor, y'know? A few people have pointed out it does actually do collaborative editing though, so okay, I'll go be quiet in the corner now.
Oh, and for reference, I've been a web developer for 4 years (since I graduated), but only started looking at using AJAX in the last few months. On the other hand, so far our users have mostly said "Yeah, that's kinda cool, but not really worth the effort you're putting in to making it do that" to auto-updating pages, so...
This is why I tend to ensure my web applications are functional in IE, and the eye-candy works in Firefox. There's no question of not being unable to use my stuff in IE, but it'll look better (and in several cases, be easier to use) in browsers that actually follow the standards.
Everyone seems to be running around raving about AJAX applications. Why do you all think AJAX is so good? Really? It's cool if you need to update a webpage without reloading (and particularly for server-push), but why do I want server-push functionality in a word processor, spreadsheet, calendar, presentation-building software or note-taking software (note, I've taken e-mail client out of that list, as server push is actually useful there)?
Sure, if these were tools to allow multiple people to work on the same document simultaneously, but these all seem to share data only after it's been saved back to the server. As someone else pointed out, the presentation application doesn't even use AJAX!
Would people please stop using AJAX to mean "Really cool looking Javascript application"? If Javascript applications excite you, fine, you're welcome to them, but please get the terms right...
Not to mention, getting any sort of HD service in the UK is extremely tricky. I believe there's a Europe-wide satellite channel you can get, but that's it until Sky launch their HD service next year, and that's only good if you're really into either sports or movies.
Having said that, I am looking at getting an LCD (space is an issue for, and we move house frequently, so weight is too), which would be HD. Good for next gen consoles!
As I said last time, I really don't like the idea of not being able to access my applications without Internet access. The response I got at the time was that it was just a matter of time before Internet access was just as reliable as power or water.
Since then (3-4 months or so), I've had no Internet access at home for a total of four weeks, due to problems with administration, moving house, and some guy with a digger...
It also occurrs, I have UPSes at work, a laptop at home, and bottled water in my cupboards. So, I hope everyone understands if I don't want to add any more points of failure...
If they're sensible, I think there's serious scope for them cutting down the numbers of adverts, while massively improving their effectiveness. I don't know about you, but I see a hell of a lot of adverts for car purchase credit. If I could tell Google that I don't drive, can't drive, and don't want to drive, maybe it could skip all those adverts, which were just wasted time anyway. Same for kids: don't have any, don't want any, and any turning up would be through divine intervention at this point, so there's no point trying to sell me baby products. However, I am interested in new games/hardware, so maybe it could show me more adverts for those.
Suddenly, I'm being shown adverts which are likely to interest me. They could cut adverts in half, while still providing a massively improved response rate for the outlay, and make their customers happy at the same time.
Another point - I've seen "Press this button for more information" stuff before. It's of no use to me, I'm not going to break in the middle of watching something to get more information. If instead, I could flag an advert, and come back to it later, that would be much more useful to me...
On Linux systems, patched daily with the latest security updates, running behind two different firewalls (and different brands of firewall too), with only encrypted connections for authentication, you'll understand if I'm skeptical that the systems have been hacked into?
Yes, exactly! Their methods for asserting that someone has been copying music need to be shown to be accurate. Maybe they really are carefully auditing everything every step of the way, double checking connections to ensure traffic isn't being faked, keeping paper trails to ensure data couldn't be modified, etc. However, until this can be shown to be true, the courts should be treating this like they would if anyone else turned up and said "Bob owes me because he illegally copied my stuff, and here's *wave computer printout* all the evidence".
To be honest, the RIAA shouldn't be doing this at all. Finding people who are illegally sharing music, and providing evidence of this should not be left to the people who stand to profit from it! This is something regular law enforcement agencies should handle, and I'm disappointed that they are not, as it would (should?) have stopped the RIAA from getting involved in evidence gathering in the first place.
If I took you to court and said, "This man over here stole $4000 worth of music from my music collection. Pay me right now for damages." they might consider it, but what if I told them by stealing I mean that you took my CDs, copied them, MP3'd them, and then returned them without any kind of damage? Now is it stupid to ask for their full value?
But they aren't claiming the music itself has been stolen. What they are claiming has been stolen is the proceeds they should have received from the sale of each copy, as they are the copyright holder. If you think there are flaws in the copyright system, say that, but that's a different matter.
Now what if I said that instead of my entire music collection, you owe me 50 times the price I paid for them. I'd be laughed out of the courtroom and cornholed by the baliff for making him miss McGuyver.
But its all good if you're a company, because God knows whatever a company says has been well researched, thought out, and their word should be taken over mine at all times.
I'm with you on this one. I think it's assumed (much like many people assume everything they seen in adverts is true), that someone must have checked all this, and would have done something about it if it wasn't true, and therefore they don't have to.
While I rarely agree with/. comments on usage caps, that is truly awful. The 256kb/s package, for example, would run out after 640 seconds, or around 10 minutes. The 4mb/s package would at least last you an hour, but that's still pretty ridiculous...
No, they should put up a 100% standards compliant website, and leave the browsers to sort it out amongst themselves. I do it, it doesn't take long if you actually know what you're doing. Learn the standard, write to it, run stuff through a validator and you're done.
Instead, the people that put up the website over complicated matters, and in the progress broke it for everything except IE.
Slashdot Mirror
Another one:
http://sourceforge.net/projects/mms-mle/
Although in it's current state, MMS is a little too tied into the University of St. Andrews' systems and methods. Does make good example code though, and we'd love to hear from anyone interested in working to adapt it for use in their university. Key features:
Ties directly into central data storage, to make importing students and assigning them to the correct modules essentially a single click operation.
Provides coursework upload, grading, per student file space, enrollment, tutorial and lecture attendance monitoring.
Works well with both MySQL and Oracle.
I think there's too much of a tolerance of sloppy code writing practices. I've seen far too much code where people don't check values they get from the user, don't bother to do encoding (to avoid cross site scripting, for example), use sprintf() with fixed size buffers, etc. These are not things which take any significant amount of time to avoid when writing the code, but can be a nightmare to track down later, and are a sign of either developer laziness or incompetence. At the worst, I've seen people think connections were secure because they called the remote host 'secure.', or carefully encrypt data from the web server to the back office systems, but leave it in plaintext across the Internet.
I'm not saying programmers should be financially liable for their code, but I think a lot of companies would do better if they ensured their coders knew what they were doing, in terms of security, and fire/move to the Freecell project any coders that show a consistant inability to write secure code.
I've got to say, cross-scripting exploits are typically someone going "I have a string to send to the user, and I'm just going to assume it doesn't contain dangerous (in an HTML sense) characters because typing encodeHTML() everywhere is really dull". Which, if you think it's dull doing at the time, is mind bogglingly tedious to do after the fact.
</rant>
I don't know what the situation is with renting TV show DVDs, in the US, but I rent 6 DVDs from Amazon.co.uk each month, for about $16 (doing the conversion in my head). So, for my money I get ad-free TV, which I can watch whenever I want.
I've got some less technical friends, who appreciate having a physical copy of photos, which is the main reason for me printing off photos. It's also useful if I want to take photos somewhere to show; sure, I could take a CD/laptop/whatever, but physical prints are generally easier to deal with (at least in small numbers).
Having said that, I still only print out a tiny fraction of all the photos I take...
And you get modded down. Genius.
Seriously here people, most free software is complete tripe. The popular projects you hear about, Linux, Firefox, etc. are just a small fraction of what's out there. Peer review only works if people are interested in your project.
Open source tends to be written by/for people who care more about stability than features, and that's a major help, but it is not miraculously better. How many people here have actually sat down, and looked over the source of an open source project to check for bugs/exploits?
Wish I had mod points. People saying "I copy music illegally because the RIAA are evil" drives me nuts; all they're doing is re-inforcing the RIAA's arguments that music piracy is a major problem. If you want to make an actual impact, neither buy nor copy the music. Same goes for people who complain movies/video games/etc are overpriced; stop copying, start going without, you'll make an actual impact.
I like the idea of an video streaming device; have quite fancied getting one, but really haven't been confident enough about any implementation so far. I can't see Apple not including a remote control, it's such an obvious add-on and they're hardly one to cut corners...
Keeping track of graphics card naming schemes is giving me a headache. I had an ATI 9700 Pro, and at the time the 9800 Pro was the fastest. There was also the 9500 and 9600, which were mid range cards, and something below.
Then we hit the X series. Suddenly X800 Pro is the lowest of the high end cards, and there's an X800 XT (or something) which is the higher one. Now we've got XL, GT, GTX, X700s, X300s, and X1n00 somethings.
I want a name that clearly indicates the generation of card (which '9', then 'X' and now 'X1' pretty much do), but also target audience (typically the second digit of the card number does this, but they need to be consistant between generations), and then I want a clear indication of where the card lies in that generation/target combination.
So, for example, the latest Nvidia graphics cards might be 7830 instead of 7800 GT, and 7870 instead of 7800 GTX. This gives room above and below for expansion, and means that I know a card is faster, in that brand/generation, if the number is higher. I'd also like Nvidia and ATI to sit down, and agree on these numbering schemes, so all I have to do is remember the brand I want, and the rest if just a case of comparing model numbers and looking for one that's high, and I can still afford.
Instead, I have to currently remember what numbers each brand uses to designate which generation, target audience, current weather, and just what the GTLXPro on the end means.
</rant>
Then some guy with a digger breaks the network connection, and then the screaming starts...
Sorry, spent a month without Internet access at home, because of various problems (including but not limited to someone with a digger), haven't quite got over the shock yet.
Seriously though, okay, there may be less work to do in keeping computers up, running and virus free, but this would make companies far more dependent on keeping their network infrastructure up. Network disruptions suddenly mean that everyone is staring blankly at their little black box, rather than getting on with non-network critical work. So those jobs will probably more change, rather than disappear.
Oh, certainly I have to pick where I live carefully, and pay extra, to be able to walk to work and the shops. This is not a choice I'd ever claim is easy (particularly at any point I want to get anywhere after midnight).
However, cold shouldn't be written off so easily. Carefully picking where I live and work is a nuisance, but the cold can be actually dangerous (particularly, what would be merely rather unpleasant most of the time, can be a real issue if you're ill).
Veering wildly off topic: as part of the non car driving crowd (part trying to help the environment, part trying to make the point you don't need to, and part I like living close to everything, and couldn't afford to live close and drive), I'm curious to know how feasible getting everywhere on foot would there, or does it just get too cold?
Sorry, allow me to clarify what I meant. AJAX provides a brilliant way to work around client-pull. However, a lot of people seem to see it as inherently making things better, and that's what bugs me.
Don't get me wrong, I'll really impressed by the apps listed in this article. They're not something I'd use, myself, but quite a few people here seem to like the idea, and that's good for them. It was just, I've never really looked for server-push in my word processor, y'know? A few people have pointed out it does actually do collaborative editing though, so okay, I'll go be quiet in the corner now.
Oh, and for reference, I've been a web developer for 4 years (since I graduated), but only started looking at using AJAX in the last few months. On the other hand, so far our users have mostly said "Yeah, that's kinda cool, but not really worth the effort you're putting in to making it do that" to auto-updating pages, so...
This is why I tend to ensure my web applications are functional in IE, and the eye-candy works in Firefox. There's no question of not being unable to use my stuff in IE, but it'll look better (and in several cases, be easier to use) in browsers that actually follow the standards.
You think that's bad? Forget scratches, 'ipod nano kills' yields 120,000 results! :)
Everyone seems to be running around raving about AJAX applications. Why do you all think AJAX is so good? Really? It's cool if you need to update a webpage without reloading (and particularly for server-push), but why do I want server-push functionality in a word processor, spreadsheet, calendar, presentation-building software or note-taking software (note, I've taken e-mail client out of that list, as server push is actually useful there)?
Sure, if these were tools to allow multiple people to work on the same document simultaneously, but these all seem to share data only after it's been saved back to the server. As someone else pointed out, the presentation application doesn't even use AJAX!
Would people please stop using AJAX to mean "Really cool looking Javascript application"? If Javascript applications excite you, fine, you're welcome to them, but please get the terms right...
Not to mention, getting any sort of HD service in the UK is extremely tricky. I believe there's a Europe-wide satellite channel you can get, but that's it until Sky launch their HD service next year, and that's only good if you're really into either sports or movies.
Having said that, I am looking at getting an LCD (space is an issue for, and we move house frequently, so weight is too), which would be HD. Good for next gen consoles!
As I said last time, I really don't like the idea of not being able to access my applications without Internet access. The response I got at the time was that it was just a matter of time before Internet access was just as reliable as power or water.
Since then (3-4 months or so), I've had no Internet access at home for a total of four weeks, due to problems with administration, moving house, and some guy with a digger...
It also occurrs, I have UPSes at work, a laptop at home, and bottled water in my cupboards. So, I hope everyone understands if I don't want to add any more points of failure...
If they're sensible, I think there's serious scope for them cutting down the numbers of adverts, while massively improving their effectiveness. I don't know about you, but I see a hell of a lot of adverts for car purchase credit. If I could tell Google that I don't drive, can't drive, and don't want to drive, maybe it could skip all those adverts, which were just wasted time anyway. Same for kids: don't have any, don't want any, and any turning up would be through divine intervention at this point, so there's no point trying to sell me baby products. However, I am interested in new games/hardware, so maybe it could show me more adverts for those.
Suddenly, I'm being shown adverts which are likely to interest me. They could cut adverts in half, while still providing a massively improved response rate for the outlay, and make their customers happy at the same time.
Another point - I've seen "Press this button for more information" stuff before. It's of no use to me, I'm not going to break in the middle of watching something to get more information. If instead, I could flag an advert, and come back to it later, that would be much more useful to me...
On Linux systems, patched daily with the latest security updates, running behind two different firewalls (and different brands of firewall too), with only encrypted connections for authentication, you'll understand if I'm skeptical that the systems have been hacked into?
Yes, exactly! Their methods for asserting that someone has been copying music need to be shown to be accurate. Maybe they really are carefully auditing everything every step of the way, double checking connections to ensure traffic isn't being faked, keeping paper trails to ensure data couldn't be modified, etc. However, until this can be shown to be true, the courts should be treating this like they would if anyone else turned up and said "Bob owes me because he illegally copied my stuff, and here's *wave computer printout* all the evidence".
To be honest, the RIAA shouldn't be doing this at all. Finding people who are illegally sharing music, and providing evidence of this should not be left to the people who stand to profit from it!
This is something regular law enforcement agencies should handle, and I'm disappointed that they are not, as it would (should?) have stopped the RIAA from getting involved in evidence gathering in the first place.
But they aren't claiming the music itself has been stolen. What they are claiming has been stolen is the proceeds they should have received from the sale of each copy, as they are the copyright holder. If you think there are flaws in the copyright system, say that, but that's a different matter.
I'm with you on this one. I think it's assumed (much like many people assume everything they seen in adverts is true), that someone must have checked all this, and would have done something about it if it wasn't true, and therefore they don't have to.
While I rarely agree with /. comments on usage caps, that is truly awful. The 256kb/s package, for example, would run out after 640 seconds, or around 10 minutes. The 4mb/s package would at least last you an hour, but that's still pretty ridiculous...
No, they should put up a 100% standards compliant website, and leave the browsers to sort it out amongst themselves. I do it, it doesn't take long if you actually know what you're doing. Learn the standard, write to it, run stuff through a validator and you're done.
Instead, the people that put up the website over complicated matters, and in the progress broke it for everything except IE.
The fact that IE is an abomination that merrily ignores standards doesn't mean web developers should code to it, instead of everything else.