Off topic??? WTF? You've got to be kidding me. Here's a topic about laws on video game censorship... my post is about such laws, alternative options, and my opinion about the general concepts. Off Topic? Did you mods even READ the original topic??? Dear God!
Woops. I missed one key word in the sentence I responded to. "online". heh. No... then in this case, I agree.:) I was thinking about selling games over the counter. But flaimbait?
Wow... two posts in this thread that I understand may be contradictory... but flaim bait? And another marked "off topic"??? WTF? Come on people... surely there are better posts to mark as such and use mod points on.
Stop blaming retailers, game companies, cable tv, and generally everyone else. Do you job as a parent, discuss with your children why the material is unsuitable for them.
Yeah... stop blaming the billion dollar gaming companies for forcing their way into your children's mind... advertising near schools, placing games at a child's level of view, having violent game commercials with cartoon characters to appeal to kids. A parent should have their 16 year old son under lock and key 24/7 and be with them 100% of the time! That's the parent's responsibility. And we ALL know that teenagers listen to their parents... have a good chat with them... they'll always see your point and understand why what they want is wrong... and they'll always do what's right.
Oh please! Get a figgen clue! These are kids we're talking about. They don't listen to their parents. They aren't always under their parents supervision, and shouldn't be as they get older... but that doesn't mean parent's should not be able to extend their arm of influence... especially since the commercial world has extended their reaches with the unbelievably massive amount of advertising we're exposed to today, in ways that parents can't even counter without legislation.
What I just don't understand... what is so wrong here? A law would go into effect that protects the parents choice, defaulting on the side of caution and not letting kids (KIDS, mind you) buy stuff without parental approval. Adults would not be affected AT ALL. So, effectively, you're all arguing that parents should NOT have additional tools to help protect their kids... that kids should get to do whatever they want unless their parents treat them like prisoners (not exactly a realistic/healthy parental approach), and that companies have the right to influence what our kids want, see, think, and experience in life. It's already pretty damn bad... and companies are relying on the fact that younger generations don't know what "the good old days" were like.. so that they can push the envelope a little more. This is a common tactic on manipulation of perception used through the ages (for good and bad purposes).
Anyway... I think many of you ought to actually look at what the end effect is, rather than stick to some idealistic stance of being "against the man", and recognize that the PEOPLE behind the man are who you are affecting by your support... and the ones you are protecting and standing up FOR are not out for even YOUR best interests. Open your eyes people!
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
Hmmm... has anyone every bothered to actually think of the CONTEXT that this was written and created? Or has everyone just gone and accepted that the current exploited form is what it was originally intended as? As I recall, it was largely put in place to protect the people from an opressive government. The right to speak out against the government without reprecussion and to restrict the government from stepping on the religious rights of the people.
I'm mean, I'm all for free speech... but let's keep things in perspective here. Also, when the "rights" of an individual in regards to free speech begins to tread on the rights of other individuals (such as parental rights.. or even religious rights in conflict with another's "free speech" rights), where does the line get drawn? Who's rights prevail? In most cases, parental rights have prevailed.... How's that for precendence!
And one more thing... are we all so naive as to think the Bill of Rights and the Constitution were perfectly designed to address all issues that would ever come and affect the society? Please! Many (not all) the ammendments stuck on to the constitution, and the laws added creating this spagetti legal system of ours... they were to try and deal with the situations where this Bill of Rights just isn't realistic!
Never try to apply idealistic views to reality... idealistic views are merely guidance... not dogma.
Now...this finding would also have ramifications on selling games online. How do you verify age? You can't.
Ummm.. legal ID, perhaps... like is done with alcohol. I believe almost every state legally requires anyone over 18 to have a form of state issues ID. If you don't have such an ID, then you are either breaking the law or are not 18+ and attempting to break the law (if a law was in place against buying said product)... or at least attempting to coerce someone else to break the law (if the law were against selling said product).
Because the reality is that kids (especially those in the 14-17 range) aren't always 100% under the close eye of the parent. And I wouldn't expect them to be, as by that age they should be learning to be more independent. But the more important thing is... the law would be to protect the parent from having to combat the commercial world (which they already have to do with so many other things) from imposing views on how their children to be raised and what they should be exposed to. I've seen several comparissons to Tobacco laws being put in place, which I think is a rather appropriate comparisson. It finally became so clear that companies were pushing past the rights of the parents in order to gain market share. I can VERY easily see this going on with the video game industry. Now, is it as harmful? That's not for us to decide. That's each parent's right. And a parent can make the decision by buying the game FOR their kid.
I've seen similar arguments come up when the V-Chip was first introduced. "It's restricting my rights!" blah blah blah. Low and behold, it was the kids who were crying out... who didn't really have those rights anyway (not over parental rights)... and much like others in this country (US), there seems to be this growing perception that we have the right to anything we want. Have any of you actually READ the constitution? Or is this declining education system we have no longer having students do that?
Damn, you kids make me feel old. I don't really consider myself very old, but I was on the latter end of college when Doom (the original) came out. *sigh*
Now, on a serious note... I turned out just fine as well... but... You should not make calls about the law based on your own experiences. You very well could be an exception... both having gone to college, you were probably already good in school and fairly well educated and well adjusted. What is more important to look at are the over all statistics of how children on whole are reacting. I don't know what those stats are... I doubt they've been reliably collected... but they should be what is thought of when considering passing/denying such laws... not how two now-college kids turned out when they played violent games as kids.
Seriously people, some of you are wondering why these laws are controversial. I don't know about you, but it's a violation of the right of the store to sell whoever the hell they want to. We believe that yes, parents should monitor what their kids buy. But it shouldn't be law! Government should not force stores to change their policies and say "we don't sell video games to minors unless parent is there."
Ummm.. WHAT?!?!?!?! Where in the constitution do you see a damn thing about the right of business? It's the rights of the people... and even if it were, I see nothing about the right to sell what you want. This right simply does not exist. As for his comparrison to murder... I totally see where he's coming from. Is it an extreme, yes... however, it doesn't invalidate the point. The point, of course, which you seem to have missed, is that removing laws that protect society from itself would be ridiculous in areas where society still sees it as important. His example of removing laws against murder just drives the point home more clearly. Look past your own narrow methods of communication, and you may be more effective at understanding other people's points more... and you may actually respond without sounding naive.
Amen! If you didn't post it, I would have had to. It's always interesting how those that argue that they know everything about how things should be are always the ones we say we need to protect from themselves. *grin* granted, I was against the idea of the V-Chip when I first heard of it... but after I was a couple years older and saw what it REALLY was about and REALLY did... I'm TOTALLY for it. I'm not a parent, but I've shed my naivety about such things over the last 14+ years.
Actually, your comment about the V-Chip reminded me... game consoles are all starting to put in something similar where a parent can set a block on games of various ratings. Very similar concept. It seems that maybe, if a law were passed, it should be like with the V-Chip... support to have a secure blocking mechanism for parents to use. The law would secure and simplify the rights of the parent without stepping on anyone else's rights. If anything, it forces a parent to be more aware of the things they buy their kids, and USE the feature if they're concerned about the games they play.
1. Maybe I misread your tone, but you seem to be against the previous poster. However, his "where's the problem" comment was in regard to this failing and that parent's should be responsibel for their children, not laws.
2. While this is a restriction on free speech, you should be reminded that parental rights over their children trump the right to free speech towards children... always have, and likely always will.
Strangely, I thought it was already illegal for children under 17 to be sold rated M games... I'm not sure what this law was adding, except to maybe redefine the ratings under another party's domain of power (ie. a power grab).
While you are correct in your statements, the previous poster is actually quite right. The article doesn't compare the previous year's quarter. It's citing a decrease (weekly avg) from the Q3-05 numbers to the 3 weeks averaged for November. It's a very stupid comparrison. It should be comparing previous year's numbers relative to iPod sales... not the previous quarters.
I wonder if they took into account the number of people that are upgrading, and thus already had a bunch of music in digital form... and people who had music downloaded on their computers (not used on iPods). While I do have an iPod, my online music purchases aren't really driven by iPod use. In fact, I don't use my iPod as much anymore (not convenient in my car until I find an acceptable adapter). I burn CD's for the car, and play in the house through my Airport Express. So, the numbers could also have become skewed by changing use as time progresses.
So it's a tricky issue, but I think jumping to the conclusion that junk WHOIS means "hiding spammers" is premature and probably inaccurate. I would guess it's more just people trying to maintain some modicum of privacy.
I agree with much of what you said in your post. However, I don't entirely agree that it's mostly just people tryin to maintain privacy. Yes, I think that is a significant chunk of them. However, I see many other categories: - squatters - spammers - porn relays/redirectors (often also spammers) - companies (this one I will ellaborate on)
Many companies have questionable practices. Legal perhaps, but questionable in the court of public perception. For example, one company (I'll leave the name out, as much as I'd love to bash them) gave away reptiles as part of a big promotion. When the "winners" got the pet reptiles, most of them were sick with all sorts of disease and malnutrition issues. For many of those who received these animals, their other pets got the diseases (parasites usually). The company is one of the largest for pet supplies, particularly reptiles. Well, when reports came in about these sick and neglected animals two and two were put together and it became clear that this company was the source of them all. Most of the larger reptile-oriented community websites have boycotted the ads for this company. What we found was that the same owner was registering many domains, with different address info, phone numbers, etc. Sometimes it was obvious, because all reg info would be different EXCEPT the phone number, or some other subtle bit of info.
He was trying to market his company and get through the boycott to drive revenue.
So, in this case... companies that want to conceil who they really are by providing slightly different fronts are among those that register domains with fraudulent/false info.
And the claim that 'HTTP' doesn't understand cookies is, basically, a complete and utter lie. Cookies are defined quite well in RFC 2965, using a header to extent the HTTP protocol, as laid out in RFC 2616. Pretending it's not 'real' because it's in a different RFC is a bit absurd. By that logic SMTP doesn't have authentication.
Ummm... again, NOT part of the HTTP protocol. While cookies are communicated through headers defined by HTTP, the handling and "interpretation" of the cookie header values is also at a higher layer that the PROTOCOL. And even if cookies might be viewed as part of the protocol, they still don't define "state". They are merely a mechanism with which APPLICATIONS can use to maintain state. This HTTP would STILL be stateless (by strict definition of course).
The previous poster was generally right in that you were continuing to confuse the protocol and application layers. You cited maintaining state of "location" in the directory path as being what makes the lower level protocol "stateful". As was stated, it is the persisted connection defined by the FTP protocol that allows a server to make assumptions on a connection. Several transactions and requests are processed through the one connection. This is not the case with HTTP. HTTP is one request/one response. A more complex transaction requires several connections using HTTP.
Get off your high horse, and at least recognize that you have confused application layer with protocol several times now. Or do you need yet another person to come into the thread to point you out as wrong.... regardless of the specific RFC la-dee-da you are spewing. Knowing all your RFC's still doesn't make you right regarding the specific mistakes we've identified about your statements.
Hmmm... interesting. I was under the impression that in the last 12+ years, the web HAS changed. Pages have been able to include applications (Flash, DHTML, Applets, ActiveX [God forbid], etc). This is nothing new... it's been around for a LONG time. AJAX is just another technology that actually ties together many of the older method into newer and easier to deploy ones.
As for the fundamental unit of the web being the "page", that is one way to look at it. You could also see it at an even more fundamental level, and say it is requests and responses. Back, Forward, Stop, etc. all work in handling responses. And if you actually look at the source code of a browser, I'd be willing to bet that this is the way they actually see the web. That's how web servers see and handle it.
So, even IF the fundamental unit is "the page", what's wrong with an application ON a page? Oh, that's right... they have been. However, what I see, is that AJAX takes an application and removes the need to make ONE application MANY pages. It enabled the OPTION to put an application (or segment of one) onto one single page. The "applications page", shall we say.
Does this really sound like a bad thing? It sounds like it makes things simpler in most respects. Stop fearing the natural evolution of technology, look to how it can become a good thing and help steer that direction! You're sounding like all the telnet/gopher buffs I worked with back in '92 that said the web was a waste of time, added fluff, was slow, less compatible, harder to navigate (due to poor/lacking UI standards) and would never amount to anything. Sounds similar to the arguments being used against AJAX.
Although, after thinking about it more, I will concede that using a 302 to redirect to a URL with different parameters than the POST (say a unique index to the output resulting of the POST) would satisfy most security concerns related to POST on that submit.
Grr... Need coffee. Alright, admittedly misread your post. Still flawed, and my post about putting POST variables into a GET string as being JUST as wrong and risky, still applies.
Alright, admittedly misread your post. Still flawed, and my post about the security issues with putting POST variables into a GET string is JUST as wrong and risky.
Oh, and one more thing... I don't know if you've ever done a view source, but the amount of back end JavaScript being run on slashdot is pretty high too, not to mention having dependencies on external services (one of which was causing issues with pulling up pages earlier). They even use Google Analytics (interesting service). And I believe Google Analytics has some back end AJAX going on. So, in a way, slashdot is running AJAX code! heh.
Thanks. You ought to read some of the responses I got from others I can only say seem "lacking in sufficient experience", particularly where I need to go off about the unbelievable inconsideration for security concerns about what they were saying. It's an amusing read.
It's a fine line between sounding arrogant, and just knowing you know "more". Very different than the arrogance I had when I was the inexperienced developer about a decade ago or so.:)
I won't fully reply to you. Go read the reply to the person that responded before you. The utter terror your lack of understanding of the implications of just using GET instead of POST in more complex and important web applications takes me aback. I certainly hope that if you're a web developer as a profession that you learn more about the impact of your choices.
Okay, I'm going to reply to you, and the other guy who are so ignorant about security as to lightly suggest just switching POST to GET.
SSL solely encrypts the communication over the wire. It does not protect the user from having local files (history, etc) from being captured later. This opens them up to considerable risk if all queries (say with SSN, passwords, etc) are communicated using GET. It also stores all of that information in the web logs on the server. This is often a prime target of hackers to collect information. I can easily go on with several other risks to both the server for getting hacked because of GET parameters, and of the user, but I'll leave it at those two major ones. Read ANY book about good practices on building secure web interfaces, and one of the first thing any of them will say is to NOT use GET.
As for fully stateful attempts... that's the purpose of session cookies... to bring a stateless protocol into the stateful world. Technologies such as AJAX are about improving limitation on UI responsiveness, primarily, and not about making things fully stateful.
As for slashdot being bookmarked... no, it can't. You can't bookmark the page you get after posting, nor several others invovled in mid-process form responses. But you can bookmark the important ones (which is also supportive of my view on a good balance and design for appropriate areas of your site).
Actually, I did get your comment abou Java. It was not 100% clear, so I responded with BOTH contexts. You apparently didn't read my whole post. And in addition to all the complexities I mentioned about implementing a thick client based solution, there are massive security concerns as well. Banks have considered the idea of thick-clients (I know because I've worked with some to analyze critical risks to business logic being placed on the client), and decided they are too big a risk, even for many local branches. To remain secure, they would end up turning a Java client almost into a slightly more advanced web browser. Most are actually looking at AJAX or similar solutions to gain the UI advantages while maintaining the need for security. And by the way, if you were made to install and use a Java application for every service that had need for more advanced and interactive services, you'd be bitching about how they need to come up with a more central standard for their applications (ie. the web browser). Applets (or similar technologies) are a decent step in that direction, but are also prone to the same security concerns.
So, it doesn't make sense. It's not practical. People would have to install apps left and right, including those who are not technically savy, but can use a web browser. It doesn't make sense from a perspective of being successful while taking into account the reality of the user base, and what would happen if every other company people needed to deal with required their own special application installed. It's just not reasonable. That is what the advantages of the web browser was about. A common, central platform to build client-server interfaces (yes, applications).
You're right that web browser apps don't compete with desktop apps in terms of flexibility in UI. But we're not talking about things like calculators, Photoshop, or Word. We're talking specifically client-server oriented applications, where the communication is one of the primary things to deal with (behind the scenes, that is). Desktop apps have other limitations that are more crippling when we're talking about secure client-server applications. Oh yeah... you know all those bugs in IE and other clients for interacting with servers... just imagine EVERY one of those apps people need to use having those vulnerabilities without the financial backing to respond/fix immediately because of a non-centralized pooling of resources (like the IE development team that can have so much resources because of the popularity of the app). And I won't even go down the business/cost advantages beyond what I did i
Er, since when there's any need for AJAX for banking? Mine could certainly work just fine without it. Should be perfectly doable with web forms and cookies.
I said it was a possible solution to the "issues" you stated regarding your banks interface. Your issues have little to do with AJAX, JavaScript, or any other scripting. They are issues inherant to a web application not designed to handle specific cases as gracefully as you would like (but they could, if designed to).
Hint #1: I don't like web applications. Gmail is all nice and cool, but I don't give a damn about it, I'm very happy with my IMAP server.
Hint #2: *I* will decide what I want to bookmark and what not, thank you very much.
Hint #3: *I* will decide when I want to use the back button, instructions not to use it will never cease to annoy me.
And yeah, I know about the back button being a way to re-submit a transaction. But any bank should be sane enough not to process it again, which is exactly what I want: To go back to the previous page, without harmful consequences.
Um... your bank interface is a web application. Search engines are web applications. Pretty much anything that does logical user interaction is a web application! So, you don't care for most websites these days? Oh yeah, slashdot is a web application!
Interesting. Can you bookmark results on POST submits? No AJAX, but certainly can't be reflected in a URL. But then again, form submissions/results are a web application, but I forgot... you don't like using them.
Not if the site is designed to not give you the page. Considering that the website is likely more responsibile for effects of misuse, are the ones that DESIGN and GIVE you an interface and workflow to use, I think it's well within their right to control workflow on THEIR website. If you don't like it, don't use it. Now, a properly designed site will make these choices either seemless or unobtrusive to their users. So, again, you aren't complaining about AJAX, JavaScript, or other scripting, but rather a poor implementation. But place blame with it belongs, not on the first thing you notice to be related to the issue.
If the bank for whatever reason wants to offer a richer interface they can do it perfectly well with say, a Java application which won't have any of the problems all this AJAX mess has.
What crack are you smoking? Do you KNOW what AJAX is? AJAX is not something that is going to send up a warning because you hit your back button. That's JavaScript, yes... and probably what I'd call annoying as well. But AJAX is a way for a single web page to make requests behind the scenes without stepping from page to page. If AJAX were used for specific transactions, hitting your back button would present NO risk as it sounds like there currently IS with your bank. There would be a "transfer" page, and the steps of the transaction would not load a new page, but just be handled on that one page with requests done in the background. You could then hit back and forward all you want with little risk to transaction or your account. It would give you the freedom to use your back button without stepping into pages that are invalid or "dangerous", but still go to pages that ARE stable landing points.
And as for using Java as a solution to your issues? Why would this be? Java is just another programming language for the backend, unless you're talking about a servlet. It is prone to the exact same problems as PHP, Perl, C#, ASP, or even C (God forbid) would have in a stateless protocol. If something that uses Java on the backend IS behaving better, it's only because the implementation of the site has chosen to handle flow control better. But this could be the same regardless of the underlying language.
AJAX, as I said could be ONE solution to help with the problems you mentioned. Personally, I think it would also make the overall "steps" easier
Given your "MOST page content" statement, I was thinking about your average HTML page here, not "web app" type stuff.
My points about most pages wasn't in relation to use of AJAX, nor web applications. But even most largely static content websites are not designed for viewing on small screens. Most use tables or DIV tags, and on mobile devices these generally come across as a confusing and unusable page. Of course, this is with sites that don't think about mobile devices when designing. And this is MOST websites. They just don't think about it. So, the "most page content" was not as an argument for AJAX, but rather explaining why I don't consider the mobile market of browsers to matter all that much. The article says 11% are mobile users. But to me, that 11% has very little weight, and I truly believe that MOST web developers/designers feel the same. The whole reason for attacking the "old/non-ajax browsers" and mobile devices, was to put the statistics provided into perspective. To me, if you add "weights" to those markets, they become closer to 2% of what I care about, thus not a significant reason to be worried about some of the negatives raised as "shock-statistics" in the article. That's all that point was trying to bring out.
As I see it, though, most sites don't need AJAX. I guess we agree on that point. I was mainly reacting to the part about mobile browsers support supposedly requiring lots of extra effort...
Yes, I think we do agree on that. And that is what is bugging me about so many responses I see here, and with what the article seems to imply as justification for saying "AJAX Sucks". For serving up more "content" oriented pages... I agree that it is not the best choice/option. But neither the author nor many arguing against AJAX here, are providing an intellegent qualification for their statements, but rather blurt out a blanket comment that simply has too many exceptions.
AJAX is an amazing step towards good things with web applications. It has it's design considerations, sure. But so does any technology. I disagree with the extreme "hype" as well. Far too many people are hyping AJAX to a point that people are being stupid about using it where it doesn't belong. And I think an article/presentation to raise the concern is a good idea. I just think an extreme opposition to AJAX to a point of almost saying it should never be used is just as stupid and irresponsible as the hype. I think the benefits should be hailed as a wonderful thing, within its context... and I think extra attention should be raised to the exceptions and cautions. But they should also be within proper context.
These extreme sides just reminds me of the stupidity of politics these days... two extremes making stupid and irresponsible statements as a "counter balance" to the other... but neither actually does any justice to those who are affected most!
Heh. No, I don't use ASP or MS SQL. Much more of a PHP, *nix, Java, Mysql, Postgresql, Oracle kind of guy.
As for security concerns... trust me... I'm very conscious of them. It's what I do for a living.:) Anyone else going to the Software Security Summit in February?:) Looks like it will be much better than last year's.
One thing no one seems to have pointed out about AJAX (or rather poor implementation of it)... be sure to have the same security checks with the component requests as the main page has! I can't tell you how many stupid apps I've seen that have good security on the site... they implement something in AJAX, and totally forget to have those requests check for valid authentication to fetch data. *sigh* Out of sight, out of mind, I guess. heh.
Slashdot Mirror
Off topic??? WTF? You've got to be kidding me. Here's a topic about laws on video game censorship... my post is about such laws, alternative options, and my opinion about the general concepts. Off Topic? Did you mods even READ the original topic??? Dear God!
Woops. I missed one key word in the sentence I responded to. "online". heh. No... then in this case, I agree. :) I was thinking about selling games over the counter. But flaimbait?
Wow... two posts in this thread that I understand may be contradictory... but flaim bait? And another marked "off topic"??? WTF? Come on people... surely there are better posts to mark as such and use mod points on.
Yeah... stop blaming the billion dollar gaming companies for forcing their way into your children's mind... advertising near schools, placing games at a child's level of view, having violent game commercials with cartoon characters to appeal to kids. A parent should have their 16 year old son under lock and key 24/7 and be with them 100% of the time! That's the parent's responsibility. And we ALL know that teenagers listen to their parents... have a good chat with them... they'll always see your point and understand why what they want is wrong... and they'll always do what's right.
Oh please! Get a figgen clue! These are kids we're talking about. They don't listen to their parents. They aren't always under their parents supervision, and shouldn't be as they get older... but that doesn't mean parent's should not be able to extend their arm of influence... especially since the commercial world has extended their reaches with the unbelievably massive amount of advertising we're exposed to today, in ways that parents can't even counter without legislation.
What I just don't understand... what is so wrong here? A law would go into effect that protects the parents choice, defaulting on the side of caution and not letting kids (KIDS, mind you) buy stuff without parental approval. Adults would not be affected AT ALL. So, effectively, you're all arguing that parents should NOT have additional tools to help protect their kids... that kids should get to do whatever they want unless their parents treat them like prisoners (not exactly a realistic/healthy parental approach), and that companies have the right to influence what our kids want, see, think, and experience in life. It's already pretty damn bad... and companies are relying on the fact that younger generations don't know what "the good old days" were like.. so that they can push the envelope a little more. This is a common tactic on manipulation of perception used through the ages (for good and bad purposes).
Anyway... I think many of you ought to actually look at what the end effect is, rather than stick to some idealistic stance of being "against the man", and recognize that the PEOPLE behind the man are who you are affecting by your support... and the ones you are protecting and standing up FOR are not out for even YOUR best interests. Open your eyes people!
Hmmm... has anyone every bothered to actually think of the CONTEXT that this was written and created? Or has everyone just gone and accepted that the current exploited form is what it was originally intended as? As I recall, it was largely put in place to protect the people from an opressive government. The right to speak out against the government without reprecussion and to restrict the government from stepping on the religious rights of the people.
I'm mean, I'm all for free speech... but let's keep things in perspective here. Also, when the "rights" of an individual in regards to free speech begins to tread on the rights of other individuals (such as parental rights.. or even religious rights in conflict with another's "free speech" rights), where does the line get drawn? Who's rights prevail? In most cases, parental rights have prevailed.... How's that for precendence!
And one more thing... are we all so naive as to think the Bill of Rights and the Constitution were perfectly designed to address all issues that would ever come and affect the society? Please! Many (not all) the ammendments stuck on to the constitution, and the laws added creating this spagetti legal system of ours... they were to try and deal with the situations where this Bill of Rights just isn't realistic!
Never try to apply idealistic views to reality... idealistic views are merely guidance... not dogma.
Ummm.. legal ID, perhaps... like is done with alcohol. I believe almost every state legally requires anyone over 18 to have a form of state issues ID. If you don't have such an ID, then you are either breaking the law or are not 18+ and attempting to break the law (if a law was in place against buying said product)... or at least attempting to coerce someone else to break the law (if the law were against selling said product).
Because the reality is that kids (especially those in the 14-17 range) aren't always 100% under the close eye of the parent. And I wouldn't expect them to be, as by that age they should be learning to be more independent. But the more important thing is... the law would be to protect the parent from having to combat the commercial world (which they already have to do with so many other things) from imposing views on how their children to be raised and what they should be exposed to. I've seen several comparissons to Tobacco laws being put in place, which I think is a rather appropriate comparisson. It finally became so clear that companies were pushing past the rights of the parents in order to gain market share. I can VERY easily see this going on with the video game industry. Now, is it as harmful? That's not for us to decide. That's each parent's right. And a parent can make the decision by buying the game FOR their kid.
I've seen similar arguments come up when the V-Chip was first introduced. "It's restricting my rights!" blah blah blah. Low and behold, it was the kids who were crying out... who didn't really have those rights anyway (not over parental rights)... and much like others in this country (US), there seems to be this growing perception that we have the right to anything we want. Have any of you actually READ the constitution? Or is this declining education system we have no longer having students do that?
Damn, you kids make me feel old. I don't really consider myself very old, but I was on the latter end of college when Doom (the original) came out. *sigh*
Now, on a serious note... I turned out just fine as well... but... You should not make calls about the law based on your own experiences. You very well could be an exception... both having gone to college, you were probably already good in school and fairly well educated and well adjusted. What is more important to look at are the over all statistics of how children on whole are reacting. I don't know what those stats are... I doubt they've been reliably collected... but they should be what is thought of when considering passing/denying such laws... not how two now-college kids turned out when they played violent games as kids.
Ummm.. WHAT?!?!?!?! Where in the constitution do you see a damn thing about the right of business? It's the rights of the people... and even if it were, I see nothing about the right to sell what you want. This right simply does not exist. As for his comparrison to murder... I totally see where he's coming from. Is it an extreme, yes... however, it doesn't invalidate the point. The point, of course, which you seem to have missed, is that removing laws that protect society from itself would be ridiculous in areas where society still sees it as important. His example of removing laws against murder just drives the point home more clearly. Look past your own narrow methods of communication, and you may be more effective at understanding other people's points more... and you may actually respond without sounding naive.
Amen! If you didn't post it, I would have had to. It's always interesting how those that argue that they know everything about how things should be are always the ones we say we need to protect from themselves. *grin* granted, I was against the idea of the V-Chip when I first heard of it... but after I was a couple years older and saw what it REALLY was about and REALLY did... I'm TOTALLY for it. I'm not a parent, but I've shed my naivety about such things over the last 14+ years.
Actually, your comment about the V-Chip reminded me... game consoles are all starting to put in something similar where a parent can set a block on games of various ratings. Very similar concept. It seems that maybe, if a law were passed, it should be like with the V-Chip... support to have a secure blocking mechanism for parents to use. The law would secure and simplify the rights of the parent without stepping on anyone else's rights. If anything, it forces a parent to be more aware of the things they buy their kids, and USE the feature if they're concerned about the games they play.
-Alex
1. Maybe I misread your tone, but you seem to be against the previous poster. However, his "where's the problem" comment was in regard to this failing and that parent's should be responsibel for their children, not laws.
2. While this is a restriction on free speech, you should be reminded that parental rights over their children trump the right to free speech towards children... always have, and likely always will.
Strangely, I thought it was already illegal for children under 17 to be sold rated M games... I'm not sure what this law was adding, except to maybe redefine the ratings under another party's domain of power (ie. a power grab).
While you are correct in your statements, the previous poster is actually quite right. The article doesn't compare the previous year's quarter. It's citing a decrease (weekly avg) from the Q3-05 numbers to the 3 weeks averaged for November. It's a very stupid comparrison. It should be comparing previous year's numbers relative to iPod sales... not the previous quarters.
I wonder if they took into account the number of people that are upgrading, and thus already had a bunch of music in digital form... and people who had music downloaded on their computers (not used on iPods). While I do have an iPod, my online music purchases aren't really driven by iPod use. In fact, I don't use my iPod as much anymore (not convenient in my car until I find an acceptable adapter). I burn CD's for the car, and play in the house through my Airport Express. So, the numbers could also have become skewed by changing use as time progresses.
-Alex
I agree with much of what you said in your post. However, I don't entirely agree that it's mostly just people tryin to maintain privacy. Yes, I think that is a significant chunk of them. However, I see many other categories:
- squatters
- spammers
- porn relays/redirectors (often also spammers)
- companies (this one I will ellaborate on)
Many companies have questionable practices. Legal perhaps, but questionable in the court of public perception. For example, one company (I'll leave the name out, as much as I'd love to bash them) gave away reptiles as part of a big promotion. When the "winners" got the pet reptiles, most of them were sick with all sorts of disease and malnutrition issues. For many of those who received these animals, their other pets got the diseases (parasites usually). The company is one of the largest for pet supplies, particularly reptiles. Well, when reports came in about these sick and neglected animals two and two were put together and it became clear that this company was the source of them all. Most of the larger reptile-oriented community websites have boycotted the ads for this company. What we found was that the same owner was registering many domains, with different address info, phone numbers, etc. Sometimes it was obvious, because all reg info would be different EXCEPT the phone number, or some other subtle bit of info.
He was trying to market his company and get through the boycott to drive revenue.
So, in this case... companies that want to conceil who they really are by providing slightly different fronts are among those that register domains with fraudulent/false info.
Ummm... again, NOT part of the HTTP protocol. While cookies are communicated through headers defined by HTTP, the handling and "interpretation" of the cookie header values is also at a higher layer that the PROTOCOL. And even if cookies might be viewed as part of the protocol, they still don't define "state". They are merely a mechanism with which APPLICATIONS can use to maintain state. This HTTP would STILL be stateless (by strict definition of course).
The previous poster was generally right in that you were continuing to confuse the protocol and application layers. You cited maintaining state of "location" in the directory path as being what makes the lower level protocol "stateful". As was stated, it is the persisted connection defined by the FTP protocol that allows a server to make assumptions on a connection. Several transactions and requests are processed through the one connection. This is not the case with HTTP. HTTP is one request/one response. A more complex transaction requires several connections using HTTP.
Get off your high horse, and at least recognize that you have confused application layer with protocol several times now. Or do you need yet another person to come into the thread to point you out as wrong.... regardless of the specific RFC la-dee-da you are spewing. Knowing all your RFC's still doesn't make you right regarding the specific mistakes we've identified about your statements.
Hmmm... interesting. I was under the impression that in the last 12+ years, the web HAS changed. Pages have been able to include applications (Flash, DHTML, Applets, ActiveX [God forbid], etc). This is nothing new... it's been around for a LONG time. AJAX is just another technology that actually ties together many of the older method into newer and easier to deploy ones.
As for the fundamental unit of the web being the "page", that is one way to look at it. You could also see it at an even more fundamental level, and say it is requests and responses. Back, Forward, Stop, etc. all work in handling responses. And if you actually look at the source code of a browser, I'd be willing to bet that this is the way they actually see the web. That's how web servers see and handle it.
So, even IF the fundamental unit is "the page", what's wrong with an application ON a page? Oh, that's right... they have been. However, what I see, is that AJAX takes an application and removes the need to make ONE application MANY pages. It enabled the OPTION to put an application (or segment of one) onto one single page. The "applications page", shall we say.
Does this really sound like a bad thing? It sounds like it makes things simpler in most respects. Stop fearing the natural evolution of technology, look to how it can become a good thing and help steer that direction! You're sounding like all the telnet/gopher buffs I worked with back in '92 that said the web was a waste of time, added fluff, was slow, less compatible, harder to navigate (due to poor/lacking UI standards) and would never amount to anything. Sounds similar to the arguments being used against AJAX.
-Alex
Although, after thinking about it more, I will concede that using a 302 to redirect to a URL with different parameters than the POST (say a unique index to the output resulting of the POST) would satisfy most security concerns related to POST on that submit.
Grr... Need coffee.
Alright, admittedly misread your post. Still flawed, and my post about putting POST variables into a GET string as being JUST as wrong and risky, still applies.
Alright, admittedly misread your post. Still flawed, and my post about the security issues with putting POST variables into a GET string is JUST as wrong and risky.
-Alex
Oh, and one more thing... I don't know if you've ever done a view source, but the amount of back end JavaScript being run on slashdot is pretty high too, not to mention having dependencies on external services (one of which was causing issues with pulling up pages earlier). They even use Google Analytics (interesting service). And I believe Google Analytics has some back end AJAX going on. So, in a way, slashdot is running AJAX code! heh.
-Alex
Thanks. You ought to read some of the responses I got from others I can only say seem "lacking in sufficient experience", particularly where I need to go off about the unbelievable inconsideration for security concerns about what they were saying. It's an amusing read.
:)
It's a fine line between sounding arrogant, and just knowing you know "more". Very different than the arrogance I had when I was the inexperienced developer about a decade ago or so.
-Alex
I won't fully reply to you. Go read the reply to the person that responded before you. The utter terror your lack of understanding of the implications of just using GET instead of POST in more complex and important web applications takes me aback. I certainly hope that if you're a web developer as a profession that you learn more about the impact of your choices.
Okay, I'm going to reply to you, and the other guy who are so ignorant about security as to lightly suggest just switching POST to GET.
SSL solely encrypts the communication over the wire. It does not protect the user from having local files (history, etc) from being captured later. This opens them up to considerable risk if all queries (say with SSN, passwords, etc) are communicated using GET. It also stores all of that information in the web logs on the server. This is often a prime target of hackers to collect information. I can easily go on with several other risks to both the server for getting hacked because of GET parameters, and of the user, but I'll leave it at those two major ones. Read ANY book about good practices on building secure web interfaces, and one of the first thing any of them will say is to NOT use GET.
As for fully stateful attempts... that's the purpose of session cookies... to bring a stateless protocol into the stateful world. Technologies such as AJAX are about improving limitation on UI responsiveness, primarily, and not about making things fully stateful.
As for slashdot being bookmarked... no, it can't. You can't bookmark the page you get after posting, nor several others invovled in mid-process form responses. But you can bookmark the important ones (which is also supportive of my view on a good balance and design for appropriate areas of your site).
Actually, I did get your comment abou Java. It was not 100% clear, so I responded with BOTH contexts. You apparently didn't read my whole post. And in addition to all the complexities I mentioned about implementing a thick client based solution, there are massive security concerns as well. Banks have considered the idea of thick-clients (I know because I've worked with some to analyze critical risks to business logic being placed on the client), and decided they are too big a risk, even for many local branches. To remain secure, they would end up turning a Java client almost into a slightly more advanced web browser. Most are actually looking at AJAX or similar solutions to gain the UI advantages while maintaining the need for security. And by the way, if you were made to install and use a Java application for every service that had need for more advanced and interactive services, you'd be bitching about how they need to come up with a more central standard for their applications (ie. the web browser). Applets (or similar technologies) are a decent step in that direction, but are also prone to the same security concerns.
So, it doesn't make sense. It's not practical. People would have to install apps left and right, including those who are not technically savy, but can use a web browser. It doesn't make sense from a perspective of being successful while taking into account the reality of the user base, and what would happen if every other company people needed to deal with required their own special application installed. It's just not reasonable. That is what the advantages of the web browser was about. A common, central platform to build client-server interfaces (yes, applications).
You're right that web browser apps don't compete with desktop apps in terms of flexibility in UI. But we're not talking about things like calculators, Photoshop, or Word. We're talking specifically client-server oriented applications, where the communication is one of the primary things to deal with (behind the scenes, that is). Desktop apps have other limitations that are more crippling when we're talking about secure client-server applications. Oh yeah... you know all those bugs in IE and other clients for interacting with servers... just imagine EVERY one of those apps people need to use having those vulnerabilities without the financial backing to respond/fix immediately because of a non-centralized pooling of resources (like the IE development team that can have so much resources because of the popularity of the app). And I won't even go down the business/cost advantages beyond what I did i
I said it was a possible solution to the "issues" you stated regarding your banks interface. Your issues have little to do with AJAX, JavaScript, or any other scripting. They are issues inherant to a web application not designed to handle specific cases as gracefully as you would like (but they could, if designed to).
Um... your bank interface is a web application. Search engines are web applications. Pretty much anything that does logical user interaction is a web application! So, you don't care for most websites these days? Oh yeah, slashdot is a web application!
Interesting. Can you bookmark results on POST submits? No AJAX, but certainly can't be reflected in a URL. But then again, form submissions/results are a web application, but I forgot... you don't like using them.
Not if the site is designed to not give you the page. Considering that the website is likely more responsibile for effects of misuse, are the ones that DESIGN and GIVE you an interface and workflow to use, I think it's well within their right to control workflow on THEIR website. If you don't like it, don't use it. Now, a properly designed site will make these choices either seemless or unobtrusive to their users. So, again, you aren't complaining about AJAX, JavaScript, or other scripting, but rather a poor implementation. But place blame with it belongs, not on the first thing you notice to be related to the issue.
What crack are you smoking? Do you KNOW what AJAX is? AJAX is not something that is going to send up a warning because you hit your back button. That's JavaScript, yes... and probably what I'd call annoying as well. But AJAX is a way for a single web page to make requests behind the scenes without stepping from page to page. If AJAX were used for specific transactions, hitting your back button would present NO risk as it sounds like there currently IS with your bank. There would be a "transfer" page, and the steps of the transaction would not load a new page, but just be handled on that one page with requests done in the background. You could then hit back and forward all you want with little risk to transaction or your account. It would give you the freedom to use your back button without stepping into pages that are invalid or "dangerous", but still go to pages that ARE stable landing points.
And as for using Java as a solution to your issues? Why would this be? Java is just another programming language for the backend, unless you're talking about a servlet. It is prone to the exact same problems as PHP, Perl, C#, ASP, or even C (God forbid) would have in a stateless protocol. If something that uses Java on the backend IS behaving better, it's only because the implementation of the site has chosen to handle flow control better. But this could be the same regardless of the underlying language.
AJAX, as I said could be ONE solution to help with the problems you mentioned. Personally, I think it would also make the overall "steps" easier
My points about most pages wasn't in relation to use of AJAX, nor web applications. But even most largely static content websites are not designed for viewing on small screens. Most use tables or DIV tags, and on mobile devices these generally come across as a confusing and unusable page. Of course, this is with sites that don't think about mobile devices when designing. And this is MOST websites. They just don't think about it. So, the "most page content" was not as an argument for AJAX, but rather explaining why I don't consider the mobile market of browsers to matter all that much. The article says 11% are mobile users. But to me, that 11% has very little weight, and I truly believe that MOST web developers/designers feel the same. The whole reason for attacking the "old/non-ajax browsers" and mobile devices, was to put the statistics provided into perspective. To me, if you add "weights" to those markets, they become closer to 2% of what I care about, thus not a significant reason to be worried about some of the negatives raised as "shock-statistics" in the article. That's all that point was trying to bring out.
Yes, I think we do agree on that. And that is what is bugging me about so many responses I see here, and with what the article seems to imply as justification for saying "AJAX Sucks". For serving up more "content" oriented pages... I agree that it is not the best choice/option. But neither the author nor many arguing against AJAX here, are providing an intellegent qualification for their statements, but rather blurt out a blanket comment that simply has too many exceptions.
AJAX is an amazing step towards good things with web applications. It has it's design considerations, sure. But so does any technology. I disagree with the extreme "hype" as well. Far too many people are hyping AJAX to a point that people are being stupid about using it where it doesn't belong. And I think an article/presentation to raise the concern is a good idea. I just think an extreme opposition to AJAX to a point of almost saying it should never be used is just as stupid and irresponsible as the hype. I think the benefits should be hailed as a wonderful thing, within its context... and I think extra attention should be raised to the exceptions and cautions. But they should also be within proper context.
These extreme sides just reminds me of the stupidity of politics these days... two extremes making stupid and irresponsible statements as a "counter balance" to the other... but neither actually does any justice to those who are affected most!
Heh. No, I don't use ASP or MS SQL. Much more of a PHP, *nix, Java, Mysql, Postgresql, Oracle kind of guy.
:) Anyone else going to the Software Security Summit in February? :) Looks like it will be much better than last year's.
As for security concerns... trust me... I'm very conscious of them. It's what I do for a living.
One thing no one seems to have pointed out about AJAX (or rather poor implementation of it)... be sure to have the same security checks with the component requests as the main page has! I can't tell you how many stupid apps I've seen that have good security on the site... they implement something in AJAX, and totally forget to have those requests check for valid authentication to fetch data. *sigh* Out of sight, out of mind, I guess. heh.