At the large company I worked for, hooking up personal computers to the network was a terminable offense. So no, you don't give them a login - you don't set this up at all.
The chief reason appeared to be fear of viruses and hackers, but there are many, many more. The hacker front can be a bit obscure: What if your CEO read the article about RSA getting hacked by an excel file with an embedded flash object, and the CIO assures the board that all computers will have flash removed and tasks IT with identifying and removing flash everywhere? How are they going to look having to explain 'well, we got everything, except for the personal computers that we don't have access to'?
Lets say people start relying on the service you are providing with a personal computer under your desk. What if it goes down? Helpdesk will get called, and need to know what to tell the caller so they don't appear incompetent, and need to be able to address the problem. What if IT is required to certify that all of their computers have X patch applied as part of a compliance audit for certification? What if a corporate policy goes out that no computer can run unecnrypted ftp regardless of port # they run it on? What if your company is obligated to ensure that terminated employees can't log in to servers? What if a lawsuit is served and your company is required to provide copies of all records pertaining to meetings with client xyz, and your calendar server has meeting info on it but your IT department doesn't even know it exists? None of these things are unreasonable, but none of them can be done easily if you're allowed to set up whatever box you want doing whatever.
Sure, it makes your job harder if you have to go through official channels to get the things you need to get your job done. But your company needs to be able to get their job done too, and a bunch of random whatever-somebody-set-up-under-their-desk systems makes that really hard.
We had a very different system in the US. Specifically, banks invented a whole ton of things that don't work like that.
Example: "Interest only" loan (you pay 0 principle for say 5 years, at the end of 5 years you still owe everything and your loan expires. Sounds terrible, but if you think the house will appreciate significantly, in five years you will owe X but it will be worth X * 1.5 - boom you now have a 25% down payment automagically when you refi the next loan. The payment can be a fair bit smaller each month if you aren't factoring in "eventually pay the darned thing off".
Fails miserably if the house goes down or even stays about the same and you can't refi. So people 'walked away' from the house - just quit paying, moved out when the bank made enough fuss. Technically they can still owe money, but if they have no money, and lots of people are doing it, who's to collect what?
They also did stunts like short-term adjustable rate mortgages- give you a introductory rate for a while (a few years, a few months, many variations) to get the initial payment down, bump it up hugely when the time is up. You have probably seen something like this with credit cards, now imagine the same introductory teaser offers but on a half a million dollar house. Sure, if you can make the payment for 30 years you keep the house - but the payment doubles or triples after a little while, and how can you keep paying it?
Finally, even with normal loans, people would participate in taking out way more loan than they could afford on the idea that they will make more money later. Banks were happy to cooperate, encourage, even help them lie about their income, sometimes even lie for them with outright fraud, because the bank was paid only for closing the loan and immediately flipped it on to an investor (often quasi-government institutions Fannie Mae and Freddie Mac) who would divvy the loan up and resell it in packaged slices to other investors. So the person making the initial loan wasn't directly on the hook for any extra risk they took on, unless a court could prove outright fraud occurred. Encourages people to play fast and loose with any rules that might be in place because they judge their personal risk to be very very low, and if somebody else takes on extra risk, well, heck, "Buyer beware" and "sucker born every minute" etc.
You know, Netflix's silverlight player runs great on my Mac. I actually prefer it to Hulu's Flash player, because it can maintain full screen on a second monitor, which is a feature they added after complaints in forums. The Flash player got the same complaints, but no fix. Flash users have to hex edit their dll for that feature.
I was worried about suboptimal multi platform support, but in this one useful-to-me-example, I haven't seen it. Have you seen other features where it's a problem?
I see they are currently #1 on bing for Comforters and #4 for dresses. I wonder if it would be possible for the search engines share data on who is cheating?
I'm actually really surprised by the article, that it took so few sites to affect results and that such obviously off-topic links still helped. I thought the algorithms were already smarter than that.
The chains don't have a good supply either. You can find book #4 and #7 in a popular series, and anything else they will be happy to special order for you. But if I'm going to be ordering and waiting for things, why shouldn't I just do it myself online and save some money and avoid having to drive back to the store?
From the article summary, this is a *500* page book on the topic of using an app framework with a packaging system. How can that topic take 500 pages? It sounds like it should be a 2 page FAQ? What does a packaging system change so much that it needs 498 more pages?
I'm pretty sure their HR department has a zero tolerance policy on stealing from the company. How much money do I have to be worth before the rules don't apply to me anymore? Do you really think it's only unacceptable to steal if I'm on the bottom half of the org chart?
Do you really want them to teach you 140 characters at a time? Aren't web pages (blogs, RSS feeds, wikis, forums) a better way to actually convey information?
Ships aren't cheap, and marine environments are rather hostile (salt, water), and data centers can already be reasonably mobile by putting it in a shipping container and moving that shipping container somewhere... so what need is this filling?
How could a software update fix a hardware problem with the antenna? Isn't basic physics involved?
I would genuinely like to know. Plenty of people here (who aren't me unfortunately) know how antennas work, anything that could be done without changing the hardware involved?
1) First, you have to protect your users. I'd say there are three things to worry about here:
- SQL Injection. "Little Bobby Tables". This one is easy - use bind variables for all sql, and don't -ever- have dynamically interpreted sql with user inputs.
- Cross Site Scripting ("XSS"). This one is harder. If you ever display something to one user that could have been entered by another user, user b can own user a with some html. It's very hard to check for bad html because it can be disguised in various ways. A whitelist filter of allowed html is safer than a blacklist, but you still have to manage to consistenly scrub input.
- The fact that passwords are essentially inadequate, but it's hard and/or expensive to come up with anything better. So force decent passwords, remind your users not to give them to their friends, and anticipate there will be some level of "my angry ex boyfriend deleted all my stuff" support requests so history logs of important actions and the ability to roll stuff back will be useful.
- There *are* more types of things that can be done ("clickjacking", "sidejacking", dns poisoning) but I think the above cover most problems you really need to plan on.
2) Next, you have to protect your game.
- Malicious users. It's particularly easy to be a malicious user with HTML - the web app provides a nice form variable "itemid=12", I can change it to "itemid=1", poof I have your super wizard staff. You can't trust your users, ever, so write your app so that impossible things aren't permitted.
- Bots - if there is any instance where user activity is rewarded, somebody will find a way to automate it. It's a problem from a purely technical server load perspective, and it's also a problem from an upsetting good users viewpoint. Good luck here.
What worked for me was my dad gave me a copy of Zork and a copy of Quick Basic. My thought process went: "This is fun, and doesn't seem so hard I can't even imagine where to start."
If text adventures hold insufficient appeal, some more modern versions of surmountable tasks are: WoW mods Neverwinter Nights module Get the kid hooked on Eve and then make him learn VB to build profit & loss spreadsheets in Excel
Nope. Jquery isn't magic, it still follows the same rules under the hood, it is still using xmlhttprequest. The exception to the same origin policy for javascript code is you can load.js files from wherever, so the way around it is jsonp. See for example http://ecmanaut.blogspot.com/2006/01/jsonp-why-how.html
Well, in the anecdote game, my car was stolen. When it was recovered beat up and broken and abandoned out of gas on the side of the road, the cops didn't even bother to check for prints. They advised me to feel lucky I got it back and then went back about their business. I get the general impression that your positive experience is the exception, not the rule.
This article is not 'reporting' and should not be presented as 'news', not even news for nerds, stuff that matters.
There are some very interesting details, things that might perhaps be facts, but after presenting a string of them they are always followed with utterly unsubstantiated wild ass guesses that claim to be absolute facts and firmly grounded in expert opinion etc etc. While the Wild Ass Guesses may actually be true, they aren't facts, and presenting them as facts makes it impossible to believe any of the other information presented. At the end of the article all of this much vaunted expertise that the guesses are based on turns out to be this guy is some random programmer with a pond in his back yard.
This topic definitely needs some real reporting, but this sort hysterical speculation (includes quoting Revelations and speculating on this being an "Earth Extinction" event under the general premise of "they said this couldn't happen but it did so this other thing that also can't happen is obviously worth speculating about now") is downright irresponsible. Even if the premise that the news is massively underreporting the size of the spill is true, this is not the way to correct it.
What's the big deal with scribd lately? Weren't they a worthless site that nobody ever used because it was such a pain to try to read anything there? Or am I completely missing something?
Easy. Section 13 - it says if people connect to your program, you have to let the clients connecting to your program get a copy of your source code. This is significantly more copyleft than a normal gnu license, where you only need to make available a copy of your source code to anybody you give your program to, and thus not to the final end users in the case of web services. It addresses a real concern that software as a service ends up relying on source code you don't have access to or control over, but it does let any of your users read your code so grandparent is very correct about code audits. That being said, if he's worried about people reading code, he should be scared of any open source license. Grandparent appears to have a philosophical objection to the 'open' part of open source a.
Unfortunately, a few months ago Playon's Hulu support became horrible. Previously they had been directly loading video files, which worked great. Then they changed it to basically run an IE browser off-screen, and now you can't pause to buffer, it stutters and breaks a bunch more, and is somewhere between horribly disappointing and unusable. So good idea, but really flawed execution. Naturally it was working fine during my free trial period and was only botched shortly after. I feel swindled.
* My laptop only does 2.4ghz n, and I thought that was par for the course? Are laptops with 5ghz N really that common? * There is clearly a quality difference among access points, but how do you tell in advance which equipment will work and which won't?
Find the 9-digit rate table for sales tax in Georgia? Georgia publishes a taxes-by-county table (soon-to-be-current one is at https://etax.dor.ga.gov/salestax/salestaxrates/LGS_2010_Jan_Rate_Chart_Moore.pdf ) I have no idea how to map that into zip+4. Apple doesn't appear to know either; they just have an extra screen expressly to prompt me which county I live in.
Slashdot Mirror
It's shutting off the camera. Switching camera on/off has a slight visual delay.
At the large company I worked for, hooking up personal computers to the network was a terminable offense. So no, you don't give them a login - you don't set this up at all.
The chief reason appeared to be fear of viruses and hackers, but there are many, many more. The hacker front can be a bit obscure: What if your CEO read the article about RSA getting hacked by an excel file with an embedded flash object, and the CIO assures the board that all computers will have flash removed and tasks IT with identifying and removing flash everywhere? How are they going to look having to explain 'well, we got everything, except for the personal computers that we don't have access to'?
Lets say people start relying on the service you are providing with a personal computer under your desk. What if it goes down? Helpdesk will get called, and need to know what to tell the caller so they don't appear incompetent, and need to be able to address the problem. What if IT is required to certify that all of their computers have X patch applied as part of a compliance audit for certification? What if a corporate policy goes out that no computer can run unecnrypted ftp regardless of port # they run it on? What if your company is obligated to ensure that terminated employees can't log in to servers? What if a lawsuit is served and your company is required to provide copies of all records pertaining to meetings with client xyz, and your calendar server has meeting info on it but your IT department doesn't even know it exists? None of these things are unreasonable, but none of them can be done easily if you're allowed to set up whatever box you want doing whatever.
Sure, it makes your job harder if you have to go through official channels to get the things you need to get your job done. But your company needs to be able to get their job done too, and a bunch of random whatever-somebody-set-up-under-their-desk systems makes that really hard.
I miss doing web work with Tcl, but I don't want to support yet another does-this-client-support-this testing and special casing nightmare.
We had a very different system in the US.
Specifically, banks invented a whole ton of things that don't work like that.
Example: "Interest only" loan (you pay 0 principle for say 5 years, at the end of 5 years you still owe everything and your loan expires. Sounds terrible, but if you think the house will appreciate significantly, in five years you will owe X but it will be worth X * 1.5 - boom you now have a 25% down payment automagically when you refi the next loan. The payment can be a fair bit smaller each month if you aren't factoring in "eventually pay the darned thing off".
Fails miserably if the house goes down or even stays about the same and you can't refi. So people 'walked away' from the house - just quit paying, moved out when the bank made enough fuss. Technically they can still owe money, but if they have no money, and lots of people are doing it, who's to collect what?
They also did stunts like short-term adjustable rate mortgages- give you a introductory rate for a while (a few years, a few months, many variations) to get the initial payment down, bump it up hugely when the time is up. You have probably seen something like this with credit cards, now imagine the same introductory teaser offers but on a half a million dollar house. Sure, if you can make the payment for 30 years you keep the house - but the payment doubles or triples after a little while, and how can you keep paying it?
Finally, even with normal loans, people would participate in taking out way more loan than they could afford on the idea that they will make more money later. Banks were happy to cooperate, encourage, even help them lie about their income, sometimes even lie for them with outright fraud, because the bank was paid only for closing the loan and immediately flipped it on to an investor (often quasi-government institutions Fannie Mae and Freddie Mac) who would divvy the loan up and resell it in packaged slices to other investors. So the person making the initial loan wasn't directly on the hook for any extra risk they took on, unless a court could prove outright fraud occurred. Encourages people to play fast and loose with any rules that might be in place because they judge their personal risk to be very very low, and if somebody else takes on extra risk, well, heck, "Buyer beware" and "sucker born every minute" etc.
BCC was killed by spam filters, not facebook.
You know, Netflix's silverlight player runs great on my Mac. I actually prefer it to Hulu's Flash player, because it can maintain full screen on a second monitor, which is a feature they added after complaints in forums. The Flash player got the same complaints, but no fix. Flash users have to hex edit their dll for that feature.
I was worried about suboptimal multi platform support, but in this one useful-to-me-example, I haven't seen it. Have you seen other features where it's a problem?
I see they are currently #1 on bing for Comforters and #4 for dresses. I wonder if it would be possible for the search engines share data on who is cheating?
I'm actually really surprised by the article, that it took so few sites to affect results and that such obviously off-topic links still helped. I thought the algorithms were already smarter than that.
The chains don't have a good supply either. You can find book #4 and #7 in a popular series, and anything else they will be happy to special order for you. But if I'm going to be ordering and waiting for things, why shouldn't I just do it myself online and save some money and avoid having to drive back to the store?
From the article summary, this is a *500* page book on the topic of using an app framework with a packaging system.
How can that topic take 500 pages? It sounds like it should be a 2 page FAQ? What does a packaging system change so much that it needs 498 more pages?
How does this jive with Google's study that higher temps didn't seem to really cause hard drives to fail in their data center? http://static.googleusercontent.com/external_content/untrusted_dlcp/labs.google.com/en/us/papers/disk_failures.pdf
I'm pretty sure their HR department has a zero tolerance policy on stealing from the company. How much money do I have to be worth before the rules don't apply to me anymore? Do you really think it's only unacceptable to steal if I'm on the bottom half of the org chart?
My 5.7L V8 gets 23 mpg average in daily driving. I figure that's good enough that I don't need to trade it in over green guilt for some lawnmower that might get 5mpg better. Further improvement gets real diminishing returns, cars are only driven so much each year. See for example http://green.autoblog.com/2009/07/23/greenlings-where-are-the-most-important-mpg-increases-at-the-u/
Do you really want them to teach you 140 characters at a time?
Aren't web pages (blogs, RSS feeds, wikis, forums) a better way to actually convey information?
Ships aren't cheap, and marine environments are rather hostile (salt, water), and data centers can already be reasonably mobile by putting it in a shipping container and moving that shipping container somewhere... so what need is this filling?
How could a software update fix a hardware problem with the antenna? Isn't basic physics involved?
I would genuinely like to know. Plenty of people here (who aren't me unfortunately) know how antennas work, anything that could be done without changing the hardware involved?
1) First, you have to protect your users. I'd say there are three things to worry about here:
- SQL Injection. "Little Bobby Tables". This one is easy - use bind variables for all sql, and don't -ever- have dynamically interpreted sql with user inputs.
- Cross Site Scripting ("XSS"). This one is harder. If you ever display something to one user that could have been entered by another user, user b can own user a with some html. It's very hard to check for bad html because it can be disguised in various ways. A whitelist filter of allowed html is safer than a blacklist, but you still have to manage to consistenly scrub input.
- The fact that passwords are essentially inadequate, but it's hard and/or expensive to come up with anything better. So force decent passwords, remind your users not to give them to their friends, and anticipate there will be some level of "my angry ex boyfriend deleted all my stuff" support requests so history logs of important actions and the ability to roll stuff back will be useful.
- There *are* more types of things that can be done ("clickjacking", "sidejacking", dns poisoning) but I think the above cover most problems you really need to plan on.
2) Next, you have to protect your game.
- Malicious users. It's particularly easy to be a malicious user with HTML - the web app provides a nice form variable "itemid=12", I can change it to "itemid=1", poof I have your super wizard staff. You can't trust your users, ever, so write your app so that impossible things aren't permitted.
- Bots - if there is any instance where user activity is rewarded, somebody will find a way to automate it. It's a problem from a purely technical server load perspective, and it's also a problem from an upsetting good users viewpoint. Good luck here.
What worked for me was my dad gave me a copy of Zork and a copy of Quick Basic.
My thought process went:
"This is fun, and doesn't seem so hard I can't even imagine where to start."
If text adventures hold insufficient appeal, some more modern versions of surmountable tasks are:
WoW mods
Neverwinter Nights module
Get the kid hooked on Eve and then make him learn VB to build profit & loss spreadsheets in Excel
Nope. Jquery isn't magic, it still follows the same rules under the hood, it is still using xmlhttprequest. The exception to the same origin policy for javascript code is you can load .js files from wherever, so the way around it is jsonp. See for example http://ecmanaut.blogspot.com/2006/01/jsonp-why-how.html
Well, in the anecdote game, my car was stolen. When it was recovered beat up and broken and abandoned out of gas on the side of the road, the cops didn't even bother to check for prints. They advised me to feel lucky I got it back and then went back about their business.
I get the general impression that your positive experience is the exception, not the rule.
This article is not 'reporting' and should not be presented as 'news', not even news for nerds, stuff that matters.
There are some very interesting details, things that might perhaps be facts, but after presenting a string of them they are always followed with utterly unsubstantiated wild ass guesses that claim to be absolute facts and firmly grounded in expert opinion etc etc. While the Wild Ass Guesses may actually be true, they aren't facts, and presenting them as facts makes it impossible to believe any of the other information presented. At the end of the article all of this much vaunted expertise that the guesses are based on turns out to be this guy is some random programmer with a pond in his back yard.
This topic definitely needs some real reporting, but this sort hysterical speculation (includes quoting Revelations and speculating on this being an "Earth Extinction" event under the general premise of "they said this couldn't happen but it did so this other thing that also can't happen is obviously worth speculating about now") is downright irresponsible. Even if the premise that the news is massively underreporting the size of the spill is true, this is not the way to correct it.
What's the big deal with scribd lately? Weren't they a worthless site that nobody ever used because it was such a pain to try to read anything there? Or am I completely missing something?
Easy. Section 13 - it says if people connect to your program, you have to let the clients connecting to your program get a copy of your source code.
This is significantly more copyleft than a normal gnu license, where you only need to make available a copy of your source code to anybody you give your program to, and thus not to the final end users in the case of web services. It addresses a real concern that software as a service ends up relying on source code you don't have access to or control over, but it does let any of your users read your code so grandparent is very correct about code audits.
That being said, if he's worried about people reading code, he should be scared of any open source license. Grandparent appears to have a philosophical objection to the 'open' part of open source a.
Unfortunately, a few months ago Playon's Hulu support became horrible.
Previously they had been directly loading video files, which worked great. Then they changed it to basically run an IE browser off-screen, and now you can't pause to buffer, it stutters and breaks a bunch more, and is somewhere between horribly disappointing and unusable. So good idea, but really flawed execution.
Naturally it was working fine during my free trial period and was only botched shortly after. I feel swindled.
* My laptop only does 2.4ghz n, and I thought that was par for the course? Are laptops with 5ghz N really that common?
* There is clearly a quality difference among access points, but how do you tell in advance which equipment will work and which won't?
Find the 9-digit rate table for sales tax in Georgia?
Georgia publishes a taxes-by-county table (soon-to-be-current one is at https://etax.dor.ga.gov/salestax/salestaxrates/LGS_2010_Jan_Rate_Chart_Moore.pdf )
I have no idea how to map that into zip+4.
Apple doesn't appear to know either; they just have an extra screen expressly to prompt me which county I live in.