PHP should escape automatically and anything that needs to be placed into the database raw should have be moved there via an "unescape" function. Why is the default functionality "Do this the dangerous way".
It should also have fixed classes for encoding / decoding HTML. Every PHP project out there has its own weird and badly written way of cleaning entered HTML. Personally, I'd like to see the best of those aggregated into know PHP functions.
I've got a b2evo site running on PHP and any changes I make to it terrify me. I don't know the language well enough to make or know that it's safe. You can blame my inexperience here and you've every right to, but personally I'd prefer it if the developers of PHP took care of that and left me to the task of providing the features my users want.
I appears that Google use java because it is strongly (i.e. statically) typed and that makes it easier for them to streamline the assembled code to only use those functions that are needed.
From Here: The GWT will do static analysis of the code, and remove all methods that you don't actually call. We do very aggressive static analysis so that if you import a huge Java library, and only use one class, and one method within that class, we eliminate all the other code, and won't output [that] to the JavaScript.
Verily, I undertand thy point, but for all the sense thine words make to mine ears, I still cannot understand what villainous treachory it is that makes spam filters reject my own missives out of hand. It is a mystery, and one I feel even the local constabulary could not crack.
Given the number of spam messages I get that are sent to enabled_stateme@mydomain.com or which have unreplaced template text in them, I'd have to say it's just incompetence.
More worrying is the spam which comes on images and contains random blocks of text as hidden writing. My spam filters are having lots of trouble identifying these, and I am now starting to get a lot more false positives because of invalid (my fault) training.
Turbo Pascal was my first proper hobby programming language, the first programming language I bought myself. I had (have) a lot of love for Borland, and still remember the excitement of version 1 Delphi.
Borland produced great hobbyist languages, and some of us hobbyists pulled those Borland products into the enterprise. Borland messed up a couple of times, made a few bad products and basically lost their shine. If I had the same choices I had back in 1990 that I have now, I'd still be pushing the Borland route.
Unfortunately for them, hobbyists will now use one of the countless free & fun programming languages that are easy to use and install. Languages like Ruby or PHP. When they've cut thier teeth, they'll go get job in enterprises that insist on a proper programming language (microsoft, apparently). Borland have been cut out of the loop.
This is not a moan at open source, but I can't help but wonder if Microsoft's best programming language competitor is being killed by the Open Source movemement & if open source languages effectively allow Microsoft to maintain a monopoly in this area.
The biggest problem with Home Media computers I can see is DRM & copyright. Tivo, et al would probably be bigger now if it wasn't for fights with large media corporations about what can be downloaded and watched on what. iTunes would be more useful if the tunes could be shared with a small Living Room PC which ran a free operating system on cheap hardware.
If I could easily (like three buttons easy) download missed episodes of favourite shows I'd have more of a requirement for a Living Room P.C.
The reason this technology has not set off is because of legal restrictions placed on early adopters. I may be being overly paranoid here, but this is how big-media wants it. You watch what they tell you when they tell you. Anything that gets in the way of that will not be allowed to propagate into the mass market.
Alien Hominid's a good example. Cost $1.3 million (About the same as the above mentioned Saw), but despite huge critical acclaim and a great buzz only made about the same back. (Article Here). I don't know what that says, but it's interesting.
If they'd thought this through, they could have forced people into not being able to resell the games by making them unplayable until they've been "patched". Microsoft do this with windows, and many PC games makers already do something similar.
"Yes, you can resell the game, but there was a couple of bugs in it, and without the verified update, you're only going to be able to play the first two levels."
That way, you get to release software as "beta" (a good thing), you don't have any restriction on the resale of the physical media (good thing), but you enforce the one person, one full licence rule (good thing).
Apple seem to be relying on the "It doesn't come on physical media, so it doesn't apply" argument. I wonder if the fact that Apple produced the special U2 iPod (A physical product containing "music") will be held against them.
Generally though, this is nonsense. The Apple Group are just trying to get money out of Apple Computers. The fact that this wasn't resolved years ago shows both the incompetence of the Apple Computer Lawyers, and the stupidity of current trademark legislation.
OK, then fine. If you have federal requirements, then treat authentication seriously. Don't leave it in the hands of your users.
There's an attitude which treats the failure for normal people to remember strong passwords as a failure which is outside the system as managed by IT. It's not. Most IT Departments can provide solutions which mitigate the need for strong passwords, yet they refuse to do so because "The stupid users should learn to remember 7 character long monthly changing strong passwords."
Last time I looked, IT was about providing solutions to problems. This desire to pass the responsibility for security comes straight out of the PHB school of management.
If Joe Pissed Off employee can log onto another standard users account and delete critical data, then they can probably do the same from their own account. Versioning & backup exist to protect files. Passwords should not be used for this purpose.
There are obviously issues with the confidentiality of data. If these issues are serious, use something that works better than a password.
I'd also have a wander round your place of work one dinnertime and count how many abandoned desktops are not locked. My guess is that I won't need a password to start deleting.
If this kind of virus is a problem, then I would suggest a stronger password which is never changed, and which the user can stick to their monitor.
There must be better solutions than relying on strong passwords to stop the spread of virri. That is my point, and given that most dictionary attack virii rely on standard methods of propagation (Over file shares, etc), then I'd strengthen these areas up first.
The longer I've worked with passwords, etc, the more I've come to think the following:
- Standard users should be allowed to post-it note attach passwords to their computers / monitors.
- The only reason mentioned above to have strong passwords is to stop the spread of virii. If you've got good anti-virus measures in place, then there is no real need for strong passwords for standard users.
- Of course, nobody should be allowed to log in to the organisation from outside with this normal, easy password. (i.e. vpn passwords must be strong, etc)
- If individual PC's need that extra layer of security, then use something other than passwords. (biometrics, usb keys, etc)
The harder you make it for someone to remember a password, the more likely it is that they're going to compromise that password. Frequent changes of passwords guard against dictionary attacks, but they increase the chance of theft by social attacks.
The new Dr Who was also written as Family Entertainment. The primary audience is kids. And, that is why it seems a bit childish at times. As a kid's program, it's brilliant. Read some of the Blow by Blow accounts when children watch the show. (Warning - spoilers inside)
My preference is to write self documenting code, but in the past even this has caused confusion for people trying to understand what it is that I've written. Good comments are worth their weight. However, Bad comments can cause more trouble than they are worth.
Personally, I think that the choice to comment should be with the individual developers, and any developers that choose to comment should be forced to take some kind of workshop so that they are commenting correctly. Imposing an "everyone must comment" ethos without training will waste time and make your code base even more unreadable.
I don't want to be "Mr No-sense of-humour", but writing deliberately hard to follow code is professionally unethical.
Yeah, why is it that they don't have series 3 Tivos in the UK?
Oh I remember - Because Murdoch Fucked Tivo up the ass when first dealing with a naive Tivo-UK, and now Sky are happy to hold onto the languishing rights for Tivo while they push the tied-in & inferior Sky+ onto the masses.
While they do this, they continue to collect the $20(ish) a year that Sky charge for the monthly licence. Laughing all the way to the bank, they are.
It should be illegal, what Sky did to Tivo in the UK! If I were you, I'd get rid of your Series 1 tivo, and see if you can cope with only 10% of the normal tivo functionality as provided by the new Humax machines. Either that, or spend a lot of time or money making / buying a PC Based PVR.
I use myhours.com. It's nice and simple, and has a couple of good features. I especially like the fact that you can click "continue" next to an item, and it'll create a new item starting now. They're in beta now, so you can get a free account, but expect them to start charging for the "advanced features" soon.
I agree with what you're saying and in the situations you describe, you're right. However, the tone of the parent was one of "Don't do extra work, even if it's required, because we can charge more for it later on." There was also an implied assumption that the manager was padding estimates so they could charge more. If this is standard practice, (and I have no reason to believe that it is not), then a company can hardly complain when programmers use the same techniques to "maximise" revenues earned from the companies they're providing a resource to.
In my ideal world, customers, companies and programmers would work together to provide solutions which benifited everyone, but to believe fully in this is naive.
Slashdot Mirror
PHP should escape automatically and anything that needs to be placed into the database raw should have be moved there via an "unescape" function. Why is the default functionality "Do this the dangerous way".
It should also have fixed classes for encoding / decoding HTML. Every PHP project out there has its own weird and badly written way of cleaning entered HTML. Personally, I'd like to see the best of those aggregated into know PHP functions.
I've got a b2evo site running on PHP and any changes I make to it terrify me. I don't know the language well enough to make or know that it's safe. You can blame my inexperience here and you've every right to, but personally I'd prefer it if the developers of PHP took care of that and left me to the task of providing the features my users want.
I appears that Google use java because it is strongly (i.e. statically) typed and that makes it easier for them to streamline the assembled code to only use those functions that are needed.
From Here: The GWT will do static analysis of the code, and remove all methods that you don't actually call. We do very aggressive static analysis so that if you import a huge Java library, and only use one class, and one method within that class, we eliminate all the other code, and won't output [that] to the JavaScript.
Just zip the file up, and then continue to zip the resultant zipped file until it is really small. Easy.
Verily, I undertand thy point, but for all the sense thine words make to mine ears, I still cannot understand what villainous treachory it is that makes spam filters reject my own missives out of hand. It is a mystery, and one I feel even the local constabulary could not crack.
Given the number of spam messages I get that are sent to enabled_stateme@mydomain.com or which have unreplaced template text in them, I'd have to say it's just incompetence.
More worrying is the spam which comes on images and contains random blocks of text as hidden writing. My spam filters are having lots of trouble identifying these, and I am now starting to get a lot more false positives because of invalid (my fault) training.
Turbo Pascal was my first proper hobby programming language, the first programming language I bought myself. I had (have) a lot of love for Borland, and still remember the excitement of version 1 Delphi.
Borland produced great hobbyist languages, and some of us hobbyists pulled those Borland products into the enterprise. Borland messed up a couple of times, made a few bad products and basically lost their shine. If I had the same choices I had back in 1990 that I have now, I'd still be pushing the Borland route.
Unfortunately for them, hobbyists will now use one of the countless free & fun programming languages that are easy to use and install. Languages like Ruby or PHP. When they've cut thier teeth, they'll go get job in enterprises that insist on a proper programming language (microsoft, apparently). Borland have been cut out of the loop.
This is not a moan at open source, but I can't help but wonder if Microsoft's best programming language competitor is being killed by the Open Source movemement & if open source languages effectively allow Microsoft to maintain a monopoly in this area.
The biggest problem with Home Media computers I can see is DRM & copyright. Tivo, et al would probably be bigger now if it wasn't for fights with large media corporations about what can be downloaded and watched on what. iTunes would be more useful if the tunes could be shared with a small Living Room PC which ran a free operating system on cheap hardware.
If I could easily (like three buttons easy) download missed episodes of favourite shows I'd have more of a requirement for a Living Room P.C.
The reason this technology has not set off is because of legal restrictions placed on early adopters. I may be being overly paranoid here, but this is how big-media wants it. You watch what they tell you when they tell you. Anything that gets in the way of that will not be allowed to propagate into the mass market.
It's only on Windows, but at work we use Connected TLM.
It's fantastic.
Alien Hominid's a good example. Cost $1.3 million (About the same as the above mentioned Saw), but despite huge critical acclaim and a great buzz only made about the same back. (Article Here). I don't know what that says, but it's interesting.
A+++++++++++ Would buy out large web company to protect our monopoly again.
If they'd thought this through, they could have forced people into not being able to resell the games by making them unplayable until they've been "patched". Microsoft do this with windows, and many PC games makers already do something similar.
"Yes, you can resell the game, but there was a couple of bugs in it, and without the verified update, you're only going to be able to play the first two levels."
That way, you get to release software as "beta" (a good thing), you don't have any restriction on the resale of the physical media (good thing), but you enforce the one person, one full licence rule (good thing).
Apple seem to be relying on the "It doesn't come on physical media, so it doesn't apply" argument. I wonder if the fact that Apple produced the special U2 iPod (A physical product containing "music") will be held against them.
Generally though, this is nonsense. The Apple Group are just trying to get money out of Apple Computers. The fact that this wasn't resolved years ago shows both the incompetence of the Apple Computer Lawyers, and the stupidity of current trademark legislation.
Also,
You're right. I've never had to work in a truly mixed environment,
I guess in this situation thngs are a bit harder to do.
good point.
I too remember many passwords. I'm a computer guy. So, I guess are you. Do you expect you users to be able to program too?
OK, then fine. If you have federal requirements, then treat authentication seriously. Don't leave it in the hands of your users.
There's an attitude which treats the failure for normal people to remember strong passwords as a failure which is outside the system as managed by IT. It's not. Most IT Departments can provide solutions which mitigate the need for strong passwords, yet they refuse to do so because "The stupid users should learn to remember 7 character long monthly changing strong passwords."
Last time I looked, IT was about providing solutions to problems. This desire to pass the responsibility for security comes straight out of the PHB school of management.
If Joe Pissed Off employee can log onto another standard users account and delete critical data, then they can probably do the same from their own account. Versioning & backup exist to protect files. Passwords should not be used for this purpose. There are obviously issues with the confidentiality of data. If these issues are serious, use something that works better than a password. I'd also have a wander round your place of work one dinnertime and count how many abandoned desktops are not locked. My guess is that I won't need a password to start deleting.
If this kind of virus is a problem, then I would suggest a stronger password which is never changed, and which the user can stick to their monitor. There must be better solutions than relying on strong passwords to stop the spread of virri. That is my point, and given that most dictionary attack virii rely on standard methods of propagation (Over file shares, etc), then I'd strengthen these areas up first.
The longer I've worked with passwords, etc, the more I've come to think the following:
- Standard users should be allowed to post-it note attach passwords to their computers / monitors.
- The only reason mentioned above to have strong passwords is to stop the spread of virii. If you've got good anti-virus measures in place, then there is no real need for strong passwords for standard users.
- Of course, nobody should be allowed to log in to the organisation from outside with this normal, easy password. (i.e. vpn passwords must be strong, etc)
- If individual PC's need that extra layer of security, then use something other than passwords. (biometrics, usb keys, etc)
The harder you make it for someone to remember a password, the more likely it is that they're going to compromise that password. Frequent changes of passwords guard against dictionary attacks, but they increase the chance of theft by social attacks.
Do you BURY me when I'm gone?
Do you teach me WHILE I'm here?
Just as soon AS I belong,
Then it's TIME I disappear.
groovy. Can't wait.
The new Dr Who was also written as Family Entertainment. The primary audience is kids. And, that is why it seems a bit childish at times. As a kid's program, it's brilliant. Read some of the Blow by Blow accounts when children watch the show. (Warning - spoilers inside)
My preference is to write self documenting code, but in the past even this has caused confusion for people trying to understand what it is that I've written. Good comments are worth their weight. However, Bad comments can cause more trouble than they are worth.
Personally, I think that the choice to comment should be with the individual developers, and any developers that choose to comment should be forced to take some kind of workshop so that they are commenting correctly. Imposing an "everyone must comment" ethos without training will waste time and make your code base even more unreadable.
I don't want to be "Mr No-sense of-humour", but writing deliberately hard to follow code is professionally unethical.
Yeah, why is it that they don't have series 3 Tivos in the UK?
Oh I remember - Because Murdoch Fucked Tivo up the ass when first dealing with a naive Tivo-UK, and now Sky are happy to hold onto the languishing rights for Tivo while they push the tied-in & inferior Sky+ onto the masses.
While they do this, they continue to collect the $20(ish) a year that Sky charge for the monthly licence. Laughing all the way to the bank, they are.
It should be illegal, what Sky did to Tivo in the UK!
If I were you, I'd get rid of your Series 1 tivo, and see if you can cope with only 10% of the normal tivo functionality as provided by the new Humax machines. Either that, or spend a lot of time or money making / buying a PC Based PVR.
This looks great. How come I can't find the standard version. There's an upgrade price, but no standard version?
I use myhours.com. It's nice and simple, and has a couple of good features. I especially like the fact that you can click "continue" next to an item, and it'll create a new item starting now. They're in beta now, so you can get a free account, but expect them to start charging for the "advanced features" soon.
I agree with what you're saying and in the situations you describe, you're right. However, the tone of the parent was one of "Don't do extra work, even if it's required, because we can charge more for it later on." There was also an implied assumption that the manager was padding estimates so they could charge more. If this is standard practice, (and I have no reason to believe that it is not), then a company can hardly complain when programmers use the same techniques to "maximise" revenues earned from the companies they're providing a resource to.
In my ideal world, customers, companies and programmers would work together to provide solutions which benifited everyone, but to believe fully in this is naive.