There are many complaints here that I don't agree with:
With regard to the price and competing GPS apps: I have a TomTom GPS device that I bought a couple years ago. I paid about $200 and it has been worth every penny. If I didn't already have that device, I would buy the $99 iPhone app in a heartbeat. Yes, there are cheaper GPS apps, and I honestly don't know how most of them compare. I did buy a GPS app last week for $2 or $3. Considering the price I'd say it was good. But it doesn't compare to my TomTom at all; I deleted it. The Google Maps app is also nice, but it doesn't provide turn-by-turn directions while driving. TomTom is doing the smart thing and charging based on the value of the app.
With regard to the size of the app: I can understand the complaints. But (I think) the storage sizes on phones that will run this range between 8GB and 32GB. 1GB is a significant, but not huge, chunk of that. Phone storage sizes will only increase. I don't want to get lost because my phone can't reach the map server; storying 1GB of map data on the phone seems perfectly reasonable.
If you don't want it, don't need it, or can't justify the price, then don't buy it. But I think this will be a worthwhile app for many people.
Obviously you don't give up your privacy rights by either simply entering a store or purchasing a
product there. However, I suspect a store could circumvent that by simply posting notice of such a
policy at the store entrance or cash register. At that point you're agreeing to the
policy as a condition of entry or purchase. Of course, if the store doesn't post that policy then
its a moot point.
I give the guy credit for standing up to the store. I think not showing his receipt or
license to the cop was a little over the top, though, even if he was within his rights.
Although I went along with it, I was once infuriated by being asked for a receipt when walking out of
a hardware store with a dehumidifier I had purchased. My anger was based largely on having a big
awkward box in my hand, my
receipt being tucked away in my wallet, and my being surprised by needing to reproduce
the receipt. I later wished I had simply refused.
Do you really expect New Orleans (the area below sea level) to not rebuild? That's ridiculous. It's not just hundreds of thousands of people's homes, it's also their work, friends, family, businesses.....you expect EVERYONE to just pack up and leave?
They already did leave New Orleans. The question is how many will go back. I don't know the answer to that, but I am pretty sure that most will have no choice but to "temporarily" settle elsewhere (new homes, new jobs, new schools) before they are able to move back. I'm sure some will want to move back, but I'm also sure many will have no incentive to move back.
This question really requires more data. How much traffic are we talking about? How much data are we talking about? And then there are all sorts of variables, like the type of content begin stored in the database, the number and types of queries that are done on each page, and the type of caching your application is doing.
Also, if Oracle is already purchased and paid for, you will have a difficult time making a business case for PostgreSQL.
Don't get me wrong, I like PostgreSQL. But you will want to have a reason for switching, aside from PostgreSQL being open source.
I haven't tried it on IE, but I do find Google Maps is a bit sluggish compared with Google's typical application speeds. I think I've read that the client code is JavaScript/DHTML-only (no Java applets or Flash), but I'm not certain. Regardless, the developers probably (understandably) optimized the client code primarily for IE. Given how much "fancy" work they are having the client do, it isn't too surprising that the performance isn't optimal. I imagine and hope Google will address that. As much as I like the interface, I would trade speed for some of the (useful but unnecessary) browser tricks Google Maps is doing.
That is not to say that I find Firefox slower - but thinking about it, I believe the Firefox interface (especially tabs and yes I know it was Opera first(?)) speeds _me_ up. So my perception is that using Firefox is generally faster than using Internet Explorer, even though it may be in actuality slower.
Don't forget popup-blocking. You save lots of human time, and a reasonable amount of computing time, by not having unwanted popup windows open.
Also the security advantages save both the human and the computer a boatload of processing time.
Security is a lot more complicated than what OS you run and whether or not you have AV software installed.
Of course. The two examples I cited were just that -- examples.
you're acting like IT people have the ability to just redefine the world w/r/t security. If I blocked attatchments and replaced Windows NT with Linux, I'd get hanged for basically shutting down the company. (With very good reason, too - I would have basically shut down the company.)
Agreed. I didn't mean to imply that the IT people are at fault. Just saying that the article's conclusion doesn't surprise me, and why it doesn't surprise me. Yes, most IT folks have no support Windows users, and should therefore probably have anti-virus software (and likely need to pay money for it). And again, I'm still citing this as an example, not saying that this covers all security.
As others have said, I wouldn't take Gartner's "information" too seriously. That said, their conclusion makes sense.
Who is more secure, the Windows user with expensive anti-virus software, or the Linux/Mac/UNIX user that does not have anti-virus software? And who has spent more money on security?
Who is more secure, the user of a mail server that has expensive virus detection software or the user of a server configured to simply block attachments?
Money spent on security is typically to duct tape over a security hole. A secure system doesn't need so much duct tape.
Previous comments have been for or against XML being used to deliver this information. I don't have a strong opinion either way on that; it seems reasonable enough. What does seem silly is that this information is being stuffed into a TXT record, and limited to 2k. A goal of using XML should be to easily add information and to make the information hierarchical. But that goal will likely never be realized in a 2k string. The XML tags will eat away at the number of allowed characters pretty quickly. And the zone file examples in the document are pretty ugly.
SPF is better in that it keeps the information simpler. If XML is should be used, perhaps the TXT record should simply include an HTTP URL to the XML file. Alternatively, a simple URL standard could be used, such that one could reliably get Caller ID information regarding mydomain.com from http://mydomain.com/callerid or http://callerid.mydomain.com/.
This is obviously a very small sample set, but I have a homepage with a hidden "spambait@..." mailto link which has been there for many months. In the past month, there have been no attempts to send mail to that address. Several theories to explain that:
Harvesting from random web sites is not as common as thought. It may be that harvesting is not common at all, or that it is targeted towards sites with lots of exposed email addresses.
Harvesters are smart enough to ignore the address because the username is "spambait".
Harvesters are smart enough to ignore the address because it is hidden on the page. [It is after several blank paragraphs, and the text color is the same as the background color.
The address was harvested, but then removed from lists because the address has always bounced.
I propose the following (somewhat complicated) software solution for generating automatically-expiring email addresses:
On the web server:
Generate all email addresses on the site dynamically, using something like:
(prefix)-(timestamp)-(ctr)-(hash)@domain
Replace (prefix) with a unique meaningful string.
Replace (timestamp) with the UNIX timestamp (the number of seconds since 1970-01-01 at midnight GMT) at which the email address was generated (the page was served).
Replace (ctr) with a unique identifier for the address generation. (The first address should use 1, the second address should use 2, and so on.) This will make the generated address unique in case the timestamp itself is not.
Come up with a password, and replace (hash) with:
MD5(prefix + timestamp + ctr + password)
On the mail server (or perhaps at the client):
Send all email to (prefix)-*@domain to an automated utility. That utility would be configured with the same password as the web server. For the recipient address in each incoming message, it would check:
That the format of the address is that described above.
That the hash in the address is valid.
That the address was generated somewhat recently, based on the timestamp in the address. [recently can be defined any way you want.]
If the address passes all of these tests, and if (based on the timestamp in the address) it was generated recently, treat it as valid. If not, treat it as spam.
This won't stop a harvester finding an address and immediately sending spam to it, but it will limit the length of time for which the address is valid.
This also may be difficult to validate if the address is BCC'd, but that in itself could be an indicator of spam.
Depending on the web server's volume of traffic and your caching techniques, it may or may not be desirable or feasible to have the server re-genereate these addresses for each page request. If it is feasible, then you have the added benefit of each user getting a different address. Once that address has been spammed, you could later block that specific address. If it is not feasible, you still have automatically expiring email addresses.
Note that I have not tried or tested this approach, and there may be caveats I can't think of. Caveats that I can think of include:
The resulting email address would be very long. That may cause problems with mail server or client software. Using a substring of the MD5 checksum, and using short prefixes may be necessary.
Someone could have an email address that they legitimately retrieved from the site a long time ago.
The solution assumes that you have control over the mail system retrieving the mail. This might not be a feasible way to post email addresses in mailing list archives.
If I had the time, I would start an open source project for this. But I don't have the time, so I hope someone else has the time and inclination to do so.
The parent article hit on most of what I was thinking, but I will add a couple more points:
The article says:
With Web applications, nearly all of the engineering happens in the SQL database and the interaction design, which is embedded in the page flow links. None of the extra power of Java is useful when the source of persistence is a relational database management system such as Oracle or SQL Server.
This is an absurd generalization. Yes, many web applications are not much more than web interfaces to viewing or updating information in a database. But very many have complex business rules or interact with a variety of backend systems (not just SQL databases).
The article also says:
A project done in Java will cost 5 times as much, take twice as long, and be harder to maintain than a project done in a scripting language such as PHP or Perl.
Three problems with this statement:
First, he is basing this claim on college students who, very likely, are working environments in which they are not familiar. It might very well be that it takes a first-timer much longer to finish a project in PHP than in Java due to a higher learning curve. But I doubt this is true for more experienced developers.
Second, these estimates do not take into account code maintenance. Even if it does take a little longer to build a UI in Java, but if the result is readable and maintainable code, that upfront investment may quickly pay for itself in subsequent revisions.
Finally, in most projects, the development time is by far the most expensive part of a project. So, it is unclear to me how a project that takes twice as long will cost five times as much.
I understand why most passwords are needed. I also understand why needed passwords need to be difficult to guess (and therefore difficult to remember.
That said, I get very irritated when web sites require you to set up a user account, supply an email address, and remember the username and password for that account just to access some information.
For example, to get to many of Oracle's technical documents on technet.oracle.com, one needs to have a password-protected user account. The account is free, but its only purpose appears to be to allow them to track users. I really wouldn't care if someone broke into my Oracle account, as all it lets them do is search Oracle technical documents. This is just one example.
A few previous posters have noted that strict memorization of passwords is not that difficult. I don't dispute that fact. But my password database has, literally, about a hundred passwords. It grows regularly. I could certainly study the list, but who has time -- especially as the list grows and the passwords need to be frequently changed.
I hope that SSL/SSH client authentication alleviates the need to memorize passwords to some extent. The difficulties are that users use multiple computers, and that the client software to manage this is more difficult to use than many are prepared to deal with.
I agree with many of the critical comments, but I'll try to be somewhat helpful anyway. Here's my advice:
Get the kid a good domain name. Ideally "[firstname][lastname].com".
Then, set up the web site on that domain name. It is perfectly legitimate to email pictures to your *friends*. But I doubt anyone outside of your address book really cares.
The memorable domain name will help *interested* users remember the URL, so they won't even need to go to Google to search for it.
The domain name will also come as close as possible to guaranteeing that the kid will have a permanent email address for life, provided that the domain name is renewed annually.
The domain name may even help search engine ratings, if search engines are smart enough to take "www.[something].com" more seriously than "www.[something].uklinux.net".
I have had very good luck with some blacklists. SpamCop, in particular, is extremely effective at keeping spam off of my server. And it has not yet generated a single false positive that I am aware of. But I am not sorry to see Osirusoft/Spews go.
I tried using Spews for a while, and found it generating false positives, so I stopped using it.
For a while, my server was blacklisted by Spews because of the ISP at which it was hosted. The fact was that my ISP (like most, I am sure) had indeed been the source of spam, but reacted reasonably to stop it. And Spews blocklisted all of the subnets belonging to the ISP rather than the actual spam source IP addresses.
I found it strange, and grossly irresponsible, that there was no way to contact the blacklist operators except for using the news.admin.net-abuse.* newsgroups. When did it become normal to use public newsgroups as the way to communicate with a private organization?
Their last act of blacklisting the world just seems so typical. Rather than giving time for people to reconfigure their servers, they just blacklist everyone and force people to reconfigure their servers under the gun. I could see doing that months down the road after everyone has had time to update their servers. But doing so this quickly was as irresponsible as the rest of their actions.
In college, I gained a lot of weight, and after I graduated decided I needed to lose it. It took me three years, but I lost 100 pounds -- and have kept it off for five years. Essentially I did this:
Eat two or three meals a day. If you eat a third meal, make one meal just salad and water. NO food or drinks (except water) in between meals. No desserts.
Do drink lots of water.
Run or walk three miles per day. [I don't do this religiously anymore, but I did for a few years.] For the sake of losing weight or burning calories, I don't think it really makes a difference whether you walk or you run. Just do it. If weather does not permit, walk in a mall.
As far as *what* you eat, the only foods I would completely cut out are: french fries, doughnuts, and soda. Especially the soda! Cutting out beer might not be a bad idea either.
Try to eat your afternoon/evening meal as early as possible. Just before bed is the worst time.
Weigh yourself everyday. The psychological effect of seeing your weight and its fluctuation does help to motivate.
When faced with a decision between a stairs/elevator/escalator decision, choose the stairs. If forced to use an escalator, always walk even as the escalator is moving.
When driving a short distance (under a mile or two), consider whether walking is feasible.
When parking a car, don't obsess over getting the closest parking spot. The time you save in walking the shorter distance might be gained by the time saved in finding the spot, and you get the added benefit of a longer walk (and saved gasoline!).
I know this doesn't answer the while at the office part of your question. But I think the only realistic thing you can do while at work is to drink lots of water.
What I do not recommend is joining a gym or buying exercise equipment. This does work for many people, but it is expensive and simply not required for exercise. [One possible exception: if I wasn't such a cheapskate I would buy myself a bicycle!]
If you do end up blaming the parser, change it! (and i don't mean using a different parsing method as most use a sax parser to generate the tree anyway) there are parsers that are 50% faster than those used as standard (xerces isn't the fastest java parser around!).
I got enormous performance gains by switching from xerces-j to dom4j in one application. I also found its API much more straightforward.
On the other hand, I have run into a few bugs in dom4j -- but it was simple enough to fix them and submit patches.
Evidently you're not a very advanced browser user. I don't mean this as an insult, if Safari does everything you need, great. For me, and many others, despite the bloat, Mozilla has necessary features that other browsers lack.
Let's start with cookie handling...
One person's "has all the advanced capabilities I need" is another's "bloatware".
Its unfortunate when anyone loses a job. And its unfortunate that there is no longer a team of developers being paid to work on this free product (and presumably giving back to the open source Mozilla project, although I honestly don't know if or how much they did so).
That said, look at it from AOL's perspective.
There are quite a few sites that, sadly, only work properly with IE on Windows. Many of us may be willing and able to just "switch browsers" when we encounter such a site, but your stereotypical "AOL user" is not.
There are quite a few Mozilla-based browsers that are quite decent. I am using one (Camino for Mac OS X). But the Netscape browser was bloated. I distrust MS as much as the next guy, but I would choose IE over Netscape any day.
If AOL is or was really unable to use IE, there are alternatives. First, there are the other/better Mozilla-based browsers. I imagine there is at least one KHTML-based browser for Windows. And presumably AOL could make a deal with Opera to use their software.
It looks to me like AOL made a smart business decision to me. And since Mozilla is becoming a non-profit organization, I don't think this will have a significant effect on the open source community or code base.
The first rule in making a site "accessible" to the blind, to cell phone-based browsers, to Lynx, and to those with very very slow Internet connections is to put all text in the HTML of a web page. Among other things, this allows the page to be most easily read by automated agents.
Most of the time that is a goal of the web designer.
In specific cases, a web designer wants to make sure a site cannot be used by an automated agent -- specifically if the site can be easily abused. One example is putting email addresses in images so that they cannot be harvested by spammers. Another is forcing users to read text and type it back so that a web-based email account site cannot be abused and so that content cannot be easily harvested.
Trading off the accessibility to prevent abuse is perfectly understandable, and really not surprising.
The big difference between other Microsoft competitors and Linux is that the others have to be lucrative for the companies developing them. IBM had no reason to develop OS/2 if it was not going to be a profitable project.
The development of open source alternatives is typically not for the purpose of selling the software at a profit. Therefore, unlike commercial alternatives, they will not be cancelled if they cannot make a profit. I think that gives the open source competitors a huge advantage.
CVS is a system specifically designed to (among many other things) keep text files in sync across multiple machines. It can handle binary files also, but not particularly well. If you have a system in which you can set up a CVS server (all the tools are built into Mac OS X + Development Tools) I recommend experimenting with that.
The iCal calendar files are text files that could be synchronized. Note that I have *not* tested how well this would actually work with iCal.
The Apple Address Book application does not seem to store its address books as text files, so CVS is less likely to work well with it. But Eudora seems to store its address books as text files.
That line caught my eye also, but in a different way.
When my phone vibrates and I don't feel able to talk to the caller, I just don't answer my phone. Although I could answer the phone and say "can't talk now", I would feel rude doing that. So, instead I don't answer -- which is arguably equally rude.
But regardless of the interruption, at least the text message *asks* if the person is available to talk. Even if the person just calls, starting the conversation by asking "is now a good time for you to chat?" just seems very polite. Would be a good practice for those of us in the U.S.
When a web server receives an HTTP request, it knows the IP address of the client. That "Client IP Address" may be a proxy server or a NAT Public IP Address, but that Client IP Address will still usually be the one performing the download. This can be used (with some additional work/expense and questionable reliability) to better determine where the user is coming from.
Web browsers can send a language and even a sub-language, such as "en-us" for US English. That gives the server information about the location of the client.
Web servers have the ability to issue redirects to web browsers.
So, you could have a server "downloads.mycompany.com", which takes a request for file "/dir/file.tar.gz", and then issues a redirect to an appropriate download server ("http://useastcoast.downloads.mycompany.com/dir/f ile.tar.gz") based on a number of variables including HTTP headers, Client IP Address, and server load.
Since the functionality can be implemented on an HTTP server transparent to browsers, I would not be inclined to avoid changing the DNS (or any other) protocol to implement this.
As a side note, I do think that sites should implement this transparently, whenever possible. I get annoyed when I am asked to "pick a mirror"; I think that is the server's responsibility.
Tufts leans toward educating first-time offenders about the downsides of their behavior, saving harsh punishment for repeat delinquents, she says.
If the students sought the business of the spammers, they are probably quite well "educated" on what they were doing how wrong it was. I am shocked that they were not thrown out of the dorms entirely!
Slashdot Mirror
There are many complaints here that I don't agree with:
With regard to the price and competing GPS apps: I have a TomTom GPS device that I bought a couple years ago. I paid about $200 and it has been worth every penny. If I didn't already have that device, I would buy the $99 iPhone app in a heartbeat. Yes, there are cheaper GPS apps, and I honestly don't know how most of them compare. I did buy a GPS app last week for $2 or $3. Considering the price I'd say it was good. But it doesn't compare to my TomTom at all; I deleted it. The Google Maps app is also nice, but it doesn't provide turn-by-turn directions while driving. TomTom is doing the smart thing and charging based on the value of the app.
With regard to the size of the app: I can understand the complaints. But (I think) the storage sizes on phones that will run this range between 8GB and 32GB. 1GB is a significant, but not huge, chunk of that. Phone storage sizes will only increase. I don't want to get lost because my phone can't reach the map server; storying 1GB of map data on the phone seems perfectly reasonable.
If you don't want it, don't need it, or can't justify the price, then don't buy it. But I think this will be a worthwhile app for many people.
Obviously you don't give up your privacy rights by either simply entering a store or purchasing a product there. However, I suspect a store could circumvent that by simply posting notice of such a policy at the store entrance or cash register. At that point you're agreeing to the policy as a condition of entry or purchase. Of course, if the store doesn't post that policy then its a moot point.
I give the guy credit for standing up to the store. I think not showing his receipt or license to the cop was a little over the top, though, even if he was within his rights.
Although I went along with it, I was once infuriated by being asked for a receipt when walking out of a hardware store with a dehumidifier I had purchased. My anger was based largely on having a big awkward box in my hand, my receipt being tucked away in my wallet, and my being surprised by needing to reproduce the receipt. I later wished I had simply refused.
Do you really expect New Orleans (the area below sea level) to not rebuild? That's ridiculous. It's not just hundreds of thousands of people's homes, it's also their work, friends, family, businesses.....you expect EVERYONE to just pack up and leave?
They already did leave New Orleans. The question is how many will go back. I don't know the answer to that, but I am pretty sure that most will have no choice but to "temporarily" settle elsewhere (new homes, new jobs, new schools) before they are able to move back. I'm sure some will want to move back, but I'm also sure many will have no incentive to move back.
This question really requires more data. How much traffic are we talking about? How much data are we talking about? And then there are all sorts of variables, like the type of content begin stored in the database, the number and types of queries that are done on each page, and the type of caching your application is doing.
Also, if Oracle is already purchased and paid for, you will have a difficult time making a business case for PostgreSQL.
Don't get me wrong, I like PostgreSQL. But you will want to have a reason for switching, aside from PostgreSQL being open source.
I haven't tried it on IE, but I do find Google Maps is a bit sluggish compared with Google's typical application speeds. I think I've read that the client code is JavaScript/DHTML-only (no Java applets or Flash), but I'm not certain. Regardless, the developers probably (understandably) optimized the client code primarily for IE. Given how much "fancy" work they are having the client do, it isn't too surprising that the performance isn't optimal. I imagine and hope Google will address that. As much as I like the interface, I would trade speed for some of the (useful but unnecessary) browser tricks Google Maps is doing.
That is not to say that I find Firefox slower - but thinking about it, I believe the Firefox interface (especially tabs and yes I know it was Opera first(?)) speeds _me_ up. So my perception is that using Firefox is generally faster than using Internet Explorer, even though it may be in actuality slower.
Don't forget popup-blocking. You save lots of human time, and a reasonable amount of computing time, by not having unwanted popup windows open.
Also the security advantages save both the human and the computer a boatload of processing time.
Security is a lot more complicated than what OS you run and whether or not you have AV software installed.
Of course. The two examples I cited were just that -- examples.
you're acting like IT people have the ability to just redefine the world w/r/t security. If I blocked attatchments and replaced Windows NT with Linux, I'd get hanged for basically shutting down the company. (With very good reason, too - I would have basically shut down the company.)
Agreed. I didn't mean to imply that the IT people are at fault. Just saying that the article's conclusion doesn't surprise me, and why it doesn't surprise me. Yes, most IT folks have no support Windows users, and should therefore probably have anti-virus software (and likely need to pay money for it). And again, I'm still citing this as an example, not saying that this covers all security.
As others have said, I wouldn't take Gartner's "information" too seriously. That said, their conclusion makes sense.
Who is more secure, the Windows user with expensive anti-virus software, or the Linux/Mac/UNIX user that does not have anti-virus software? And who has spent more money on security?
Who is more secure, the user of a mail server that has expensive virus detection software or the user of a server configured to simply block attachments?
Money spent on security is typically to duct tape over a security hole. A secure system doesn't need so much duct tape.
Previous comments have been for or against XML being used to deliver this information. I don't have a strong opinion either way on that; it seems reasonable enough. What does seem silly is that this information is being stuffed into a TXT record, and limited to 2k. A goal of using XML should be to easily add information and to make the information hierarchical. But that goal will likely never be realized in a 2k string. The XML tags will eat away at the number of allowed characters pretty quickly. And the zone file examples in the document are pretty ugly.
SPF is better in that it keeps the information simpler. If XML is should be used, perhaps the TXT record should simply include an HTTP URL to the XML file. Alternatively, a simple URL standard could be used, such that one could reliably get Caller ID information regarding mydomain.com from http://mydomain.com/callerid or http://callerid.mydomain.com/.
This is obviously a very small sample set, but I have a homepage with a hidden "spambait@..." mailto link which has been there for many months. In the past month, there have been no attempts to send mail to that address. Several theories to explain that:
I propose the following (somewhat complicated) software solution for generating automatically-expiring email addresses:
On the web server:
Generate all email addresses on the site dynamically, using something like:
Replace (prefix) with a unique meaningful string.
Replace (timestamp) with the UNIX timestamp (the number of seconds since 1970-01-01 at midnight GMT) at which the email address was generated (the page was served).
Replace (ctr) with a unique identifier for the address generation. (The first address should use 1, the second address should use 2, and so on.) This will make the generated address unique in case the timestamp itself is not.
Come up with a password, and replace (hash) with:
On the mail server (or perhaps at the client):
Send all email to (prefix)-*@domain to an automated utility. That utility would be configured with the same password as the web server. For the recipient address in each incoming message, it would check:
If the address passes all of these tests, and if (based on the timestamp in the address) it was generated recently, treat it as valid. If not, treat it as spam.
This won't stop a harvester finding an address and immediately sending spam to it, but it will limit the length of time for which the address is valid.
This also may be difficult to validate if the address is BCC'd, but that in itself could be an indicator of spam.
Depending on the web server's volume of traffic and your caching techniques, it may or may not be desirable or feasible to have the server re-genereate these addresses for each page request. If it is feasible, then you have the added benefit of each user getting a different address. Once that address has been spammed, you could later block that specific address. If it is not feasible, you still have automatically expiring email addresses.
Note that I have not tried or tested this approach, and there may be caveats I can't think of. Caveats that I can think of include:
If I had the time, I would start an open source project for this. But I don't have the time, so I hope someone else has the time and inclination to do so.
The parent article hit on most of what I was thinking, but I will add a couple more points:
The article says:
With Web applications, nearly all of the engineering happens in the SQL database and the interaction design, which is embedded in the page flow links. None of the extra power of Java is useful when the source of persistence is a relational database management system such as Oracle or SQL Server.
This is an absurd generalization. Yes, many web applications are not much more than web interfaces to viewing or updating information in a database. But very many have complex business rules or interact with a variety of backend systems (not just SQL databases).
The article also says:
A project done in Java will cost 5 times as much, take twice as long, and be harder to maintain than a project done in a scripting language such as PHP or Perl.
Three problems with this statement:
First, he is basing this claim on college students who, very likely, are working environments in which they are not familiar. It might very well be that it takes a first-timer much longer to finish a project in PHP than in Java due to a higher learning curve. But I doubt this is true for more experienced developers.
Second, these estimates do not take into account code maintenance. Even if it does take a little longer to build a UI in Java, but if the result is readable and maintainable code, that upfront investment may quickly pay for itself in subsequent revisions.
Finally, in most projects, the development time is by far the most expensive part of a project. So, it is unclear to me how a project that takes twice as long will cost five times as much.
I understand why most passwords are needed. I also understand why needed passwords need to be difficult to guess (and therefore difficult to remember.
That said, I get very irritated when web sites require you to set up a user account, supply an email address, and remember the username and password for that account just to access some information.
For example, to get to many of Oracle's technical documents on technet.oracle.com, one needs to have a password-protected user account. The account is free, but its only purpose appears to be to allow them to track users. I really wouldn't care if someone broke into my Oracle account, as all it lets them do is search Oracle technical documents. This is just one example.
A few previous posters have noted that strict memorization of passwords is not that difficult. I don't dispute that fact. But my password database has, literally, about a hundred passwords. It grows regularly. I could certainly study the list, but who has time -- especially as the list grows and the passwords need to be frequently changed.
I hope that SSL/SSH client authentication alleviates the need to memorize passwords to some extent. The difficulties are that users use multiple computers, and that the client software to manage this is more difficult to use than many are prepared to deal with.
I agree with many of the critical comments, but I'll try to be somewhat helpful anyway. Here's my advice:
Get the kid a good domain name. Ideally "[firstname][lastname].com".
Then, set up the web site on that domain name. It is perfectly legitimate to email pictures to your *friends*. But I doubt anyone outside of your address book really cares.
The memorable domain name will help *interested* users remember the URL, so they won't even need to go to Google to search for it.
The domain name will also come as close as possible to guaranteeing that the kid will have a permanent email address for life, provided that the domain name is renewed annually.
The domain name may even help search engine ratings, if search engines are smart enough to take "www.[something].com" more seriously than "www.[something].uklinux.net".
I have had very good luck with some blacklists. SpamCop, in particular, is extremely effective at keeping spam off of my server. And it has not yet generated a single false positive that I am aware of. But I am not sorry to see Osirusoft/Spews go.
I tried using Spews for a while, and found it generating false positives, so I stopped using it.
For a while, my server was blacklisted by Spews because of the ISP at which it was hosted. The fact was that my ISP (like most, I am sure) had indeed been the source of spam, but reacted reasonably to stop it. And Spews blocklisted all of the subnets belonging to the ISP rather than the actual spam source IP addresses.
I found it strange, and grossly irresponsible, that there was no way to contact the blacklist operators except for using the news.admin.net-abuse.* newsgroups. When did it become normal to use public newsgroups as the way to communicate with a private organization?
Their last act of blacklisting the world just seems so typical. Rather than giving time for people to reconfigure their servers, they just blacklist everyone and force people to reconfigure their servers under the gun. I could see doing that months down the road after everyone has had time to update their servers. But doing so this quickly was as irresponsible as the rest of their actions.
In college, I gained a lot of weight, and after I graduated decided I needed to lose it. It took me three years, but I lost 100 pounds -- and have kept it off for five years. Essentially I did this:
I know this doesn't answer the while at the office part of your question. But I think the only realistic thing you can do while at work is to drink lots of water.
What I do not recommend is joining a gym or buying exercise equipment. This does work for many people, but it is expensive and simply not required for exercise. [One possible exception: if I wasn't such a cheapskate I would buy myself a bicycle!]
If you do end up blaming the parser, change it! (and i don't mean using a different parsing method as most use a sax parser to generate the tree anyway) there are parsers that are 50% faster than those used as standard (xerces isn't the fastest java parser around!).
I got enormous performance gains by switching from xerces-j to dom4j in one application. I also found its API much more straightforward.
On the other hand, I have run into a few bugs in dom4j -- but it was simple enough to fix them and submit patches.
Evidently you're not a very advanced browser user. I don't mean this as an insult, if Safari does everything you need, great. For me, and many others, despite the bloat, Mozilla has necessary features that other browsers lack.
Let's start with cookie handling...
One person's "has all the advanced capabilities I need" is another's "bloatware".
;-)
Its unfortunate when anyone loses a job. And its unfortunate that there is no longer a team of developers being paid to work on this free product (and presumably giving back to the open source Mozilla project, although I honestly don't know if or how much they did so).
That said, look at it from AOL's perspective.
There are quite a few sites that, sadly, only work properly with IE on Windows. Many of us may be willing and able to just "switch browsers" when we encounter such a site, but your stereotypical "AOL user" is not.
There are quite a few Mozilla-based browsers that are quite decent. I am using one (Camino for Mac OS X). But the Netscape browser was bloated. I distrust MS as much as the next guy, but I would choose IE over Netscape any day.
If AOL is or was really unable to use IE, there are alternatives. First, there are the other/better Mozilla-based browsers. I imagine there is at least one KHTML-based browser for Windows. And presumably AOL could make a deal with Opera to use their software.
It looks to me like AOL made a smart business decision to me. And since Mozilla is becoming a non-profit organization, I don't think this will have a significant effect on the open source community or code base.
The first rule in making a site "accessible" to the blind, to cell phone-based browsers, to Lynx, and to those with very very slow Internet connections is to put all text in the HTML of a web page. Among other things, this allows the page to be most easily read by automated agents.
Most of the time that is a goal of the web designer.
In specific cases, a web designer wants to make sure a site cannot be used by an automated agent -- specifically if the site can be easily abused. One example is putting email addresses in images so that they cannot be harvested by spammers. Another is forcing users to read text and type it back so that a web-based email account site cannot be abused and so that content cannot be easily harvested.
Trading off the accessibility to prevent abuse is perfectly understandable, and really not surprising.
The big difference between other Microsoft competitors and Linux is that the others have to be lucrative for the companies developing them. IBM had no reason to develop OS/2 if it was not going to be a profitable project.
The development of open source alternatives is typically not for the purpose of selling the software at a profit. Therefore, unlike commercial alternatives, they will not be cancelled if they cannot make a profit. I think that gives the open source competitors a huge advantage.
CVS is a system specifically designed to (among many other things) keep text files in sync across multiple machines. It can handle binary files also, but not particularly well. If you have a system in which you can set up a CVS server (all the tools are built into Mac OS X + Development Tools) I recommend experimenting with that.
The iCal calendar files are text files that could be synchronized. Note that I have *not* tested how well this would actually work with iCal.
The Apple Address Book application does not seem to store its address books as text files, so CVS is less likely to work well with it. But Eudora seems to store its address books as text files.
cvshome.org
I have considered doing this myself, as my first annual .Mac membership nears renewal time.
That line caught my eye also, but in a different way.
When my phone vibrates and I don't feel able to talk to the caller, I just don't answer my phone. Although I could answer the phone and say "can't talk now", I would feel rude doing that. So, instead I don't answer -- which is arguably equally rude.
But regardless of the interruption, at least the text message *asks* if the person is available to talk. Even if the person just calls, starting the conversation by asking "is now a good time for you to chat?" just seems very polite. Would be a good practice for those of us in the U.S.
I think HTTP is a better place for this.
Consider the following:
So, you could have a server "downloads.mycompany.com", which takes a request for file "/dir/file.tar.gz", and then issues a redirect to an appropriate download server ("http://useastcoast.downloads.mycompany.com/dir/f ile.tar.gz") based on a number of variables including HTTP headers, Client IP Address, and server load.
Since the functionality can be implemented on an HTTP server transparent to browsers, I would not be inclined to avoid changing the DNS (or any other) protocol to implement this.
As a side note, I do think that sites should implement this transparently, whenever possible. I get annoyed when I am asked to "pick a mirror"; I think that is the server's responsibility.
Just my two cents.
I love this line:
If the students sought the business of the spammers, they are probably quite well "educated" on what they were doing how wrong it was. I am shocked that they were not thrown out of the dorms entirely!
Seems like Tufts is looking the other way to me!