I like that anecdote on page 2 about a cashier having the card owner sign the card in front of her. Reminds me of when I was at my local supermarket and for some reason the Chip+Pin machine rejected my card and I had to give my signature. It'd been so long since I'd signed that I'd not noticed that the signature had faded away to the point that you could tell there used to be something there but couldn't make out what it was. The checkout clerk called a manager and the manager had me re-sign my card and go back to the checkout. Now my card has my signature surrounded by a blurry mess of the previous signature. It looks precisely like someone's rubbed away the old signature and signed again over the top... but no-one's called me on it yet.
On the other hand, we can observe in IE6 and IE7 what happens if you progressively try to shoe-horn the latest tech into a rendering engine designed for HTML 3.2 tag soup. I think the new, CSS-based layout engine was a necessity, not a blunder.
Of course, I don't think they should throw it all away and start again now. What they've got works well even if it is quite messy and buggy; at this point, it's time to refactor and fix the bugs, not throw it all away and start again.
Certainly you should constrain input to valid values, but if quotes are valid then it's not going to do you much good on its own. Validation of user input is primarily for data integrity, not security. Sometimes it helps with security by coincidence, but you can't rely on that.
Precisely what you'd do to conduct an attack depends on your DB access API and the DBMS in use, but let's assume for a moment that we're using an API that allows us to have multiple queries in one call. This would be daft design, but it's true of many. Now imagine that your variable $Zip contains the following:
"12345"); delete from NewContact; --
This ends the insert query, which will presumably complete successfully, and then inserts a completely different query.
Even if your API doesn't allow multiple queries in one call, if your DBMS supports sub-selects inside the values clause an attacker could, for example, select some data from elsewhere in the database into the Firstname field and then access that data by looking up their Firstname field through the app's user interface.
So what would you propose as a solution to that? Not allowing any quotes in any strings?
In the scenario you describe the fault clearly lies with the "trainee down the hall", and the fix should be to his code, not to the code that correctly inserted the data in the first place.
Validation is important, but it's for ensuring data integrity not for security.
I was considering writing something in a similar vein myself some time ago, but didn't have the time to do it all from scratch myself. However, I will take a look at your project and see how much the design has in common with mine. If I "get" your approach, I may well contribute.:)
A few years back I was involved in some tech support for a club night at a local venue that didn't run very frequently and thus didn't have a dedicated staff. They were after a way to play random music videos and other content on a bunch of screens around the venue, and since the venue had a DVD player it was decided that this was the way to go. On the night, the DVD player struggled to read the DVD-R and kept freezing up and needing to be restarted. Consequently we never got more than 45 minutes into the content and kept playing the same stuff over and over -- there were too many other things to do to stand around skipping to the right track.
The next time we did it I suggested that we just use a VHS tape. I hooked my DVD player up to my VCR and recorded all of the content from the DVD to a VHS video. Then I carted my VCR down to the venue on the night and replaced the DVD player with it. It worked like a charm all night, and everyone was too far away from the screens to notice the loss in detail. At one point we had some kind of outage that killed the video (I wasn't around to see what it was) and once power was restored the video just continued playing where it had left off.
I for one enjoy the simplicity of VHS for certain applications. Is there an affordable digital format that has this quality of seamless resuming where it left off?
If I put in front of you a load of rocks and give you permission to smash my rocks in return for a small fee, you can then legally smash those rocks. However, once you've smashed them all into sand and there's nothing left to smash, I don't have to provide you with any more rocks. You've got a licence to smash rocks, but no rocks to smash. Likewise, if your stereo system eats the tape out of your Britney Spears cassette you've got a licence to listen to that album, but you don't have that album. A licence to do something doesn't guarantee the ability to do so.
One thing I've often wished for is a heirarchical window manager. This would be a more general version of MDI where you can make a window that contains any other windows you wish. I often have far too many windows open because each thing I'm working on generally requires a web browser, a terminal, a text editor and perhaps a graphics editor. I'd much rather group these things by task than by application. Why can't I make an MDI window containing a web browser, a terminal and a text editor all at once? And of course, each of those inner windows should itself be able to have child windows, so my millions of source files can all live together in one sub-window.
With a UI like that, task switching would actually be switching tasks... as someone who often gets interrupted by other things while I'm working on a project, I'd love to be able to just spawn a second top-level window (leaving my previous one untouched), do what needs to be done and close it. The task list in my desktop environment would actually be a list of tasks I'm working on, not a list of applications I'm running. Surely someone must have made such a thing? Unfortunately I basically have to use Windows at work, but even under Linux I can't find anything of the sort.
I agree that it's excellent graphic design, but UI design generally relates to the function of the UI rather than its appearance. A good UI is one where I can figure out what I need to do quickly and one that doesn't get in my way when I already know how to use it; it's difficult to have both in practice, so you generally have a compromise between the two. Recently Firefox has been optimising for "discoverability" at the expense of efficiency for experienced users. Microsoft seems to be trying for efficiency for experienced users with the tactic of optimising the UI for common cases, but whether they've succeeded or not remains to be seen.
What if I depend on BSD-licenced library C and then suddenly that library is re-licenced under the GPL. I'm not distributing Library C with my app, so it's up to the user which version he uses. Now in what situations does the GPL apply to my app? If I'm only supplying binaries and I build against a shared library version of the BSD-licenced version, what happens when the user uses it with a shared library built from the GPLed version?
Clearly the flaw with all these sites is that they are all gated communities which don't play nicely together. When one starts to wane, you must (if you want to carry on taking part) register on another and re-enter everything. You are also at the mercy of whatever your service provider wants to give you, which basically means the set of features that "those damn kids" want.
Why has no-one yet come up with a good way to do this stuff in a decentralized manner? It doesn't really seem like a very complicated premise: you need a standard way to express information about yourself and your relationships with other people (FOAF?), you need a way to authenticate yourself to others (OpenID?) and then -- and this is the hard part, I think -- you need services built on that infrastructure that can do things like searching for people, finding single people looking for dates, browsing people by interest and stuff like that. In order to bootstrap things, you also need a bunch of easy-to-use services that act like these gated community sites to help users understand what's going on as they make the switch.
I think a decentralized approach would be -- as in most cases -- far better for everyone except the owners of those gated communities.
An interesting thing about those unofficial distributions of IE is just how long they take to start up. It just goes to show how much IE benefits from having most of its core DLLs already loaded by the shell. I wonder if they've had to work around this in Vista now that Internet Explorer and the shell are (apparently) completely separate again.
The thing that amuses me most is that they've actually gone to great effort to implement these artificial restrictions, so really the limited versions should cost more than the versions without these limitations: the cost of production was clearly higher.
You seem to be correct. I remember it persisting in an earlier version, but my install of the latest version also empties the closed window list on exit.
I had that problem myself at one point, including the mysterious "33%" thing. I guess that something special happens at 33% that causes it to hang. It turned out in the end that I'd somehow ended up with a local updates server (WSUS or SUS) configured and it was hanging trying to connect. I can't remember the registry settings off the top of my head, but I'm sure you could find them on various websites if you think this might be your problem.
It would be nice if they would at least provide guaranteed stable APIs for doing certain common things, such as adding new toolbar buttons, hooking HTML DOM events or whatever. Sure, some Extensions need to get down and dirty with Mozilla's innards, but most of them are doing relatively simple and common things for which there could easily be a stable API.
Even though the API might be "generally stable" right now, it's quite off-putting to me as a developer that they make no guarantees about the stability of any parts of the framework, and that anything I write will have a guaranteed expiry date unless I someone makes a re-release for each new version of the browser.
By default, Opera will prompt on startup for whether you want to "continue from last time" or "start with no tabs". You can have it remember this choice and not prompt you again, if you wish. However, it'll still remember what you had open because when Opera detects that it was shut down in a less-than-clean fashion (i.e. it crashed) it'll pop up that startup dialog anyway, in a gesture of "I'm sorry I crashed; I'll try my best to put you back where you were."
If you're worried about people seeing your porn habits, you should probably be more worried about the "Tab trashcan" which lets you re-open tabs that you've closed recently. The history on that will grow until the menu fills the screen.
There's no real reason why open source necessarily has to lead to loss of jobs. It just requires a change in business model. Rather than hoarding the fruits of a developer's labour, you release the source but then offer to make bespoke improvements to that software for a fee. Some of those improvements may well get rolled back into the open source product. Other people can also contribute to the software on their own terms, so everyone competes on their merits as a developer rather than on who wrote the code first. Once someone's paid for something to be added, it benefits everyone.
It's all a bit hippie-ish, I'll admit, but open source only puts at risk the current "hide the source" software development model, not software development jobs in general.
In my case, I used my land line phone rarely, and when I did use it it was nothing that couldn't wait a few hours. I have my mobile phone as a backup should I need to make a call RIGHT NOW. While it's true that I might not be able to dial emergency services in an emergency, I also might not even be in my house in an emergency. I'm willing to take the (very slim) chance that both my IP phone service and my mobile phone service might be -- for whatever reason -- both out at the same time as I accidentally cut off my arm with a hedge trimmer, or whatever.
Indeed. At my (relatively small) company we attempted to go down the "single sign-on" route as a solution to the plethora of passwords. We quickly discovered that this isn't a magic bullet: as a company that does IT support for other companies, we have accounts on a lot of systems that aren't our own, and thus won't integrate with our directory service. In some cases, we are issued a password and offered no ability to change it. There's also our off-site hosting servers which, since they aren't in the office, can't reliably authenticate against the directory.
These alien accounts were, for ages, getting stored in clear text in the company's CRM system. This seemed really distasteful to me, so eventually I just rolled a simple password storage system myself. It's not brilliant, but it's certainly better than what it replaced: each account is associated with a "master password", and that password is used as a key to encrypt the account details. There are multiple master passwords, in an attempt to limit what each person has access to; we only issue a particular master password to those users that need access to the information it protects. Everyone still knows the one master password, which is a flaw in the system, but it's certainly better than storing them in Excel spreadsheets, Post-it notes, or in the CRM system in clear text.
One thing I would like to add is individual access control per-user rather than the shared passwords, especially since we've recently let go a disgruntled employee and changing all of the passwords was laborious. However, I've not yet figured out the best way to approach the problem of encrypting it so that the right people can decrypt it but the wrong people cannot, in a way that allows us to simply revoke one person's access without affecting everyone else.
I seem to remember also that if you alt+click somewhere, as you would to go into "zoom the camera about" mode, it fixes your avatar's gaze on that point, regardless of what you do with the mouse, until you move or click somewhere else.
Slashdot Mirror
I like that anecdote on page 2 about a cashier having the card owner sign the card in front of her. Reminds me of when I was at my local supermarket and for some reason the Chip+Pin machine rejected my card and I had to give my signature. It'd been so long since I'd signed that I'd not noticed that the signature had faded away to the point that you could tell there used to be something there but couldn't make out what it was. The checkout clerk called a manager and the manager had me re-sign my card and go back to the checkout. Now my card has my signature surrounded by a blurry mess of the previous signature. It looks precisely like someone's rubbed away the old signature and signed again over the top... but no-one's called me on it yet.
You are free to think what you like, and everyone else is free to think you are an asshole.
On the other hand, we can observe in IE6 and IE7 what happens if you progressively try to shoe-horn the latest tech into a rendering engine designed for HTML 3.2 tag soup. I think the new, CSS-based layout engine was a necessity, not a blunder.
Of course, I don't think they should throw it all away and start again now. What they've got works well even if it is quite messy and buggy; at this point, it's time to refactor and fix the bugs, not throw it all away and start again.
Certainly you should constrain input to valid values, but if quotes are valid then it's not going to do you much good on its own. Validation of user input is primarily for data integrity, not security. Sometimes it helps with security by coincidence, but you can't rely on that.
Precisely what you'd do to conduct an attack depends on your DB access API and the DBMS in use, but let's assume for a moment that we're using an API that allows us to have multiple queries in one call. This would be daft design, but it's true of many. Now imagine that your variable $Zip contains the following:
This ends the insert query, which will presumably complete successfully, and then inserts a completely different query.
Even if your API doesn't allow multiple queries in one call, if your DBMS supports sub-selects inside the values clause an attacker could, for example, select some data from elsewhere in the database into the Firstname field and then access that data by looking up their Firstname field through the app's user interface.
So what would you propose as a solution to that? Not allowing any quotes in any strings?
In the scenario you describe the fault clearly lies with the "trainee down the hall", and the fix should be to his code, not to the code that correctly inserted the data in the first place.
Validation is important, but it's for ensuring data integrity not for security.
I was considering writing something in a similar vein myself some time ago, but didn't have the time to do it all from scratch myself. However, I will take a look at your project and see how much the design has in common with mine. If I "get" your approach, I may well contribute. :)
A few years back I was involved in some tech support for a club night at a local venue that didn't run very frequently and thus didn't have a dedicated staff. They were after a way to play random music videos and other content on a bunch of screens around the venue, and since the venue had a DVD player it was decided that this was the way to go. On the night, the DVD player struggled to read the DVD-R and kept freezing up and needing to be restarted. Consequently we never got more than 45 minutes into the content and kept playing the same stuff over and over -- there were too many other things to do to stand around skipping to the right track.
The next time we did it I suggested that we just use a VHS tape. I hooked my DVD player up to my VCR and recorded all of the content from the DVD to a VHS video. Then I carted my VCR down to the venue on the night and replaced the DVD player with it. It worked like a charm all night, and everyone was too far away from the screens to notice the loss in detail. At one point we had some kind of outage that killed the video (I wasn't around to see what it was) and once power was restored the video just continued playing where it had left off.
I for one enjoy the simplicity of VHS for certain applications. Is there an affordable digital format that has this quality of seamless resuming where it left off?
If I put in front of you a load of rocks and give you permission to smash my rocks in return for a small fee, you can then legally smash those rocks. However, once you've smashed them all into sand and there's nothing left to smash, I don't have to provide you with any more rocks. You've got a licence to smash rocks, but no rocks to smash. Likewise, if your stereo system eats the tape out of your Britney Spears cassette you've got a licence to listen to that album, but you don't have that album. A licence to do something doesn't guarantee the ability to do so.
One thing I've often wished for is a heirarchical window manager. This would be a more general version of MDI where you can make a window that contains any other windows you wish. I often have far too many windows open because each thing I'm working on generally requires a web browser, a terminal, a text editor and perhaps a graphics editor. I'd much rather group these things by task than by application. Why can't I make an MDI window containing a web browser, a terminal and a text editor all at once? And of course, each of those inner windows should itself be able to have child windows, so my millions of source files can all live together in one sub-window.
With a UI like that, task switching would actually be switching tasks... as someone who often gets interrupted by other things while I'm working on a project, I'd love to be able to just spawn a second top-level window (leaving my previous one untouched), do what needs to be done and close it. The task list in my desktop environment would actually be a list of tasks I'm working on, not a list of applications I'm running. Surely someone must have made such a thing? Unfortunately I basically have to use Windows at work, but even under Linux I can't find anything of the sort.
And in Perl, (which everyone seems to think that was; could easily be PHP!) '==' is not the same as 'eq'.
I agree that it's excellent graphic design, but UI design generally relates to the function of the UI rather than its appearance. A good UI is one where I can figure out what I need to do quickly and one that doesn't get in my way when I already know how to use it; it's difficult to have both in practice, so you generally have a compromise between the two. Recently Firefox has been optimising for "discoverability" at the expense of efficiency for experienced users. Microsoft seems to be trying for efficiency for experienced users with the tactic of optimising the UI for common cases, but whether they've succeeded or not remains to be seen.
What if I depend on BSD-licenced library C and then suddenly that library is re-licenced under the GPL. I'm not distributing Library C with my app, so it's up to the user which version he uses. Now in what situations does the GPL apply to my app? If I'm only supplying binaries and I build against a shared library version of the BSD-licenced version, what happens when the user uses it with a shared library built from the GPLed version?
In Excel, right click on any toolbar and enable the "Drawing" toolbar. Click the Circle. Drag over a bit of your document.
Why is is even possible to draw circles in a spreadsheet app!?
Clearly the flaw with all these sites is that they are all gated communities which don't play nicely together. When one starts to wane, you must (if you want to carry on taking part) register on another and re-enter everything. You are also at the mercy of whatever your service provider wants to give you, which basically means the set of features that "those damn kids" want.
Why has no-one yet come up with a good way to do this stuff in a decentralized manner? It doesn't really seem like a very complicated premise: you need a standard way to express information about yourself and your relationships with other people (FOAF?), you need a way to authenticate yourself to others (OpenID?) and then -- and this is the hard part, I think -- you need services built on that infrastructure that can do things like searching for people, finding single people looking for dates, browsing people by interest and stuff like that. In order to bootstrap things, you also need a bunch of easy-to-use services that act like these gated community sites to help users understand what's going on as they make the switch.
I think a decentralized approach would be -- as in most cases -- far better for everyone except the owners of those gated communities.
An interesting thing about those unofficial distributions of IE is just how long they take to start up. It just goes to show how much IE benefits from having most of its core DLLs already loaded by the shell. I wonder if they've had to work around this in Vista now that Internet Explorer and the shell are (apparently) completely separate again.
The thing that amuses me most is that they've actually gone to great effort to implement these artificial restrictions, so really the limited versions should cost more than the versions without these limitations: the cost of production was clearly higher.
You seem to be correct. I remember it persisting in an earlier version, but my install of the latest version also empties the closed window list on exit.
I had that problem myself at one point, including the mysterious "33%" thing. I guess that something special happens at 33% that causes it to hang. It turned out in the end that I'd somehow ended up with a local updates server (WSUS or SUS) configured and it was hanging trying to connect. I can't remember the registry settings off the top of my head, but I'm sure you could find them on various websites if you think this might be your problem.
It would be nice if they would at least provide guaranteed stable APIs for doing certain common things, such as adding new toolbar buttons, hooking HTML DOM events or whatever. Sure, some Extensions need to get down and dirty with Mozilla's innards, but most of them are doing relatively simple and common things for which there could easily be a stable API.
Even though the API might be "generally stable" right now, it's quite off-putting to me as a developer that they make no guarantees about the stability of any parts of the framework, and that anything I write will have a guaranteed expiry date unless I someone makes a re-release for each new version of the browser.
By default, Opera will prompt on startup for whether you want to "continue from last time" or "start with no tabs". You can have it remember this choice and not prompt you again, if you wish. However, it'll still remember what you had open because when Opera detects that it was shut down in a less-than-clean fashion (i.e. it crashed) it'll pop up that startup dialog anyway, in a gesture of "I'm sorry I crashed; I'll try my best to put you back where you were."
If you're worried about people seeing your porn habits, you should probably be more worried about the "Tab trashcan" which lets you re-open tabs that you've closed recently. The history on that will grow until the menu fills the screen.
There's no real reason why open source necessarily has to lead to loss of jobs. It just requires a change in business model. Rather than hoarding the fruits of a developer's labour, you release the source but then offer to make bespoke improvements to that software for a fee. Some of those improvements may well get rolled back into the open source product. Other people can also contribute to the software on their own terms, so everyone competes on their merits as a developer rather than on who wrote the code first. Once someone's paid for something to be added, it benefits everyone.
It's all a bit hippie-ish, I'll admit, but open source only puts at risk the current "hide the source" software development model, not software development jobs in general.
In my case, I used my land line phone rarely, and when I did use it it was nothing that couldn't wait a few hours. I have my mobile phone as a backup should I need to make a call RIGHT NOW. While it's true that I might not be able to dial emergency services in an emergency, I also might not even be in my house in an emergency. I'm willing to take the (very slim) chance that both my IP phone service and my mobile phone service might be -- for whatever reason -- both out at the same time as I accidentally cut off my arm with a hedge trimmer, or whatever.
Indeed. At my (relatively small) company we attempted to go down the "single sign-on" route as a solution to the plethora of passwords. We quickly discovered that this isn't a magic bullet: as a company that does IT support for other companies, we have accounts on a lot of systems that aren't our own, and thus won't integrate with our directory service. In some cases, we are issued a password and offered no ability to change it. There's also our off-site hosting servers which, since they aren't in the office, can't reliably authenticate against the directory.
These alien accounts were, for ages, getting stored in clear text in the company's CRM system. This seemed really distasteful to me, so eventually I just rolled a simple password storage system myself. It's not brilliant, but it's certainly better than what it replaced: each account is associated with a "master password", and that password is used as a key to encrypt the account details. There are multiple master passwords, in an attempt to limit what each person has access to; we only issue a particular master password to those users that need access to the information it protects. Everyone still knows the one master password, which is a flaw in the system, but it's certainly better than storing them in Excel spreadsheets, Post-it notes, or in the CRM system in clear text.
One thing I would like to add is individual access control per-user rather than the shared passwords, especially since we've recently let go a disgruntled employee and changing all of the passwords was laborious. However, I've not yet figured out the best way to approach the problem of encrypting it so that the right people can decrypt it but the wrong people cannot, in a way that allows us to simply revoke one person's access without affecting everyone else.
I seem to remember also that if you alt+click somewhere, as you would to go into "zoom the camera about" mode, it fixes your avatar's gaze on that point, regardless of what you do with the mouse, until you move or click somewhere else.