C) I write my own programme that does what I need.
The thing is, I'm willing to bet that you don't strictly need Oracle, or Websphere. You could get away with Postgres and a bunch of Perl scripts. You got sold closed-source "solutions" when the sad fact is that customising them down to behave the way you want them to really isn't any less effort than customising OSS up would have been. And in the latter case, you would get to keep everything you learned in the process -- and you can share it with the rest of the world. Once a problem has been solved, nobody should ever have to start again from first principles.
I don't really give a flying fuck about the whole "Open Source" hype.
Then you are being extremely short-sighted.
All the bad shit comes from the simple fact of you -- maybe not you personally, but certainly someone acting with your interests at heart -- not having access to the source code. All of it -- from the Trojans that direct you to Sainsburys whenever you look up Tesco, to the botnets that spew out two 419 letters or adverts for counterfeit drugs for every legitimate e-mail, all of it all comes down to one simple fact: users are running code on their boxes that hasn't been properly checked. If there was no such thing as closed-source software -- either because it was illegal, and the laws against it were enforced properly, or because it was physically impossible to conceal source code from users -- then none of this shit would be happening now. Well..... "none" is pushing it some, because it ignores background stupidity which won't go away of its own accord. But it would be a whole load less, at any rate.
As long as you put up with this abuse of your rights -- and you may not even realise that it is an abuse of your rights, so good is the spin the abusers place on it -- you will continue to suffer the Spyware menace; and as likely as not the virus menace and the spam menace too. Sure, you personally may not think you have much use for source code -- not everyone is a programmer, I'm guessing you wouldn't know what to do with it if you had it. But that doesn't mean you shouldn't be fighting for it. Because someday soon, that source code could make a difference to you, or someone you love.
It's not just people who play with matches that need fire extinguishers.
It's not just women who sleep around than need access to abortions.
And it's not just programmers that need access to source code.
If you think I'm taking this way too seriously, then you just aren't taking it seriously enough.
Linux is, to all intents and purposes, Unix. {OK, that's a bit like saying Sainsbury's own-brand cola drink is Coke. It isn't. But they are both brown-coloured sweetened carbonated drinks flavoured with plant extracts. Linux and Unix are both implementations of an ISO standard called POSIX.} The security of Unix is widely known, and has been improving over the years.
Linux is fragmentated. Different distributions have different ideas about where things belong. Distributors analyse packages and patch them slightly, so Apache2 compiled and packaged for Mandrake probably won't run properly on SuSE, even though both use RPM package files. They probably have different library versions and different directory structures. If you want to be sure of something working, the best guarantee is to compile it from source on the target machine; the more similarly-configured the compiling and target machines, the greater the likelihood of success. Spyware as source code would be detected instantly, so it would have to sneak in in binary form -- and then run up against dependency hell. {It doesn't just affect programmes you want to install!}
Linux is based from the ground up on Open Source methodologies. Linux users actually expect to see the source code, as a matter of course. While many distributions provide pre-compiled binary packages, these are more for historical reasons of convenience -- compiling used to be a slow process in the Bad Old Days. But at least one popular distribution eschews binary packages altogether {except for a tiny installation system with a kernel and compiler, which themselves get overwritten over the course of the full install}, favouring "in-house" compilation on the user's own machine.
Linux users are a community. We help one another out. Our developers simply aren't out to stab their own users in the back. Users would never stand for it anyway if they were -- there is a small but significant hard core of us who we would sooner write our own replacement for any bad software than use it.
Linux doesn't pretend not to be hard the way Windows does. It does not tolerate the kind of ignorance that Windows users routinely get away with {almost to the point of claiming ignorance as a virtue}. As a result, Linux users tend to be more clued-up. This is by no means a bad thing. It does you no harm to know what an IP address is, or that you can't install one piece of software without also installing another piece of software. It might even do you some good. People who know how what is under the bonnet of a car do tend to take better care of their cars, after all.
Market share has been shown to be a red herring. Closed Source apologists like to trot it out every so often, but it's quite simply not true that having a majority market share automatically makes you a target. The Open Source Apache web server has twice the market share of the closed-source IIS -- but nothing like twice the frequency of attack. If you're big, and people think you behave like an arsehole, and you get picked on, it might be the arsehole-ness, rather than the size, that motivates people to pick on you!
"Only log in as root to install programs or other admin tasks."
Alternatively, assuming $HOME/bin/ exists and is in your path, start the process with PREFIX=$HOME./configure to install there. You may also need $HOME/lib if you hit dependency issues.
Try to picture an alternate universe where the Unix fragmentation never happened, and Microsoft never happened, so all computers run Unix. Now picture Joe Average, on his shiny new Unix home computer. Let's also imagine that enough sense has been hammered into Joe, that he doesn't run root while reading emails and chatting on IRC. (Ok, big stretch of imagination there;)
Now he's just downloaded this useful little movie ripper app, which incidentally comes bundled with Gator. It's right in the EULA too. And the install program tells Joe "sorry, you need to log in or su as root to install this program."
Take your best guess at what will Joe do next. Well, I'll tell you. He obediently switches user to root to install it. Congrats, you just got trojaned on Unix.
Close, but no cigar.
Someone, somewhere, would have read the source code. Whether it was because they intended to install the software but wanted to know what it did first, or just out of simple Merionesian curiosity, somebody will have looked at it. Not every user has to do this; not even most users have to do this. As in the case of breaking fair-use prevention, just one is all it takes.
And if they saw something they did not like, they would announce it to the world at large, just because there would be no reason not to. And a patch would be created, and everyone would used the patched version.
When you develop your spyware app for Linux, and put it on SourceForge or somewhere similar, or perhaps send it to one of the major distributors, then somebody is going to read the source code, see what it does, and comment out the "offending" sections before compiling it. They will then, in all probability, distribute their own patched version in preference to yours. The tar file will be 4 bytes bigger/* thanks to the presence of two extra multiply and two extra divide signs */ and almost nobody will get spied on.
I can't speak for Mac users; but I get the impression that a lot of Mac software is or used to be closed source shareware or payware, and there is or used to be a sort of "arms race" going on in the Mac community between payware / shareware authors trying to enforce payment on the software they write, and freeloaders trying to avoid paying for the software they use. OSX may well have changed this, with things moving more towards an Open Source way of doing things; I can't really tell, since our office is mainly Linux with a couple of Windoze machines for the Beancounters, just so they can interoperate with Group Head Office.
Power lines were designed for transmitting low frequencies [50Hz] with maximum power throughput -- delays and distortion be damned. A big motor driving a hefty flywheel isn't going to care about THD or SWR, just kilowatts. Furthermore, at that kind of frequency, unshielded cables won't radiate much -- 50Hz mains has a wavelength of 6 megametres. [The Earth's circumference is only 40 megametres.]
Broadband internet uses a high-frequency carrier and expects a transmission line designed for low distortion, and delays that don't vary too much with frequency. It's less critical how much of the energy you put in actually comes out the other end; a scope trace that looks the same shape is what's important. High frequencies need special precautions to avoid losing the signal to radiation; either a shielding braid around the conductor {co-ax, like TV cable}, or a second conductor carrying an antiphase signal in intimate proximity {twisted-pair, like a phone cable}.
Using power lines to carry broadband internet just sounds like using the wrong tool for the job. The scary part is how "almost right" it looks. But, if you use a Phillips screwdriver in a Prodrive recess, you'll end up knackering the screw and the screwdriver.
I think this is a great idea. The French have always been a little bit..... well..... French. Sometimes it's très chic, sometimes it's downright weird, but you've got to admit, our baguette-munching neighbours across the Channel have a certain je ne sais quoi. Combine an MP3 player with a Live Linux distribution? Pourquoi pas? Sooner or later, somebody is bound to have a go at booting it up, and they might well be pleasantly surprised by what they find. {Bear in mind that the French percieve the USA as bullies, who throw their weight around and fight dirty when they can't get their own way; and resent the idea of their tax money going overseas to buy software when an equivalent or superior product is available locally. Although French youth culture may seem to be very American-influenced, the older and wiser generation classes 'pretending to be American' as a self-destructive behaviour practised mainly for shock value.}
And it only costs EUR159, which is about £100. Lovely! I might have to get myself one of these. I mean, I've already got Slax, Knoppix and probably even TomsRTBT lying around somewhere; I have my Palm Tungsten E, which plays ogg vorbis files, not to mention various combinations of lame, oggenc, mpg321, mpg123 and ogg123 on my home and work PCs, and my wonderful Philips DVDR70 which plays MP3s from CD-R. But I haven't got a device which gives me music playback and a live Linux distro in one handy little package!
One thing is stopping me, though. The minute after I've sent off my order for the 256MB version, as sure as eggs are oeufs, they will launch a 512MB version for the same price.
I'll give you that the privatisation of BT did benefit people, for the reason stated in my post above. Most, if not all, of the other privatisations have made things worse not better. Yes, in theory, if something is privatised it means that if X does not happen then somebody gets no dinner on their table that night. In practice, though, it doesn't always work that way.
Why did people buy these shares anyway? To make money on the investment? Capitalism 101.
But the money they made was at the expense of the people who used to own the Nationalised companies, i.e. the rest of the public. If you steal my VCR {cost to you: nil}, then sell it to someone else for less than its true value {but still more than you paid for it}, do you deserve the money they pay you? If they then sell it to a fourth person for a profit, do they deserve the money they get? The point is, the Government were appointed custodians of tha Nationalised industries; their remit was to look after them. By selling them without the consent of the people who appointed them custodians, they have betrayed the people.
that the British blood in your veins... Oooohh, Nationalist and Socialist, nice;)
Well, you're taking me a little out of context. What I meant was that the Nationalised companies belonged to every Briton by sole virtue of their Britishness. I was not implying anything beyond that. Quite where you draw the boundaries is irrelevant, as long as you apply the same rules to everyone within the boundary you draw. I'm not saying there is anything particularly special about being British, as compared to being any other nationality; just that it is the sole qualification for ownership of a stake in a British nationalised industry.
As to the real failures, yes, you've got them about right. The erosion of civil liberties is absolutely frightening. And I don't agree for one instant with means testing of any benefit. It is too expensive, and too prone to abuse, to work out who is entitled to what -- it would be simpler and cheaper to pay a single basic living allowance to every adult, and offset it through income tax {cf. the penny post}.
The original aim of the patent system was actually quite a noble one. An inventor is at a disadvantage compared to an established manufacturing company -- so a compromise is struck, in an attempt to artificially reduce this disadvantage, by offering limited exclusivity to an inventor in exchange for their invention being presented for the benefit of all of society. The "fairness" of the compromise depends upon the duration of the limited exclusivity. If it is too short {in the limiting case, no exclusivity at all} then it leads to a situation where the ones with the money get all the benefit from new inventions. If it is too long {in the limiting case, forever} then it leads to a situation where nobody can invent anything new for fear of infringing upon a prior patent.
So there is evidently a balance to be struck somewhere -- a point where the exclusivity protects good inventors, allowing them to offset their investment before the benefits of their invention are released to everyone, but does not create a climate where innovation is discouraged for fear of infringement.
And some things just should not be patentable anyway. IMHO these include, but are not limited to, chemical formulae, mathematical processes, business methods, and anything which can be shown as the sole means to a particular end {otherwise the patent would effectively cover the end, not just the means}.
I'm also not keen on the idea of allowing the temporary privileges {they are not strictly "rights" in the sense that they are granted artificially, as part of a compromise deal} conferred by a patent or copyright to be permanently transferred. However, I don't see a problem with using so-called "intellectual property" {by which I mean such privileges considered as a desirable commodity} as collateral security for a loan {which could be used to finance development of an invention beyond the prototype; or market a book, recording, movie &c.} -- the lender would have to understand that the privileges are time-limited, but in the case of a genuine innovation with commercial viability this should not be a deterrent. The time limitation would be no different, in practice, from accepting perishable goods as collateral. And of course if the loan is repaid in full before the expiration of exclusivity, then the privilege would be transferred back to the copyright / patent holder.
So what you're saying is, people should not have what they
want?
Depends, really, What if the thing that one person wants stops someone else from having what they want?
Up to the American Civil War, if you lived in the Southern Confederate states, it was legal to own slaves. That meant that in theory, you were more free than in the North where you were not allowed to own slaves. However, any slaves you owned would be less free than you; so the average level of freedom per person -- if you could measure it -- would be less in the Confederate states than the average level of freedom in the Union states.
In the same way, if you take software that used to be Free and make a non-Free version, then you are making its users less Free {because they can no longer inspect and modify it}. While the Free version may well still exist, and still can be modified, history has shown that people tend to become dependent on non-Free software; especially if you distribute it for no cost {i.e. "free as in 'free beer'"}. It's a fact that most people underestimate the importance of access to source code -- until it's too late.
See also Freedom or Power? - it makes the point for me. Essential quote - "A choice of masters is not freedom".
Why would you want to pay millions of dollars to buy a copy of Linux under a BSD-like licence, when there is already an operating system available under a BSD-like licence -- and it costs nothing?!
The 3-clause BSD licence is poisonous, because it allows someone effectively to turn an open-source product into a closed-source one, just by not distributing the source code. {The 2-clause variant allowing source code distribution only is fine for stuff written in interpreted languages -- but makes it inconvenient for stuff written in compiled languages. Although the degree of inconvenience is growing less as processor speeds and drive capacities improve; compiling from source is no longer the drain it once used to be. Nonetheless, ex-Windows bods expect pre-compiled binaries}.
OTOH, if a program is distributed under a 3-clause BSD licence but without source code, you would get a licence to distribute the source code if you could get the source code somehow. And decompilers will soon be a practical reality..... decompilation belongs to the same branch of mathematical problems as shape recognition, and if it's true about modern systems being capable of picking out a face from a still photo in real-time video of a moving crowd, well, you can draw your own conclusions.
The UK's railways have been a problem since the beginning. All they way back to each company using a different track width. Poor service ensured and they were nationalised to sort the crap out..... As the govt couldn't fix it, parts were sold off hoping that private money would come to the rescue.
Couldn't -- or wasn't trying hard enough? Nobody needs more than £100 000 a year to live on, and what a few men are paid -- I shall not dignify it with the verb "earn" -- to kick a bag of wind around a field for ninety minutes, twice a week for eight months a year is obscene. The Government could have raised income tax for the highest earners. Instead, they chose to cut income tax, and public services suffered as a result. They ended up increasing VAT, which is paid by rich and poor alike. Since Blair took power the burden of taxation has continued to shift from the rich to the poor.
It hasn't yet, but given time, it will, but only when the track and stocks are replace.
Unfortunately the train operating companies are so concerned with making a profit for shareholders, they have forgotten exactly what it is they are supposed to be doing, which is moving people from where they are at to where they want to be, swiftly and for a fair price. Some train operating companies are even referring to their passengers as "customers" -- which suggests to me that they don't even really understand what they are selling us. Passenger implies someone over whom you have a duty of care, someone you should endeavour to see reach their destination safely; whereas customer just implies someone who gives you money.
Rude and stupid railway workers are a different issue, and drivers not turning up, and not calling in sick, will also cause problems and delays.
I agree -- these problems were there in the nationalised days. It's unfair to blame privatisation for everything wrong with the railways. However, bureaucracy, centralisation and management control-freakery are working against passengers' best interests.
BT was losing money every year. After privatisation and extensive investments, it makes a lot.
There is a very good reason -- in two parts -- why privatisation worked for the telecomms industry. Firstly, the kind of businesspeople who do nothing but buy and sell shares in other companies absolutely need telephones in order to be able to do their jobs. Secondly, it is technically unfeasible to provide two levels of service on the telephone network; it's simpler and cheaper to give the plebs the same standard of service as the big businesspeople. As a result, the service tends to be run for the benefit of its own users {as opposed to the capitalist model where businesses are run for the benefit of shareholders, and to hell with everybody else; or the state-socialist model where businesses are run for the benefit of the workers, and to hell with everybody else}. Open Source Software also works along this kind of model {all decisions are made for the benefit of its own customers} and this, too, is highly successful.
Perhaps if we passed a law forbidding every worker in the field of Public Transport from owning a car, so that they would be reliant upon the services they provide, then the railways might improve dramatically!
If you want to moan, I suggest you ask your friend Blair why they started selling off the country's BT stock when it was having a net gain?
what about the company that invested in the discovery? Do you believe they should be compensated for the money invested in the discovery process?
NO. I do not believe that anyone deserves automatic compensation for anything they do. The benefits of all human endeavour rightfully belong to all of humanity.
I realize that some people are motivated to innovate for the sake of innovation, but many innovate for the rewards.
We can live without those who are only in it for the money. The fact is, in every field of endeavour, there are people who are in it for the "right" reasons. Even if someone did not throw millions of pounds at a problem just in the hope of earning billions of pounds as a consequence, someone else would be bound to make the same discovery sooner or later {and given the number of demonstrably independent, but almost simultaneous, inventions, I would say sooner rather than later}.
In any case, the traditional model of a patent is absolutely inapplicable to software. The original purpose of a patent was a compromise deal between an inventor and a government {acting as a representative of Society}. The problem was that an inventor might have exhausted their capital developing a working prototype; if they now show this directly to an established manufacturer, the manufacturer might decide to cut the original inventor out of the loop; whereas if they approach a {non-technically-minded} banker hoping to obtain a loan on the strength of the invention, with which to set up their own factory to make it, the banker might not be convinced of its viability. So the Patent Office was set up, to give inventors an official letter precisely describing their invention, and granting them a time-limited monopoly over it. This can be used as proof that the invention works {to obtain financial backing} and as a description of how to make it {to obtain manufacturing services}, but it also specifies a date after which the invention is to be given to society at large for the benefit of everyone. If the invention is a good one, then any loan should have been paid off long before such time.
In the case of software, where the cost of reproduction is essentially nil, the inventor is not prevented by financial constraints from further developing their idea beyond the prototype. So the original need for a patent is absent.
When the UK's railway service was privatised -- which was probably the worst thing that happened to the railways since they were nationalised -- the Government of the day made sure that Virgin received the absolute worst rolling stock and worked the absolute worst routes. This was a deliberate attempt to discredit Richard Branson {who had previously expressed the belief that he could do a better job, and thus had to be taken down a peg or two}. Branson has money, for certain, but seems to realise that it is not the only thing which has intrinsic value.
The Public was conned into believing that privatisation would benefit them in some way, thanks to a series of privatisation initiatives throughout the 1980s in which Thatcher sold us all what we used to already own. Cut-price shares in the likes of BT, British Gas and the artificial companies formed from the breakup of CEGB were targeted towards small investors, who then sold them on to faceless investment banking corporations for a handsome profit. Why did people buy these shares anyway? Thatcher sold the family silver, that is certain, but how could the eventual purchasers live with themselves for being complicit in one of the greatest crimes a government has ever committed against its own citizens? Did you need a piece of paper saying you owned a share in a former Nationalised company? Wasn't it enough to know that the British blood in your veins entitled you to a share in the operations which make up this country's essential infrastructure? Or did you just feel the need to flaunt your superiority over your neighbour because you had shares in company X and they didn't?
If I was transport minister, I would at once re-nationalise the railways; and proceed to raise the money necessary to bring them up to a reasonable specification, by prosecuting everyone who had ever owned so much as even one single share in a privatised railway company, for knowingly dealing in stolen property. And for my next trick I would prosecute the "Labour" party for misrepresenting itself as the People's party {there can be no such thing as a Labour party without Clause Four, "To secure for the producers by hand or by brain the full fruits of their industry, and the most equitable distribution thereof that may be possible, upon the basis of the common ownership of the means of production and the best obtainable system of popular administration and control of each industry and service"}. After seven years of Blair, the nation's wealth is distributed less equitably than when he started, and fox hunting is still legal.
When a program is released under the GPL, it can be implemented on any architecture, not just the one on which it was originally conceived. That's what porting is all about. When you release the source code under the GPL, you are not allowed to restrict what architectures it can be compiled on. If it were technically feasible, you could port Emacs to a ZX81! No doubt someone has actually tried.....
Now, something written for Linux on 80586 should be easy to port to, say, Linux on AMD64; and not too tricky to port to something like Solaris on Sparc or FreeBSD on Power G5. But that's mainly because Linux, Solaris and FreeBSD are all {wannabee?} implementations of the "Portable Operating Systems Interface eXtensions" standard {POSIX}, and there is also the X Windowing System as a fine abstraction layer between software in userland and the graphics hardware. Win32 is, of course, a whole different API -- why obey existing standards when you can set new ones? -- and has precious little in common with POSIX or X. But Microsoft supplies documentation -- albeit slightly flawed documentation, in order that no competitor should ever write a piece of software that might perform better than a similar piece of Microsoft software* -- which could be used in creating a Win32 port of Qt.
And I don't think it's the Win32 API itself that is blocking the release of a GPL version of Qt for Win32, since there is a Win32 port of GCC itself and plenty of other GPL software. Even Emacs. If there were any restriction on the use of the API that ruled out the use of the GPL for any application making use of it, there could never be any such things.
All** it would take is for someone to sit down with the Win32 API documentation and the Qt source code, and re-write the "missing" back end from scratch. If anyone complains, you can wave the GPL at them. It says there, quite clearly, that you're allowed to do it.
* Or so some conspiracy theorists claim. But when you've got it in for somebody, accusing them of paranoia is great cover.
** OK, that's a big "all" -- bloody hard graft, in fact. But it's not as big as, say, reimplementing POSIX from scratch; and getting it not just to the point where you can run X on it {which would have been a pretty formidable acheivement anyway}, but where it's actually the preferred development platform for a project which has twice the market share of Microsoft's competing product within its own sphere. And it brings it neatly back around to the question of "botheredness" again.
Hey, I'm not flaming. I'm just pointing out that the code is there, and everyone is encouraged to use it. I can't see a valid technical reason why it shouldn't be possible to compile Qt under Windows -- indeed, TrollTech have done so themselves, so it must be technically possible -- so I have to assume that the problem lies in some other domain. It would not be a violation of copyright, since the source code is covered by the GPL, so the problem is not a legal one either.
To my mind, this just leaves lack of botheredness as the most probable reason why there has not been a Windows port of Qt.
Now this is going to sound like flaming, but the sad fact is, most of the Windows users I know aren't programmers; they just spend their time ripping off copies of closed-source software, and thinking they're cool or hard or something because of all the money they have "saved" {never minding that there used to be software you could get for [sometimes much] less than £50 that would do most of what Word and Photoshop and all the other commonly-ripped-off stuff do; is saving £450 and staying legit, rather than saving £500 illegally, really that big a deal? Especially when all you're going to do is create a naff document using freaking spaces for alignment, for crying out loud?}. It might simply be that I need to get myself some new friends, but that's the way the world looks from here; Linux users are lighting candles {even if sometimes they'd be a bit underpowered on a birthday cake; and other times they're more like industrial flares, with all the associated eyebrow-singeing potential} while Windows users are bitching about the dark.
I'd actually like to be proved wrong on this one. So why, if it isn't just lack of botheredness, hasn't there been a Windows port of Qt?
British scientists have observed that, although they've largely eliminated acid rain causing pollution from power stations
That's because instead of using coal {which contains sulphur, and consequently emits SO2 -- onion gas -- when burned; though it isn't actually that hard to remove most of the SO2 from coal emissions}, they largely switched to natural gas {which is, as near as damn is to swearing, pure methane; } for electricity generation -- and now there isn't enough gas left under the North Sea for electricity generation and home heating, so British Gas is having to buy in gas from abroad. This has resulted in a gas price hike, and in all probability an electricity price hike will follow.
Does anyone know whether British Gas has a royal charter which states something to the effect that every molecule of CH4 anywhere under the British Isles belongs to them? If that was the case, then it ought to be possible for them to bill landfill operators at the going rate for the methane they have been venting and burning {since by rights it's British Gas's gas, not theirs}. Of course, that would put up the price of landfill, but then if councils actually took recycling seriously, they would be able to raise enough money selling goods for recycling to offset the increase in landfill cost. And some of the stuff that can't be melted down could be burned to produce electricity -- except they tried that once, and "Friends of the Earth" objected on the grounds that (a) they apparently did not know the difference between a power plant and a minging bonfire, and (b) they misunderstood Hess's Law
2) You can only get Free Qt library's for linux, the windows one's are commercial.
This has got to be the second biggest misconception {or downright lie} amongst Qt-bashers {after the idea that Qt is still non-free} and I for one am sick of hearing it. The "free" Qt libraries exist in source code form and are covered by the GPL. There is nothing stopping anyone from porting them to Windows, and the GPL would ensure the code is kept free forever.
Unfortunately, that is the idea behind "trusted" computing. You no longer have full control over your own machine, you can only run applications "trusted" by those controlling the DRM.
That sounds horribly broken. My definition of "trusted" computing is where
the administrator of a computer gets to audit the source code of every piece
of software that they run on their computer, and no program can be run on it
unless the administrator has given their prior approval. I could envisage
this being done by every individual microprocessor having a different
instruction set, for instance.
I am root, and what my computer does is for me alone to decide.
You see, that's the point. There's no point being too clever -- you can use the programming language itself as a sort of "generality-of-purpose abstraction layer". After all, if a language is computationally complete then as a matter of definition, any task you might want to perform can be implemented using that language. There is no shame in writing a program to do just the thing it has to do. It's far better to be able to play one song all the way through from start to finish with no mistakes, than any number of fancy riffs and bits of verses.
Code that you've written once for one specific purpose can be picked apart and made to do something different later if you ever need to -- and you might not. Just keep the thought at the back of your mind that you may need to make something a little more general-purpose, so as to make sure you will be able to do it when the time comes. That will mean intelligent use of comments and choice of variable names. If you're following KISS principles anyway, it should be almost obvious what something is doing.
I once wrote a function to send a MIME-formatted e-mail with exactly two attachments, and did not feel even slightly guilty about it; because that was what it had to do. Sure, later I did need to be able to send three attachments, or just one; but it was much easier to extend something that had already proved itself sending two attachments, than to write something from the outset that could handle an arbitrary number of attachments. The bits that needed to be altered to use loops and arrays stood out much more clearly once I was seeing them hard-coded with separate statements and separate variables.
Extraneous generality of purpose is really just a form of cruft. It just makes your code harder to write {because you have to consider other things beyond the problem you were originally considering} and harder to test {because you have inevitably introduced more ways to break it}.
Oh, come on. If you didn't laugh at that, you'd have to cry. Even if you don't like the subject matter, you've gotta admire the way this just cruised in under the radar.
Or am I the only IT boss who insists to disable JavaScript by default except for the office Intranet {our in-house LAMP [and we use at least two of the possible P's in that acronym] apps use JavaScript a lot for flinging data around between forms and highlighting stuff in tables..... the server can spit out dynamically-generated JavaScript which in turn modifies style sheet properties..... when you want to edit a record from a table, sometimes it's easier to populate the inevitable "add a new record" editing form straight out of the table, highlight the row being edited and put the UID into an invisible <input/> field, rather than fart-arsing about fetching another page and repeating an earlier SQL query just for the editing form} and certain carefully-selected sites?
By the way, if you really want a GMail invite, they are giving them out like confetti at the moment.
The only disadvantage of register_globals is that it allows you to overwrite
session or cookie variables from the query string or, if your attacker is
smart, by modifying post-data. If you turn it on, you just have to remember,
if you want to be sure of where a particular variable came from then you
have to read it from there -- not rely on the automagic variable population.
If you have lots of variables to pick up, and most of them are not
particularly sensitive, then you may as well have register_globals turned
on and just read the sensitive ones directly from $_SESSION or
$_COOKIE.
IMHO though the default order of reading is broken; it would have
made more sense to go get - post - cookie - session, i.e. in descending
order of tamperability, so an addition to the query string could not
overwrite a session variable {which is quite secure as it's held in a
file on the server; the file is identified by a cookie, but there is a
low probability of hitting a valid session file just by guessing.}
Still, you can change this in php.ini or.htaccess if
you so care.
It's not just asp.NET that's affected by bad programming. We use proper computers on our Intranet, not these silly Windows toys. Doesn't mean we're immune to the effects of sloppiness, though. The other day I found an application written by a subordinate of mine, where you could defeat an authentication check by setting a variable in a query string. You could say it's my fault really, for leaving register_globals on; but I find that 90% of the time it's a PITA having it off -- you might just as well be using something old-fashioned like perl if you're going to do that. When you have to read your variables "by hand" you can be sure what order you do 'em in. Sessions - who needs 'em? Just store a filename in a cookie and put the variables in the file, that's exactly how ASP and PHP do it! (Wonders: does having learned to do something the "hard way" first make you less likely to foul up when you come to do the same kind of thing a slightly easier way?) If you're going to be living in a house, you want housey stuff like electricity and plumbing, otherwise you may as well be living in a bender..... if I'm going to be using PHP, I want PHP-like stuff otherwise it may as well be perl, but with far too many unnecessary round brackets {I grew up on British BASIC dialects which were similarly unfussy; SIN theta was as good as SIN (theta) but it saved you two whole precious bytes}.
I'll be having a word with him about it when he gets back. I distinctly remember telling him to be careful where certain variables came from. I haven't checked his code too closely yet, because I've had other things to deal with; but if I find $auth=$_SESSION["auth"] commented out, I just might have to kill him.
Also the ability to whack the hard drive in dissimilar hardware without it complaining about reactivation
Only if you're running stock (or only lightly-modded) kernels. If you're a raging experimentalist and you have compiled a kernel with only the relevant drivers for just the hardware on your motherboard that you actually use, it in all probability won't boot up on any other mobo. A mate of mine once did exactly this and I had to walk around to his flat at 02.15, in the rain, with an old 3 gig hard drive and a copy of TomsRTBT just so he could get back up and running.
Actually, thinking about it, I didn't have to walk around there right then, did I? I should have told him it served him right for not backing up his installation kernel, and he'd have to either wait until a more sensible time, or walk round to mine now before I went back to bed.
That was before they realised where you borrowed the money from.
C) I write my own programme that does what I need.
The thing is, I'm willing to bet that you don't strictly need Oracle, or Websphere. You could get away with Postgres and a bunch of Perl scripts. You got sold closed-source "solutions" when the sad fact is that customising them down to behave the way you want them to really isn't any less effort than customising OSS up would have been. And in the latter case, you would get to keep everything you learned in the process -- and you can share it with the rest of the world. Once a problem has been solved, nobody should ever have to start again from first principles. Then you are being extremely short-sighted.
All the bad shit comes from the simple fact of you -- maybe not you personally, but certainly someone acting with your interests at heart -- not having access to the source code. All of it -- from the Trojans that direct you to Sainsburys whenever you look up Tesco, to the botnets that spew out two 419 letters or adverts for counterfeit drugs for every legitimate e-mail, all of it all comes down to one simple fact: users are running code on their boxes that hasn't been properly checked. If there was no such thing as closed-source software -- either because it was illegal, and the laws against it were enforced properly, or because it was physically impossible to conceal source code from users -- then none of this shit would be happening now. Well
As long as you put up with this abuse of your rights -- and you may not even realise that it is an abuse of your rights, so good is the spin the abusers place on it -- you will continue to suffer the Spyware menace; and as likely as not the virus menace and the spam menace too. Sure, you personally may not think you have much use for source code -- not everyone is a programmer, I'm guessing you wouldn't know what to do with it if you had it. But that doesn't mean you shouldn't be fighting for it. Because someday soon, that source code could make a difference to you, or someone you love.
- It's not just people who play with matches that need fire extinguishers.
- It's not just women who sleep around than need access to abortions.
- And it's not just programmers that need access to source code.
If you think I'm taking this way too seriously, then you just aren't taking it seriously enough.- Linux is, to all intents and purposes, Unix. {OK, that's a bit like saying Sainsbury's own-brand cola drink is Coke. It isn't. But they are both brown-coloured sweetened carbonated drinks flavoured with plant extracts. Linux and Unix are both implementations of an ISO standard called POSIX.} The security of Unix is widely known, and has been improving over the years.
- Linux is fragmentated. Different distributions have different ideas about where things belong. Distributors analyse packages and patch them slightly, so Apache2 compiled and packaged for Mandrake probably won't run properly on SuSE, even though both use RPM package files. They probably have different library versions and different directory structures. If you want to be sure of something working, the best guarantee is to compile it from source on the target machine; the more similarly-configured the compiling and target machines, the greater the likelihood of success. Spyware as source code would be detected instantly, so it would have to sneak in in binary form -- and then run up against dependency hell. {It doesn't just affect programmes you want to install!}
- Linux is based from the ground up on Open Source methodologies. Linux users actually expect to see the source code, as a matter of course. While many distributions provide pre-compiled binary packages, these are more for historical reasons of convenience -- compiling used to be a slow process in the Bad Old Days. But at least one popular distribution eschews binary packages altogether {except for a tiny installation system with a kernel and compiler, which themselves get overwritten over the course of the full install}, favouring "in-house" compilation on the user's own machine.
- Linux users are a community. We help one another out. Our developers simply aren't out to stab their own users in the back. Users would never stand for it anyway if they were -- there is a small but significant hard core of us who we would sooner write our own replacement for any bad software than use it.
- Linux doesn't pretend not to be hard the way Windows does. It does not tolerate the kind of ignorance that Windows users routinely get away with {almost to the point of claiming ignorance as a virtue}. As a result, Linux users tend to be more clued-up. This is by no means a bad thing. It does you no harm to know what an IP address is, or that you can't install one piece of software without also installing another piece of software. It might even do you some good. People who know how what is under the bonnet of a car do tend to take better care of their cars, after all.
Market share has been shown to be a red herring. Closed Source apologists like to trot it out every so often, but it's quite simply not true that having a majority market share automatically makes you a target. The Open Source Apache web server has twice the market share of the closed-source IIS -- but nothing like twice the frequency of attack. If you're big, and people think you behave like an arsehole, and you get picked on, it might be the arsehole-ness, rather than the size, that motivates people to pick on you!Someone, somewhere, would have read the source code. Whether it was because they intended to install the software but wanted to know what it did first, or just out of simple Merionesian curiosity, somebody will have looked at it. Not every user has to do this; not even most users have to do this. As in the case of breaking fair-use prevention, just one is all it takes.
And if they saw something they did not like, they would announce it to the world at large, just because there would be no reason not to. And a patch would be created, and everyone would used the patched version.
When you develop your spyware app for Linux, and put it on SourceForge or somewhere similar, or perhaps send it to one of the major distributors, then somebody is going to read the source code, see what it does, and comment out the "offending" sections before compiling it. They will then, in all probability, distribute their own patched version in preference to yours. The tar file will be 4 bytes bigger /* thanks to the presence of two extra multiply and two extra divide signs */ and almost nobody will get spied on.
I can't speak for Mac users; but I get the impression that a lot of Mac software is or used to be closed source shareware or payware, and there is or used to be a sort of "arms race" going on in the Mac community between payware / shareware authors trying to enforce payment on the software they write, and freeloaders trying to avoid paying for the software they use. OSX may well have changed this, with things moving more towards an Open Source way of doing things; I can't really tell, since our office is mainly Linux with a couple of Windoze machines for the Beancounters, just so they can interoperate with Group Head Office.
Power lines were designed for transmitting low frequencies [50Hz] with maximum power throughput -- delays and distortion be damned. A big motor driving a hefty flywheel isn't going to care about THD or SWR, just kilowatts. Furthermore, at that kind of frequency, unshielded cables won't radiate much -- 50Hz mains has a wavelength of 6 megametres. [The Earth's circumference is only 40 megametres.]
Broadband internet uses a high-frequency carrier and expects a transmission line designed for low distortion, and delays that don't vary too much with frequency. It's less critical how much of the energy you put in actually comes out the other end; a scope trace that looks the same shape is what's important. High frequencies need special precautions to avoid losing the signal to radiation; either a shielding braid around the conductor {co-ax, like TV cable}, or a second conductor carrying an antiphase signal in intimate proximity {twisted-pair, like a phone cable}.
Using power lines to carry broadband internet just sounds like using the wrong tool for the job. The scary part is how "almost right" it looks. But, if you use a Phillips screwdriver in a Prodrive recess, you'll end up knackering the screw and the screwdriver.
I think this is a great idea. The French have always been a little bit ..... well ..... French. Sometimes it's très chic, sometimes it's downright weird, but you've got to admit, our baguette-munching neighbours across the Channel have a certain je ne sais quoi. Combine an MP3 player with a Live Linux distribution? Pourquoi pas? Sooner or later, somebody is bound to have a go at booting it up, and they might well be pleasantly surprised by what they find. {Bear in mind that the French percieve the USA as bullies, who throw their weight around and fight dirty when they can't get their own way; and resent the idea of their tax money going overseas to buy software when an equivalent or superior product is available locally. Although French youth culture may seem to be very American-influenced, the older and wiser generation classes 'pretending to be American' as a self-destructive behaviour practised mainly for shock value.}
And it only costs EUR159, which is about £100. Lovely! I might have to get myself one of these. I mean, I've already got Slax, Knoppix and probably even TomsRTBT lying around somewhere; I have my Palm Tungsten E, which plays ogg vorbis files, not to mention various combinations of lame, oggenc, mpg321, mpg123 and ogg123 on my home and work PCs, and my wonderful Philips DVDR70 which plays MP3s from CD-R. But I haven't got a device which gives me music playback and a live Linux distro in one handy little package!
One thing is stopping me, though. The minute after I've sent off my order for the 256MB version, as sure as eggs are oeufs, they will launch a 512MB version for the same price.
As to the real failures, yes, you've got them about right. The erosion of civil liberties is absolutely frightening. And I don't agree for one instant with means testing of any benefit. It is too expensive, and too prone to abuse, to work out who is entitled to what -- it would be simpler and cheaper to pay a single basic living allowance to every adult, and offset it through income tax {cf. the penny post}.
The original aim of the patent system was actually quite a noble one. An inventor is at a disadvantage compared to an established manufacturing company -- so a compromise is struck, in an attempt to artificially reduce this disadvantage, by offering limited exclusivity to an inventor in exchange for their invention being presented for the benefit of all of society. The "fairness" of the compromise depends upon the duration of the limited exclusivity. If it is too short {in the limiting case, no exclusivity at all} then it leads to a situation where the ones with the money get all the benefit from new inventions. If it is too long {in the limiting case, forever} then it leads to a situation where nobody can invent anything new for fear of infringing upon a prior patent.
So there is evidently a balance to be struck somewhere -- a point where the exclusivity protects good inventors, allowing them to offset their investment before the benefits of their invention are released to everyone, but does not create a climate where innovation is discouraged for fear of infringement.
And some things just should not be patentable anyway. IMHO these include, but are not limited to, chemical formulae, mathematical processes, business methods, and anything which can be shown as the sole means to a particular end {otherwise the patent would effectively cover the end, not just the means}.
I'm also not keen on the idea of allowing the temporary privileges {they are not strictly "rights" in the sense that they are granted artificially, as part of a compromise deal} conferred by a patent or copyright to be permanently transferred. However, I don't see a problem with using so-called "intellectual property" {by which I mean such privileges considered as a desirable commodity} as collateral security for a loan {which could be used to finance development of an invention beyond the prototype; or market a book, recording, movie &c.} -- the lender would have to understand that the privileges are time-limited, but in the case of a genuine innovation with commercial viability this should not be a deterrent. The time limitation would be no different, in practice, from accepting perishable goods as collateral. And of course if the loan is repaid in full before the expiration of exclusivity, then the privilege would be transferred back to the copyright / patent holder.
Up to the American Civil War, if you lived in the Southern Confederate states, it was legal to own slaves. That meant that in theory, you were more free than in the North where you were not allowed to own slaves. However, any slaves you owned would be less free than you; so the average level of freedom per person -- if you could measure it -- would be less in the Confederate states than the average level of freedom in the Union states.
In the same way, if you take software that used to be Free and make a non-Free version, then you are making its users less Free {because they can no longer inspect and modify it}. While the Free version may well still exist, and still can be modified, history has shown that people tend to become dependent on non-Free software; especially if you distribute it for no cost {i.e. "free as in 'free beer'"}. It's a fact that most people underestimate the importance of access to source code -- until it's too late.
See also Freedom or Power? - it makes the point for me. Essential quote - "A choice of masters is not freedom".
Why would you want to pay millions of dollars to buy a copy of Linux under a BSD-like licence, when there is already an operating system available under a BSD-like licence -- and it costs nothing?!
..... decompilation belongs to the same branch of mathematical problems as shape recognition, and if it's true about modern systems being capable of picking out a face from a still photo in real-time video of a moving crowd, well, you can draw your own conclusions.
The 3-clause BSD licence is poisonous, because it allows someone effectively to turn an open-source product into a closed-source one, just by not distributing the source code. {The 2-clause variant allowing source code distribution only is fine for stuff written in interpreted languages -- but makes it inconvenient for stuff written in compiled languages. Although the degree of inconvenience is growing less as processor speeds and drive capacities improve; compiling from source is no longer the drain it once used to be. Nonetheless, ex-Windows bods expect pre-compiled binaries}.
OTOH, if a program is distributed under a 3-clause BSD licence but without source code, you would get a licence to distribute the source code if you could get the source code somehow. And decompilers will soon be a practical reality
Perhaps if we passed a law forbidding every worker in the field of Public Transport from owning a car, so that they would be reliant upon the services they provide, then the railways might improve dramatically! Blair is no friend of mine.
In any case, the traditional model of a patent is absolutely inapplicable to software. The original purpose of a patent was a compromise deal between an inventor and a government {acting as a representative of Society}. The problem was that an inventor might have exhausted their capital developing a working prototype; if they now show this directly to an established manufacturer, the manufacturer might decide to cut the original inventor out of the loop; whereas if they approach a {non-technically-minded} banker hoping to obtain a loan on the strength of the invention, with which to set up their own factory to make it, the banker might not be convinced of its viability. So the Patent Office was set up, to give inventors an official letter precisely describing their invention, and granting them a time-limited monopoly over it. This can be used as proof that the invention works {to obtain financial backing} and as a description of how to make it {to obtain manufacturing services}, but it also specifies a date after which the invention is to be given to society at large for the benefit of everyone. If the invention is a good one, then any loan should have been paid off long before such time.
In the case of software, where the cost of reproduction is essentially nil, the inventor is not prevented by financial constraints from further developing their idea beyond the prototype. So the original need for a patent is absent.
When the UK's railway service was privatised -- which was probably the worst thing that happened to the railways since they were nationalised -- the Government of the day made sure that Virgin received the absolute worst rolling stock and worked the absolute worst routes. This was a deliberate attempt to discredit Richard Branson {who had previously expressed the belief that he could do a better job, and thus had to be taken down a peg or two}. Branson has money, for certain, but seems to realise that it is not the only thing which has intrinsic value.
The Public was conned into believing that privatisation would benefit them in some way, thanks to a series of privatisation initiatives throughout the 1980s in which Thatcher sold us all what we used to already own. Cut-price shares in the likes of BT, British Gas and the artificial companies formed from the breakup of CEGB were targeted towards small investors, who then sold them on to faceless investment banking corporations for a handsome profit. Why did people buy these shares anyway? Thatcher sold the family silver, that is certain, but how could the eventual purchasers live with themselves for being complicit in one of the greatest crimes a government has ever committed against its own citizens? Did you need a piece of paper saying you owned a share in a former Nationalised company? Wasn't it enough to know that the British blood in your veins entitled you to a share in the operations which make up this country's essential infrastructure? Or did you just feel the need to flaunt your superiority over your neighbour because you had shares in company X and they didn't?
If I was transport minister, I would at once re-nationalise the railways; and proceed to raise the money necessary to bring them up to a reasonable specification, by prosecuting everyone who had ever owned so much as even one single share in a privatised railway company, for knowingly dealing in stolen property. And for my next trick I would prosecute the "Labour" party for misrepresenting itself as the People's party {there can be no such thing as a Labour party without Clause Four, "To secure for the producers by hand or by brain the full fruits of their industry, and the most equitable distribution thereof that may be possible, upon the basis of the common ownership of the means of production and the best obtainable system of popular administration and control of each industry and service"}. After seven years of Blair, the nation's wealth is distributed less equitably than when he started, and fox hunting is still legal.
When a program is released under the GPL, it can be implemented on any architecture, not just the one on which it was originally conceived. That's what porting is all about. When you release the source code under the GPL, you are not allowed to restrict what architectures it can be compiled on. If it were technically feasible, you could port Emacs to a ZX81! No doubt someone has actually tried .....
Now, something written for Linux on 80586 should be easy to port to, say, Linux on AMD64; and not too tricky to port to something like Solaris on Sparc or FreeBSD on Power G5. But that's mainly because Linux, Solaris and FreeBSD are all {wannabee?} implementations of the "Portable Operating Systems Interface eXtensions" standard {POSIX}, and there is also the X Windowing System as a fine abstraction layer between software in userland and the graphics hardware. Win32 is, of course, a whole different API -- why obey existing standards when you can set new ones? -- and has precious little in common with POSIX or X. But Microsoft supplies documentation -- albeit slightly flawed documentation, in order that no competitor should ever write a piece of software that might perform better than a similar piece of Microsoft software* -- which could be used in creating a Win32 port of Qt.
And I don't think it's the Win32 API itself that is blocking the release of a GPL version of Qt for Win32, since there is a Win32 port of GCC itself and plenty of other GPL software. Even Emacs. If there were any restriction on the use of the API that ruled out the use of the GPL for any application making use of it, there could never be any such things.
All** it would take is for someone to sit down with the Win32 API documentation and the Qt source code, and re-write the "missing" back end from scratch. If anyone complains, you can wave the GPL at them. It says there, quite clearly, that you're allowed to do it.
* Or so some conspiracy theorists claim. But when you've got it in for somebody, accusing them of paranoia is great cover.
** OK, that's a big "all" -- bloody hard graft, in fact. But it's not as big as, say, reimplementing POSIX from scratch; and getting it not just to the point where you can run X on it {which would have been a pretty formidable acheivement anyway}, but where it's actually the preferred development platform for a project which has twice the market share of Microsoft's competing product within its own sphere. And it brings it neatly back around to the question of "botheredness" again.
Hey, I'm not flaming. I'm just pointing out that the code is there, and everyone is encouraged to use it. I can't see a valid technical reason why it shouldn't be possible to compile Qt under Windows -- indeed, TrollTech have done so themselves, so it must be technically possible -- so I have to assume that the problem lies in some other domain. It would not be a violation of copyright, since the source code is covered by the GPL, so the problem is not a legal one either.
To my mind, this just leaves lack of botheredness as the most probable reason why there has not been a Windows port of Qt.
Now this is going to sound like flaming, but the sad fact is, most of the Windows users I know aren't programmers; they just spend their time ripping off copies of closed-source software, and thinking they're cool or hard or something because of all the money they have "saved" {never minding that there used to be software you could get for [sometimes much] less than £50 that would do most of what Word and Photoshop and all the other commonly-ripped-off stuff do; is saving £450 and staying legit, rather than saving £500 illegally, really that big a deal? Especially when all you're going to do is create a naff document using freaking spaces for alignment, for crying out loud?}. It might simply be that I need to get myself some new friends, but that's the way the world looks from here; Linux users are lighting candles {even if sometimes they'd be a bit underpowered on a birthday cake; and other times they're more like industrial flares, with all the associated eyebrow-singeing potential} while Windows users are bitching about the dark.
I'd actually like to be proved wrong on this one. So why, if it isn't just lack of botheredness, hasn't there been a Windows port of Qt?
Does anyone know whether British Gas has a royal charter which states something to the effect that every molecule of CH4 anywhere under the British Isles belongs to them? If that was the case, then it ought to be possible for them to bill landfill operators at the going rate for the methane they have been venting and burning {since by rights it's British Gas's gas, not theirs}. Of course, that would put up the price of landfill, but then if councils actually took recycling seriously, they would be able to raise enough money selling goods for recycling to offset the increase in landfill cost. And some of the stuff that can't be melted down could be burned to produce electricity -- except they tried that once, and "Friends of the Earth" objected on the grounds that (a) they apparently did not know the difference between a power plant and a minging bonfire, and (b) they misunderstood Hess's Law
I am root, and what my computer does is for me alone to decide.
You see, that's the point. There's no point being too clever -- you can use the programming language itself as a sort of "generality-of-purpose abstraction layer". After all, if a language is computationally complete then as a matter of definition, any task you might want to perform can be implemented using that language. There is no shame in writing a program to do just the thing it has to do. It's far better to be able to play one song all the way through from start to finish with no mistakes, than any number of fancy riffs and bits of verses.
Code that you've written once for one specific purpose can be picked apart and made to do something different later if you ever need to -- and you might not. Just keep the thought at the back of your mind that you may need to make something a little more general-purpose, so as to make sure you will be able to do it when the time comes. That will mean intelligent use of comments and choice of variable names. If you're following KISS principles anyway, it should be almost obvious what something is doing.
I once wrote a function to send a MIME-formatted e-mail with exactly two attachments, and did not feel even slightly guilty about it; because that was what it had to do. Sure, later I did need to be able to send three attachments, or just one; but it was much easier to extend something that had already proved itself sending two attachments, than to write something from the outset that could handle an arbitrary number of attachments. The bits that needed to be altered to use loops and arrays stood out much more clearly once I was seeing them hard-coded with separate statements and separate variables.
Extraneous generality of purpose is really just a form of cruft. It just makes your code harder to write {because you have to consider other things beyond the problem you were originally considering} and harder to test {because you have inevitably introduced more ways to break it}.
Oh, come on. If you didn't laugh at that, you'd have to cry. Even if you don't like the subject matter, you've gotta admire the way this just cruised in under the radar.
..... the server can spit out dynamically-generated JavaScript which in turn modifies style sheet properties ..... when you want to edit a record from a table, sometimes it's easier to populate the inevitable "add a new record" editing form straight out of the table, highlight the row being edited and put the UID into an invisible <input /> field, rather than fart-arsing about fetching another page and repeating an earlier SQL query just for the editing form} and certain carefully-selected sites?
Or am I the only IT boss who insists to disable JavaScript by default except for the office Intranet {our in-house LAMP [and we use at least two of the possible P's in that acronym] apps use JavaScript a lot for flinging data around between forms and highlighting stuff in tables
By the way, if you really want a GMail invite, they are giving them out like confetti at the moment.
The only disadvantage of register_globals is that it allows you to overwrite session or cookie variables from the query string or, if your attacker is smart, by modifying post-data. If you turn it on, you just have to remember, if you want to be sure of where a particular variable came from then you have to read it from there -- not rely on the automagic variable population.
.htaccess if
you so care.
If you have lots of variables to pick up, and most of them are not particularly sensitive, then you may as well have register_globals turned on and just read the sensitive ones directly from $_SESSION or $_COOKIE.
IMHO though the default order of reading is broken; it would have made more sense to go get - post - cookie - session, i.e. in descending order of tamperability, so an addition to the query string could not overwrite a session variable {which is quite secure as it's held in a file on the server; the file is identified by a cookie, but there is a low probability of hitting a valid session file just by guessing.} Still, you can change this in php.ini or
It's not just asp.NET that's affected by bad programming. We use proper computers on our Intranet, not these silly Windows toys. Doesn't mean we're immune to the effects of sloppiness, though. The other day I found an application written by a subordinate of mine, where you could defeat an authentication check by setting a variable in a query string. You could say it's my fault really, for leaving register_globals on; but I find that 90% of the time it's a PITA having it off -- you might just as well be using something old-fashioned like perl if you're going to do that. When you have to read your variables "by hand" you can be sure what order you do 'em in. Sessions - who needs 'em? Just store a filename in a cookie and put the variables in the file, that's exactly how ASP and PHP do it! (Wonders: does having learned to do something the "hard way" first make you less likely to foul up when you come to do the same kind of thing a slightly easier way?) If you're going to be living in a house, you want housey stuff like electricity and plumbing, otherwise you may as well be living in a bender ..... if I'm going to be using PHP, I want PHP-like stuff otherwise it may as well be perl, but with far too many unnecessary round brackets {I grew up on British BASIC dialects which were similarly unfussy; SIN theta was as good as SIN (theta) but it saved you two whole precious bytes}.
I'll be having a word with him about it when he gets back. I distinctly remember telling him to be careful where certain variables came from. I haven't checked his code too closely yet, because I've had other things to deal with; but if I find $auth=$_SESSION["auth"] commented out, I just might have to kill him.
Actually, thinking about it, I didn't have to walk around there right then, did I? I should have told him it served him right for not backing up his installation kernel, and he'd have to either wait until a more sensible time, or walk round to mine now before I went back to bed.