I got into programming through (then Macromedia) Flash. The nice thing about Flash is that you can get immediate, visible results with very little programming; there are various ways to perform many common activities, with varying degrees of programming knowledge required.
For example, you can 'tween' motion by setting keyframes and controlling the easing in the IDE, or you can script the motion using event callbacks and 2D transformations. Once you become comfortable with the IDE approach, you begin to find its limitations, and to understand the utility of a programmatic approach.
ActionScript also has the advantage of having a lot in common with JavaScript, which offers easy entry into another domain where you can achieve a the satisfaction of getting visible, substantial results with just a little effort.
My ActionScript started out crude but grew increasingly ambitious, until I left it in search of greener pastures - and found a range of more powerful languages. These days most of my code is server-side, and a substantial amount of it runs without any visible result (or user interaction) at all - but it was valuable (and encouraging) to me at that early stage to encounter such an expressive, sensory environment to learn in.
well, that i can agree with. And mysql does have a good range of tools - its somewhat harder to find nice query editors etc for those with less penetration.
right. wake me up when these features get a GA release. I know subselects are out in 4.1.xx , and AFAIK the rest are version 5 which is a preview release. Cue telling me how stable mySQL preview releases are...
I'm not disputing it's "quite useful for a whole range of production applications". But given a choice I'll stick with PG.
PostgreSQL probably IS slower, but it's getting faster. Conversely mySQL is horribly feature poor but is getting more feature rich. i don't have a lot of large-scale deployment experience with either, but i suspect it comes down to:
1) if you want performance at the expense of many features, choose mySQL
2) if you want an advanced relational database, and performance is secondary to being able to actually do interesting things with your data, choose PostgreSQL.
And mySQL (at least excluding beta releases) is *very* limited in most ways other than performance.
It's worth noticing that the really influential geeks who write books, develop languages, and have a strong impact on others don't fall into this camp.
Just the (sub) average morons - guys who generally don't have much of a grip on more "technical" items either.
I for one hope some enterprising freedom fighters destroy the USA entirely, before it can further contaminate the actual free world with the next round of infectious pure insanity.
If we can't disassemble corporate personhood, maybe we should disassemble the populace?
Viva la fucking insanity.
You can bend the rails pretty violently if you need to as well, which is what makes the inbuilt 'sensible defaults' a useful starting point rather than an ultimate obstacle.
And the rails source code is written in Ruby, so you can a) read it, and b) fit enough of it on your screen to grok what's going on.
i don't disagreee with anything you just said. That said, why not write a class / widget which:
1) provides a mechanism for authentication, which you can override with your own if desired
2) includes information about the need to store secured files in a private directory, and a configuration file which controls access to the private directory (requiring explicit addition with wildcards)
Yes, as you say, the user will have to "configure it correctly and with knowledge of what he's sharing" - but I would put it to you that knowing what you want to share is more common than understanding all the other implications in coding a secure file streamer - just to use this as an example.
In general I would think the availability of such a repository would increase security even if nobody used it, merely by pointing out the necessity of thinking about security (and the issues at hand) in circumstances where some programmers might otherwise fail to notice the need.
Also, if the group were to lobby the PHP authors themselves to make changes to the core language / libraries as you suggest it could only help matters.
So what do you want? People who don't know how to write secure code are writing *insecure* code with PHP. Should they a) write crap code themselves, or b) use tested and audited code, save themselves some time and get to see how it should be done in the process.
And while there is no 'magic widget' that will fix your whole app, it's definitely possible to create a widget which will handle the login properly (probably where most SQL injection attacks occur), perhaps force a sensible password policy and maybe some code to test for some common security flaws (whether in code or against a live server).
And - WHY can't you create a general purpose secure file streamer? I'm curious... seems to me if you have configuration options for the private folder and a callout to a user defined function to check credentials (ok, so they might need to sorta understand this), it wouldn't be too hard..
Nice.
It'd be good to see an audited set of widgets made available for say, secure database logins and file dissemination which we know to be approved by expert eyes.
I bought a creative Zen 20gb when they first came out.
It was plagued by connectivity dropouts (on various different computers) and the hard drive failed as soon as it was out of warranty.
Their customer service was abominable, and though the sound was good I'm never buying creative again (not even sound cards if i can help it).
I'll make my next mp3 player an iPod.
wow, coming from the slashdot hivemindset, that mirror's "about" page reads like a parody:
http://www.only4gurus.com/v3/about.aspFor many years I've been fighting against people who don't like Microsoft. The main reason not to like Microsoft technologies is lack of knowledge about them.
Microsoft is the most innovative software corporation of the last 20 years, and its compromise with the information technology world has changed the way of looking at the computers at home and at business.
I've been a full time flash developer in the past, and I'm good at it. While I acknowledge the pain and frustration that bad (most) flash can cause (and these days I myself dismiss the majority of "flash sites" because of the barrier between flash and what you might call 'the semantic web' if you liked) you can't dismiss it all out of hand. Some things are better represented in flash than any other format, and while usually I'm at a site for the text, overgeneralisation is just silly.
It seems to be one of those slashdot commonly repeated "mod me up" beliefs that flash is universally bad; while i see plenty of room for criticism of how the media is used, it's often not balanced enough for me to take it seriously or agree.
[that was in reponse to the troll]
I'm just waiting for a 'skip Atrax' button here on slashdot so I don't have to see your annoying whining rants. Loser.
Slashdot Mirror
I can wear my undies for more than a week, and I'm not even an astronaut.
Don't kiss the fat chicks, or you'll catch their fat germs.
I got into programming through (then Macromedia) Flash. The nice thing about Flash is that you can get immediate, visible results with very little programming; there are various ways to perform many common activities, with varying degrees of programming knowledge required.
For example, you can 'tween' motion by setting keyframes and controlling the easing in the IDE, or you can script the motion using event callbacks and 2D transformations. Once you become comfortable with the IDE approach, you begin to find its limitations, and to understand the utility of a programmatic approach.
ActionScript also has the advantage of having a lot in common with JavaScript, which offers easy entry into another domain where you can achieve a the satisfaction of getting visible, substantial results with just a little effort.
My ActionScript started out crude but grew increasingly ambitious, until I left it in search of greener pastures - and found a range of more powerful languages. These days most of my code is server-side, and a substantial amount of it runs without any visible result (or user interaction) at all - but it was valuable (and encouraging) to me at that early stage to encounter such an expressive, sensory environment to learn in.
well, that i can agree with. And mysql does have a good range of tools - its somewhat harder to find nice query editors etc for those with less penetration.
right. wake me up when these features get a GA release. I know subselects are out in 4.1.xx , and AFAIK the rest are version 5 which is a preview release. Cue telling me how stable mySQL preview releases are ...
I'm not disputing it's "quite useful for a whole range of production applications". But given a choice I'll stick with PG.
PostgreSQL probably IS slower, but it's getting faster. Conversely mySQL is horribly feature poor but is getting more feature rich. i don't have a lot of large-scale deployment experience with either, but i suspect it comes down to: 1) if you want performance at the expense of many features, choose mySQL 2) if you want an advanced relational database, and performance is secondary to being able to actually do interesting things with your data, choose PostgreSQL. And mySQL (at least excluding beta releases) is *very* limited in most ways other than performance.
postgreSQL is far less limited -- and very free. use postgreSQL !
It's worth noticing that the really influential geeks who write books, develop languages, and have a strong impact on others don't fall into this camp.
Just the (sub) average morons - guys who generally don't have much of a grip on more "technical" items either.
http://dictionary.reference.com/search?q=irony moron
Nice stategy.
It's almost, but not quite, a fair trade.
For my mum, that is. Sounds pretty fair to the rest of the world.
death to all fanatics.
I for one hope some enterprising freedom fighters destroy the USA entirely, before it can further contaminate the actual free world with the next round of infectious pure insanity. If we can't disassemble corporate personhood, maybe we should disassemble the populace? Viva la fucking insanity.
heaps nice.
You can bend the rails pretty violently if you need to as well, which is what makes the inbuilt 'sensible defaults' a useful starting point rather than an ultimate obstacle.
And the rails source code is written in Ruby, so you can a) read it, and b) fit enough of it on your screen to grok what's going on.
Go buy the book.
i don't disagreee with anything you just said. That said, why not write a class / widget which: 1) provides a mechanism for authentication, which you can override with your own if desired 2) includes information about the need to store secured files in a private directory, and a configuration file which controls access to the private directory (requiring explicit addition with wildcards) Yes, as you say, the user will have to "configure it correctly and with knowledge of what he's sharing" - but I would put it to you that knowing what you want to share is more common than understanding all the other implications in coding a secure file streamer - just to use this as an example. In general I would think the availability of such a repository would increase security even if nobody used it, merely by pointing out the necessity of thinking about security (and the issues at hand) in circumstances where some programmers might otherwise fail to notice the need. Also, if the group were to lobby the PHP authors themselves to make changes to the core language / libraries as you suggest it could only help matters.
So what do you want? People who don't know how to write secure code are writing *insecure* code with PHP. Should they
... seems to me if you have configuration options for the private folder and a callout to a user defined function to check credentials (ok, so they might need to sorta understand this), it wouldn't be too hard ..
a) write crap code themselves, or
b) use tested and audited code, save themselves some time and get to see how it should be done in the process.
And while there is no 'magic widget' that will fix your whole app, it's definitely possible to create a widget which will handle the login properly (probably where most SQL injection attacks occur), perhaps force a sensible password policy and maybe some code to test for some common security flaws (whether in code or against a live server).
And - WHY can't you create a general purpose secure file streamer? I'm curious
Nice. It'd be good to see an audited set of widgets made available for say, secure database logins and file dissemination which we know to be approved by expert eyes.
I bought a creative Zen 20gb when they first came out. It was plagued by connectivity dropouts (on various different computers) and the hard drive failed as soon as it was out of warranty. Their customer service was abominable, and though the sound was good I'm never buying creative again (not even sound cards if i can help it). I'll make my next mp3 player an iPod.
er .. evolute?
evolute
n. Mathematics
The locus of the centers of curvature of a given curve.
___________
riiight.
wow, coming from the slashdot hivemindset, that mirror's "about" page reads like a parody: http://www.only4gurus.com/v3/about.asp For many years I've been fighting against people who don't like Microsoft. The main reason not to like Microsoft technologies is lack of knowledge about them. Microsoft is the most innovative software corporation of the last 20 years, and its compromise with the information technology world has changed the way of looking at the computers at home and at business.
I second the above posters' comments. I haven't had so much as a digital runny nose in all my years of computer use, besides one IE popup festival.
except that you could have that one view for every room in the house ...
and, one word:
laptop.
Yes, but does it ...
oh, right.
I've been a full time flash developer in the past, and I'm good at it. While I acknowledge the pain and frustration that bad (most) flash can cause (and these days I myself dismiss the majority of "flash sites" because of the barrier between flash and what you might call 'the semantic web' if you liked) you can't dismiss it all out of hand. Some things are better represented in flash than any other format, and while usually I'm at a site for the text, overgeneralisation is just silly. It seems to be one of those slashdot commonly repeated "mod me up" beliefs that flash is universally bad; while i see plenty of room for criticism of how the media is used, it's often not balanced enough for me to take it seriously or agree.
[that was in reponse to the troll] I'm just waiting for a 'skip Atrax' button here on slashdot so I don't have to see your annoying whining rants. Loser.
you whingey poof.