In your SIX hour support call, did anyone ask if there were any error messages?
Weird. Usually that's the first thing I ask. And I usually act surprised that users don't mention any error messages on their own without needing to be prompted for them.
While it may be true in this particular case (that Error messages are for the programmers...), it is not true in general.
Bill.Gatez@microsoft.com... : no such user => clearly a message to the user, not the programmer (hint: check that spelling!) Bad login or password => same thing IE6 no longer supported => not the programmer's problem either...
HP had recently made a change to their nework removing the browser ID string when employees were surfing the net. Our product needed that information for some processing.
It would have saved you some aggravation, if, in addition to displaying the message to the user, it would have logged in on the server. That way, you could have figured out what went on without relying on the user.
Why not just display a skull and crossbones image? It'd probably save some time.
Indeed, that'll save lots of time:
User: Help, I get an error message
Support person: What does it say?
User: I dunno. It's just a piraty thingy. Skull & crossbones...
Support person: Well, if you get that, fix the problem
User: But how should I fix it?
Support person: I dunno. Maybe put on an eye-patch, take your sword, and wave it around to scare the problem away. Have a nice day.
Your brown puppy/blue square system works great if there is only a very small number of possible error conditions inventoried in advance. However, this is not what usually happens. Good luck with reproducing Out of memory in/usr/share/wombat/xyz/abc.php line 515 as a pretty picture or as a an extra smelly fart.
Users have already trouble copy-pasting error message text into a mail (or reading it aloud on the phone), so how the hell are they going to do it with a sound or a smell? Well, the sound, they could still record it, and attach the recording to the mail, but you can be sure that the recording will be spoiled by the perp's coworker loudly sneezing or coughing midway through. After all, lusers are not afraid of sending in screenshots of error messages half-hidden by other windows either.
No, I think the problem is not the messages (textual messages should be the easiest to deal with, especially when asking for support via mail), but rather the users. And to fix those, you just need a baseball bat...
If you can afford a penthouse apartment in Manhattan, you're making an awful lot of money for a computer engineer. Where can the rest of us get jobs like yours?
You forget that this particular penthouse is probably lots cheaper than other penthouses in Manhatten because it has a frigging RF antenna directly pointed at the bedroom. Other prospective buyers and the seller are not ignorant of this either, so the price has been adjusted to take this risk into account...
You forget one thing: most of the people aren't using their phone hours on end. However, in this "killer" apartment, you will spend hours on end exposed to the "radiation".
I'd still recommend to buy the apartment. But not for living in it yourself. Instead rent it to the MAFIAA...
Although there might be lots of reasons to use Perl rather than Java (and vice-versa), security against SQL injections is not one of them. Java JDBC has been supporting wildcards (parameters) (using statement.setObject(pos,value);) since day one.
If your code is running at the correct privilege level, SQL injections should be completely irrelevant.
True, if you run your web app at the correct privilige level, there is no way an SQL injection can be used to root the machine.
But it can still be used to corrupt the application itself, which is often more valuable that the system.
Example: a gaming application that wants to store a score per user. Even if the app uses a separate DB user per game user, and even if the DB only allows the user himself to update his score, this would not be good enough, because SQL injection might allow a player to assign himself an arbitrary score of his chosing.
No need to use a persistency library, but there is no excuse to set up queries by concatenating string. Use wildcards instead! All modern databases support them.
executeQuery("update users set score=? where id=?", 95, 113);
There is no way anybody could abuse that.
The only place where concatenating may be accepatble is for variable ordering:
executeQuery("Select * from users order by "+column+(desc ?" desc":""))
And here you better make sure you compare column against the list of valid columns first.
Huh? We aren't talking about military retaliation.
Now we are...
Why would you bring that up?
Because it's about time. Enough about the bullying. Sometimes you do need to pull a Columbine on bullies. And God, have we seen bullying by the US during the last 10 years! Enough already, please leave us alone!
Christ, nuclear power or not France is an ally!
However, why France still wants to be an ally of a Nation which doesn't respect the civil liberties of its own citizens is beyond me. During the cold war, it may have made sense, but no longer now. Ironically, during most of the cold war (since 1966), France was not a member of NATO, and it is only very recently that they decided to join again
Personally, I hope they do stand up to us, just like Germany did regarding Iraq. "No, this is a bad idea!" That's all they have to do.
Indeed. No need to spell everything out explicitly. US diplomats should be intelligent enough to understand that when France says that it is a bad idea, that indeed, then it is indeed a bad idea. Indeed, France has much more convincing arguments here than Germany.
But Google isn't merely a technical intermediary, they are also in a way publishing the material.
Indeed. And they are changing the material uploaded, by re-encoding it as a flash video. So, in a way, they are the author of the videos (produced that content), although obviously, it is still derived from the user's content.
Hopefully, the European Court of Justice judges will see this in a similar way, so that we can finally get rid of flash on YouTube.
Slashdot Mirror
In your SIX hour support call, did anyone ask if there were any error messages?
Weird. Usually that's the first thing I ask. And I usually act surprised that users don't mention any error messages on their own without needing to be prompted for them.
Bill.Gatez@microsoft.com... : no such user => clearly a message to the user, not the programmer (hint: check that spelling!)
Bad login or password => same thing
IE6 no longer supported => not the programmer's problem either...
at that point you either get the screenshot and a log or the user stops using the product. either way support costs goes way down.
... and it will drive your competitor's (client's new supplier) support costs up, as they will now have to deal with the silly screenshots...
HP had recently made a change to their nework removing the browser ID string when employees were surfing the net. Our product needed that information for some processing.
It would have saved you some aggravation, if, in addition to displaying the message to the user, it would have logged in on the server. That way, you could have figured out what went on without relying on the user.
Still doesn't excuse the luser of course.
Why not just display a skull and crossbones image? It'd probably save some time.
Indeed, that'll save lots of time:
User: Help, I get an error message
Support person: What does it say?
User: I dunno. It's just a piraty thingy. Skull & crossbones...
Support person: Well, if you get that, fix the problem
User: But how should I fix it?
Support person: I dunno. Maybe put on an eye-patch, take your sword, and wave it around to scare the problem away. Have a nice day.
Users have already trouble copy-pasting error message text into a mail (or reading it aloud on the phone), so how the hell are they going to do it with a sound or a smell? Well, the sound, they could still record it, and attach the recording to the mail, but you can be sure that the recording will be spoiled by the perp's coworker loudly sneezing or coughing midway through. After all, lusers are not afraid of sending in screenshots of error messages half-hidden by other windows either.
No, I think the problem is not the messages (textual messages should be the easiest to deal with, especially when asking for support via mail), but rather the users. And to fix those, you just need a baseball bat...
If you can afford a penthouse apartment in Manhattan, you're making an awful lot of money for a computer engineer. Where can the rest of us get jobs like yours?
You forget that this particular penthouse is probably lots cheaper than other penthouses in Manhatten because it has a frigging RF antenna directly pointed at the bedroom. Other prospective buyers and the seller are not ignorant of this either, so the price has been adjusted to take this risk into account...
I'd still recommend to buy the apartment. But not for living in it yourself. Instead rent it to the MAFIAA...
Better save it for when the real enemies (the MAFIAA and their cronies) come calling.
And I send a bullet through your head, if you come and attempt to steal my live savings. Get it?
Wow, that bulldozer guy was just so groovy! Too bad he became stuck.
If murder is punished less severly than copyright infringment, that's the logical conclusion to draw.
Oh and what are the early symptoms
I dunno.... an itching dick?
Even tough they have fur on their chest, Koalas are not bears.
... and the Koalas!
Three ways actually.
Although there might be lots of reasons to use Perl rather than Java (and vice-versa), security against SQL injections is not one of them. Java JDBC has been supporting wildcards (parameters) (using statement.setObject(pos,value);) since day one.
If your code is running at the correct privilege level, SQL injections should be completely irrelevant.
True, if you run your web app at the correct privilige level, there is no way an SQL injection can be used to root the machine.
But it can still be used to corrupt the application itself, which is often more valuable that the system.
Example: a gaming application that wants to store a score per user. Even if the app uses a separate DB user per game user, and even if the DB only allows the user himself to update his score, this would not be good enough, because SQL injection might allow a player to assign himself an arbitrary score of his chosing.
No need to use a persistency library, but there is no excuse to set up queries by concatenating string. Use wildcards instead! All modern databases support them. executeQuery("update users set score=? where id=?", 95, 113); There is no way anybody could abuse that. The only place where concatenating may be accepatble is for variable ordering: executeQuery("Select * from users order by "+column+(desc ?" desc":"")) And here you better make sure you compare column against the list of valid columns first.
Huh? We aren't talking about military retaliation.
Now we are...
Why would you bring that up?
Because it's about time. Enough about the bullying. Sometimes you do need to pull a Columbine on bullies. And God, have we seen bullying by the US during the last 10 years! Enough already, please leave us alone!
Christ, nuclear power or not France is an ally!
However, why France still wants to be an ally of a Nation which doesn't respect the civil liberties of its own citizens is beyond me. During the cold war, it may have made sense, but no longer now. Ironically, during most of the cold war (since 1966), France was not a member of NATO, and it is only very recently that they decided to join again
Personally, I hope they do stand up to us, just like Germany did regarding Iraq. "No, this is a bad idea!" That's all they have to do.
Indeed. No need to spell everything out explicitly. US diplomats should be intelligent enough to understand that when France says that it is a bad idea, that indeed, then it is indeed a bad idea. Indeed, France has much more convincing arguments here than Germany.
Because we wouldn't export any more of McDonald's french fries to them?
That would only save them some matches.
Particularly telling is the view that both France and Italy favour greater transparency, but fear U.S. retaliation.
France is a nuclear power, for chrissakes. Why would they need to fear U.S. retaliation?
And as far as Italy is concerned, isn't it quite ironic, that of all countries, it's Italy who is standing up against the MAFIAA?
Landlords have to give 24 hour notice before entering your apartment.
24 hours? That's not much. Imagine you're on holiday, or even just away for the weekend...
But Google isn't merely a technical intermediary, they are also in a way publishing the material.
Indeed. And they are changing the material uploaded, by re-encoding it as a flash video. So, in a way, they are the author of the videos (produced that content), although obviously, it is still derived from the user's content.
Hopefully, the European Court of Justice judges will see this in a similar way, so that we can finally get rid of flash on YouTube.
You sir are a spineless coward who cares only about what the crowd is doing
I know I shouldn't be feeding the trolls... but apparently, you too care about what the crowd is thinking. Or why else did you chose not to log in?