Do Not Trust the Client. Do Not Trust the Client. Anything sent to the client then returned is suspect. Anything provided by the client is doubly suspect. Regexps and validation are your friend. Do Not Trust the Client.
Oh, and it's also always useful to remember:
There is no such thing as a "hidden" HTML field.
CSS and Javascript are not security layers, they are presentation layers. Using presentation for security is like hanging a sign on a door saying "please don't open this door" instead of locking it.
Assume the user can see every single byte your server sends out (yes, even the HTTP headers), and remember "the user" also includes any in-between server, router or proxy-owners.
Paranoia is the only appropriate mindset for web application developers. Given the sheer number of crackers, hax0rz, viruses, trojans and automated scripts on the net, everyone really is out to get you.
"At will" means at your own discretion, not "easily" or "without effort".
Kind of like how back in the day infantrymen were sometimes ordered to "fire at will" - this means they could choose their own targets and choose when to fire, not that the guns didn't have stiff triggers.
On the one side of the debate were anti-mercantilists, Jeffersonian Republicans and artisans who believed variously that corporations were monopolistic in nature; that they the accumulation of vast quantities of capital in private hands characteristic of the corporate form was inconsistent with the civic virtues of a democratic republic exemplified in the American Revolution and would undermine democratic republicanism; and that corporations could be used to dominate markets, driving down the cost of production and thereby reducing demand for artisinal goods.
So, in other words, we saw it coming a mile off and still went for it.
All book-learnin' and no experience makes you flexible for the future, but practically useless for the first year or more of professional work. This means companies have to pick up the slack and train you to do a job once you've already been educated. Companies don't like this and students resent the fact they've spent X years learning and must now spend X more years training, but it gives the best results (and the best engineers) overall.
All training and no education is a recipe for disaster - you learn one job well, one "best practice" or technological innovation comes along and your entire skill-set is obsolete. In addition, because you've never been "taught how to learn" (which any decent education should teach you) you have a much harder time picking up again and getting up to speed with the new system/role/requirements/techniques.
Training gives specialists, and education gives generalists. Generalists are more flexible, but take time to become useful without oversight, whereas specialists are good at one thing but can quickly become useless or obsolete.
Given the only place you're really generally "educated" is in college/university, and pretty much all learning you'll get in the corporate world is tightly-focused training for specific jobs or skills, I'm in favour of university remaining mostly[1] "education" - it's pretty much the only place (aside from self-teaching, which requires the right student and teacher) where you still get educated these days.
Ideally, universities should provide education, turning out well-rounded generalists who can turn their hands to anything (and importantly, have had exposure to lots of different things so they already have some idea what they like doing). They should then be employed by companies who train them for the first year or so (possibly under some sort of mentor program) to do the job the company wants.
Companies, obviously, don't like this idea. They'd rather universities churned out generations of specialist, pre-trained drones they can plug into their structure without having to invest a day of training in them. This seems like a great plan, but it's the classic business-mindset shortsightedness - if your industry, methods, processes or techniques change (and they always do, especially in engineering and doubly so in computing/IT), you're swapping some small up-front convenience for a lot more headaches down the line.
Still, training expenses and lost man-days show up on management reports, and "time wasted because our developer doesn't know enough to follow good database design procedures" doesn't.
Graduates often don't like it because university hasn't prepared them for what companies are after - they're virgin developers filled up with neural networking theories and cutting-edge design methodologies, and all business really wants is someone with three years' experience to debug all the ratty VBA applications the secretaries in HR are now running the company on.
Pressure from industry (and graduates who feel like they've spent three years at university all for nothing) means universities are starting to become more training-oriented and less educational. Companies applaud this because they overestimate the inconvenience of on-the-job training and miss the indirect but massive benefits of having a well-rounded workforce.
Given universities are the last official bodies covering theory rather than practice and giving education rather than training, I think this is a bad thing.
If FF starts eating IE7's lunch as well, that's awesome.
However, I don't think it's long enough since IE7 was pushed to all users to get a good read on it yet. Techie types will have already downloaded, tried it and switched or stayed. Novice users will take a few weeks (maybe even months for the trend to become clear) before they get pissed off enough to switch, or before a friend introduces them to alternatives again.
If a machine is used to connect to the internet and it has IE6 on it, IE is a risk, end of story.
Even if you only use Outlook to browse mail, some versions of Outlook use the IE engine to display HTML-formatted e-mails, and that opens them up to exploitation.
Don't get me wrong, you can use IE6 for years, and as long as you generally keep patched up-to-date, stick only to reputable sites, and those reputable sites also don't get cracked/compromised, you may never catch anything nasty. However, you will be at risk, sometimes even when running the very latest patched version (MS has improved its turnaround time on patches for exploits, but it's still too long in some cases).
Now IE7's out, at some point in the future MS will stop releasing patches for IE6. At this point IE6 will be open to any further security holes, and these won't ever be fixed by MS.
Of course, the same goes for Firefox, Safari or any browser, but IE is the worst of the bunch. It has often a more lax security fixing regime, ActiveX support (possibly the most boneheaded and ridiculous security-flaw-by-design ever), and it's so tightly integrated into lots of other apps that you're often not even aware when you're using it (so you're more exposed than you realise).
In short, there's no reason to upgrade to IE7 apart from the reasons there always are to keep up with the latest version of an app. Oh, and the fact it's even least half-way to being a standards compliant web-browser (only took MS ten years or so).
First off, "Given that there are no inherent disparities in aptitude between men and women, why aren't as many women appearing in engineering positions?" is begging the question, in the precise and proper sense of the phrase. It's a question which has preconceptions embedded within it which bias the answers you're likely to receive.
How ever proved there's no differences between men and women? So how is it that men are overwhelmingly more likely to develop Aspergers, hyperconcentration, monomania and are generally better at things like "shape and space handling" and abstraction? These things have been indicated by countless studies.[1]
Where's the support for your assertion there's no difference?
Secondly, the article doesn't really ask this question at all - the author poses it right at the beginning, quickly decides it's because "women don't really want to be engineers", then sets about sketching out half-arsed and ill-thought-out "solutions" revolving around persuading people who don't really want the job to do it... all without actually bothering to actually explain why it's a problem in the first place.
Yeah, I've been raised in the modern-day west, and yeah, I've also learned to fight the little guy's corner and automatically perceive any imbalance as indication of unfairness and exclusion. However, I also know that unless I can elucidate why an imbalance is "unfair", and who it's unfair to, it's probably just my culturally-inculcated rules of thumb hitting an edge case and throwing an exception.
To reiterate. Can someone explain how a lack of women in engineering, caused by women with every opportunity just not being interested in engineering is a problem? Or how it can be fixed by encouraging people who don't really give a shit about it to take up the profession?
[1] Of course women are also better at various other aspects of cognition - social interaction, empathy, multitasking, etc. It's just that those skills aren't as useful in the context of logical, abstract, complex, procedural single tasks like programming.
"Bush won the election despite massive opposition efforts to sabotage the win, including election fraud, attempts to keep overseas military from voting and to contest the election. It's the height of stupidity to think that republicans were the ones screwing up the votes in those democrat controlled counties."
Actually, there was evidence of fraud on both sides, but if you read the literature (instead of just Fox News, or whatever) you'd see that there was massively more evidence in favour of Republican fixing than Democrat. Two of the three electronic voting machine companies had strong links to (and actually contributed money to) the Republican party. The CEO of one was quoted as saying he had "pledged to deliver Florida's votes to the Republican party" or similar. A programmer who worked on the Diebold machines implicated in the 2000 and 2004 election frauds has testified in front of congress that he was approached by a Republican senator to try to write software that would alter vote tallies undetectably. He did so on the understanding that this would be used to help spot people using similar software, and was somewhat surprised when, after giving copies of the binaries and source code to the senator, he heard nothing about it ever again. Hundreds of different exit polls for the election night in 2004 called a large win for Kerry, and proved massively "wrong" by the largest margin in recorded history. There was a marked correlation between the counties that used Diebold and ES&S machines and those where "surprising" results gave a win to Bush in 2000... need I go on?
It's been proven mathematically that Bush didn't win the popular vote in 2004 - even ignoring the possibility of vote-tampering, he only won the election as an artifact of the retarded "electoral college" system.
This is all common knowledge. Read around a bit and then we'll talk, mmkay?
"As for bush's reasons, it was the democrats who hyped the WMD reasons."
Errrm, no. That's why Bush's ratings and the Republican party's ratings have been in free-fall ever since the war, and not the Democratic Party's.
"The invaision was justified primarily by failure to comply with the UN directives and didn't need a WMD excuse. "
Man, your grasp of international politics is worryingly incomplete for someone with such a firm opinion on it.
UN resolution-breaking didn't justify invasion between 1991 and 2003, so why would it suddenly be fine in 2003?
Why did the Bush administration hype the fabricated WMD and terrorist threats so much otherwise? If (as you've maintained all along) Democrats were arguing against the war, why would they provide additional excuses for it? Your position isn't even internally-consistent, let alone consistent with known history...
"However, since sadam had been providing 'rewards' for the families of suicide bombers for years and had attempted dialog with al queda and others, it's obvious there were growing ties."
Bullshit. Already-discredited right-wing horse-pucky. Show me a single reputable source that hasn't subsequently been debunked half-way to Baghdad and back, and then we'll talk.
Speaking of which, I can't help noticing you haven't provided a single source for anything you've said yet.
Can you either provide some sources to back up your unsubstantiated opinion or just admit it's baseless heresay?
"Attempting to take over the middle east oil reserves obviously posed no threat to the US or the civilized world. Neither did sadam's first attempt at a nuclear weapon. We can presume his super canon designed by Dr. Bull was merely for show and that his biowarfare program was targeted only at Semites."
Right. And that was a great justification to go to war when it all hapepend around 1991 or so. Remember? The USA went to war with Iraq and so did everyone else? So how does causing trouble in 1991 justify getting invaded in 2003? You'll have to prov
And, though I hate to be cynical... do we even know these are actually valid allegations?
Hmmm, no evidence, sources or names offered in support... I mean, sure Kim Jong Il's a dangerous madman, but that doesn't necessarily mean he's got Chemo-Biological Weapons.
I mean, Bush and Saddam were both power-hungry madmen, and in spite of all the rhetoric we know now that only the winning madman ever actually had WMDs, right?
It's kind of depressing these days that when you read about some small country in the arse-end of nowhere run by a nutter researching WMDs, the first thought is:
"Well yeah, we know the Neocons are itching to go after someone else now. Iran's old hat and public opinion's already against it before they could even started, and Syria's playing ball more now. North Korea's pretty much the only high-profile Axis of Evil member left, and it's tiny and nobody gives a shit about them because KJI's self-evidently insane anyway.
Now, NK's isolationist, so there's no likelihood of an invasion to provoke us, and the terrorist angle won't really fly after Iraq either. NK's already got nukes, so a nuclear weapons program won't work as a reason. Pretty much the only thing left that's useful as an excuse to go to war is CBWs... and here's a story about NK's secret, hush-hush, here's-why-you've-never-heard-about-it-before CBW infrastructure.
Hmmm."
And only the second one is: "Man, if he has them I hope we take them away quick".
But seriously - can we either have an article with sources apart from vague and unaccountable "intelligence sources believe" or always-truthful "defectors say", or just write this kind of mush off as yet more misinformation, known falsehood and agenda-laden misrepresentation that the USA and UK governments now routinely spew to get the proles on-side for the next war?
I for one am sick of having to first work out if news is misinformation put out by my own government, or a genuine story that I should pay attention to.
"First off, you assume I like bush and am a republican. In fact, neither is the case. I swallowed nothing hook line and sensor because my views are based on my own observations."
Apologies. But if it walks like a duck, quacks like a duck and so obviously passionately believes you're either with the ducks or against them... it's an easy mistake to make.
"The fact that the opposition party has chosen to play politics with a war violates the historical situation which dictated that domestic politics ended at the waters edge."
Well, I think it's more that a president of questionable legitimacy secured an unhealthy stranglehold over all three branches of government, then used this lack of opposition to take the country on a war of invasion against someone who posed no threat to the country, for since-provably trumped-up charges.
The whole "domestic politics ends at the water's edge" is generally when you're faced with... oh, I dunno... a serious and clear threat to your country, sovereignty, way of life... pretty much any threat at all, really. You know - how when you're actually under any serious threat at all you band together to fight off the attacker, then settle the differences between you later.
Politely and impotently questioning the legitimacy of a war which basically consists of wading in and beating up the military equivalent of a bunch of toddlers doesn't really constitute "clear and present danger", at least in my book.
Or do you really also buy that line about Saddam helping t3h T3Rr0Ri5ts!1!1!11!?
"I grew tired long ago of the brainless bush bashers parroting the bs from leftists in the mainstream media."
What, is this the same mainstream media that's the laughing-stock of the world for it's obsequious fawning bend-over-backwards-for-the-Whitehouse complete lack of journalistic independence?
That mainstream media?
"Bush has severe problems though probably not as much widespread as carter or clinton or bush 1 for that matter but very bad never the less."
Unfortunately analysis quickly demonstrated beyond a shadow of a doubt that it was old remains, from around the time of Gulf War I, when Saddam was known to be pursuing WMDs... and that there was no evidence at all that Saddam had been pursuing CBN WMDs after this date.
"I don't know why I've never seen that fretting reporter all worried about the people stealing those barrel in any repeats or best of programming."
Probably because it was a non-story. Those deposits were already known about, and had been since Gulf War I. No conspiracy, just insufficient research on your part.
Think about it - if Saddam really had WMDs, or was even researching them, do you really think the media would have been able to suppress the Bush Administration from crowing about them? It would at least part-validate the entire Iraq war.
The media would have to have a stranglehold over the country more powerful than the Republicans had to suppress all mention of that. And in the previous direct confrontations between the two, it was generally the media having stories spiked, journalists indicted and pressure applied... not the Whitehouse.
"That doesn't mean it came from Niger but we do know that sadam was attempting for a second time to develop a bomb - Pollard is
"First off, the suggested liklihood was more probable to be a domestic political party rather than a foreign one as you attempted to present."
Yes, I know. I ignored that bit because it was fucking ridiculous. In a democracy people are allowed to disagree with their leaders, and even support other parties. That does not make them "infiltrators" any more than it makes the citizens who agree with the leaders "rulers".
You're trying to equate people who are loyal to America and tasked with defending it with people who (even violently) oppose it.
Not everyone who supports the democrat is a pinko lefty christmas-destroying homosexual commie athiest who wants to smash the USA to pieces and divide up the remains between Castro, Chavez and "t3h terr0ri5ts!!!11!one!".
In a democracy it should be allowed to support the opposition party and not immediately be labelled a traitor. The country and the ruler are not the same thing. One can be loyal to the country without agreeing with everything the ruler does.
I know I'm repeating a lot here, but you seem to have swallowed the "America=Bush=Republican, Democrat=Commie=Terrorists!!!!!" line to a degree that's either laughable or terrifying.
"Second, it's obvious that there is some - consider the valarie plame incident where a democrat political operative was sent on a sensitive mission and then used the supposed conclusions for political ammunition. This happened. It's not supposition."
No, it's a blatant misrepresentation of the facts.
Joseph Wilson was a high-ranking diplomat during the Bush (Senior)'s administration. He was trusted as a diplomat to a number of other countries. He was not "an (implied democrat) political operative" - he was merely the guy who Bush's father sent to find things out.
Before the "outing" of his wife, he was sent to Niger to find out if Iraq was trying to buy contraband material. His (and the CIA's) conclusion was that they were not.
When Bush (junior) knowingly misrepresented the very evidence that Wilson had been sent to assess, to push his administration's highly questionable agenda, Wilson piped up and pointed out that actually what Bush was saying was already known to all concerned to be bullshit.
As they have before with other high-ranking critics, the Bush administration then snapped into full-blown character-assassination mode and alleged the entire Niger trip had been a junket, committing treason and outing a still-undercover CIA operative in the process.
Wilson wasn't sent with a political aim in mind, and the job was completed and conclusions offered long before Bush declared war on Iraq. Irrespective of his political leanings, thanks to his inside knowledge of the affair Wilson noticed Bush was intentionally spreading misinformation and propaganda, and publically called him on it.
You can try to paint that as a pre-emptive political action all you like, but the mud simply ain't sticking.
And even, hypothetically, had Wilson been sent all along as a scary anti-American Democrat-inspired anti-Bush propaganda move... how would this then make it ok for Bush to have lied, cheated and spread misinformation and propaganda to start an unnecessary war?
You can posture and wave your cheerleading pom-poms all you like, but it doesn't negate the fact that Bush was caught barefaced lying to the American people, and baselessly accusing the guy who pointed it out of minor indiscretions doesn't change that.
"The NYT submitted an article for publication to the CIA review board. Parts were blacked out, and the CIA claims this came after one positive review by their board. While this may at first seem to incriminate the administration, in and of itself it does no such thing."
The guy worked for the CIA, not the NSA or the Whitehouse. The article he wrote did not deal extensively with ongoing non-CIA matters, but with the Bush administration's public actions and their (public) effects.
While hardly conclusive, given we aren't allowed to know what was being written about in the redacted portions, and given the CIA had already approved the material for release, and given the Whitehouse and Bush administration's penchant for using "National Security" as a get-out-of-jail-free card to restrict non-sensitive information that they nevertheless find inconvenient or embarrassing, it's a pretty strong circumstantial case.
"The NYT, after recieving the edited article, printed the government's version. Here is where I become a bit skeptical of the NYT's intentions (although the fact that the NYT is as far left as Fox news is right perhaps should have tipped me off earlier). The NYT doesn't exactly have a long and distinguished history of printing only things the government wants."
Indeed not. But to print information the Whitehouse has censored, ostensibly for "national security" reasons, moves them from the realm of "nonviolent resistance" to "premeditated treason".
If you don't appreciate the difference, try demonstrating ouside of a "free speech zone" near a political rally, and when the police ask you to move don't just take photos of them - instead, kill the cop who asked you to move. This should demostrate the difference between "resisting within the (unjust) law" and "breaking the law" nicely.
"Hell, they just sent several of their reporters to jail for printing classified information (well, failing to reveal the source thereof, but essentially the same)."
Wow - way to misread a situation. The reporters got themselves sent to jail - the NYT didn't do squat. In most newspapers the editorial team don't even know who the journalists' sources are. Would you like to try commenting on... oh, I dunno... something you know the first thing about instead?
"Now that might make them less likely to print classified material in the future, but if this material was classified, then the "censoring" was valid, and the attacks on the Bush administration have no basis. If the material was not, in fact, classified, then the NYT is at fault for not printing it."
Or, you know, the information was embarrassing to the administration but perfectly safe to release, but the Whitehouse abused its position to classify it. The NYT, not wanting to be done for treason, couldn't print the redacted portions but instead did the most it could get away with and printed the edited article to embarrass the Whitehouse for their heavy-handed and unjustified abuse of power.
Not saying this is the last word in the matter, but it makes at least as much sense as your ill-considered and ill-supported conspiracy theory.
Because everyone knows posting sarcastic, unsupported but emphatic statements of your own personal belief as if they were fact is the way to convince anyone with half a brain, right?
And FWIW, my personal belief is that "self-awareness" is just recursion - a kind of natural feedback loop that may be exhibited as emergent behaviour in certain complex system. If you're positing something metaphysical or supernatural about it, you'd better have some pretty good evidence in favour of your position (extraordinary claims, and all that) or you're just another unreasoning slogan-shouting religious zombie.
"A double agent is going to be acting on behalf of their real alliegence rather than for the CIA."
Of course, any conscientious CIA operative will be acting on behalf of the USA, not any faction within it. Interestingly, however, the Republican party (in particular, the neocon component currently running it) have a better and more documented history of subverting the machinery of your democracy for their own ends than any foreign or other-domestic party or group.
"As for whether or not the cia censor is acting under a personal agenda,"
Do you really think the approval process for releasing state secrets is so fatally flawed that one single disgruntled employee can cause the approved, public release of state secrets from the CIA?
Are you taking the piss?
"I have no particular opinion but I've made the observation that some things are getting out which probably shouldn't."
No, faced with the obvious conclusion that your party has been abusing its position of authority to suppress and censor non-classified information that may be embarrassing to it, you have immediately, baselessly and ridiculously made the supposition that an entity as huge and beaurocratic as the CIA allowed a cockup of enormous portions to happen, which was only averted by swift and decisive action by the group you support... neatly turning them from insecure wannabe-fascist fuckwits into saviour-of-your-democracy super-heroes.
I understand the urge to assume "your team" is perfect and anything which contradicts this worldview is automatically wrong, incomplete or biased information, but try to see that for what it is, ok? A knee-jerk reaction comfort belief - nothing more.
"Considering that the cia and the state department seem to occaisionally act on their own agenda rather than that of the duly elected government, it's apparent that something isn't right down at foggy bottom."
How about the fact that your "duly elected government" seems to have been acting on its own agenda rather than that of the opinion of the population of the entire country they supposedly represent? Or the fact that they've repeatedly ignored, overruled or frozen out the very people they pay to be experts because said experts keep injecting inconvenient realistic details into their nice, warm comfortable fantasty world.
Agh, I give up. Some people couldn't have their minds changed with a fucking sledgehammer.
"Sorta makes you wonder whether the person clearing stuff at the CIA is a loyal employee of that organization or a double agent working for some opposition political party or perhaps even a foreign entity."
No. No it doesn't. Not at all.
Because nothing that presents a clear and present danger to the security of the United States of america could be recommended for disclosure by a single rogue operative in the CIA. Don't forget - the CIA analysis of the material was completed, and the CIA (read: the entire organisation) found nothing to object to.
Unless the entire CIA is completely infiltrated by agents of a foreign power, this organisation-level approval of secret meterial couldn't happen.
And frankly if the entire CIA was infiltrated, the Bush administration would have significantly greater and more visible problems on its hands than a single ex-operative talking frankly.
Are you serious? I'm beginning to suspect I'm being trolled...
"The Bush administration has never done this with anyone. Least of all Joe Wilson."
Boy, what newspapers have you been reading?
"Or is the "false ad hominem attack" that his wife worked for the CIA?"
No. The fallacious ad-hominem attack was that his wife had used her CIA connections to arrange a nice little junket for her husband. This was later found to be untrue (his wife didn't arrange it, and Joe Wilson was perfectly qualified to undertake the duty), but that got rather lost in the whole "Holy fuck, the Whitehouse just deliberately outed an undercover CIA operative on a personal grudge" thing.
The CIA already cleared the material for public consumption.
The Whitehouse spiked the article.
The Whitehouse gave no reason, but since the CIA had no problem with it we can assume it had nothing to do with current operations or national security (that is, after all, the CIA's job, right?)
The Whitehouse has a clear and well-known history of attempting to "manage" information and spin leaks just to make itself look good (ok, "less worse"), and isn't above bending, breaking or redefining the rules to do so.
Oh, and FWIW? When your own leaders start breaking the rules of your law, it's still illegal, it's still wrong, and they should be brought to justice.
The NYTimes should be lauded for protecting your freedom, not vilified because they made your team look bad. Stop cheerleading, put down the fucking pom-poms and think.
Oh, and the only leader who doesn't have to worry about breaking laws is a despot. Surely you don't think Bush is a despot, do you? And you wouldn't... be in favour of it if he was... would you?
Right. And if you'd bothered to read TFA at all, you'd know that the CIA already cleared the article for publication, and the Whitehouse spiked it after that.
Jesus - is a little link-clicky and article-browsey too much to ask before mouth-openey and irrelevant-horseshit-spewy?
Apples and oranges certainly are comparable, within a particular context, just as Mono and Java can be compared within a particular context. For example, if I am seeking a way to prevent scurvy on long ocean voyages, I can compare apples and oranges and reach a clear conclusion about which is best.
Agreed. No argument here.
Mono and Java are probably comparable in many contexts. I have no basis for declaring a winner since in the context where I use Java (mobile phones that come with J2ME), the two are not comparable.
As in, "this is blindingly obvious, but the canonical example which everyone has already heard and understands (irrespective of the fact it's technically wrong) is this...".
And yes, ultimately everything is "comparable". Hell, I can compare oral sex to the colour aquamarine, in that they both cause sensory impressions in the form of qualia in my consciousness and I prefer the qualia associated with oral sex, but that doesn't tell you anything useful whatsoever.
One could argue that comparing Mono and.NET is like comparing an apple with another apple that's designed to be utterly indistinguishable from the first apple. Again, there's a comparison, but it's largely useless.
Java and.NET, however, allows for enough similarities to make an interesting comparison, without being attempts to produce exactly the same result. Apples and different-tasting apples, maybe.
And (for tradition's sake) your car analogy was flawed.;-p
Slashdot Mirror
Web Developers' Mantra:
Do Not Trust the Client.
Do Not Trust the Client.
Anything sent to the client then returned is suspect.
Anything provided by the client is doubly suspect.
Regexps and validation are your friend.
Do Not Trust the Client.
Oh, and it's also always useful to remember:
There is no such thing as a "hidden" HTML field.
CSS and Javascript are not security layers, they are presentation layers. Using presentation for security is like hanging a sign on a door saying "please don't open this door" instead of locking it.
Assume the user can see every single byte your server sends out (yes, even the HTTP headers), and remember "the user" also includes any in-between server, router or proxy-owners.
Paranoia is the only appropriate mindset for web application developers. Given the sheer number of crackers, hax0rz, viruses, trojans and automated scripts on the net, everyone really is out to get you.
Act accordingly.
We clearly need to work harder on our new users.
"At will" means at your own discretion, not "easily" or "without effort".
Kind of like how back in the day infantrymen were sometimes ordered to "fire at will" - this means they could choose their own targets and choose when to fire, not that the guns didn't have stiff triggers.
Tsk.
So, in other words, we saw it coming a mile off and still went for it.
Yay democracy!
Exactly.
All book-learnin' and no experience makes you flexible for the future, but practically useless for the first year or more of professional work. This means companies have to pick up the slack and train you to do a job once you've already been educated. Companies don't like this and students resent the fact they've spent X years learning and must now spend X more years training, but it gives the best results (and the best engineers) overall.
All training and no education is a recipe for disaster - you learn one job well, one "best practice" or technological innovation comes along and your entire skill-set is obsolete. In addition, because you've never been "taught how to learn" (which any decent education should teach you) you have a much harder time picking up again and getting up to speed with the new system/role/requirements/techniques.
Training gives specialists, and education gives generalists. Generalists are more flexible, but take time to become useful without oversight, whereas specialists are good at one thing but can quickly become useless or obsolete.
Given the only place you're really generally "educated" is in college/university, and pretty much all learning you'll get in the corporate world is tightly-focused training for specific jobs or skills, I'm in favour of university remaining mostly[1] "education" - it's pretty much the only place (aside from self-teaching, which requires the right student and teacher) where you still get educated these days.
Ideally, universities should provide education, turning out well-rounded generalists who can turn their hands to anything (and importantly, have had exposure to lots of different things so they already have some idea what they like doing). They should then be employed by companies who train them for the first year or so (possibly under some sort of mentor program) to do the job the company wants.
Companies, obviously, don't like this idea. They'd rather universities churned out generations of specialist, pre-trained drones they can plug into their structure without having to invest a day of training in them. This seems like a great plan, but it's the classic business-mindset shortsightedness - if your industry, methods, processes or techniques change (and they always do, especially in engineering and doubly so in computing/IT), you're swapping some small up-front convenience for a lot more headaches down the line.
Still, training expenses and lost man-days show up on management reports, and "time wasted because our developer doesn't know enough to follow good database design procedures" doesn't.
Graduates often don't like it because university hasn't prepared them for what companies are after - they're virgin developers filled up with neural networking theories and cutting-edge design methodologies, and all business really wants is someone with three years' experience to debug all the ratty VBA applications the secretaries in HR are now running the company on.
Pressure from industry (and graduates who feel like they've spent three years at university all for nothing) means universities are starting to become more training-oriented and less educational. Companies applaud this because they overestimate the inconvenience of on-the-job training and miss the indirect but massive benefits of having a well-rounded workforce.
Given universities are the last official bodies covering theory rather than practice and giving education rather than training, I think this is a bad thing.
"Sir - it's a Beige Alert!"
"If I don't make it, tell my wife... 'Hello'."
See the great-GP post.
;-)
I kid, I kid...
Fair point.
FF is still eating IE6's lunch, which is good.
If FF starts eating IE7's lunch as well, that's awesome.
However, I don't think it's long enough since IE7 was pushed to all users to get a good read on it yet. Techie types will have already downloaded, tried it and switched or stayed. Novice users will take a few weeks (maybe even months for the trend to become clear) before they get pissed off enough to switch, or before a friend introduces them to alternatives again.
If a machine is used to connect to the internet and it has IE6 on it, IE is a risk, end of story.
;-)
Even if you only use Outlook to browse mail, some versions of Outlook use the IE engine to display HTML-formatted e-mails, and that opens them up to exploitation.
Don't get me wrong, you can use IE6 for years, and as long as you generally keep patched up-to-date, stick only to reputable sites, and those reputable sites also don't get cracked/compromised, you may never catch anything nasty. However, you will be at risk, sometimes even when running the very latest patched version (MS has improved its turnaround time on patches for exploits, but it's still too long in some cases).
Now IE7's out, at some point in the future MS will stop releasing patches for IE6. At this point IE6 will be open to any further security holes, and these won't ever be fixed by MS.
Of course, the same goes for Firefox, Safari or any browser, but IE is the worst of the bunch. It has often a more lax security fixing regime, ActiveX support (possibly the most boneheaded and ridiculous security-flaw-by-design ever), and it's so tightly integrated into lots of other apps that you're often not even aware when you're using it (so you're more exposed than you realise).
In short, there's no reason to upgrade to IE7 apart from the reasons there always are to keep up with the latest version of an app. Oh, and the fact it's even least half-way to being a standards compliant web-browser (only took MS ten years or so).
HTH
Horseshit.
First off, "Given that there are no inherent disparities in aptitude between men and women, why aren't as many women appearing in engineering positions?" is begging the question, in the precise and proper sense of the phrase. It's a question which has preconceptions embedded within it which bias the answers you're likely to receive.
How ever proved there's no differences between men and women? So how is it that men are overwhelmingly more likely to develop Aspergers, hyperconcentration, monomania and are generally better at things like "shape and space handling" and abstraction? These things have been indicated by countless studies.[1]
Where's the support for your assertion there's no difference?
Secondly, the article doesn't really ask this question at all - the author poses it right at the beginning, quickly decides it's because "women don't really want to be engineers", then sets about sketching out half-arsed and ill-thought-out "solutions" revolving around persuading people who don't really want the job to do it... all without actually bothering to actually explain why it's a problem in the first place.
Yeah, I've been raised in the modern-day west, and yeah, I've also learned to fight the little guy's corner and automatically perceive any imbalance as indication of unfairness and exclusion. However, I also know that unless I can elucidate why an imbalance is "unfair", and who it's unfair to, it's probably just my culturally-inculcated rules of thumb hitting an edge case and throwing an exception.
To reiterate. Can someone explain how a lack of women in engineering, caused by women with every opportunity just not being interested in engineering is a problem? Or how it can be fixed by encouraging people who don't really give a shit about it to take up the profession?
[1] Of course women are also better at various other aspects of cognition - social interaction, empathy, multitasking, etc. It's just that those skills aren't as useful in the context of logical, abstract, complex, procedural single tasks like programming.
Errrrm, not quite.
The article shows that, yes, people who use IE6 are now upgrading to IE7. However, it also shows that the Firefox adoption trend hasn't wavered.
In other words, people are switching from IE6 to IE7, but not from Firefox to IE7.
The story isn't that people are upgrading from IE6 to IE7 - as you point out, that's pretty much a given.
The story is that people aren't "upgrading" from Firefox 2 to IE7.
In other words, MS's attempt at a Firefox-killer is provably failing miserably in its aim, and Firefox continues to go from strength to strength.
"Bush won the election despite massive opposition efforts to sabotage the win, including election fraud, attempts to keep overseas military from voting and to contest the election. It's the height of stupidity to think that republicans were the ones screwing up the votes in those democrat controlled counties."
Actually, there was evidence of fraud on both sides, but if you read the literature (instead of just Fox News, or whatever) you'd see that there was massively more evidence in favour of Republican fixing than Democrat. Two of the three electronic voting machine companies had strong links to (and actually contributed money to) the Republican party. The CEO of one was quoted as saying he had "pledged to deliver Florida's votes to the Republican party" or similar. A programmer who worked on the Diebold machines implicated in the 2000 and 2004 election frauds has testified in front of congress that he was approached by a Republican senator to try to write software that would alter vote tallies undetectably. He did so on the understanding that this would be used to help spot people using similar software, and was somewhat surprised when, after giving copies of the binaries and source code to the senator, he heard nothing about it ever again. Hundreds of different exit polls for the election night in 2004 called a large win for Kerry, and proved massively "wrong" by the largest margin in recorded history. There was a marked correlation between the counties that used Diebold and ES&S machines and those where "surprising" results gave a win to Bush in 2000... need I go on?
It's been proven mathematically that Bush didn't win the popular vote in 2004 - even ignoring the possibility of vote-tampering, he only won the election as an artifact of the retarded "electoral college" system.
This is all common knowledge. Read around a bit and then we'll talk, mmkay?
"As for bush's reasons, it was the democrats who hyped the WMD reasons."
Errrm, no. That's why Bush's ratings and the Republican party's ratings have been in free-fall ever since the war, and not the Democratic Party's.
"The invaision was justified primarily by failure to comply with the UN directives and didn't need a WMD excuse. "
Man, your grasp of international politics is worryingly incomplete for someone with such a firm opinion on it.
UN resolution-breaking didn't justify invasion between 1991 and 2003, so why would it suddenly be fine in 2003?
Why did the Bush administration hype the fabricated WMD and terrorist threats so much otherwise? If (as you've maintained all along) Democrats were arguing against the war, why would they provide additional excuses for it? Your position isn't even internally-consistent, let alone consistent with known history...
"However, since sadam had been providing 'rewards' for the families of suicide bombers for years and had attempted dialog with al queda and others, it's obvious there were growing ties."
Bullshit. Already-discredited right-wing horse-pucky. Show me a single reputable source that hasn't subsequently been debunked half-way to Baghdad and back, and then we'll talk.
Speaking of which, I can't help noticing you haven't provided a single source for anything you've said yet.
Can you either provide some sources to back up your unsubstantiated opinion or just admit it's baseless heresay?
"Attempting to take over the middle east oil reserves obviously posed no threat to the US or the civilized world. Neither did sadam's first attempt at a nuclear weapon. We can presume his super canon designed by Dr. Bull was merely for show and that his biowarfare program was targeted only at Semites."
Right. And that was a great justification to go to war when it all hapepend around 1991 or so. Remember? The USA went to war with Iraq and so did everyone else? So how does causing trouble in 1991 justify getting invaded in 2003? You'll have to prov
And, though I hate to be cynical... do we even know these are actually valid allegations?
Hmmm, no evidence, sources or names offered in support... I mean, sure Kim Jong Il's a dangerous madman, but that doesn't necessarily mean he's got Chemo-Biological Weapons.
I mean, Bush and Saddam were both power-hungry madmen, and in spite of all the rhetoric we know now that only the winning madman ever actually had WMDs, right?
It's kind of depressing these days that when you read about some small country in the arse-end of nowhere run by a nutter researching WMDs, the first thought is:
"Well yeah, we know the Neocons are itching to go after someone else now. Iran's old hat and public opinion's already against it before they could even started, and Syria's playing ball more now. North Korea's pretty much the only high-profile Axis of Evil member left, and it's tiny and nobody gives a shit about them because KJI's self-evidently insane anyway.
Now, NK's isolationist, so there's no likelihood of an invasion to provoke us, and the terrorist angle won't really fly after Iraq either. NK's already got nukes, so a nuclear weapons program won't work as a reason. Pretty much the only thing left that's useful as an excuse to go to war is CBWs... and here's a story about NK's secret, hush-hush, here's-why-you've-never-heard-about-it-before CBW infrastructure.
Hmmm."
And only the second one is: "Man, if he has them I hope we take them away quick".
But seriously - can we either have an article with sources apart from vague and unaccountable "intelligence sources believe" or always-truthful "defectors say", or just write this kind of mush off as yet more misinformation, known falsehood and agenda-laden misrepresentation that the USA and UK governments now routinely spew to get the proles on-side for the next war?
I for one am sick of having to first work out if news is misinformation put out by my own government, or a genuine story that I should pay attention to.
This is not how a democracy should work.
"First off, you assume I like bush and am a republican. In fact, neither is the case. I swallowed nothing hook line and sensor because my views are based on my own observations."
Apologies. But if it walks like a duck, quacks like a duck and so obviously passionately believes you're either with the ducks or against them... it's an easy mistake to make.
"The fact that the opposition party has chosen to play politics with a war violates the historical situation which dictated that domestic politics ended at the waters edge."
Well, I think it's more that a president of questionable legitimacy secured an unhealthy stranglehold over all three branches of government, then used this lack of opposition to take the country on a war of invasion against someone who posed no threat to the country, for since-provably trumped-up charges.
The whole "domestic politics ends at the water's edge" is generally when you're faced with... oh, I dunno... a serious and clear threat to your country, sovereignty, way of life... pretty much any threat at all, really. You know - how when you're actually under any serious threat at all you band together to fight off the attacker, then settle the differences between you later.
Politely and impotently questioning the legitimacy of a war which basically consists of wading in and beating up the military equivalent of a bunch of toddlers doesn't really constitute "clear and present danger", at least in my book.
Or do you really also buy that line about Saddam helping t3h T3Rr0Ri5ts!1!1!11!?
"I grew tired long ago of the brainless bush bashers parroting the bs from leftists in the mainstream media."
What, is this the same mainstream media that's the laughing-stock of the world for it's obsequious fawning bend-over-backwards-for-the-Whitehouse complete lack of journalistic independence?
That mainstream media?
"Bush has severe problems though probably not as much widespread as carter or clinton or bush 1 for that matter but very bad never the less."
Not as bad as Carter, Clinton or Bush I. Right.
"What happened to the yellow cake sadam had?"
What yellowcake?
But seriously... sure, they found some old remains of yellowcake Saddam had previously possessed, just like they found other evidence of Chemo-Biological-Nuclear weapon production, and briefly began to trumpet that as proof the war was justified.
Unfortunately analysis quickly demonstrated beyond a shadow of a doubt that it was old remains, from around the time of Gulf War I, when Saddam was known to be pursuing WMDs... and that there was no evidence at all that Saddam had been pursuing CBN WMDs after this date.
"I don't know why I've never seen that fretting reporter all worried about the people stealing those barrel in any repeats or best of programming."
Probably because it was a non-story. Those deposits were already known about, and had been since Gulf War I. No conspiracy, just insufficient research on your part.
Think about it - if Saddam really had WMDs, or was even researching them, do you really think the media would have been able to suppress the Bush Administration from crowing about them? It would at least part-validate the entire Iraq war.
The media would have to have a stranglehold over the country more powerful than the Republicans had to suppress all mention of that. And in the previous direct confrontations between the two, it was generally the media having stories spiked, journalists indicted and pressure applied... not the Whitehouse.
"That doesn't mean it came from Niger but we do know that sadam was attempting for a second time to develop a bomb - Pollard is
"First off, the suggested liklihood was more probable to be a domestic political party rather than a foreign one as you attempted to present."
Yes, I know. I ignored that bit because it was fucking ridiculous. In a democracy people are allowed to disagree with their leaders, and even support other parties. That does not make them "infiltrators" any more than it makes the citizens who agree with the leaders "rulers".
You're trying to equate people who are loyal to America and tasked with defending it with people who (even violently) oppose it.
Not everyone who supports the democrat is a pinko lefty christmas-destroying homosexual commie athiest who wants to smash the USA to pieces and divide up the remains between Castro, Chavez and "t3h terr0ri5ts!!!11!one!".
In a democracy it should be allowed to support the opposition party and not immediately be labelled a traitor. The country and the ruler are not the same thing. One can be loyal to the country without agreeing with everything the ruler does.
I know I'm repeating a lot here, but you seem to have swallowed the "America=Bush=Republican, Democrat=Commie=Terrorists!!!!!" line to a degree that's either laughable or terrifying.
"Second, it's obvious that there is some - consider the valarie plame incident where a democrat political operative was sent on a sensitive mission and then used the supposed conclusions for political ammunition. This happened. It's not supposition."
No, it's a blatant misrepresentation of the facts.
Joseph Wilson was a high-ranking diplomat during the Bush (Senior)'s administration. He was trusted as a diplomat to a number of other countries. He was not "an (implied democrat) political operative" - he was merely the guy who Bush's father sent to find things out.
Before the "outing" of his wife, he was sent to Niger to find out if Iraq was trying to buy contraband material. His (and the CIA's) conclusion was that they were not.
When Bush (junior) knowingly misrepresented the very evidence that Wilson had been sent to assess, to push his administration's highly questionable agenda, Wilson piped up and pointed out that actually what Bush was saying was already known to all concerned to be bullshit.
As they have before with other high-ranking critics, the Bush administration then snapped into full-blown character-assassination mode and alleged the entire Niger trip had been a junket, committing treason and outing a still-undercover CIA operative in the process.
Wilson wasn't sent with a political aim in mind, and the job was completed and conclusions offered long before Bush declared war on Iraq. Irrespective of his political leanings, thanks to his inside knowledge of the affair Wilson noticed Bush was intentionally spreading misinformation and propaganda, and publically called him on it.
You can try to paint that as a pre-emptive political action all you like, but the mud simply ain't sticking.
And even, hypothetically, had Wilson been sent all along as a scary anti-American Democrat-inspired anti-Bush propaganda move... how would this then make it ok for Bush to have lied, cheated and spread misinformation and propaganda to start an unnecessary war?
You can posture and wave your cheerleading pom-poms all you like, but it doesn't negate the fact that Bush was caught barefaced lying to the American people, and baselessly accusing the guy who pointed it out of minor indiscretions doesn't change that.
Jesus, I(really)HBT, haven't I?
"The NYT submitted an article for publication to the CIA review board. Parts were blacked out, and the CIA claims this came after one positive review by their board. While this may at first seem to incriminate the administration, in and of itself it does no such thing."
The guy worked for the CIA, not the NSA or the Whitehouse. The article he wrote did not deal extensively with ongoing non-CIA matters, but with the Bush administration's public actions and their (public) effects.
While hardly conclusive, given we aren't allowed to know what was being written about in the redacted portions, and given the CIA had already approved the material for release, and given the Whitehouse and Bush administration's penchant for using "National Security" as a get-out-of-jail-free card to restrict non-sensitive information that they nevertheless find inconvenient or embarrassing, it's a pretty strong circumstantial case.
"The NYT, after recieving the edited article, printed the government's version. Here is where I become a bit skeptical of the NYT's intentions (although the fact that the NYT is as far left as Fox news is right perhaps should have tipped me off earlier). The NYT doesn't exactly have a long and distinguished history of printing only things the government wants."
Indeed not. But to print information the Whitehouse has censored, ostensibly for "national security" reasons, moves them from the realm of "nonviolent resistance" to "premeditated treason".
If you don't appreciate the difference, try demonstrating ouside of a "free speech zone" near a political rally, and when the police ask you to move don't just take photos of them - instead, kill the cop who asked you to move. This should demostrate the difference between "resisting within the (unjust) law" and "breaking the law" nicely.
"Hell, they just sent several of their reporters to jail for printing classified information (well, failing to reveal the source thereof, but essentially the same)."
Wow - way to misread a situation. The reporters got themselves sent to jail - the NYT didn't do squat. In most newspapers the editorial team don't even know who the journalists' sources are. Would you like to try commenting on... oh, I dunno... something you know the first thing about instead?
"Now that might make them less likely to print classified material in the future, but if this material was classified, then the "censoring" was valid, and the attacks on the Bush administration have no basis. If the material was not, in fact, classified, then the NYT is at fault for not printing it."
Or, you know, the information was embarrassing to the administration but perfectly safe to release, but the Whitehouse abused its position to classify it. The NYT, not wanting to be done for treason, couldn't print the redacted portions but instead did the most it could get away with and printed the edited article to embarrass the Whitehouse for their heavy-handed and unjustified abuse of power.
Not saying this is the last word in the matter, but it makes at least as much sense as your ill-considered and ill-supported conspiracy theory.
Sources? Citations? References?
Oh, right, sorry - baseless dogma it is, then.
Because everyone knows posting sarcastic, unsupported but emphatic statements of your own personal belief as if they were fact is the way to convince anyone with half a brain, right?
And FWIW, my personal belief is that "self-awareness" is just recursion - a kind of natural feedback loop that may be exhibited as emergent behaviour in certain complex system. If you're positing something metaphysical or supernatural about it, you'd better have some pretty good evidence in favour of your position (extraordinary claims, and all that) or you're just another unreasoning slogan-shouting religious zombie.
Well? Any evidence at all worthy of the name?
Jesus, where to start?
"A double agent is going to be acting on behalf of their real alliegence rather than for the CIA."
Of course, any conscientious CIA operative will be acting on behalf of the USA, not any faction within it. Interestingly, however, the Republican party (in particular, the neocon component currently running it) have a better and more documented history of subverting the machinery of your democracy for their own ends than any foreign or other-domestic party or group.
"As for whether or not the cia censor is acting under a personal agenda,"
Do you really think the approval process for releasing state secrets is so fatally flawed that one single disgruntled employee can cause the approved, public release of state secrets from the CIA?
Are you taking the piss?
"I have no particular opinion but I've made the observation that some things are getting out which probably shouldn't."
No, faced with the obvious conclusion that your party has been abusing its position of authority to suppress and censor non-classified information that may be embarrassing to it, you have immediately, baselessly and ridiculously made the supposition that an entity as huge and beaurocratic as the CIA allowed a cockup of enormous portions to happen, which was only averted by swift and decisive action by the group you support... neatly turning them from insecure wannabe-fascist fuckwits into saviour-of-your-democracy super-heroes.
I understand the urge to assume "your team" is perfect and anything which contradicts this worldview is automatically wrong, incomplete or biased information, but try to see that for what it is, ok? A knee-jerk reaction comfort belief - nothing more.
"Considering that the cia and the state department seem to occaisionally act on their own agenda rather than that of the duly elected government, it's apparent that something isn't right down at foggy bottom."
How about the fact that your "duly elected government" seems to have been acting on its own agenda rather than that of the opinion of the population of the entire country they supposedly represent? Or the fact that they've repeatedly ignored, overruled or frozen out the very people they pay to be experts because said experts keep injecting inconvenient realistic details into their nice, warm comfortable fantasty world.
Agh, I give up. Some people couldn't have their minds changed with a fucking sledgehammer.
"Sorta makes you wonder whether the person clearing stuff at the CIA is a loyal employee of that organization or a double agent working for some opposition political party or perhaps even a foreign entity."
No. No it doesn't. Not at all.
Because nothing that presents a clear and present danger to the security of the United States of america could be recommended for disclosure by a single rogue operative in the CIA. Don't forget - the CIA analysis of the material was completed, and the CIA (read: the entire organisation) found nothing to object to.
Unless the entire CIA is completely infiltrated by agents of a foreign power, this organisation-level approval of secret meterial couldn't happen.
And frankly if the entire CIA was infiltrated, the Bush administration would have significantly greater and more visible problems on its hands than a single ex-operative talking frankly.
Are you serious? I'm beginning to suspect I'm being trolled...
"The people who published the Plame information are as guilty as the people who leaked it."
A right-wing republican pundit. Gotcha.
"The Bush administration has never done this with anyone. Least of all Joe Wilson."
Boy, what newspapers have you been reading?
"Or is the "false ad hominem attack" that his wife worked for the CIA?"
No. The fallacious ad-hominem attack was that his wife had used her CIA connections to arrange a nice little junket for her husband. This was later found to be untrue (his wife didn't arrange it, and Joe Wilson was perfectly qualified to undertake the duty), but that got rather lost in the whole "Holy fuck, the Whitehouse just deliberately outed an undercover CIA operative on a personal grudge" thing.
Now, once again for the slow kids at the back:
Oh, and FWIW? When your own leaders start breaking the rules of your law, it's still illegal, it's still wrong, and they should be brought to justice.
The NYTimes should be lauded for protecting your freedom, not vilified because they made your team look bad. Stop cheerleading, put down the fucking pom-poms and think.
Oh, and the only leader who doesn't have to worry about breaking laws is a despot. Surely you don't think Bush is a despot, do you? And you wouldn't... be in favour of it if he was... would you?
That doesn't sound very American to me...
Right. And if you'd bothered to read TFA at all, you'd know that the CIA already cleared the article for publication, and the Whitehouse spiked it after that.
Jesus - is a little link-clicky and article-browsey too much to ask before mouth-openey and irrelevant-horseshit-spewy?
Agreed. No argument here.
Really? And there was me thinking
Hence "canonical".
.NET is like comparing an apple with another apple that's designed to be utterly indistinguishable from the first apple. Again, there's a comparison, but it's largely useless.
.NET, however, allows for enough similarities to make an interesting comparison, without being attempts to produce exactly the same result. Apples and different-tasting apples, maybe.
;-p
As in, "this is blindingly obvious, but the canonical example which everyone has already heard and understands (irrespective of the fact it's technically wrong) is this...".
And yes, ultimately everything is "comparable". Hell, I can compare oral sex to the colour aquamarine, in that they both cause sensory impressions in the form of qualia in my consciousness and I prefer the qualia associated with oral sex, but that doesn't tell you anything useful whatsoever.
One could argue that comparing Mono and
Java and
And (for tradition's sake) your car analogy was flawed.