Most places store a token and not your actual CC now. It makes PCI DSS compliance far easier and more secure. There's zero risk to consumers if a token gets compromised. Would just be a matter of the upstream CC processor being secure.
As a web app developer and frequent user of the MBTA site, I was appalled when they rolled out the new site. While it may be totally broken in Opera, it was functionally questionable in IE and FF as well. It's great to update a site, but they made many UI mistakes such as relocating pertinent information under cryptic menus. I'd used the site for the past 18 months and happened to have an urgent need for finding the schedule that day (overslept), and was furious that it was so difficult to find.
I also will say that especially when creating advanced javascript apps, Opera is major pain in the ass (although its gotten better). Still need to support it though... YUI lists it as an A-grade browser.
Terrible plan. It's time to stop trying to impose our will upon them. It does nothing but further outrage against the US and allies. Unfortunately, Sunni and Shia are going to duke it out whether we are there are not. They are going to have get past this on their own by being either forced to fight or compromise (or compromise after fighting).
While there is no justification for the actions of extremists, the US an allies do have a track record of mucking around in that region. I really don't know of any time when that's gone well (Iran, Lebanon, etc). But it does make the US and allies an easy candidate to direct frustrations at. This whole Iraq adventure was designed to weaken the influence of Iran and Syria, possibly settle the Palestinian conflict, and perhaps open up Saudi Arabia a bit more. It's a nice thought... but placing your objectives ahead of those of the people living there is rarely going to work.
Here's a plan:
1) stop screwing with the region
2) spend some of these billions on homeland security instead of a war
3) make strides to reduce dependence on oil from the region so our economy is not tied to its instability
4) when possible, try to aide in stabilizing the region, but for the most part do so by being a model democracy and driving technological advances that naturally work to open up societies.
With anything on the net, you should only be running code from a trusted source. All sorts of nasty things can happen just by visiting a scammers website (XSS+phishing combo attacks and such). Obviously COWS Ajax introduces another layer of concern, but it can be mitigated by running tools/apps from trusted sources only (as I state in the opening blurb). If someone has a vested interest in offering a tool, then that should reduce the odds of a scam. There's a wealth to be gained from 3rd parties... just be smart about which one you bet on;-)
Opps! I guess I need a Mulligan... I meant to link to an introductory article [sourceforge] I had written. BTW, this comment was spell checked as I type with the SpellingCow favelet!
-Nuttzy
A good web app has 3 layers: the code, the markup HTML (wireframe only), and the CSS. I strongly encourage you to check out CSS Zen Garden to gain insight to this powerful model.
For a serious web app, mixing logic and presentation is disaster. It becomes a huge headache to change even a simple thing in your presentation. Other developers that need to edit your code can't jump right in. They have to sift through all your crap, completely killing any of the supposed time-savings of building it hastily in the first place.
However the last layer, the CSS, is the most over looked. CSS has wide browser adoption now and is extremely powerful. There are numerous performance benefits for using minimal HTML and pushing things to CSS, mostly centering around CSS getting cached locally. But CSS also provides a tremendous amount of flexiblity for layout. You can drastically change the layout simply by changing the CSS.
More over, when built this way, you can let a much lower cost CSS specialist (pixel pusher) worry about how much padding there and what color widget there, and let us Web App Developers stick to the meat of the project. It's a great way to split the task up in a team environment.
I cannot over emphasize checking out CSS Zen Garden.
If high availability is key then you'd better not be using anything beyond HTML.
Uh... how about having an app degrade nicely? In most cases it's not that tough. So for the large majority that can take advantage of your whiz bang web app, go ahead and use AJAX (where it makes sense) and just be sure to have it degrade nicely for browsers that are not ajax aware and then also for browsers that are not handling javascript.
I think the article covers some things that are missing in a lot of ajax classes available, but really is nothing new. My own ajax class is far, far superior (trying to get the okay from work to OSS it).
Too many classes are using a global httprequest object. This is not good if you are doing many requests (though I suppose uses less memory). There's also no timeout for graceful handling of a slow server. I've done quite a bit in the way of error handling.
At least this one doesn't make you learn a damn mini-language... a major pet peeve of mine!
Excel, Access, and VBA macros
You've got to think long term. You can take a (relatively) small paycut now, or you can take one later that will compound yearly. While you may be taking a paycut now, you'll learn new skills and become more marketable for the future. Besides being boring, how's the future looking for Excel, Access, and VBA macro programmers 5 years from now? 10? How's your outlook for learning new things at this company?
Not only is your current job boring it could also be terminal to your career if you're not keeping up with technology!
You have to be able to push back. As Dilbert first discovered, men have an innate ability to sniff "unnecessary work". If they really needed this done, then they would give the resources. If they don't give the resources, it's not your problem. Push back this unnecessary work!
PHP is a great language for small web applications, but doing something complex like an insurance intranet site, and Java is clearly the better option.
This statement is completely BS unless you've written a large app in PHP. My company's framework of 150k lines of PHP stands up nicely even though we get about 20 page views per second. We host the sites/tools of some major political entities, all of which are policitally charged and thus I won't give names.
Simply put, LAMP works for web apps of all sizes. If you have the need for generating PDF files, there are only about a bazillion utils out there that can do this for you and PHP easily hooks in to them.
What has been lacking from PHP is exactly what the framework is proposing. A standardized development scheme. I hope methods for dealing with security issues (ie. SQL injection, XSS, unvalidated user data) will be covered. In my company's framework, these exploits are not even possible (unless we step out of the framework). A well designed DBAL and OO approach goes a long way.
Personally, i feel the Americans just like their numbers sounding bigger.
Well the most frequent time we use "trillion" is to describe our federal deficit, and trust me, it's large enough without adding more zero's;-)
-Nuttzy
Slashdot Mirror
Most places store a token and not your actual CC now. It makes PCI DSS compliance far easier and more secure. There's zero risk to consumers if a token gets compromised. Would just be a matter of the upstream CC processor being secure.
As a web app developer and frequent user of the MBTA site, I was appalled when they rolled out the new site. While it may be totally broken in Opera, it was functionally questionable in IE and FF as well. It's great to update a site, but they made many UI mistakes such as relocating pertinent information under cryptic menus. I'd used the site for the past 18 months and happened to have an urgent need for finding the schedule that day (overslept), and was furious that it was so difficult to find.
I also will say that especially when creating advanced javascript apps, Opera is major pain in the ass (although its gotten better). Still need to support it though... YUI lists it as an A-grade browser.
Terrible plan. It's time to stop trying to impose our will upon them. It does nothing but further outrage against the US and allies. Unfortunately, Sunni and Shia are going to duke it out whether we are there are not. They are going to have get past this on their own by being either forced to fight or compromise (or compromise after fighting). While there is no justification for the actions of extremists, the US an allies do have a track record of mucking around in that region. I really don't know of any time when that's gone well (Iran, Lebanon, etc). But it does make the US and allies an easy candidate to direct frustrations at. This whole Iraq adventure was designed to weaken the influence of Iran and Syria, possibly settle the Palestinian conflict, and perhaps open up Saudi Arabia a bit more. It's a nice thought... but placing your objectives ahead of those of the people living there is rarely going to work. Here's a plan: 1) stop screwing with the region 2) spend some of these billions on homeland security instead of a war 3) make strides to reduce dependence on oil from the region so our economy is not tied to its instability 4) when possible, try to aide in stabilizing the region, but for the most part do so by being a model democracy and driving technological advances that naturally work to open up societies.
Sorry, I just giggle when I see "Dr. Dick" in an article.
With anything on the net, you should only be running code from a trusted source. All sorts of nasty things can happen just by visiting a scammers website (XSS+phishing combo attacks and such). Obviously COWS Ajax introduces another layer of concern, but it can be mitigated by running tools/apps from trusted sources only (as I state in the opening blurb). If someone has a vested interest in offering a tool, then that should reduce the odds of a scam. There's a wealth to be gained from 3rd parties... just be smart about which one you bet on ;-)
Opps! I guess I need a Mulligan... I meant to link to an introductory article [sourceforge] I had written. BTW, this comment was spell checked as I type with the SpellingCow favelet! -Nuttzy
Actually I don't know why Pluto got itself unmade as a planet. I didn't even read the rest of the story, frankly.
He's not a fan of RTFA.
A good web app has 3 layers: the code, the markup HTML (wireframe only), and the CSS. I strongly encourage you to check out CSS Zen Garden to gain insight to this powerful model.
For a serious web app, mixing logic and presentation is disaster. It becomes a huge headache to change even a simple thing in your presentation. Other developers that need to edit your code can't jump right in. They have to sift through all your crap, completely killing any of the supposed time-savings of building it hastily in the first place.
However the last layer, the CSS, is the most over looked. CSS has wide browser adoption now and is extremely powerful. There are numerous performance benefits for using minimal HTML and pushing things to CSS, mostly centering around CSS getting cached locally. But CSS also provides a tremendous amount of flexiblity for layout. You can drastically change the layout simply by changing the CSS.
More over, when built this way, you can let a much lower cost CSS specialist (pixel pusher) worry about how much padding there and what color widget there, and let us Web App Developers stick to the meat of the project. It's a great way to split the task up in a team environment.
I cannot over emphasize checking out CSS Zen Garden.Great! So earning my CS degree really meant that I was serving my country. I'm sooooo friggin' patriotic!
If high availability is key then you'd better not be using anything beyond HTML.
Uh... how about having an app degrade nicely? In most cases it's not that tough. So for the large majority that can take advantage of your whiz bang web app, go ahead and use AJAX (where it makes sense) and just be sure to have it degrade nicely for browsers that are not ajax aware and then also for browsers that are not handling javascript.
I think the article covers some things that are missing in a lot of ajax classes available, but really is nothing new. My own ajax class is far, far superior (trying to get the okay from work to OSS it).
Too many classes are using a global httprequest object. This is not good if you are doing many requests (though I suppose uses less memory). There's also no timeout for graceful handling of a slow server. I've done quite a bit in the way of error handling.
At least this one doesn't make you learn a damn mini-language... a major pet peeve of mine!
Excel, Access, and VBA macros You've got to think long term. You can take a (relatively) small paycut now, or you can take one later that will compound yearly. While you may be taking a paycut now, you'll learn new skills and become more marketable for the future. Besides being boring, how's the future looking for Excel, Access, and VBA macro programmers 5 years from now? 10? How's your outlook for learning new things at this company? Not only is your current job boring it could also be terminal to your career if you're not keeping up with technology!
You have to be able to push back. As Dilbert first discovered, men have an innate ability to sniff "unnecessary work". If they really needed this done, then they would give the resources. If they don't give the resources, it's not your problem. Push back this unnecessary work!
this is the year we all get flying cars!
PHP is a great language for small web applications, but doing something complex like an insurance intranet site, and Java is clearly the better option. This statement is completely BS unless you've written a large app in PHP. My company's framework of 150k lines of PHP stands up nicely even though we get about 20 page views per second. We host the sites/tools of some major political entities, all of which are policitally charged and thus I won't give names. Simply put, LAMP works for web apps of all sizes. If you have the need for generating PDF files, there are only about a bazillion utils out there that can do this for you and PHP easily hooks in to them. What has been lacking from PHP is exactly what the framework is proposing. A standardized development scheme. I hope methods for dealing with security issues (ie. SQL injection, XSS, unvalidated user data) will be covered. In my company's framework, these exploits are not even possible (unless we step out of the framework). A well designed DBAL and OO approach goes a long way.