No, that's buggy. Firstly, when you vary your response depending on a request header, you need to transmit a Vary header. Secondly, an XSLT that transforms from XHTML to HTML doesn't cover all the bases - there are differences in CSS and the DOM to account for. Thirdly, you completely ignore weights. That code would serve XHTML to a user-agent that supports XHTML but prefers HTML. It would also serve XHTML to a user-agent that is saying under no circumstances should you transmit XHTML to it.
Unless you have a specific need for XHTML, just don't bother with content negotiation. It screws up caching and if you don't understand all the issues, you can very easily introduce bugs.
So, because I use PHP, I go and tell everyone that the page I'm serving up is application/xhtml+xml. Whoops, MSIE doesn't understand that... *roles eyes*. So I have to chuck in a bit of code to check for MSIE, and then add a disclaimer at the bottom, "If your user agent has MSIE in it, then this page was served as text/html. Maybe you should stop using MSIE if you are, or change your user agent if you aren't."
Checking the User-Agent header is an unreliable hack. The header you should be checking is Accept.
I think information like the ip, paired with all of those things is confidential information, because it amounts to your purchase history on every site that uses this google hosting.
Huh? Your IP address etc amounts to your purchase history? How?
Something as simple as which sites you purchase from, and anything that they encode into the url -- like the show for which you're purchasing tickets.
URLs are not confidential. Any site that encodes confidential information into their URLs is quite simply broken. Proxy servers, outbound links, browser plugins... there's no end to the number of ways in which URLs can be disclosed.
what are you arguing with?
The idea that corporate websites can't use this because it discloses confidential information in breach of contracts.
You think using a google "beta" product, you have some way of holding google accountable if it doesn't work?
No. Where did I give the impression this was the case? Unless you have an SLA or similar, if it breaks, then you have no recourse. But that's got little to do with whether or not a written contract is in place or if any money is being paid - its quite routine for contracts to not specify the level of service provided, despite being paid for.
Or ensuring that they don't sell your data?
Selling things like IP addresses and user-agent strings? That isn't confidential information. You transmit it for each and every page you view.
And those terms of service are not a legal document and have absolutely no legal merit unless they are a part of a "paid" agreement. Without paying for it, it's not a legal contract, plain and simple.
I believe you are thinking of "consideration", and there doesn't have to be a payment in order for there to be consideration.
Knowing what someone is doing with their money is, or can be, very confidential.
And you think information like user-agent strings and timestamps are this sort of confidential information?
Using an external host, under contract, results in a real business relations, which is subject to real laws.
You don't need a written contract to have a real business relationship, and you don't need a real business relationship to be subject to real laws. Executing unauthorised code is illegal in many parts of the world. The fact that a written contract doesn't exist doesn't change that.
With google, since you're not paying for the service, they have no responsibility to you, and can and do sell your data for profit.
This has nothing whatsoever to do with payment and everything to do with terms of service. If your agreement with your host says they can use your data, then they can.
What information? The fact, frequency, and details of how many people, their IP, and which pages they are accessing on my website. the hit to google gives them my page url as the referrer, virtually the identical time-stamp, the browser agent string, and my visitor's IP address.
Well, one effect of this would be to allow google to execute scripts in the security context of any site using their copy of the code. The same issue occurs for urchin.js etc.
The difference between this and urchin, adsense, etc, is that the specific scripts you use are defined ahead of time. If they serve anything other than jQuery or whatever, then they are almost certainly in breach of many laws across the world, e.g. the Computer Misuse Act in the UK. When you reference jQuery on their systems, you aren't authorising them to execute anything else.
Second, I've always had this complaint with the whole external javascript files. When you're already downloading a 50K html page, another 10K of javascript code in the same file inline downloads at full-speed. The external file requires yet another hit to the server, and everything involved therein. It almost never makes any sense.
It almost always makes sense. The external file only requires another hit to the server the first time you see it. From that point on, every page hit is smaller in size because you don't have to download the JavaScript again.
Even as a locally cached file, on a broadband connection, downloading the extra 10K is typically faster than opening and reading the locally cached file!
Downloading 10K is faster than loading 10K from disk? What are you using, floppies?
Even if it is faster for you, it isn't faster for the website. Try magnifying that extra 10K for tens of thousands of visitors.
But still, hosting a part of your corporate web-site with google simply breaches most of your confidentiality and non-disclosure agreements that you have with your clients and suppliers. It's that simple.
If your contracts bar things like this, then they bar a hell of a lot. You can't use any external hosts. You can't use a CDN. You can't use most advertising on your website.
Find the line that reads "shall not in any way disclose Confidential Information to any third party at any time
And what confidential information do you think is being disclosed?
Unless UK citizens have a very different concept of government than I, the judiciary and the police are both parts of the government
It's common in the UK to refer to the party in power as the government. It's used in a similar way the USA uses the word "administration". It's also used in the wider sense you understand.
It's an awful state of affairs when academics are being prosecuted under terror legislation.
Please RTFA. They were arrested under terror legislation, then the charges were dropped. They aren't being prosecuted under terror legislation.
However, it looks like during the investigation, the police discovered that one of them was an illegal immigrant. He is being deported for this.
Now he may or may not be here illegally, and he should definitely get the chance to defend himself before being deported, but please get your facts straight. Nobody is being prosecuted under terror legislation.
Considering that KDE is built on QT (made by Trolltech) and QT is now owned by Nokia, it isn't that big a surprise that Nokia is also spending money on Webkit which is based on KHTML which is built on KDE/QT.
I think the causality flows in the opposite direction. Nokia released a Gecko-based browser years before the TrollTech deal was on the table. Nokia don't prefer WebKit because they have a deal with TrollTech, they have a deal with TrollTech because they prefer WebKit.
Both patronage and intellectual property ensures 1.
No it doesn't. If I write a book, the law protects me from competition, but it doesn't ensure that I am compensated for my time. If my book is awful, nobody will buy it and I will get nothing.
A local store has a sign they hang up that you can only see as you're leaving, which says "we reserve the right to inspect bags". Security guards ask nicely, but I walk past them with a sneer. How do I get away with it? They _don't_ have that right to begin with, so they can't reserve it.
You're right. They don't have the right to confiscate your property. But they do have the right to ask you to give them your equipment, and if you refuse, they do have the right to ask you to leave.
That probably suits you when you just want to leave your local store, but it's rather more effective when you've paid to enter the place and don't want to leave.
This is trying to restrict distributing copyrighted material. This had nothing to do with free speech.
This very site you are on, Slashdot, has been forced by the Church of Scientology to remove comments because the CoS has draconian copyright laws at its disposal. The Church also forced Google to remove sites critical of it from its index, again with copyright law.
Not to mention the fact that sometimes copying is necessary to make a point. That's one of the reasons fair use exists, yet it is constantly being eroded. Point out defects in a book by providing an excerpt and currently fair use will protect you. Do the same for a DVD, and you've tripped over the DMCA because you bypassed copy control encryption to obtain the excerpt.
The boundary between copyright and freedom of speech is a lot more blurred than you seem to think.
Rather than donating to a project with corporate backing, why not split your donation up and give it to a few smaller projects instead? You're more likely to make a difference there. Even the tiniest donation could give a lone developer the extra enthusiasm needed to fix that one last bug before calling it a night.
He's bitching about getting paid 100k for speaking lines that he didn't write to begin with into a mike. What a fucking tool.
Cut him some slack. He has to say words! Into a microphone! That's not a job just anybody can do. Hell, even the President of the United States isn't smart enough to do that!
He signed the contract. He knew the terms going into it.
Exactly. Which makes things like this laughable:
I don't blame Rockstar. I blame our union
How about blaming yourself for agreeing to terms you apparently find unconscionable? Oh but wait, once you've got the gig it's easy to bitch about how you deserve more, but I bet if you had said to them up front that 100K wasn't enough, they'd have laughed in your face and hired somebody else for 100K. Because let's face it, no matter how much money they made, you aren't worth more than 100K to them. And if that's not acceptable to you, you shouldn't have accepted the job.
The First Amendment to the US Constitution doesn't include a list of exceptions longer than the amendment itself
In fact it does. You are absolutely correct in saying that the First Amendment as written doesn't include a list of exceptions, but the First Amendment as implemented by the justice system includes a hell of a long list of exceptions. Shouting fire in a crowded theatre. Slander. Libel. Copyright infringement. Free speech zones. There are all sorts of ways in which the act of speaking or the act of publishing can get you into trouble, and even though the First Amendment as written is absolute, you won't be able to find a judge that implements it to the letter of the law.
Much better, I say, to have the full law written down in black and white where everybody can see it, rather than subjecting the grey areas to the whims of judges and keeping the people guessing. People talk about this being "Orwellian", but I think people are too preoccupied with Nineteen Eighty-Four and forget about Animal Farm.
Not that the HRA does this very well of course, but the fact that it includes exceptions isn't a bad thing, it's that those exceptions are vague and very subjective that are the real problem.
Frankly, being called a paranoid kook is preferable to being on a database.
Perhaps I didn't make my point clear; looking like a paranoid kook isn't an alternative to being on a database, it makes it more likely, as MPs are less inclined to take complaints from kooks seriously. You don't think they get swamped with people writing to them about all kinds of craziness? In order to sound credible, you need to have specific, grounded, demonstrable fears. Which is quite difficult when neither you nor your MP have even had an opportunity to read the bill.
the only person from the home office mentioned by name seems to be clearly against the proposal.
There's nobody from the Home Office mentioned by name in the article. If you are referring to Jonathan Bamford, the assistant Information Commissioner, then the ICO is an independent public body sponsored by the Ministry of Justice. If you are referring to David Davis, the Shadow Home Secretary, then he is part of the shadow government, i.e. he is the opposition party's counterpart to the Home Secretary.
If you want to write to representatives to let them know your views, contact details are available at Write to Them.
While I think Write To Them is a fine service and encourage people to use it more, I can't help but feel this is a little premature. This is just another hare-brained idea by the Home Office that MPs haven't even seen yet. Why don't we wait until they actually have a copy of the bill before bombarding them with complaints about it? Otherwise we run the risk of looking like paranoid kooks for protesting a bill that nobody has read because it doesn't even exist yet.
Slashdot Mirror
Come on, he's talking about the future of databases. He was just trying to set the mood by doing his best Kirk impression.
No, that's buggy. Firstly, when you vary your response depending on a request header, you need to transmit a Vary header. Secondly, an XSLT that transforms from XHTML to HTML doesn't cover all the bases - there are differences in CSS and the DOM to account for. Thirdly, you completely ignore weights. That code would serve XHTML to a user-agent that supports XHTML but prefers HTML. It would also serve XHTML to a user-agent that is saying under no circumstances should you transmit XHTML to it.
Unless you have a specific need for XHTML, just don't bother with content negotiation. It screws up caching and if you don't understand all the issues, you can very easily introduce bugs.
Checking the User-Agent header is an unreliable hack. The header you should be checking is Accept.
Huh? Your IP address etc amounts to your purchase history? How?
URLs are not confidential. Any site that encodes confidential information into their URLs is quite simply broken. Proxy servers, outbound links, browser plugins... there's no end to the number of ways in which URLs can be disclosed.
The idea that corporate websites can't use this because it discloses confidential information in breach of contracts.
No. Where did I give the impression this was the case? Unless you have an SLA or similar, if it breaks, then you have no recourse. But that's got little to do with whether or not a written contract is in place or if any money is being paid - its quite routine for contracts to not specify the level of service provided, despite being paid for.
Selling things like IP addresses and user-agent strings? That isn't confidential information. You transmit it for each and every page you view.
I believe you are thinking of "consideration", and there doesn't have to be a payment in order for there to be consideration.
And you think information like user-agent strings and timestamps are this sort of confidential information?
You don't need a written contract to have a real business relationship, and you don't need a real business relationship to be subject to real laws. Executing unauthorised code is illegal in many parts of the world. The fact that a written contract doesn't exist doesn't change that.
This has nothing whatsoever to do with payment and everything to do with terms of service. If your agreement with your host says they can use your data, then they can.
None of this is confidential information.
This affects clients too. It says so right there in the summary even.
Ladies and gentlemen, I give you a world first! A Slashdot post that praises windows!
The difference between this and urchin, adsense, etc, is that the specific scripts you use are defined ahead of time. If they serve anything other than jQuery or whatever, then they are almost certainly in breach of many laws across the world, e.g. the Computer Misuse Act in the UK. When you reference jQuery on their systems, you aren't authorising them to execute anything else.
It almost always makes sense. The external file only requires another hit to the server the first time you see it. From that point on, every page hit is smaller in size because you don't have to download the JavaScript again.
Downloading 10K is faster than loading 10K from disk? What are you using, floppies?
Even if it is faster for you, it isn't faster for the website. Try magnifying that extra 10K for tens of thousands of visitors.
If your contracts bar things like this, then they bar a hell of a lot. You can't use any external hosts. You can't use a CDN. You can't use most advertising on your website.
And what confidential information do you think is being disclosed?
It's common in the UK to refer to the party in power as the government. It's used in a similar way the USA uses the word "administration". It's also used in the wider sense you understand.
Please RTFA. They were arrested under terror legislation, then the charges were dropped. They aren't being prosecuted under terror legislation.
However, it looks like during the investigation, the police discovered that one of them was an illegal immigrant. He is being deported for this.
Now he may or may not be here illegally, and he should definitely get the chance to defend himself before being deported, but please get your facts straight. Nobody is being prosecuted under terror legislation.
I think the causality flows in the opposite direction. Nokia released a Gecko-based browser years before the TrollTech deal was on the table. Nokia don't prefer WebKit because they have a deal with TrollTech, they have a deal with TrollTech because they prefer WebKit.
No it doesn't. If I write a book, the law protects me from competition, but it doesn't ensure that I am compensated for my time. If my book is awful, nobody will buy it and I will get nothing.
You're right. They don't have the right to confiscate your property. But they do have the right to ask you to give them your equipment, and if you refuse, they do have the right to ask you to leave.
That probably suits you when you just want to leave your local store, but it's rather more effective when you've paid to enter the place and don't want to leave.
This very site you are on, Slashdot, has been forced by the Church of Scientology to remove comments because the CoS has draconian copyright laws at its disposal. The Church also forced Google to remove sites critical of it from its index, again with copyright law.
Not to mention the fact that sometimes copying is necessary to make a point. That's one of the reasons fair use exists, yet it is constantly being eroded. Point out defects in a book by providing an excerpt and currently fair use will protect you. Do the same for a DVD, and you've tripped over the DMCA because you bypassed copy control encryption to obtain the excerpt.
The boundary between copyright and freedom of speech is a lot more blurred than you seem to think.
Rather than donating to a project with corporate backing, why not split your donation up and give it to a few smaller projects instead? You're more likely to make a difference there. Even the tiniest donation could give a lone developer the extra enthusiasm needed to fix that one last bug before calling it a night.
Cut him some slack. He has to say words! Into a microphone! That's not a job just anybody can do. Hell, even the President of the United States isn't smart enough to do that!
Exactly. Which makes things like this laughable:
How about blaming yourself for agreeing to terms you apparently find unconscionable? Oh but wait, once you've got the gig it's easy to bitch about how you deserve more, but I bet if you had said to them up front that 100K wasn't enough, they'd have laughed in your face and hired somebody else for 100K. Because let's face it, no matter how much money they made, you aren't worth more than 100K to them. And if that's not acceptable to you, you shouldn't have accepted the job.
It isn't stealing, it's innie/outieright infringement.
In fact it does. You are absolutely correct in saying that the First Amendment as written doesn't include a list of exceptions, but the First Amendment as implemented by the justice system includes a hell of a long list of exceptions. Shouting fire in a crowded theatre. Slander. Libel. Copyright infringement. Free speech zones. There are all sorts of ways in which the act of speaking or the act of publishing can get you into trouble, and even though the First Amendment as written is absolute, you won't be able to find a judge that implements it to the letter of the law.
Much better, I say, to have the full law written down in black and white where everybody can see it, rather than subjecting the grey areas to the whims of judges and keeping the people guessing. People talk about this being "Orwellian", but I think people are too preoccupied with Nineteen Eighty-Four and forget about Animal Farm.
Not that the HRA does this very well of course, but the fact that it includes exceptions isn't a bad thing, it's that those exceptions are vague and very subjective that are the real problem.
Never in the history of Slashdot has a comment been more deserving of the response "You must be new here".
Perhaps I didn't make my point clear; looking like a paranoid kook isn't an alternative to being on a database, it makes it more likely, as MPs are less inclined to take complaints from kooks seriously. You don't think they get swamped with people writing to them about all kinds of craziness? In order to sound credible, you need to have specific, grounded, demonstrable fears. Which is quite difficult when neither you nor your MP have even had an opportunity to read the bill.
There's nobody from the Home Office mentioned by name in the article. If you are referring to Jonathan Bamford, the assistant Information Commissioner, then the ICO is an independent public body sponsored by the Ministry of Justice. If you are referring to David Davis, the Shadow Home Secretary, then he is part of the shadow government, i.e. he is the opposition party's counterpart to the Home Secretary.
While I think Write To Them is a fine service and encourage people to use it more, I can't help but feel this is a little premature. This is just another hare-brained idea by the Home Office that MPs haven't even seen yet. Why don't we wait until they actually have a copy of the bill before bombarding them with complaints about it? Otherwise we run the risk of looking like paranoid kooks for protesting a bill that nobody has read because it doesn't even exist yet.