If Slashdotters are voting, CowboyNeal has a nice surprise coming his way.
Re:We don' need no steenking standards...
on
Slashdot's Vastu
·
· Score: 1
I really don't see much use for specialised XML editors. Despite the protestations of some, it's really not hard at all to keep elements nested properly, close all elements, quote attribute values, etc. It's dead simple stuff that a child could do, especially with syntax highlighting and proper indentation.
Sure, if you've only ever dabbled with HTML for ten minutes, it might seem like hard work, but once you've spent a few hours writing it, it becomes second nature.
Re:We don' need no steenking standards...
on
Slashdot's Vastu
·
· Score: 2, Insightful
For instance, you say this is morally bad:
<a href = http://amazing.com/>amazing.com</a>
I say it's much easier to write than
<a href = "http://amazing.com/">amazing.com</a>
and far less prone to error
Less prone? It's an error itself! It's equivalent to this code:
<a href=http:></a>amazing.com/>amazing.com</a>
If you use a slash in an attribute value, that value must be quoted. It's fallout from the SHORTTAG NET that lets you specify attribute values like "checked" without including a name for the attribute.
And sorry, if you think leaving out quotes is "much easier", then you must be typing with your nose.
Why not keep HTML easy for humans to write?
What's difficult about quoting all values? It's a damn sight easier for newbies than remembering when it's okay and when it isn't okay to skip quoting, based on an obscure part of SGML.
Why make it harder to write programs to write HTML, by forcing us to gum things up with quotes when it doesn't make the slightest difference in any browser used today?
And the browsers used tomorrow? You think it's fun going back and fixing dozens of sites when a new browser version comes out because you cut corners? Don't say it won't happen, it's happened for every major browser release in the past ten years.
And what about non-browsers? Do you know that search engine crawlers won't slip up on your buggy code? Even if you can show that this is the case today, search engines are constantly tweaking their code. I don't want to explain to a client that they aren't in Google because I thought I could cut corners to save myself typing two whole characters.
Well, I suppose that was too long an aside, but the point is that HTML is not a programming language and as someone who has been using HTML since 1994 I don't see why it should be thought of one now.
It's got nothing to do with programming. Ever hear Postel's Law? "Be conservative in what you do; be liberal in which you accept from others." Seeing how many bugs you can fit into your markup before your favourite browsers start tripping up on it is not "being conservative in what you do".
You're right. Nobody writes code like that, and nobody uses data: URIs. Why? Because browser support isn't available or widespread. If only there was some high-profile "test" to highlight these deficiencies in browser support...
My guess is that he nor any of his users ever got any chance to vote on any copyright law. Can't say I have. Have you? Have you ever gotten to vote on any copyright issue?
The USA is not a pure democracy, it's a democratic republic. As such, you don't vote for laws, you vote for representatives who will represent you by voting for the laws that are in your interests.
Every time you have voted for a representative that hasn't said anything about copyright reform, you have voted against copyright reform.
It will ask you what application you want to open this mysterious 'XHTML' document with if you try to send it something over HTTP using that MIME type, even though that is the correct and the ONLY correct MIME type with which to send XHTML.
This is not true. Refer to RFC 2854, which explicitly permits XHTML 1.0 to be labelled as text/html. Furthermore, it is also allowed to be labelled as applciation/xml and text/xml.
Since IE 7 renders XHTML fairly well with the SGML parser
That depends on your definition of "fairly well". In every single way in which XHTML differs from HTML, Internet Explorer gets it wrong. It doesn't even *attempt* to support XHTML. I don't think it's reasonable to consider that as rendering XHTML "fairly well". The only way it remotely acts differently for XHTML is Internet Explorer 7's new behaviour in not triggering quirks mode for the XML prolog.
all the developers really had to do was recycle most of the existing HTML rendering engine and the existing XML parser to produce an XHTML rendering engine
And doing it that way would lead to countless new bugs. It's a common misconception that XHTML is just HTML, but with mandatory errors on malformed documents. This isn't the case. XHTML has a different content model for some element types, it has differences in the DOM and it has differences in CSS.
If you want the developers to "just" recycle the existing HTML rendering engine, you are going to a) have plenty of places where HTML rules are used when XHTML rules should be used, and b) have plenty of regressions in support for HTML too. Catching and handling these bugs is a lot of work, especially when it's an old and crusty codebase like Internet Explorer's.
Internet Explorer 7 was a stopgap measure, not the place for extensive work like this. Version 8 is when they should implement XHTML support, then they at least have a chance at getting it right.
Doctype switching, which is where a browser intentionally screws up rendering in order to compensate for potential non-standard HTML and CSS, is something that Internet Explorer for Mac introduced. All other major browsers have since followed suit.
It sounds like a joke, I know, but Microsoft really did innovate buggy code, and all the other browsers really did copy them:).
As well as that, Internet Explorer 4 had "channels" built in, which were quite similar to RSS and Atom. That's not particularly innovative in itself, but I think Microsoft might have been the first to do it in a browser rather than a dedicated app.
What on earth is "100% W3C compatibility"? The W3C is an organisation, not a specification. They have published hundreds of specifications. No software would implement the lot, nobody would even want to.
You are asking a nonsensical question. A better question would be whether they plan on complete support for specific specifications, such as HTML 4.01, HTTP 1.1, CSS 2.1, DOM 2, SVG 1.1, etc.
It's not the MIME type that needs to be supported, it's XHTML that needs to be supported. MIME types are just labels to differentiate between different resource types. They aren't things you actually have to implement support for.
If one process deletes a file that is opened by any process, then that file will be unlinked from the filesystem, but remain useable to the process that was already using the file. The file is not actually deleted from disk until all processes stop using it.
Among many other things, this means that you can safely upgrade a library, or even a program, that is running. The old processes will keep running the old library with no issues but any new processes that are created will automatically use the new one.
It means you can upgrade a library or program. It doesn't mean that you can do it safely.
For example, suppose Internet Explorer 7 stores the cache in a different format. You have umpteen different programs running with Internet Explorer 6's engine embedded. You upgrade to Internet Explorer 7 "safely". You now have some programs running with one idea of how they should store the cache files, and some programs running with another idea of how they should store cache files.
It's non-trivial for many applications and libraries to be upgraded in place. The filesystem certainly doesn't solve it for you automagically.
It would be nice for Firefox to understand basic HTML 4 from 1997 like <em/foo/
Yes, it's valid HTML 4. No, Slash hasn't mangled it. Try a validator if you don't believe me.
You'd think that with all this lip-service they pay to standards compliance, they'd be able to catch up with the specifications published nine years ago.
A lot of what you want is already there. Use the 'dcop' command, and it lists the applications running that are available to manipulate. Use an application name that is already running and it lists the operations you can perform with it. Use the 'kdcop' command and you have a graphical application to explore what is possible.
The idea that you need special permission to use software you have already bought is abhorrent and contradicts property law. Every effort should be made to stamp it out. Doubly so when that software is given to you freely.
Microsoft provided a nice document that told us all to use the IF IE conditional comments long before IE7 beta was released
What about the code written before this? And what about the downsides I already mentioned?
It's all very well Microsoft offering another option, but when that option is demonstrably worse, when there have been no changes to Internet Explorer for years, and when they've said that there won't be any more versions of Internet Explorer, conditional comments simply weren't the best approach.
Just as an example (not that the developers have to care) last I looked the only commodore 64 emulator worth a damn was C64S because it had superior bug emulation. See, the commodore engineers who designed the C64 made some errors, as engineers typically will, and some developers (In the major commercial arena, notably Epyx) utilized some of these flaws to make certain aspects of their programs faster. Problem is, if you code your emulator to the specifications, you don't have these bugs and software that uses them will fail.
That's an interesting example, but it's not the same thing. Typically the web developers using CSS hacks write valid code first, and only target buggy browsers with the hacks. Any web browser conforming to the CSS specification wouldn't have a problem with this. It's not the fact that Internet Explorer 7 is conformant that is the problem. It's that it's still broken, but in different ways.
given that Microsoft even told us what we should be doing instead
We are supposed to listen to Microsoft when they suggest non-standard hacks, even when they are a worse solution than the alternatives, just in case they change their minds and restart development on an EOLed application? Sorry, but the situation web developers would end up in if they all did that would be far worse than having to go back and find new workarounds for Internet Explorer bugs in all their websites.
Someone writes a program and does things the wrong way because they don't understand the right way
But conditional comments are not the right way! They are still a non-standard hack. Just because Microsoft did a 180 and ended up causing hassle for people using alternative methods of working around their bugs, it doesn't mean that the non-standard hack is suddenly a good idea.
Also, I'm not entirely certain whether you've grasped this point, because it doesn't frequently get mentioned. Using CSS hacks is not "the wrong way". You can still use hacks and end up with a valid stylesheet that will be interpreted in the same way by all conformant implementations. You aren't making it invalid or mean different things if you include hacks. For instance, the phantom root element hack ("* html") will never cause problems for conformant browsers because it can never match any elements.
For those in the know, discovering that rootkit isn't all that hard.
Is an attempt at discovery usually made? Are the people making the allegations against the Chinese government claiming to have made such attempts?
More importantly, these people have LITTLE REASON TO CARE.
Which makes them a perfect target for spoofing, wouldn't you say?
The government openly admits to such activities.
Have they admitted to this one?
Don't get me wrong, I'm not saying that the Chinese weren't responsible for this. I'm saying that the "conclusive evidence" isn't as unshakable as you are making out.
None of it. Internet Explorer has never been anywhere near the Windows kernel. Ever.
Its rendering engine has been available for any applications to embed since Windows 98. Many do. When you hear about Internet Explorer being "integrated" into Windows, what they mean is that an important library used by Internet Explorer is also used by other applications. Consider glibc on Linux, or Webkit on OS X. Neither are "integrated into the kernel", but many applications break if you take it away, and many applications are affected if there's a security vulnerability found in them. Internet Explorer's rendering engine is like that.
how much memory does it consume when I'm not even using it?
But you are using it all the time. You already mentioned that you use Windows Messenger - that uses Internet Explorer's rendering engine to display various things. Whenever you call up an application's help, you are using Internet Explorer's rendering engine. It's a system library that many applications use.
You're mostly right. Internet Explorer 6 is missing major parts of CSS 2 support, and only supports CSS 1 selectors (and possibly a couple of CSS 2 selectors). Internet Explorer 7 adds a little bit more support for CSS 2, and support for all the CSS 2 selectors.
The problem is that people were hiding the CSS 2 that Internet Explorer 6 doesn't support from it using the CSS 2 selectors it also doesn't support. Now Internet Explorer 7 understands those selectors, but still doesn't understand a lot of the rest of CSS 2. So the developers that provided ugly float hacks for Internet Explorer and more advanced CSS 2 for everything else are left with Internet Explorer 7 making a mess because it ignores the Internet Explorer 6 stuff and tries to use the stuff it doesn't understand.
The solution, from Microsoft's perspective, is to use another non-standard Microsoft hack called conditional comments and conditional compilation. It's a way of selectively hiding code from other browsers based on whether it's Internet Explorer or not and which version is in use.
Now, some people's hackles will be raised by my description of it as "non-standard". Here's the deal: a document with conditional comments in can be perfectly valid and make sense to standards-compliant user-agents. But — and this is a big but — this is only the case because they look like normal comments that should be ignored to every other user-agent. This means that anything hidden in a conditional comment is not going to be checked by validators, link checkers, security software, filters, or anything like that, unless they have special support built in for Microsoft's non-standard extensions to HTML and ECMAScript.
The conditional comment approach also has downsides purely from a technical point of view. For instance, with CSS selector hacks, you can include code for Internet Explorer and code for standard browsers in the same external stylesheet. With conditional comments, you are stuck with an additional external stylesheet, or embedded <style> elements, both of which are less efficient.
CSS selector hacks were fragile, everybody knew that, but I still think it was irresponsible of Microsoft to fix the selectors first. If they had fixed them after fixing the other issues, there would be no problem. An HTTP header or <meta> element approach would also have allowed complete backwards compatibility. But they ploughed ahead because the selector problem was easy and the other stuff was hard, and they were getting shit about CSS support so they did the little easy thing to get people off their backs but caused a load of new problems instead of the big hard thing that works right.
Rinse, repeat, until you are on a box where the person connecting to the next hop in the chain isn't on an SSH shell, but is local.
You think that somebody able to conduct "a series of targeted attacks against the Department of Energy" is unable to set up a rootkit to show a fake local shell and hide a remote one? Or that they never considered the possibility that somebody might try to find them?
Everybody has a cause for which they believe it is worth the loss of 'smaller' liberties.
You've just described the fundamental nature of law. All laws take away liberty. Every last one of them. The idea behind law is to trade away the right types of liberty to promote social good.
You are talking as though any loss of liberty is wrong. This couldn't be further from the truth. Law has taken away my liberty to kill you whenever I choose. Is that a bad thing? Or is it a reasonable tradeoff; liberty for security? I think the latter, and unless you are a die-hard anarchist, you do too.
GET for idempotent requests (showing database records, search results, those kind of recurring, non-database-changing things) while POST should be used for things which actually change data, user state, and so on.
You are confusing idempotence and safety. "Idempotent" merely means that repeated requests have the same effect as a single request. You should use GET because it is safe, not because it is idempotent. For contrast, DELETE is an idempotent method, but it's certainly not a safe method. For some reason everybody seems convinced that "idempotent" is a fancy word for "safe". See section 9.1 of the RFC, it explains in more detail.
Using GET in the wrong places can lead to all kinds of irritations and miniature security problems.
The example you give for Slashdot highlights the difference between safety and idempotence. It doesn't matter if you make the request once or a hundred times, the result is the same - you are logged out. The request is idempotent. The problem is that it's not safe, because it alters application state by logging you out.
The example you give of sending an email is a bad one. Consider sending an email to the admin containing an iframe that generates a form and auto-posts it.
The correct way to guard against vulnerabilities like this is to generate a per-user nonce. Include it as a hidden field in every legitimate form and check for it in every form handler.
I agree that the best the UK has to offer regarding news broadcasts, interviewers, analysis, etc is very good indeed. Unfortunately, it's rather offset by the quality of the tabloids, which a depressing number of people use as their primary news source.
I'm out of the country for a few months and find it hard to locate the better quality British newspapers, so I've been reading a combination of international papers published locally and British tabloids. On one day recently, I bought both, because I honestly couldn't believe the contrast. The international paper published locally led with a front-page story about the coup in Thailand. The Brit tabloid led with a front-page story about Chris Tarrant (a quiz show host) breaking up with his wife. The coup was hardly mentioned at all, on page 17 if I recall correctly.
It's an embarrassment that they are allowed to call themselves newspapers. Gossip is not news.
If all three major players have had a history of the same thing, then it really comes down to purchasing the console that will have the most value to you.
No, it comes down to which you value most - your ethics or a bit of mindless entertainment. If all three major players are abusive, then any money you give to any of them enables their further abusiveness. If you really feel that all three major players are like that, then don't buy a console. It's just games FFS. Read a book or go outside instead.
Slashdot Mirror
If Slashdotters are voting, CowboyNeal has a nice surprise coming his way.
I really don't see much use for specialised XML editors. Despite the protestations of some, it's really not hard at all to keep elements nested properly, close all elements, quote attribute values, etc. It's dead simple stuff that a child could do, especially with syntax highlighting and proper indentation.
Sure, if you've only ever dabbled with HTML for ten minutes, it might seem like hard work, but once you've spent a few hours writing it, it becomes second nature.
Less prone? It's an error itself! It's equivalent to this code:
If you use a slash in an attribute value, that value must be quoted. It's fallout from the SHORTTAG NET that lets you specify attribute values like "checked" without including a name for the attribute.
And sorry, if you think leaving out quotes is "much easier", then you must be typing with your nose.
What's difficult about quoting all values? It's a damn sight easier for newbies than remembering when it's okay and when it isn't okay to skip quoting, based on an obscure part of SGML.
And the browsers used tomorrow? You think it's fun going back and fixing dozens of sites when a new browser version comes out because you cut corners? Don't say it won't happen, it's happened for every major browser release in the past ten years.
And what about non-browsers? Do you know that search engine crawlers won't slip up on your buggy code? Even if you can show that this is the case today, search engines are constantly tweaking their code. I don't want to explain to a client that they aren't in Google because I thought I could cut corners to save myself typing two whole characters.
It's got nothing to do with programming. Ever hear Postel's Law? "Be conservative in what you do; be liberal in which you accept from others." Seeing how many bugs you can fit into your markup before your favourite browsers start tripping up on it is not "being conservative in what you do".
You're right. Nobody writes code like that, and nobody uses data: URIs. Why? Because browser support isn't available or widespread. If only there was some high-profile "test" to highlight these deficiencies in browser support...
The USA is not a pure democracy, it's a democratic republic. As such, you don't vote for laws, you vote for representatives who will represent you by voting for the laws that are in your interests.
Every time you have voted for a representative that hasn't said anything about copyright reform, you have voted against copyright reform.
This is not true. Refer to RFC 2854, which explicitly permits XHTML 1.0 to be labelled as text/html. Furthermore, it is also allowed to be labelled as applciation/xml and text/xml.
That depends on your definition of "fairly well". In every single way in which XHTML differs from HTML, Internet Explorer gets it wrong. It doesn't even *attempt* to support XHTML. I don't think it's reasonable to consider that as rendering XHTML "fairly well". The only way it remotely acts differently for XHTML is Internet Explorer 7's new behaviour in not triggering quirks mode for the XML prolog.
And doing it that way would lead to countless new bugs. It's a common misconception that XHTML is just HTML, but with mandatory errors on malformed documents. This isn't the case. XHTML has a different content model for some element types, it has differences in the DOM and it has differences in CSS.
If you want the developers to "just" recycle the existing HTML rendering engine, you are going to a) have plenty of places where HTML rules are used when XHTML rules should be used, and b) have plenty of regressions in support for HTML too. Catching and handling these bugs is a lot of work, especially when it's an old and crusty codebase like Internet Explorer's.
Internet Explorer 7 was a stopgap measure, not the place for extensive work like this. Version 8 is when they should implement XHTML support, then they at least have a chance at getting it right.
Doctype switching, which is where a browser intentionally screws up rendering in order to compensate for potential non-standard HTML and CSS, is something that Internet Explorer for Mac introduced. All other major browsers have since followed suit.
It sounds like a joke, I know, but Microsoft really did innovate buggy code, and all the other browsers really did copy them :).
As well as that, Internet Explorer 4 had "channels" built in, which were quite similar to RSS and Atom. That's not particularly innovative in itself, but I think Microsoft might have been the first to do it in a browser rather than a dedicated app.
Just wondering, but what kind of answer are you expecting here? "Dang, yes, you caught us in our secret ploy! Oh well, back to the drawing board!" :)
What on earth is "100% W3C compatibility"? The W3C is an organisation, not a specification. They have published hundreds of specifications. No software would implement the lot, nobody would even want to.
You are asking a nonsensical question. A better question would be whether they plan on complete support for specific specifications, such as HTML 4.01, HTTP 1.1, CSS 2.1, DOM 2, SVG 1.1, etc.
It's not the MIME type that needs to be supported, it's XHTML that needs to be supported. MIME types are just labels to differentiate between different resource types. They aren't things you actually have to implement support for.
CSS 3 is a group of specifications, some of which are drafts, some of which are ready to be implemented and are implemented by various browsers.
It means you can upgrade a library or program. It doesn't mean that you can do it safely.
For example, suppose Internet Explorer 7 stores the cache in a different format. You have umpteen different programs running with Internet Explorer 6's engine embedded. You upgrade to Internet Explorer 7 "safely". You now have some programs running with one idea of how they should store the cache files, and some programs running with another idea of how they should store cache files.
It's non-trivial for many applications and libraries to be upgraded in place. The filesystem certainly doesn't solve it for you automagically.
It would be nice for Firefox to understand basic HTML 4 from 1997 like <em/foo/
Yes, it's valid HTML 4. No, Slash hasn't mangled it. Try a validator if you don't believe me.
You'd think that with all this lip-service they pay to standards compliance, they'd be able to catch up with the specifications published nine years ago.
A lot of what you want is already there. Use the 'dcop' command, and it lists the applications running that are available to manipulate. Use an application name that is already running and it lists the operations you can perform with it. Use the 'kdcop' command and you have a graphical application to explore what is possible.
It is not necessary for somebody to agree to a license in order to use a piece of software under USA law. Copies for the purpose of use is not copyright infringement.
The idea that you need special permission to use software you have already bought is abhorrent and contradicts property law. Every effort should be made to stamp it out. Doubly so when that software is given to you freely.
What about the code written before this? And what about the downsides I already mentioned?
It's all very well Microsoft offering another option, but when that option is demonstrably worse, when there have been no changes to Internet Explorer for years, and when they've said that there won't be any more versions of Internet Explorer, conditional comments simply weren't the best approach.
That's an interesting example, but it's not the same thing. Typically the web developers using CSS hacks write valid code first, and only target buggy browsers with the hacks. Any web browser conforming to the CSS specification wouldn't have a problem with this. It's not the fact that Internet Explorer 7 is conformant that is the problem. It's that it's still broken, but in different ways.
We are supposed to listen to Microsoft when they suggest non-standard hacks, even when they are a worse solution than the alternatives, just in case they change their minds and restart development on an EOLed application? Sorry, but the situation web developers would end up in if they all did that would be far worse than having to go back and find new workarounds for Internet Explorer bugs in all their websites.
But conditional comments are not the right way! They are still a non-standard hack. Just because Microsoft did a 180 and ended up causing hassle for people using alternative methods of working around their bugs, it doesn't mean that the non-standard hack is suddenly a good idea.
Also, I'm not entirely certain whether you've grasped this point, because it doesn't frequently get mentioned. Using CSS hacks is not "the wrong way". You can still use hacks and end up with a valid stylesheet that will be interpreted in the same way by all conformant implementations. You aren't making it invalid or mean different things if you include hacks. For instance, the phantom root element hack ("* html") will never cause problems for conformant browsers because it can never match any elements.
Is an attempt at discovery usually made? Are the people making the allegations against the Chinese government claiming to have made such attempts?
Which makes them a perfect target for spoofing, wouldn't you say?
Have they admitted to this one?
Don't get me wrong, I'm not saying that the Chinese weren't responsible for this. I'm saying that the "conclusive evidence" isn't as unshakable as you are making out.
None of it. Internet Explorer has never been anywhere near the Windows kernel. Ever.
Its rendering engine has been available for any applications to embed since Windows 98. Many do. When you hear about Internet Explorer being "integrated" into Windows, what they mean is that an important library used by Internet Explorer is also used by other applications. Consider glibc on Linux, or Webkit on OS X. Neither are "integrated into the kernel", but many applications break if you take it away, and many applications are affected if there's a security vulnerability found in them. Internet Explorer's rendering engine is like that.
But you are using it all the time. You already mentioned that you use Windows Messenger - that uses Internet Explorer's rendering engine to display various things. Whenever you call up an application's help, you are using Internet Explorer's rendering engine. It's a system library that many applications use.
You're mostly right. Internet Explorer 6 is missing major parts of CSS 2 support, and only supports CSS 1 selectors (and possibly a couple of CSS 2 selectors). Internet Explorer 7 adds a little bit more support for CSS 2, and support for all the CSS 2 selectors.
The problem is that people were hiding the CSS 2 that Internet Explorer 6 doesn't support from it using the CSS 2 selectors it also doesn't support. Now Internet Explorer 7 understands those selectors, but still doesn't understand a lot of the rest of CSS 2. So the developers that provided ugly float hacks for Internet Explorer and more advanced CSS 2 for everything else are left with Internet Explorer 7 making a mess because it ignores the Internet Explorer 6 stuff and tries to use the stuff it doesn't understand.
The solution, from Microsoft's perspective, is to use another non-standard Microsoft hack called conditional comments and conditional compilation. It's a way of selectively hiding code from other browsers based on whether it's Internet Explorer or not and which version is in use.
Now, some people's hackles will be raised by my description of it as "non-standard". Here's the deal: a document with conditional comments in can be perfectly valid and make sense to standards-compliant user-agents. But — and this is a big but — this is only the case because they look like normal comments that should be ignored to every other user-agent. This means that anything hidden in a conditional comment is not going to be checked by validators, link checkers, security software, filters, or anything like that, unless they have special support built in for Microsoft's non-standard extensions to HTML and ECMAScript.
The conditional comment approach also has downsides purely from a technical point of view. For instance, with CSS selector hacks, you can include code for Internet Explorer and code for standard browsers in the same external stylesheet. With conditional comments, you are stuck with an additional external stylesheet, or embedded <style> elements, both of which are less efficient.
CSS selector hacks were fragile, everybody knew that, but I still think it was irresponsible of Microsoft to fix the selectors first. If they had fixed them after fixing the other issues, there would be no problem. An HTTP header or <meta> element approach would also have allowed complete backwards compatibility. But they ploughed ahead because the selector problem was easy and the other stuff was hard, and they were getting shit about CSS support so they did the little easy thing to get people off their backs but caused a load of new problems instead of the big hard thing that works right.
You think that somebody able to conduct "a series of targeted attacks against the Department of Energy" is unable to set up a rootkit to show a fake local shell and hide a remote one? Or that they never considered the possibility that somebody might try to find them?
When did PHBs invade Slashdot? The word you are looking for is "affect". "It would only affect me if..."
You've just described the fundamental nature of law. All laws take away liberty. Every last one of them. The idea behind law is to trade away the right types of liberty to promote social good.
You are talking as though any loss of liberty is wrong. This couldn't be further from the truth. Law has taken away my liberty to kill you whenever I choose. Is that a bad thing? Or is it a reasonable tradeoff; liberty for security? I think the latter, and unless you are a die-hard anarchist, you do too.
You are confusing idempotence and safety. "Idempotent" merely means that repeated requests have the same effect as a single request. You should use GET because it is safe, not because it is idempotent. For contrast, DELETE is an idempotent method, but it's certainly not a safe method. For some reason everybody seems convinced that "idempotent" is a fancy word for "safe". See section 9.1 of the RFC, it explains in more detail.
The example you give for Slashdot highlights the difference between safety and idempotence. It doesn't matter if you make the request once or a hundred times, the result is the same - you are logged out. The request is idempotent. The problem is that it's not safe, because it alters application state by logging you out.
The example you give of sending an email is a bad one. Consider sending an email to the admin containing an iframe that generates a form and auto-posts it.
The correct way to guard against vulnerabilities like this is to generate a per-user nonce. Include it as a hidden field in every legitimate form and check for it in every form handler.
I agree that the best the UK has to offer regarding news broadcasts, interviewers, analysis, etc is very good indeed. Unfortunately, it's rather offset by the quality of the tabloids, which a depressing number of people use as their primary news source.
I'm out of the country for a few months and find it hard to locate the better quality British newspapers, so I've been reading a combination of international papers published locally and British tabloids. On one day recently, I bought both, because I honestly couldn't believe the contrast. The international paper published locally led with a front-page story about the coup in Thailand. The Brit tabloid led with a front-page story about Chris Tarrant (a quiz show host) breaking up with his wife. The coup was hardly mentioned at all, on page 17 if I recall correctly.
It's an embarrassment that they are allowed to call themselves newspapers. Gossip is not news.
No, it comes down to which you value most - your ethics or a bit of mindless entertainment. If all three major players are abusive, then any money you give to any of them enables their further abusiveness. If you really feel that all three major players are like that, then don't buy a console. It's just games FFS. Read a book or go outside instead.