All in all good advice; I have some additional tips for PHP.
I think the number one issue for code re-use is avoiding name collisions. PHP doesn't support namespaces, so my approach has evolved to building classes, even for very procedural functionality. I have one library named after my (very unique) username that contains all the functionality that I find useful for my own projects. I usually repackage any functions I use from there in the case of outside projects that other people will be working on.
I also have to talk a little bit about PEAR. There are some really fantastic libraries there, but considering that it's supposed to be a peer-reviewed repository, it has a lot of crap too. Mostly in the form of stuff that's never made it out of beta, but also there are some libraries with untested functionality. Often this comes in the form of poorly conceived generalization of a problem. One of the things that makes an excellent programmer is the ability to decide how general a solution is ideal for a given situation. Always take third-party code with a grain of salt.
Finally, if you are serious about programming, take some time to learn the advanced features of other languages. PHP is an extremely utilitarian language, lots of built-in functionality, lots of free code available, but its a bit like a stone hammer--very crude. I would say almost every other language has more to offer in terms of expanding your programming mind: C, C++, Java, Perl, Ruby, Python, OCaml, etc. Understanding these languages will help you write better PHP. Also, don't be fooled by Javascript's seeming simplicity, it's actually a very powerful dynamic language with unique features worth studying.
Of course immature OSS is doomed in the Enterprise. Who wants to use any immature software where correct functioning is important? Software being open source or closed source has nothing to do with that. At the end of the day performance is the only thing that counts.
Also implicit in the article is that OSS needs to succeed in the Enterprise. But that is not true at all, open source software is not beholden to investors seeking profit. A project can languish in obscurity for years before it matures and suddenly becomes useful to huge numbers of people. Or a better project can make it obsolete overnight. But whatever happens the code is out there. There's no point in trying to ascribe business life cycles to open source projects.
Businesses are like animals struggling to survive, open source projects are like whole eco systems that fluctuate widely based on climate, but don't sink or swim by single events.
I'm not sure exactly how it went down, but it sounds like he hired a bunch of developers for a project and just sent them off to go do it without leadership. This isn't a problem with open source, it's just a boneheaded decision. When you hire someone you have to train them and tell them what you expect. It's no wonder that they gravitated towards whatever they wanted to do since they had no direction.
You can have all the creativity you want - but without proper leadership, all that effort and talent goes wasted. I have a few creative friends that have all these wonderful ideas - but they have no idea on the concepts of project planning or management of resources. Needless to say, their killer applications are still brain children - and not actually out here where the rest of us can use them.
In that case self-management is the key. I've been there. Working for years in an educational environment where the actual workload was less than 20 hours, I had a lot of freedom to take things in new directions. I ended up coming up with some of my best ideas and was able to develop the discipline to implement them. But it was really hard not to get distracted. You have to develop a manager mentality--be results oriented. As a programmer / designer / creative, sometimes spending 8 hours just researching or learning something is well worth it, but at some point you have to jump in and focus hard on the final product until its done. Then you can go back into creative mode and dream up version 2.0.
While I like the specs of the new MacBooks, at their price point they don't quite cut it. Perhaps the second revision will make changes. Its just so hard to justify $600+ MacTax for 1lb of less weight and a few minor extras. Case in point CompUSA is selling an Acer duo, (1280x800 display x1400 graphics, 2GB memory, 120gb hdd, for 1299). While I understand that to some their is better engineering in the Mac I doubt the assembly lines used by either is much different). Yeah I know, its the software/experience/quality. There are levels to which all of us assign imporantance to these items. However most of it is opinion and we can all find pro and con examples to back our case. To me the justification of owning one of the new Intel based macs is being able to run any x86 OS.
These machines are for the pro users; the people who need the absolute fastest Mac laptop they can get and they need it right now. If your livelihood is based directly on Mac platform then the MacTax is incidental. Personally I wouldn't recommend anyone getting a rev1 Mac of any type. You'll be better served by waiting til the intel ibooks are released anyway. Might as well at least wait until universal binaries are out for everything you use.
I bought a top of the line PBG4 last May, and for the first time in my life I feel like I bought a machine at the best possible time. They've bumped the screen resolution and improved battery life, but that's basically the only improvement in 9 months. By the time I'm ready to upgrade they'll be deep into Intel revisions with every program universalized. This was not the case when I bought my Mac SE, Centris 610, Performa 6200, or even my G4 Tower. And don't get my started about my 286, or K6.
What are the credentials of Chris Shiflett? He's widely touted as a "PHP security expert", but Stefan Esser has a beef with him, and claims that this book contains serious flaws and misunderstandings.
After reading the post I don't really give a shit what Stefan Esser has to say about the book. Yes there's a flaw, but you won't convince people with such an inflammatory blog post. It looks like he scanned everything to find some flaw so he can rip Chris a new one. I would question if, perhaps, he's envious that Chris got a book published?
The flaw itself is not some glaring security hole. It's an Apache configuration issue that's pretty tangential to PHP security. It's the responsibility of the web host to avoid this problem. If people are configuring this stuff for themselves then they need to know a lot more than just PHP security. The information to the PHP programmer at worst doesn't work. So what? There are a million ways Apache could be configured that would break some example code. You don't get secure code by mixing and matching a bunch of examples anyway. For the book to be good it needs to impart the principles of PHP security to the reader so that their own code is secure. I don't know whether this book is successful in that, and certainly there is an issue here that could be addressed, but I think it's a stretch to claim that this one example discredits the book. Especially when it comes from someone with a vendetta.
Another point is that Stallman thrives in the current climate of erosion of rights. We need Stallman because he is the polar opposite of companies which want to patent the ocean, sky and mountains, and copyright the english language, and trademark everything they ever do and charge recurring fees just to open your eyes in the morning. These companies have been eroding the public domain for years with little opposition. After all, who's interest is the public domain?
Well the answer is Stallman. Of course we don't want a Stallman world where you can't control anything you create. The incentive to create would certainly decrease, and everything would become more and more derivative as spending time creating something original would be wasted as soon as someone with better marketing came along and stole it.
But there's no danger of that. If we ever got close to an even balance Stallman's popularity would decrease. He would be like some fanatics saying that the next Patriot Act needs to give the government more powers and more secrecy. Radicals never really gain control (we hope), but they create the rhetoric necessary for the reasonable middle ground to hear both sides and make an informed decision. We could always hope for a figurehead like Stallman to be more reasonable, but Stallman got where he is specifically because of his ideology. Had he just released Emacs et al BSD style no one would know his name except maybe the close devotees to his projects.
As a CIS student at DeVry, my senior project will be similar. Students can bring in their own project and get it approved, or choose one from a list of projects that have been requested by companies/organizations/individuals and approved by faculty. While it would take a while and may not be perfect (you always run the risk you get a team of slackers), you would get it for free. Depending on complexity, etc it may be a project that is designed to run multiple semesters (one team does it one semester, one finishes it the next). The next semester starts in the start of March (first week or so) because DeVry runs on trimesters.
Wait a minute. What student is going to give away their work for free? Certainly not the brightest ones.
Also, you do not want to hire a web developer without a lot of experience. That person may be a 20 year old prodigy who's been into hardcore web shit for 5 years already, but the chances of finding that guy at a school (or anywhere really) are 50 to 1. Without experience a lot of students may be able to cobble things together, but the cost of poor engineering comes later when you want to add a seemingly straightforward feature, but the code base is such a mishmash that all changes start requiring exponential time. Or what happens when you run into an undocumented IE bug? Debugging in IE is not something that one can be taught in school, you have to bleed for it.
That's not to say that paying $100/hour is any guarantee either. As a layman, the only way to judge is to take a look at their work, test it in a lot of browsers, and see if it has the kind of polish you're looking for. You may be able to save a lot of money with a student, but you may end up wasting time and money on a project that goes nowhere. At least if you can look at a portfolio you have something to go by.
Without taking a lot of time to think about it there are a few assumptions here that apply better to casinos than the stock market.
For one thing, investing in a stock isn't a binary proposition. It can be any value. The only way you really lose everything is if the company goes under, which is a very small probability indeed.
Also, there's not a distinct set of winning losing events. You can sit on a stock for your whole life, so your probably of success is reduced to one extended event. Granted, your chances of beating the market are not 50% with one stock over the long term as growth is fueled by new stocks, and old stocks tend to stagnate and start paying dividends, but you get the point.
Assuming you specify intervals after which a win or loss is determined, you then assume that they always take everything they have and invest it in one stock. Which is a silly assumption, but even assuming they lose, the chances are much much smaller than 50/50 that they will have nothing. Most likely they just lost some percentage of their total, and are free to continue.
As to the casino being able to make money on 50/50 bets, that's placing a lot of faith in human nature. It only works if people keep gambling until they lose. I imagine they could make some money, but it would be pretty marginal compared to what they can make with say 51/49 odds.
It could be argued that over time, it is practically impossible to beat the market, and that almost everyone who attempts to outsmart the market in the end fails.
I'm not an investor or broker so perhaps someone can explain this to me while I furrow my brow in a vain attempt to understand the situation.
Well if you really want to make money in the stock market you have to have some insight beyond the average investor. The fact that Google has awesome growth potential is already factored into the price. From a purely technological standpoint, it's obvious that they have great ideas and the stock could go much higher. But the real uncertainty is with so many different companies and organizations out for Google's blood, they could get into serious legal trouble which could stop a lot of their innovation dead in its tracks. I don't think anything could kill Google at this point, but its definitely conceivable that the share price could lose 50% of its value and take decades to get back to where it was. That's not what I think will happen, but that's the type of risk you run investing in volatile stocks. If you've got $1000 to spare and you feel like a little gambling, then go for it, your odds are definitely better than in Vegas.
Any web developer worth their salt would be able to tell you nothing, and i mean nothing, sent or received over http should be regarded as secure.
Of course cookies can be modified by a proxy. Of course sessions can be hijacked!
Right, but hijacking a session should require at least a man-in-the-middle attack. Allowing anyone to arbitrarily grab cookies from a visitor is a pretty big gaping hole. Obviously anything requiring serious security needs SSL and/or other cryptographic measures, but for the huge number of casual websites that only need basic authentication this really throws a wrench in the works, unless you want to ask the user for their password every single time they load a page.
Well I can't say this was unexpected, nevertheless, it's pretty nasty considering that cookie trust is the standard way of keeping someone logged in. I suppose you could implement IP checking as an additional security measure, forcing wireless users to constantly re-login, but it would provide significant security improvements.
What it really goes to show is that web applications should always require a password to be entered for any 'sensitive' transactions. The definition of 'sensitive' is left as an exercise to the web developer.
Unspecified Reasons? Like not wanting to get sued for bundling again? So the EU doesn't make them release a "Vista Version V without Antivirus Protection" that nobody really wants to buy anyway?
What a noble and altruistic reason for not bundling! Unfortunately it's obvious that the reason they're not bundling virus protection is because viruses are one of the top marketing tools for the Windows industry. As the average networked computer gets slower over time the consumer believes it's only comparitively slower next to new machines, thus fueling the upgrade cycle without which MS would die a cold wall street death.
Any/. reader should see immediately and without doubt that this can be the only possible reason for Microsoft doing something like this.
One thing I've noticed in the web design community is that everyone whines and complains about how standards support sucks and we'll never get there, etc, etc. But really all the happened is IE stopped developing their browser for 5 years. Other than that progress is actually reasonable, and with the advent of IE 5 and 5.5 falling to negligible percentages means you can now create standards-based sites with a single box model, using much of CSS 2. IE7 looks to raise the bar considerably.
So yeah, it will probably be 10 years before we can use XHTML 2 for big commercial sites... but that day will come. That's why it's important for top web developers to be looking at the working draft of XHTML 2 to make it as good as possible. I've read through it, and it's an amazingly well thought out spec. Much better than CSS 2 and 3 in my opinion, although those are inherently more difficult to get right.
My main point is that the web standards community should change their focus. They keep releasing new standards when they hardly have anyone on board with their previous standard. What they're trying to do is compete with the newest version of regular HTML. Even if they 'win' they will have the best standard with no users supporting it. These people need to figure out a way to get people to use version 1.0 and releasing a version 2.0 is not going to help.
I really only care about browser support. If other web developers want to stick with old technology that's no detriment to me... I'll starting dabbling in XHTML 2.0 for experimentation once Mozilla has reasonable support, from there it's onto small personal projects, then small client sites. By the time XHTML 2.0 is well supported enough to use for major projects (10 years?) I'll already have my development environment optimized and be used to the new and improved ways of doing things.
If you look objectively, XHTML 2 is the only significant revision of HTML ever! 1, 2, 3.2, 4, XHTML 1 and 1.1 were incremental changes. So a comprehensive revision really is due considering how much better the web is understood today than when it was first conceived. It's been under development for 3.5 years and has yet to reach a formal spec. So I don't feel they're being hasty in the least.
Reading the spec really is a breath of fresh air... they're fixing all kinds of problems that I never even really thought of, but are immediately obvious on consideration. For instance, allowing href attributes on any object so that A tags are only needed for traditional hyperlinks. Or allowing src attributes anywhere so that you can more naturally integrate graphics into plain markup instead of the common background image hacks we've grown accustomed to use in CSS. Lots of cool new elements too, such as NL, BLOCKCODE, and H tags.
Anyway though, the one thing I think you have wrong is this:
'Real' programmers are the only ones who take advantage of these new standards and are the only ones who create these new standards.
The creators of the standards are probably more programmerish, but in terms of embracing standards, I'd say the community is decidedly mixed. Zeldman, for instance, comes from a graphic design background. Molly Holzschlag, Eric Meyer, Doug Bowman, Dan Cederholm, D. Keith Robinson, are all strongly oriented towards client-side design issues. Even personally, of 3 employees I hired recently, the best, standards-wise was far far from a programmer.
Then on the flipside you have a huge number of programmers who don't take HTML seriously because its 'easy' (and doesn't require precision). In fact, the most common trait I see amongst hardcore programmers is a complete derision of the web in general.
I came to the web from Hypercard. I've always been fascinated with both design and programming. So for me it's natural to appreciate both disciplines and give them their due (along with usability, information architecture, etc, etc). I think without that perspective of how its all enmeshed its hard to be good at even one aspect of web development.
I'm sure there was a huge article on slashdot about how XHTML (1.0) was going to be great and revolutionize the web, but most of the HTML coders that I know really don't care to do something new if they know what they can do now works.
This is what makes it so easy to get ahead of the curve in the web game, and also why web monkeys are so often the target of derision from 'real' programmers. The industry is full of dabblers and bubble busters who learned HTML 10 years ago, and continue to eke out a living with little sense of cost effectiveness or missed opportunities.
Note, XHTML by itself really only does one thing: encourage programmability. If you commit to using valid XHTML all of a sudden, parsing your page and using the data in new ways becomes as easy as learning an XML parser API.
Of course, those who are most pedantically obsessed with XHTML validity also tend to be the ones who are using CSS to the fullest and exploring the frontiers of web development. While being too experimental does not save money for employers or clients, the fruits of these labors does. I got into the CSS-based layout game 5 years ago, and at first I didn't see the benefits because I was too busy learning the relevant browser issues and tricks. I never really noticed how much more efficient I was getting until I moved to a new job where people were still in the 1998 era of web design, and waste was immediately apparent.
Stop looking at this as a programmer and start looking at it as a web developer who doesn't care about cleanliness of code or efficiency -- it's HTML for god's sake.
Why should the people crafting the standards take this attitude? Web development has a long way to go both in terms of features and efficiency, and standards are the only way to consolidate that progress. HTML has a reputation as a hack of a language, being poorly formed, and loosely interpretted. All the more reason that it needs to be cleaned up. We can't build the next generation of applications on such an untidy mess.
What should be done is focusing on standardizing the browsers, _not_ jumping ahead to a new version when hardly anyone has adopted version 1.0.
I agree there can never be enough browser standardization, however why should they stop the development pipeline at the top. If you look over a timespan of more than a couple years you'll see that standards support is actually progressing well. What if they had stopped with CSS 1 until all browser had it perfect? Well, we'd still be using tables for layout and it would take a skilled practicioner twice as long to build and maintain sites.
Google's cache is basically a large-scale financial transfer from the copyrightholders (who serve to benefit from the ads they serve and other interaction they get from end-users visitng their site) to google, who benefits directly by keeping people longer on google's site and thus, basically, shucks them more ads.
While I don't think it's an open and closed case, you won't convince anyone by spouting such hyperbole.
First of all, you're ignoring the fact that the main link goes to the actual website, and the only way to get to the cache is through a smaller link labeled "cache", which is unlikely to be clicked by someone who doesn't already know what it means. Furthermore, once they do click they get a very clear and prominent message in a frame stating that it is in fact a cache, and even explains what the cache is and how it works. So to say that it is a 'large-scale financial transfer' is just silly. At worst it's an extremely small-scale 'financial transfer', and that's a very dubious point to begin with.
So then in your response you say:
Nonsense. Google gains by drawing attention to itself and its other offerings. Let me ask you this simple question: if google doesn't gain financially, even if indirectly, why do they do it? Goodwill? Poppycock.
The same could be said about search in general. They are profiting off of other people's content, because without it there'd be nothing to search. I'm sorry, but there's no evidence that the cache hurts websites financially. And there is certainly plenty of anecdotal evidence where it helps (eg. site goes down, customers go to cache to get phone # or contact email). Note that I'm not using that as support of Google's right to cache, merely as a counterargument against your baseless assertions.
You are basically saying that GOOGLE has the right to display YOUR content as GOOGLE sees fit.
Again with the hyberbole. No one believe Google has the right to display your content any way they want. What some people are arguing is that Google has the right to display your content as they do which is quite reasonable, and not deceptive in the least.
In the google cache situation, the owner effectively loses that right.
No, the page will disappear from Google once it is permanently down, it just takes some time. This may be a valid point about the internet archive, but then again information that finds its way on to the internet anywhere is likely to stick around for a long time.
In other news, explain to me again why if this is fair use, why i can't make photocopies of every book in the bookstore (for example, without photos) and offer them for free reading in my coffeeshop?
but when is cross-browser javascript ever elegant?
When you use Prototype to its full capability. Yes it requires a 'modern' browser, but your page should work without Javascript anyway. If you're going to use Javascript you may as well use it to its full extent. Prototype bridges an awful lot of gaps... I daresay more than 99% of JS developers could ever manage on their own, and it does it with style.
Just like the music industry, the telcos better wise up. This whole phenomenon of creating markets out of thin air, and boosting profits by price manipulation rather than innovation is a serious threat to our economy. Only in a first-world country like America do we forget that an economy is supposed to represent some actual goods and services. This is exactly why China will surpass us, because we've got so much money that everyone's trying to scam a piece of the pie without actually doing anything.
Unfortunately it's inevitable that big companies will be too slow to adapt to an evolving economy, and they will push their bulk around trying to grab as much profit as possible before hitting the mat. That would be all fine and good if they didn't also control the government in the absence of a cohesive counter-interest.
That's a fair argument, but the advent of a computer in every home is relatively recent. As much as the industry wants to keep pushing the envelope, they have to deal with the fact that customers may not be impressed enough with future enhancements to keeping buying a new computer every 3 years.
My personal experience is that owning a 5 year old G4 that was bottom-of-the-line at the time is still a viable computer. Not only can I use it for email and web surfing, but it also pulls its weight in Photoshop and web development. Every other time I owned a five year old computer it was depressingly obsolete.
Anyway, I'm not saying you're wrong, but I do question how long hardware sales can drive the computer industry. At the very least, the market is too mature for the kind of growth it's seen over the past 20 years. Barring some next-generation kill app, of course.
The Intel switch wasn't about switching to a dominant architecture, it was about moving to a platform that had a future roadmap for performance-per-watt. Intel is kicking butt in that department with the Core Duo (a laptop chip that manages to compete with a desktop Athlon64). Merom and Conroe later this year are supposed to further this even more dramatically, being chip redesigns with performance-per-watt as the design goal.
That's the primary goal, yes, but the Intel move is hardly a one-dimensional decision. It's obvious Apple needed faster laptops, what's slightly less obvious is that processor differentiation is less valuable to Apple now then at any time in the past 15 years.
Slashdot Mirror
All in all good advice; I have some additional tips for PHP.
I think the number one issue for code re-use is avoiding name collisions. PHP doesn't support namespaces, so my approach has evolved to building classes, even for very procedural functionality. I have one library named after my (very unique) username that contains all the functionality that I find useful for my own projects. I usually repackage any functions I use from there in the case of outside projects that other people will be working on.
I also have to talk a little bit about PEAR. There are some really fantastic libraries there, but considering that it's supposed to be a peer-reviewed repository, it has a lot of crap too. Mostly in the form of stuff that's never made it out of beta, but also there are some libraries with untested functionality. Often this comes in the form of poorly conceived generalization of a problem. One of the things that makes an excellent programmer is the ability to decide how general a solution is ideal for a given situation. Always take third-party code with a grain of salt.
Finally, if you are serious about programming, take some time to learn the advanced features of other languages. PHP is an extremely utilitarian language, lots of built-in functionality, lots of free code available, but its a bit like a stone hammer--very crude. I would say almost every other language has more to offer in terms of expanding your programming mind: C, C++, Java, Perl, Ruby, Python, OCaml, etc. Understanding these languages will help you write better PHP. Also, don't be fooled by Javascript's seeming simplicity, it's actually a very powerful dynamic language with unique features worth studying.
Of course immature OSS is doomed in the Enterprise. Who wants to use any immature software where correct functioning is important? Software being open source or closed source has nothing to do with that. At the end of the day performance is the only thing that counts.
Also implicit in the article is that OSS needs to succeed in the Enterprise. But that is not true at all, open source software is not beholden to investors seeking profit. A project can languish in obscurity for years before it matures and suddenly becomes useful to huge numbers of people. Or a better project can make it obsolete overnight. But whatever happens the code is out there. There's no point in trying to ascribe business life cycles to open source projects.
Businesses are like animals struggling to survive, open source projects are like whole eco systems that fluctuate widely based on climate, but don't sink or swim by single events.
I'm not sure exactly how it went down, but it sounds like he hired a bunch of developers for a project and just sent them off to go do it without leadership. This isn't a problem with open source, it's just a boneheaded decision. When you hire someone you have to train them and tell them what you expect. It's no wonder that they gravitated towards whatever they wanted to do since they had no direction.
You can have all the creativity you want - but without proper leadership, all that effort and talent goes wasted. I have a few creative friends that have all these wonderful ideas - but they have no idea on the concepts of project planning or management of resources. Needless to say, their killer applications are still brain children - and not actually out here where the rest of us can use them.
In that case self-management is the key. I've been there. Working for years in an educational environment where the actual workload was less than 20 hours, I had a lot of freedom to take things in new directions. I ended up coming up with some of my best ideas and was able to develop the discipline to implement them. But it was really hard not to get distracted. You have to develop a manager mentality--be results oriented. As a programmer / designer / creative, sometimes spending 8 hours just researching or learning something is well worth it, but at some point you have to jump in and focus hard on the final product until its done. Then you can go back into creative mode and dream up version 2.0.
While I like the specs of the new MacBooks, at their price point they don't quite cut it. Perhaps the second revision will make changes. Its just so hard to justify $600+ MacTax for 1lb of less weight and a few minor extras. Case in point CompUSA is selling an Acer duo, (1280x800 display x1400 graphics, 2GB memory, 120gb hdd, for 1299). While I understand that to some their is better engineering in the Mac I doubt the assembly lines used by either is much different). Yeah I know, its the software/experience/quality. There are levels to which all of us assign imporantance to these items. However most of it is opinion and we can all find pro and con examples to back our case. To me the justification of owning one of the new Intel based macs is being able to run any x86 OS.
These machines are for the pro users; the people who need the absolute fastest Mac laptop they can get and they need it right now. If your livelihood is based directly on Mac platform then the MacTax is incidental. Personally I wouldn't recommend anyone getting a rev1 Mac of any type. You'll be better served by waiting til the intel ibooks are released anyway. Might as well at least wait until universal binaries are out for everything you use.
I bought a top of the line PBG4 last May, and for the first time in my life I feel like I bought a machine at the best possible time. They've bumped the screen resolution and improved battery life, but that's basically the only improvement in 9 months. By the time I'm ready to upgrade they'll be deep into Intel revisions with every program universalized. This was not the case when I bought my Mac SE, Centris 610, Performa 6200, or even my G4 Tower. And don't get my started about my 286, or K6.
I wish they cared 10% about our civil rights at home as they do about Chinese human rights.
What are the credentials of Chris Shiflett? He's widely touted as a "PHP security expert", but Stefan Esser has a beef with him, and claims that this book contains serious flaws and misunderstandings.
After reading the post I don't really give a shit what Stefan Esser has to say about the book. Yes there's a flaw, but you won't convince people with such an inflammatory blog post. It looks like he scanned everything to find some flaw so he can rip Chris a new one. I would question if, perhaps, he's envious that Chris got a book published?
The flaw itself is not some glaring security hole. It's an Apache configuration issue that's pretty tangential to PHP security. It's the responsibility of the web host to avoid this problem. If people are configuring this stuff for themselves then they need to know a lot more than just PHP security. The information to the PHP programmer at worst doesn't work. So what? There are a million ways Apache could be configured that would break some example code. You don't get secure code by mixing and matching a bunch of examples anyway. For the book to be good it needs to impart the principles of PHP security to the reader so that their own code is secure. I don't know whether this book is successful in that, and certainly there is an issue here that could be addressed, but I think it's a stretch to claim that this one example discredits the book. Especially when it comes from someone with a vendetta.
Another point is that Stallman thrives in the current climate of erosion of rights. We need Stallman because he is the polar opposite of companies which want to patent the ocean, sky and mountains, and copyright the english language, and trademark everything they ever do and charge recurring fees just to open your eyes in the morning. These companies have been eroding the public domain for years with little opposition. After all, who's interest is the public domain?
Well the answer is Stallman. Of course we don't want a Stallman world where you can't control anything you create. The incentive to create would certainly decrease, and everything would become more and more derivative as spending time creating something original would be wasted as soon as someone with better marketing came along and stole it.
But there's no danger of that. If we ever got close to an even balance Stallman's popularity would decrease. He would be like some fanatics saying that the next Patriot Act needs to give the government more powers and more secrecy. Radicals never really gain control (we hope), but they create the rhetoric necessary for the reasonable middle ground to hear both sides and make an informed decision. We could always hope for a figurehead like Stallman to be more reasonable, but Stallman got where he is specifically because of his ideology. Had he just released Emacs et al BSD style no one would know his name except maybe the close devotees to his projects.
As a CIS student at DeVry, my senior project will be similar. Students can bring in their own project and get it approved, or choose one from a list of projects that have been requested by companies/organizations/individuals and approved by faculty. While it would take a while and may not be perfect (you always run the risk you get a team of slackers), you would get it for free. Depending on complexity, etc it may be a project that is designed to run multiple semesters (one team does it one semester, one finishes it the next). The next semester starts in the start of March (first week or so) because DeVry runs on trimesters.
Wait a minute. What student is going to give away their work for free? Certainly not the brightest ones.
Also, you do not want to hire a web developer without a lot of experience. That person may be a 20 year old prodigy who's been into hardcore web shit for 5 years already, but the chances of finding that guy at a school (or anywhere really) are 50 to 1. Without experience a lot of students may be able to cobble things together, but the cost of poor engineering comes later when you want to add a seemingly straightforward feature, but the code base is such a mishmash that all changes start requiring exponential time. Or what happens when you run into an undocumented IE bug? Debugging in IE is not something that one can be taught in school, you have to bleed for it.
That's not to say that paying $100/hour is any guarantee either. As a layman, the only way to judge is to take a look at their work, test it in a lot of browsers, and see if it has the kind of polish you're looking for. You may be able to save a lot of money with a student, but you may end up wasting time and money on a project that goes nowhere. At least if you can look at a portfolio you have something to go by.
Without taking a lot of time to think about it there are a few assumptions here that apply better to casinos than the stock market.
For one thing, investing in a stock isn't a binary proposition. It can be any value. The only way you really lose everything is if the company goes under, which is a very small probability indeed.
Also, there's not a distinct set of winning losing events. You can sit on a stock for your whole life, so your probably of success is reduced to one extended event. Granted, your chances of beating the market are not 50% with one stock over the long term as growth is fueled by new stocks, and old stocks tend to stagnate and start paying dividends, but you get the point.
Assuming you specify intervals after which a win or loss is determined, you then assume that they always take everything they have and invest it in one stock. Which is a silly assumption, but even assuming they lose, the chances are much much smaller than 50/50 that they will have nothing. Most likely they just lost some percentage of their total, and are free to continue.
As to the casino being able to make money on 50/50 bets, that's placing a lot of faith in human nature. It only works if people keep gambling until they lose. I imagine they could make some money, but it would be pretty marginal compared to what they can make with say 51/49 odds.
It could be argued that over time, it is practically impossible to beat the market, and that almost everyone who attempts to outsmart the market in the end fails.
Shouldn't it be a 50/50 shot?
I'm not an investor or broker so perhaps someone can explain this to me while I furrow my brow in a vain attempt to understand the situation.
Well if you really want to make money in the stock market you have to have some insight beyond the average investor. The fact that Google has awesome growth potential is already factored into the price. From a purely technological standpoint, it's obvious that they have great ideas and the stock could go much higher. But the real uncertainty is with so many different companies and organizations out for Google's blood, they could get into serious legal trouble which could stop a lot of their innovation dead in its tracks. I don't think anything could kill Google at this point, but its definitely conceivable that the share price could lose 50% of its value and take decades to get back to where it was. That's not what I think will happen, but that's the type of risk you run investing in volatile stocks. If you've got $1000 to spare and you feel like a little gambling, then go for it, your odds are definitely better than in Vegas.
...unless you want all your AOL-based visitors to keep getting logged out.
Uhhhhmmmm...
Nah, it's too easy.
Seriously, good point, it just underscores the problem.
Any web developer worth their salt would be able to tell you nothing, and i mean nothing, sent or received over http should be regarded as secure.
Of course cookies can be modified by a proxy. Of course sessions can be hijacked!
Right, but hijacking a session should require at least a man-in-the-middle attack. Allowing anyone to arbitrarily grab cookies from a visitor is a pretty big gaping hole. Obviously anything requiring serious security needs SSL and/or other cryptographic measures, but for the huge number of casual websites that only need basic authentication this really throws a wrench in the works, unless you want to ask the user for their password every single time they load a page.
Well I can't say this was unexpected, nevertheless, it's pretty nasty considering that cookie trust is the standard way of keeping someone logged in. I suppose you could implement IP checking as an additional security measure, forcing wireless users to constantly re-login, but it would provide significant security improvements.
What it really goes to show is that web applications should always require a password to be entered for any 'sensitive' transactions. The definition of 'sensitive' is left as an exercise to the web developer.
Obviously the uber-dorky tag is now required in order to make a joke around here.
Unspecified Reasons? Like not wanting to get sued for bundling again? So the EU doesn't make them release a "Vista Version V without Antivirus Protection" that nobody really wants to buy anyway?
/. reader should see immediately and without doubt that this can be the only possible reason for Microsoft doing something like this.
What a noble and altruistic reason for not bundling! Unfortunately it's obvious that the reason they're not bundling virus protection is because viruses are one of the top marketing tools for the Windows industry. As the average networked computer gets slower over time the consumer believes it's only comparitively slower next to new machines, thus fueling the upgrade cycle without which MS would die a cold wall street death.
Any
One thing I've noticed in the web design community is that everyone whines and complains about how standards support sucks and we'll never get there, etc, etc. But really all the happened is IE stopped developing their browser for 5 years. Other than that progress is actually reasonable, and with the advent of IE 5 and 5.5 falling to negligible percentages means you can now create standards-based sites with a single box model, using much of CSS 2. IE7 looks to raise the bar considerably.
So yeah, it will probably be 10 years before we can use XHTML 2 for big commercial sites... but that day will come. That's why it's important for top web developers to be looking at the working draft of XHTML 2 to make it as good as possible. I've read through it, and it's an amazingly well thought out spec. Much better than CSS 2 and 3 in my opinion, although those are inherently more difficult to get right.
My main point is that the web standards community should change their focus. They keep releasing new standards when they hardly have anyone on board with their previous standard. What they're trying to do is compete with the newest version of regular HTML. Even if they 'win' they will have the best standard with no users supporting it. These people need to figure out a way to get people to use version 1.0 and releasing a version 2.0 is not going to help.
I really only care about browser support. If other web developers want to stick with old technology that's no detriment to me... I'll starting dabbling in XHTML 2.0 for experimentation once Mozilla has reasonable support, from there it's onto small personal projects, then small client sites. By the time XHTML 2.0 is well supported enough to use for major projects (10 years?) I'll already have my development environment optimized and be used to the new and improved ways of doing things.
If you look objectively, XHTML 2 is the only significant revision of HTML ever! 1, 2, 3.2, 4, XHTML 1 and 1.1 were incremental changes. So a comprehensive revision really is due considering how much better the web is understood today than when it was first conceived. It's been under development for 3.5 years and has yet to reach a formal spec. So I don't feel they're being hasty in the least.
Reading the spec really is a breath of fresh air... they're fixing all kinds of problems that I never even really thought of, but are immediately obvious on consideration. For instance, allowing href attributes on any object so that A tags are only needed for traditional hyperlinks. Or allowing src attributes anywhere so that you can more naturally integrate graphics into plain markup instead of the common background image hacks we've grown accustomed to use in CSS. Lots of cool new elements too, such as NL, BLOCKCODE, and H tags.
Anyway though, the one thing I think you have wrong is this:
'Real' programmers are the only ones who take advantage of these new standards and are the only ones who create these new standards.
The creators of the standards are probably more programmerish, but in terms of embracing standards, I'd say the community is decidedly mixed. Zeldman, for instance, comes from a graphic design background. Molly Holzschlag, Eric Meyer, Doug Bowman, Dan Cederholm, D. Keith Robinson, are all strongly oriented towards client-side design issues. Even personally, of 3 employees I hired recently, the best, standards-wise was far far from a programmer.
Then on the flipside you have a huge number of programmers who don't take HTML seriously because its 'easy' (and doesn't require precision). In fact, the most common trait I see amongst hardcore programmers is a complete derision of the web in general.
I came to the web from Hypercard. I've always been fascinated with both design and programming. So for me it's natural to appreciate both disciplines and give them their due (along with usability, information architecture, etc, etc). I think without that perspective of how its all enmeshed its hard to be good at even one aspect of web development.
I'm sure there was a huge article on slashdot about how XHTML (1.0) was going to be great and revolutionize the web, but most of the HTML coders that I know really don't care to do something new if they know what they can do now works.
This is what makes it so easy to get ahead of the curve in the web game, and also why web monkeys are so often the target of derision from 'real' programmers. The industry is full of dabblers and bubble busters who learned HTML 10 years ago, and continue to eke out a living with little sense of cost effectiveness or missed opportunities.
Note, XHTML by itself really only does one thing: encourage programmability. If you commit to using valid XHTML all of a sudden, parsing your page and using the data in new ways becomes as easy as learning an XML parser API.
Of course, those who are most pedantically obsessed with XHTML validity also tend to be the ones who are using CSS to the fullest and exploring the frontiers of web development. While being too experimental does not save money for employers or clients, the fruits of these labors does. I got into the CSS-based layout game 5 years ago, and at first I didn't see the benefits because I was too busy learning the relevant browser issues and tricks. I never really noticed how much more efficient I was getting until I moved to a new job where people were still in the 1998 era of web design, and waste was immediately apparent.
Stop looking at this as a programmer and start looking at it as a web developer who doesn't care about cleanliness of code or efficiency -- it's HTML for god's sake.
Why should the people crafting the standards take this attitude? Web development has a long way to go both in terms of features and efficiency, and standards are the only way to consolidate that progress. HTML has a reputation as a hack of a language, being poorly formed, and loosely interpretted. All the more reason that it needs to be cleaned up. We can't build the next generation of applications on such an untidy mess.
What should be done is focusing on standardizing the browsers, _not_ jumping ahead to a new version when hardly anyone has adopted version 1.0.
I agree there can never be enough browser standardization, however why should they stop the development pipeline at the top. If you look over a timespan of more than a couple years you'll see that standards support is actually progressing well. What if they had stopped with CSS 1 until all browser had it perfect? Well, we'd still be using tables for layout and it would take a skilled practicioner twice as long to build and maintain sites.
Allow me to quote your original message:
Google's cache is basically a large-scale financial transfer from the copyrightholders (who serve to benefit from the ads they serve and other interaction they get from end-users visitng their site) to google, who benefits directly by keeping people longer on google's site and thus, basically, shucks them more ads.
While I don't think it's an open and closed case, you won't convince anyone by spouting such hyperbole.
First of all, you're ignoring the fact that the main link goes to the actual website, and the only way to get to the cache is through a smaller link labeled "cache", which is unlikely to be clicked by someone who doesn't already know what it means. Furthermore, once they do click they get a very clear and prominent message in a frame stating that it is in fact a cache, and even explains what the cache is and how it works. So to say that it is a 'large-scale financial transfer' is just silly. At worst it's an extremely small-scale 'financial transfer', and that's a very dubious point to begin with.
So then in your response you say:
Nonsense. Google gains by drawing attention to itself and its other offerings. Let me ask you this simple question: if google doesn't gain financially, even if indirectly, why do they do it? Goodwill? Poppycock.
The same could be said about search in general. They are profiting off of other people's content, because without it there'd be nothing to search. I'm sorry, but there's no evidence that the cache hurts websites financially. And there is certainly plenty of anecdotal evidence where it helps (eg. site goes down, customers go to cache to get phone # or contact email). Note that I'm not using that as support of Google's right to cache, merely as a counterargument against your baseless assertions.
You are basically saying that GOOGLE has the right to display YOUR content as GOOGLE sees fit.
Again with the hyberbole. No one believe Google has the right to display your content any way they want. What some people are arguing is that Google has the right to display your content as they do which is quite reasonable, and not deceptive in the least.
In the google cache situation, the owner effectively loses that right.
No, the page will disappear from Google once it is permanently down, it just takes some time. This may be a valid point about the internet archive, but then again information that finds its way on to the internet anywhere is likely to stick around for a long time.
In other news, explain to me again why if this is fair use, why i can't make photocopies of every book in the bookstore (for example, without photos) and offer them for free reading in my coffeeshop?
Um, because books cost money?
but when is cross-browser javascript ever elegant?
When you use Prototype to its full capability. Yes it requires a 'modern' browser, but your page should work without Javascript anyway. If you're going to use Javascript you may as well use it to its full extent. Prototype bridges an awful lot of gaps... I daresay more than 99% of JS developers could ever manage on their own, and it does it with style.
Just like the music industry, the telcos better wise up. This whole phenomenon of creating markets out of thin air, and boosting profits by price manipulation rather than innovation is a serious threat to our economy. Only in a first-world country like America do we forget that an economy is supposed to represent some actual goods and services. This is exactly why China will surpass us, because we've got so much money that everyone's trying to scam a piece of the pie without actually doing anything.
Unfortunately it's inevitable that big companies will be too slow to adapt to an evolving economy, and they will push their bulk around trying to grab as much profit as possible before hitting the mat. That would be all fine and good if they didn't also control the government in the absence of a cohesive counter-interest.
That's a fair argument, but the advent of a computer in every home is relatively recent. As much as the industry wants to keep pushing the envelope, they have to deal with the fact that customers may not be impressed enough with future enhancements to keeping buying a new computer every 3 years.
My personal experience is that owning a 5 year old G4 that was bottom-of-the-line at the time is still a viable computer. Not only can I use it for email and web surfing, but it also pulls its weight in Photoshop and web development. Every other time I owned a five year old computer it was depressingly obsolete.
Anyway, I'm not saying you're wrong, but I do question how long hardware sales can drive the computer industry. At the very least, the market is too mature for the kind of growth it's seen over the past 20 years. Barring some next-generation kill app, of course.
The Intel switch wasn't about switching to a dominant architecture, it was about moving to a platform that had a future roadmap for performance-per-watt. Intel is kicking butt in that department with the Core Duo (a laptop chip that manages to compete with a desktop Athlon64). Merom and Conroe later this year are supposed to further this even more dramatically, being chip redesigns with performance-per-watt as the design goal.
That's the primary goal, yes, but the Intel move is hardly a one-dimensional decision. It's obvious Apple needed faster laptops, what's slightly less obvious is that processor differentiation is less valuable to Apple now then at any time in the past 15 years.
Fair enough, but the real question is how much did IBM really spend compared to Intel?