However, I do have to take issue with Reader being a simple viewer. Yes, if you only ever used it one machine. For many users, though, the value is in syncing across multiple devices so you can access feeds on your phone/tablet/multiple PCs. That requires a central server.
Reader is to RSS what web based mail is to email. Yes, there are alternatives, but so far I know I'm yet to find one that does as good a job of just keeping out of the way.
I agree, long walks and cycling are where I do most of my creative thinking. The activity requires little mental effort and gives me time to let my mind wander. Running is different - I only took it up recently, and I'm still at the point where all of my mental effort has to go into breathing and keeping going (and 5K is my current limit). Even that is great, though, as it's the only time I'm completely switched off from other thoughts other than when I'm asleep, so I think it helps to clear my mind.
I know it's not always easy, but most data input into web forms is quite straightforward. The application should not be checking whether the data is invalid - it should be checking that it's valid. That's a subtle distinction, and I'm probably going to fail to explain it! The critical thing is to allow only that data that is valid for the question being asked. Most of the time restricting the input to a certain length and only allowing specific characters should be enough, and wherever possible limit input to predefined selections (dropdowns, checkboxes). Apart from avoiding vulnerabilities, validation is critical to ensuring the data is useful and minimises the need for data cleansing later on.
Where extended free format data is required, it should still be as simple as controlling the length of the data, the character set in use and making sure it's correctly quoted.
Probably true, but it's sad that in 2013 we're still talking about Bobby Tables! It's still an application code issue rather than strictly a database issue.
I agree it needs fixing, and even said that it's important to have security at every layer, my point was really that a number of other security measures will already have failed before the database is vulnerable. And yes, in many cases the web server will be the application server, but I'd hope that's a design that's limited to less than critical systems...
In a truly paranoid environment the only internal access to the database will be via bastion hosts, not direct from individual desktops...
I see lots of comments about needing to know the vulnerability right now, and even panic about taking servers down until it's fixed. I can't help feeling that if that's your reaction you're doing it wrong.
In any internet facing production environment, the front end web servers will be the only place that can be attacked. They should be in a DMZ and only be accessing application servers via a firewall, which in turn access the database. Access to the database would only be allowed from the application servers, and the application servers shouldn't be able to run any random SQL. All inputs should be verified before passing to the database. It's kind of hard to see how, in a well designed system, the database is at risk. Nothing uncontrolled should be reaching it.
Of course it's important to have security at every layer, but if an attack can get as far as exploiting code vulnerability in the database I'd say there's a bigger problem somewhere further up the chain.
Internal attacks are another matter, but again, access controls should be ensuring that only those who really need access to the database have access to the database. Those people will be able to do enough damage without needing exploits, so again, code vulnerability at that level should be something of a non-issue.
Yes, I did say it was easy enough to export, but you have to remember to do that from time to time. If it's already in a readable format, you know it's always there. If it is just SQLite, that would be great, will have to investigate some time.
I used tasks for a bit. It's still there, tucked away in email, but really needs work - it's very, very basic. I use Evernote for notes, but it doesn't do task management (mainly alerts). I'm looking at alternatives. Remember the Milk keeps coming up, but the interface is a bit dated and you have to pay for fairly basic functionality - the free version is fairly crippled. I don't mind paying, but only once I've tested. At the moment I'm giving Wunderlist an extended trial.
I have a Google apps account, and use that for Reader. OK, I'm using the free version of apps, but it is a service you can pay for (and now have to pay for) and Reader was one of the features of that service. It soon won't be. Now, I'm sure the terms and conditions are nice and tight, and are probably limited to core applications like email and docs, but nevertheless, Google are removing a feature that some of their customers are paying for.
It would be nice if Evernote's local database was in an open format - if it is, it's not obvious (there is an API, but I haven't investigated to see if there's a way to use it should the cloud side of the service go AWOL tomorrow). It's easy enough to export all of the notes into HTML, though, and doing that from time to time as a backup is probably a good idea.
I just set up my gmail account to poll my ISP provided pop account for me, so on the rare occasion I get email there it comes through to an account where I can see it. Using my own domain with google (apps, got in while it was free), I don't have tie in to google, I could switch and still keep my email address.
Ben Elton's book "Blind Faith" covers this. Basically, it's a near future in which privacy is considered perverse and everyone constantly posts video of themselves. It's not a great book, but eerily prescient - it came out in 2007, before Facebook was as ubiquitous as it is now. First it's the uncomfortably personal posts and tweets, then it'll be the videos...
I've got a stock Nexus 7 tablet, and wifi is on the power control widget, along with bluetooth, GPS, sync and brightness. Single tap to switch on and off.
Sure, hence the mention of Lightroom - it's what I use for RAW conversion, and I only tend to take photos into Photoshop when I need to do further retouching - mainly skin in portraits. I've got some handy actions for that.
As of 2006, when I switched, RAW conversion in the Linux world was spotty at best, and RAW conversion often required software from the camera manufacturer that only ran on Windows and Mac. It might be better now.
I know what you mean about default apps - my HTC phone has some nice widgets that I later discovered are HTC only. I got a Nexus 7, and it's missing a lot of stuff that I took for granted (no tasks widget!!?).
No, I'm not dismissing anyone who doesn't use Photoshop, but maybe I was conflating serious with professional, and there Photoshop is ubiquitous. If not Photoshop, then maybe Lightroom, or even Aperture for OSX users. Some kind of postprocessing is almost essential for high end photography - I see RAW files as akin to negatives that need development, and no matter how careful I am with my sensors there is always dust to edit out.
I did try the third party drivers - never had much luck with Turboprint, and again, for me it came down to the time, paper and ink cost of experimenting.
I can run everything I need on Windows, including most open source software, plus the proprietary stuff. I can do the same on a Mac at around twice the price. Linux can only do a subset. Hence - for me - Windows is the obvious choice.
Adobe's tools still rule the professional world. It's not just the feature set, it's the entire ecosystem of support and training. Yes, for a large part of the professional world, Photoshop is synonymous with digitial photo editing - it's even used as a verb (Adobe might want to watch that, it'll become the next "hoover").
Back in 2006, IIRC, colour management on Linux wasn't an option, the Gimp didn't do CYMK or 16bit editing and RAW file conversion was hit and miss. It may be different now, but I've had no reason to go back and find out.
I once spent a weekend trying to get a decent print from my Linux system to a moderately high end Epson printer. I just could not get the colours to come out right. In Photoshop I could soft proof, and I think I got it right at the second attempt. Just the cost of paper and ink wasted trying to get it working under Linux would pay for a copy of Windows in next to no time.
Which is a good indication of how many people are affected by this. Tiny Tiny RSS is showing a simplified page at the moment because it's being hit so hard.
I will be looking for a reader that syncs with Android and web. I have a widget on my phone that I scroll through when I'm have five minutes to spare. I keep the reader window open in a browser all day. I use it all the time.
I just can't get that emotional about an OS. I ran Linux on the desktop from the late 90s until about 2006, when I started getting seriously into digital photography. I reached a point where I needed Photoshop and real colour management, which left me with the choice of Windows or Mac. I already had the PC hardware, so I went with Windows.
Every now and then I look at the latest iMacs and think... maybe. When I really think about it, I just can't justify the price difference. Windows XP just worked for me. Windows 7 just worked. I'm now using 8, and it just works. I have WAMP to get a nice simple stack for web development, I use perl and imagemagick for some batch processing of files, but get to use Lightroom and Photoshop for the real work. If I wanted a real command line I'd stick cygwin on.
The OS is just a launcher. OK, the metro start screen is a bit clunky, but most of the time I'm on the desktop with a few apps and a browser running. It makes absolutely no difference to me which OS I'm using at that point, as long as it runs the applications I need. Since Windows does it cheaper, I use Windows.
I have a long and personally relevant story about how an otherwise reasonably intelligent man can allow himself to be fooled by a younger attractive woman. I'll outline it here.
He gave in to the temptation to see escorts. He met one who he started seeing regularly, and after a while she told him she was getting out of the business but would keep seeing him. By seeing her more regularly, she could get by, financially. When asked she hinted that she might be interested in a relationship, but wanted to get her life sorted out - that she wasn't "ready". She was trying to start a legitimate business first, and wanted to focus on that.
Two years go by. He keeps seeing her. He puts some money towards her business, even some technical assistance. She meets him outside of "work" but only when she wants a favour. They chat online almost every day, and he sees her for the other stuff every couple of weeks. There has been no progress towards a relationship, and he suspects she has a partner who is actually running the (legitimate) business, or is still working, or both.
Despite all this, he still holds out hope. He's aware of the cognitive dissonance, and the doublethink required to stick with it, and has even asked her to just tell him, so they can carry on happily as they are without that false hope. He'd accept that. Despite it all, he genuinely likes and cares for her.
Luckily this post is buried in a reply several deep in an older thread, so I doubt many people will read it and raise eyebrows at the obvious "a friend of mine..." nature of the story.
Slashdot Mirror
Yes the comparison is silly.
However, I do have to take issue with Reader being a simple viewer. Yes, if you only ever used it one machine. For many users, though, the value is in syncing across multiple devices so you can access feeds on your phone/tablet/multiple PCs. That requires a central server.
Reader is to RSS what web based mail is to email. Yes, there are alternatives, but so far I know I'm yet to find one that does as good a job of just keeping out of the way.
I agree, long walks and cycling are where I do most of my creative thinking. The activity requires little mental effort and gives me time to let my mind wander. Running is different - I only took it up recently, and I'm still at the point where all of my mental effort has to go into breathing and keeping going (and 5K is my current limit). Even that is great, though, as it's the only time I'm completely switched off from other thoughts other than when I'm asleep, so I think it helps to clear my mind.
Whitelisting - thank you, describes what I meant perfectly.
I know it's not always easy, but most data input into web forms is quite straightforward. The application should not be checking whether the data is invalid - it should be checking that it's valid. That's a subtle distinction, and I'm probably going to fail to explain it! The critical thing is to allow only that data that is valid for the question being asked. Most of the time restricting the input to a certain length and only allowing specific characters should be enough, and wherever possible limit input to predefined selections (dropdowns, checkboxes). Apart from avoiding vulnerabilities, validation is critical to ensuring the data is useful and minimises the need for data cleansing later on.
Where extended free format data is required, it should still be as simple as controlling the length of the data, the character set in use and making sure it's correctly quoted.
Probably true, but it's sad that in 2013 we're still talking about Bobby Tables! It's still an application code issue rather than strictly a database issue.
I agree it needs fixing, and even said that it's important to have security at every layer, my point was really that a number of other security measures will already have failed before the database is vulnerable. And yes, in many cases the web server will be the application server, but I'd hope that's a design that's limited to less than critical systems...
In a truly paranoid environment the only internal access to the database will be via bastion hosts, not direct from individual desktops...
I see lots of comments about needing to know the vulnerability right now, and even panic about taking servers down until it's fixed. I can't help feeling that if that's your reaction you're doing it wrong.
In any internet facing production environment, the front end web servers will be the only place that can be attacked. They should be in a DMZ and only be accessing application servers via a firewall, which in turn access the database. Access to the database would only be allowed from the application servers, and the application servers shouldn't be able to run any random SQL. All inputs should be verified before passing to the database. It's kind of hard to see how, in a well designed system, the database is at risk. Nothing uncontrolled should be reaching it.
Of course it's important to have security at every layer, but if an attack can get as far as exploiting code vulnerability in the database I'd say there's a bigger problem somewhere further up the chain.
Internal attacks are another matter, but again, access controls should be ensuring that only those who really need access to the database have access to the database. Those people will be able to do enough damage without needing exploits, so again, code vulnerability at that level should be something of a non-issue.
Takes a special kind of dumb to manage this!
Or rather, you got what you were looking for but not what was relevant to this conversation?
It's just a shame Hunter S. Thompson isn't around to read and comment on this.
Yes, I did say it was easy enough to export, but you have to remember to do that from time to time. If it's already in a readable format, you know it's always there. If it is just SQLite, that would be great, will have to investigate some time.
I used tasks for a bit. It's still there, tucked away in email, but really needs work - it's very, very basic. I use Evernote for notes, but it doesn't do task management (mainly alerts). I'm looking at alternatives. Remember the Milk keeps coming up, but the interface is a bit dated and you have to pay for fairly basic functionality - the free version is fairly crippled. I don't mind paying, but only once I've tested. At the moment I'm giving Wunderlist an extended trial.
I have a Google apps account, and use that for Reader. OK, I'm using the free version of apps, but it is a service you can pay for (and now have to pay for) and Reader was one of the features of that service. It soon won't be. Now, I'm sure the terms and conditions are nice and tight, and are probably limited to core applications like email and docs, but nevertheless, Google are removing a feature that some of their customers are paying for.
It would be nice if Evernote's local database was in an open format - if it is, it's not obvious (there is an API, but I haven't investigated to see if there's a way to use it should the cloud side of the service go AWOL tomorrow). It's easy enough to export all of the notes into HTML, though, and doing that from time to time as a backup is probably a good idea.
I just set up my gmail account to poll my ISP provided pop account for me, so on the rare occasion I get email there it comes through to an account where I can see it. Using my own domain with google (apps, got in while it was free), I don't have tie in to google, I could switch and still keep my email address.
Ben Elton's book "Blind Faith" covers this. Basically, it's a near future in which privacy is considered perverse and everyone constantly posts video of themselves. It's not a great book, but eerily prescient - it came out in 2007, before Facebook was as ubiquitous as it is now. First it's the uncomfortably personal posts and tweets, then it'll be the videos...
I've got a stock Nexus 7 tablet, and wifi is on the power control widget, along with bluetooth, GPS, sync and brightness. Single tap to switch on and off.
Sure, hence the mention of Lightroom - it's what I use for RAW conversion, and I only tend to take photos into Photoshop when I need to do further retouching - mainly skin in portraits. I've got some handy actions for that.
As of 2006, when I switched, RAW conversion in the Linux world was spotty at best, and RAW conversion often required software from the camera manufacturer that only ran on Windows and Mac. It might be better now.
And don't get me started on Ken Rockwell...
I know what you mean about default apps - my HTC phone has some nice widgets that I later discovered are HTC only. I got a Nexus 7, and it's missing a lot of stuff that I took for granted (no tasks widget!!?).
On my desktop and my phone? Nope, looks like Currents is tablet/smartphone only.
No, I'm not dismissing anyone who doesn't use Photoshop, but maybe I was conflating serious with professional, and there Photoshop is ubiquitous. If not Photoshop, then maybe Lightroom, or even Aperture for OSX users. Some kind of postprocessing is almost essential for high end photography - I see RAW files as akin to negatives that need development, and no matter how careful I am with my sensors there is always dust to edit out.
I did try the third party drivers - never had much luck with Turboprint, and again, for me it came down to the time, paper and ink cost of experimenting.
I can run everything I need on Windows, including most open source software, plus the proprietary stuff. I can do the same on a Mac at around twice the price. Linux can only do a subset. Hence - for me - Windows is the obvious choice.
Adobe's tools still rule the professional world. It's not just the feature set, it's the entire ecosystem of support and training. Yes, for a large part of the professional world, Photoshop is synonymous with digitial photo editing - it's even used as a verb (Adobe might want to watch that, it'll become the next "hoover").
Back in 2006, IIRC, colour management on Linux wasn't an option, the Gimp didn't do CYMK or 16bit editing and RAW file conversion was hit and miss. It may be different now, but I've had no reason to go back and find out.
I once spent a weekend trying to get a decent print from my Linux system to a moderately high end Epson printer. I just could not get the colours to come out right. In Photoshop I could soft proof, and I think I got it right at the second attempt. Just the cost of paper and ink wasted trying to get it working under Linux would pay for a copy of Windows in next to no time.
Which is a good indication of how many people are affected by this. Tiny Tiny RSS is showing a simplified page at the moment because it's being hit so hard.
I will be looking for a reader that syncs with Android and web. I have a widget on my phone that I scroll through when I'm have five minutes to spare. I keep the reader window open in a browser all day. I use it all the time.
I just can't get that emotional about an OS. I ran Linux on the desktop from the late 90s until about 2006, when I started getting seriously into digital photography. I reached a point where I needed Photoshop and real colour management, which left me with the choice of Windows or Mac. I already had the PC hardware, so I went with Windows.
Every now and then I look at the latest iMacs and think... maybe. When I really think about it, I just can't justify the price difference. Windows XP just worked for me. Windows 7 just worked. I'm now using 8, and it just works. I have WAMP to get a nice simple stack for web development, I use perl and imagemagick for some batch processing of files, but get to use Lightroom and Photoshop for the real work. If I wanted a real command line I'd stick cygwin on.
The OS is just a launcher. OK, the metro start screen is a bit clunky, but most of the time I'm on the desktop with a few apps and a browser running. It makes absolutely no difference to me which OS I'm using at that point, as long as it runs the applications I need. Since Windows does it cheaper, I use Windows.
We are. But I still feel like a newbie.
I have a long and personally relevant story about how an otherwise reasonably intelligent man can allow himself to be fooled by a younger attractive woman. I'll outline it here.
He gave in to the temptation to see escorts. He met one who he started seeing regularly, and after a while she told him she was getting out of the business but would keep seeing him. By seeing her more regularly, she could get by, financially. When asked she hinted that she might be interested in a relationship, but wanted to get her life sorted out - that she wasn't "ready". She was trying to start a legitimate business first, and wanted to focus on that.
Two years go by. He keeps seeing her. He puts some money towards her business, even some technical assistance. She meets him outside of "work" but only when she wants a favour. They chat online almost every day, and he sees her for the other stuff every couple of weeks. There has been no progress towards a relationship, and he suspects she has a partner who is actually running the (legitimate) business, or is still working, or both.
Despite all this, he still holds out hope. He's aware of the cognitive dissonance, and the doublethink required to stick with it, and has even asked her to just tell him, so they can carry on happily as they are without that false hope. He'd accept that. Despite it all, he genuinely likes and cares for her.
Luckily this post is buried in a reply several deep in an older thread, so I doubt many people will read it and raise eyebrows at the obvious "a friend of mine..." nature of the story.