Bull. Paid tech support for custom/specialized apps is one thing (the company I just left made a very significant percent of their revenue from support and maintenance), but that's just not the case for MS Office. And having paid for MS software in the past, I'll let you know that the only "support" I ever got was from someone named "John" in $randomOutsourcedCountry when I needed to re-activate the damn thing because apparently a system upgrade is a novel thing that nobody had tried before.
Ironically, those 'support' issues went away when I stopped paying for MS software, and obviously also haven't been an issue since I stopped using their stuff entirely.
Don't get me wrong - support is a legitimate concern for some software, even some from MS. But when it comes to Office software, that support is coming from the IT guy, not Microsoft.
No I wasn't trolling, but apparently quite a few people didn't catch the intended 'relatively' in the post. 7 of my 8 cores are running pretty near idle most of the day (or night I should say; I actually use that horsepower during the day), so if prime95 or whatever is threaded I'd have an advantage over most systems, but it's still obviously no supercomputer. Yes, I'm perfectly aware that it'd still take days or weeks to crunch numbers that large, giving me approximately a 1/0 chance of hitting the jackpot.
I'm still trying to figure out what the hell makes a huge prime number worth $100k, though. And indeed, how I was modded insightful - I posed a question and told a really lousy joke that nobody got.
You want to get rickrolled when you have to call in and have your password changed? I'd much rather be told how nice I look today or that the kind phone attendant would like to do something with me that's considered impolite on a public forum.
Most unfortunately, I haven't found a good way to set conditionals in password reset utilities that will prompt a vastly different response from a female assistant than a male. As such, avoid calling from a speakerphone, or you could end up having a very, very interesting day.
Your banking auth code isn't necessarily stored as plaintext in the DB. Amazon has my credit card number stored, and I'll be damned if it's in there as 3723-7... I mean, yeah. Anyways, it's in there via a 2-way encryption algorithm - functionally identical to how SSL works, even if the methods involved are completely different.
Now of course I have no way of knowing if they store the phone-in verification codes in some sort of encrypted form, but just because someone at the bank can read it doesn't mean it's STORED as plaintext, it just means it's NOT stored after being put through a one-way hash (md5, sha1, etc). But that's just as true in your bank's DB as on Slashdot's as on that cobbled-together inventory logging system I made a couple years back for a small biz project. If you didn't have a hand in building the system, and said system isn't open-source, you just have to hope and assume that they've done things with a reasonable degree of security. (FWIW I did encrypt the passwords in that thing, even if the rest of the system was clumsy as hell)
I've had more than one website email me my password if I hadn't logged in after a week or two. Because obviously I wasn't logging in due to having forgotten the same password I use at half the websites on the internet, rather than the site sucking. Suffice to say, I've deleted my accounts at all sites where that's occurred. I wouldn't be at all surprised to see several of them vulnerable to SQL injections and I'm sure all of them did nothing but flip the 'account_active' column bit, but I felt better for a few minutes at least.
Wordpress has a pretty good forgotten password system - it emails you a unique link (something like changepass.php?user=firehed&verify=asdf903jfo2i3jf) and you get your new password form. It's never revealed in plaintext. I hope more sites adopt something along those lines - seeing my password in plaintext anywhere always freaks me out a bit. Then again, I've seen it hashed as md5 and sha1 enough times that I could spot probably my account in a 'SELECT id, pass FROM users' result.
I'm still a bit curious as to how banks haven't yet found a better system for getting you your initial ATM PIN when you get a new card than simply sending it separately from the card. Shouldn't they have some automated dial-in where I punch in the auth code they send me and the last four from my SSN (or MMDD birthday, whatever) as a verification code? If someone is stealing your mail looking for a new card, it wouldn't be difficult for them to also grab that 'discreet' envelope with that starter PIN.
Security is really quite pathetic these days. No wonder we keep hearing about millions of customer records being lost.
Not only is it being stored in plaintext (or at least not as a one-way hash), but presumably it's also visible in the administrative interface to the site. Does <input type="password"/> not have any meaning in those parts?
I think the real question is why it is worth $100k. I'd sure be interested to know, especially seeing that my system can probably attempt to find prime numbers pretty damn quick if it's a threaded app.
Flourinert, the coolant used, actually can hold a significant amount of dissolved oxygen and has been used in lab experiments where rats and other animals were kept fully submerged and breathing the liquid for a non-trivial period of time.
Maybe for the optical drive's interface. A hard drive simply won't last that long without spinning it up every so often. Then again, neither will non-archival optical media.
Make prints. On good paper with good ink. Or maybe just make a secret account somewhere off in the cloud and write down the connection info and stuff that in the vault (probably the only thing higher risk than trusting digital media)
That won't work nearly as well unless you know the location and intensity of the ambient lighting sources for the non-flash image. In theory, you could make a fairly simple system that has two strobes (one on either side of the lens) that are powerful enough to overcome ambient, and use that slight difference to map out the texture (though for maximum effect, you'd really want them offset from the lens by 45 or so). The advantage to that approach is that you could fire off two shots in such quick succession that you could get something fairly accurate without use of a tripod, whereas a flash/no flash shot requires the latter to burn in the ambient to a point where you'll have a usable image, which will fail miserably indoors without a tripod.
It's a price you pay for simplicity versus effectiveness. As a photography lighting geek, I've got the equipment to rig things up quite easily with two strobes at known locations and get a quite effective texture map. I could do it relying on ambient for one of the shots (and losing most of the texture with an on-camera strobe for the other) with any random gear I could pick up, but by nature it can't be as effective nor as accurate. Like anything else, you can half-ass it with existing equipment or spend a little to do a much better job. I'm talking < $100 worth of gear to set up any old camera with a hotshoe to have a cheap off-camera flash that will do a job that's probably an order of magnitude better. Even if you're not in the business of doing this kind of thing professionally, it's not a whole lot of money to spend; it's very multipurpose gear too so it can help out well beyond the reaches of this niche. Ask David for an example or two - it's not specific to this, but there are plenty of examples of how directional lighting can reveal textures on anything.
Presumably that's the logic behind all of these "XX IP Holder, LLC" things that have sprung up as of late (Dunkin Donuts and Quiznos, to name a couple). Presumably there's some sort of odd tax benefit to setting up that kind of system beyond just screwing with copyright law as well.
There are certainly some tricks to do it, but if you're starting with a fairly empty board then early on it does tend to end up as a lot of guesswork. There's a reason the game is best played with a pencil, and I've used nothing but pen in every math class I've ever taken.
Yes, for text transformations and such, do it server-side. When you find a way where I can move shit around the page at runtime in PHP, let me know - I'd love to be able to do that kind of thing for a dozen different reasons (fewer http requests for faster loading, no worries about browser inconsistencies, no concern about noscript, etc.) I could make some sort of Tab class and addTab($label, $content) method in my code and have it automatically output the relevant HTML and jQuery calls, but there's no way for me to do things with no javascript at all.
Doing anything that can be done server-side on the client side is generally a bad idea, so you're definitely taking the right approach. Unfortunately, there's just a ton of stuff that simply cannot be done server-side that you have to at least be reasonably familiar with both sides of things.
Well aside from open-source evangelists being about choice (and it trumping them being against MS), it's a seriously flawed plan due to that little thing we call the business world. Thankfully nowhere I've worked has such a policy, but it's not at all rare for companies to require a certain browser because of some stupid proprietary shit on their intranet.
Don't get me wrong - I'd love to see IE die a miserable death, at least anything prior to the first fully standards-complaint version (8 supposedly, I'll reserve judgment until it ships), as it certainly causes me more than enough headache as a web developer. But until that time comes, I need to recognize and account for the very large number of users who either can't or won't shift off of IE. Depending on the nature of the site I'd consider putting a conditional tag that displays a "Switch to !IE" banner, but I'm not stupid enough to completely ignore anywhere from 60-80% of all internet users.
If slow web app performance helps shift users away from IE, so much the better. However, most of the people who think about their browser at any level are probably not using IE. Apple is doing their bit with an IE warning on the MobileMe site, but they're also one of few companies who can put that kind of thing on a high-profile site and get away with it. I'm sure that all of the web developers at Google, Yahoo, Facebook, et al would love to do the same, but their business models don't revolve around taking jabs at Microsoft either.
Not only would it be possible, but it would be relatively simple (provided you could get enough physical security on the machine to ensure nobody loads up PortableFirefox or something). There's still the issue of a paper trail though, as you would still need the local voting server (from traffic alone, you couldn't have a single central DB, never mind potential security issues) talk back to the originating system. Even that wouldn't have to be overly complicated, provided you could rig up some sort of webservice-type-thing that would print out the confirmation data from the processing server (and then return a success and finally commit the DB transaction).
It's certainly not quite as simple as hacking together a few php scripts, but it wouldn't need to be overly complicated either. And most importantly, it would be relatively simple to open-source and then perform the appropriate checksumming on election day to ensure nothing flaky has gone on behind the scenes.
What the hell are you doing, writing to a flat file and dealing with filesystem locking? There are these magical things called databases that allow more than person to work from them at once... I don't think a mistake like that could be attributed to stupidity or incompetence - that would be nothing short of criminal neglect.
That C# is legible enough, even by non-coders (the modulus might throw people, but they'd still get the general idea). The real test would be if the joke was written in perl.
You know that sometimes, just sometimes, it's actually a good idea to upgrade? I'm as aware as anyone else of how terrible Adobe's software updater is, but Firefox's approach is almost as good as Sparkle-powered apps ("A new version is available! [release notes] Update?" Yes/No/Later, automatic download-patch-restart, done). They are NOT trying to force you to use the software in any specific way, but merely are making you aware that a newer version is available and that you should consider updating. When the program runs, it checks an RSS feed that contains version history and info (an Appcast, if you will) and if there's something newer available, you get prompted. The title is trolling; it's no different than any other updater.
I agree with Acrobat - Adobe seriously needs to work on their free reading software (use FoxIt Reader, by the way), since the only thing they can really change from version to version is speed and it seems to get progressively worse. Most apps add actual functionality and bug fixes, and so long as the update is free there's usually no reason to skip upgrading.
If it bothers you that much, you can disable the automatic update checking. The rest of us will continue to enjoy up-to-date apps.
The "yet" part implies that their actually working on a Mac version, but that they got the Windows version out first. Doesn't it make sense to support your own platform first before supporting others?
Yes, they mean to imply as much; that doesn't make it the case though. And in this case, given the target demographic of a photography-oriented application, you would have to be (pardon my French) Fucking Retarded not to support the Mac platform.
Then I suppose that Microsoft Office for Mac retail box at the Apple store is just an illusion, right?
Have you used Office for Mac? It might as well be an illusion.
That's a fair point, but half the purpose of having something that can load up in a browser window is for cross-platform compatibility since the server (in this case, IIS) is doing the heavy lifting. Considering that the number photographers using Macs is incredibly disproportionate to normal Mac/PC ratios (probably 50%+ among serious photographers, vs under 10% for normal users), they almost certainly doomed the project to failure before it started by not having a standard, cross-platform implementation.
If you need platform-specific stuff, make it a standalone desktop app that talks to the site's webservices layer. At least with that, there's a reasonable enough explanation of why it's not (yet) cross-platform. I'd understand if it's not too useful in Curl, but any other browser should be able to handle it fine.
Slashdot Mirror
Bull. Paid tech support for custom/specialized apps is one thing (the company I just left made a very significant percent of their revenue from support and maintenance), but that's just not the case for MS Office. And having paid for MS software in the past, I'll let you know that the only "support" I ever got was from someone named "John" in $randomOutsourcedCountry when I needed to re-activate the damn thing because apparently a system upgrade is a novel thing that nobody had tried before.
Ironically, those 'support' issues went away when I stopped paying for MS software, and obviously also haven't been an issue since I stopped using their stuff entirely.
Don't get me wrong - support is a legitimate concern for some software, even some from MS. But when it comes to Office software, that support is coming from the IT guy, not Microsoft.
No I wasn't trolling, but apparently quite a few people didn't catch the intended 'relatively' in the post. 7 of my 8 cores are running pretty near idle most of the day (or night I should say; I actually use that horsepower during the day), so if prime95 or whatever is threaded I'd have an advantage over most systems, but it's still obviously no supercomputer. Yes, I'm perfectly aware that it'd still take days or weeks to crunch numbers that large, giving me approximately a 1/0 chance of hitting the jackpot.
I'm still trying to figure out what the hell makes a huge prime number worth $100k, though. And indeed, how I was modded insightful - I posed a question and told a really lousy joke that nobody got.
You want to get rickrolled when you have to call in and have your password changed? I'd much rather be told how nice I look today or that the kind phone attendant would like to do something with me that's considered impolite on a public forum.
Most unfortunately, I haven't found a good way to set conditionals in password reset utilities that will prompt a vastly different response from a female assistant than a male. As such, avoid calling from a speakerphone, or you could end up having a very, very interesting day.
Your banking auth code isn't necessarily stored as plaintext in the DB. Amazon has my credit card number stored, and I'll be damned if it's in there as 3723-7... I mean, yeah. Anyways, it's in there via a 2-way encryption algorithm - functionally identical to how SSL works, even if the methods involved are completely different.
Now of course I have no way of knowing if they store the phone-in verification codes in some sort of encrypted form, but just because someone at the bank can read it doesn't mean it's STORED as plaintext, it just means it's NOT stored after being put through a one-way hash (md5, sha1, etc). But that's just as true in your bank's DB as on Slashdot's as on that cobbled-together inventory logging system I made a couple years back for a small biz project. If you didn't have a hand in building the system, and said system isn't open-source, you just have to hope and assume that they've done things with a reasonable degree of security. (FWIW I did encrypt the passwords in that thing, even if the rest of the system was clumsy as hell)
I've had more than one website email me my password if I hadn't logged in after a week or two. Because obviously I wasn't logging in due to having forgotten the same password I use at half the websites on the internet, rather than the site sucking. Suffice to say, I've deleted my accounts at all sites where that's occurred. I wouldn't be at all surprised to see several of them vulnerable to SQL injections and I'm sure all of them did nothing but flip the 'account_active' column bit, but I felt better for a few minutes at least.
Wordpress has a pretty good forgotten password system - it emails you a unique link (something like changepass.php?user=firehed&verify=asdf903jfo2i3jf) and you get your new password form. It's never revealed in plaintext. I hope more sites adopt something along those lines - seeing my password in plaintext anywhere always freaks me out a bit. Then again, I've seen it hashed as md5 and sha1 enough times that I could spot probably my account in a 'SELECT id, pass FROM users' result.
I'm still a bit curious as to how banks haven't yet found a better system for getting you your initial ATM PIN when you get a new card than simply sending it separately from the card. Shouldn't they have some automated dial-in where I punch in the auth code they send me and the last four from my SSN (or MMDD birthday, whatever) as a verification code? If someone is stealing your mail looking for a new card, it wouldn't be difficult for them to also grab that 'discreet' envelope with that starter PIN.
Security is really quite pathetic these days. No wonder we keep hearing about millions of customer records being lost.
Not only is it being stored in plaintext (or at least not as a one-way hash), but presumably it's also visible in the administrative interface to the site. Does <input type="password" /> not have any meaning in those parts?
I think the real question is why it is worth $100k. I'd sure be interested to know, especially seeing that my system can probably attempt to find prime numbers pretty damn quick if it's a threaded app.
Oh, is that what they used in The Abyss?
Maybe for the optical drive's interface. A hard drive simply won't last that long without spinning it up every so often. Then again, neither will non-archival optical media.
Make prints. On good paper with good ink. Or maybe just make a secret account somewhere off in the cloud and write down the connection info and stuff that in the vault (probably the only thing higher risk than trusting digital media)
That won't work nearly as well unless you know the location and intensity of the ambient lighting sources for the non-flash image. In theory, you could make a fairly simple system that has two strobes (one on either side of the lens) that are powerful enough to overcome ambient, and use that slight difference to map out the texture (though for maximum effect, you'd really want them offset from the lens by 45 or so). The advantage to that approach is that you could fire off two shots in such quick succession that you could get something fairly accurate without use of a tripod, whereas a flash/no flash shot requires the latter to burn in the ambient to a point where you'll have a usable image, which will fail miserably indoors without a tripod.
It's a price you pay for simplicity versus effectiveness. As a photography lighting geek, I've got the equipment to rig things up quite easily with two strobes at known locations and get a quite effective texture map. I could do it relying on ambient for one of the shots (and losing most of the texture with an on-camera strobe for the other) with any random gear I could pick up, but by nature it can't be as effective nor as accurate. Like anything else, you can half-ass it with existing equipment or spend a little to do a much better job. I'm talking < $100 worth of gear to set up any old camera with a hotshoe to have a cheap off-camera flash that will do a job that's probably an order of magnitude better. Even if you're not in the business of doing this kind of thing professionally, it's not a whole lot of money to spend; it's very multipurpose gear too so it can help out well beyond the reaches of this niche. Ask David for an example or two - it's not specific to this, but there are plenty of examples of how directional lighting can reveal textures on anything.
The warning in your sig thoroughly disregarded, that post is a perfect example of why most slashdotters aren't playing that minigame.
I believe the system was designed to track absolutely everything and anything. 463 tables is probably reasonable. 0 indexes remains a problem.
Presumably that's the logic behind all of these "XX IP Holder, LLC" things that have sprung up as of late (Dunkin Donuts and Quiznos, to name a couple). Presumably there's some sort of odd tax benefit to setting up that kind of system beyond just screwing with copyright law as well.
There are certainly some tricks to do it, but if you're starting with a fairly empty board then early on it does tend to end up as a lot of guesswork. There's a reason the game is best played with a pencil, and I've used nothing but pen in every math class I've ever taken.
Pfft, I brew my coffee with espresso.
Yes, for text transformations and such, do it server-side. When you find a way where I can move shit around the page at runtime in PHP, let me know - I'd love to be able to do that kind of thing for a dozen different reasons (fewer http requests for faster loading, no worries about browser inconsistencies, no concern about noscript, etc.) I could make some sort of Tab class and addTab($label, $content) method in my code and have it automatically output the relevant HTML and jQuery calls, but there's no way for me to do things with no javascript at all.
Doing anything that can be done server-side on the client side is generally a bad idea, so you're definitely taking the right approach. Unfortunately, there's just a ton of stuff that simply cannot be done server-side that you have to at least be reasonably familiar with both sides of things.
Well aside from open-source evangelists being about choice (and it trumping them being against MS), it's a seriously flawed plan due to that little thing we call the business world. Thankfully nowhere I've worked has such a policy, but it's not at all rare for companies to require a certain browser because of some stupid proprietary shit on their intranet.
Don't get me wrong - I'd love to see IE die a miserable death, at least anything prior to the first fully standards-complaint version (8 supposedly, I'll reserve judgment until it ships), as it certainly causes me more than enough headache as a web developer. But until that time comes, I need to recognize and account for the very large number of users who either can't or won't shift off of IE. Depending on the nature of the site I'd consider putting a conditional tag that displays a "Switch to !IE" banner, but I'm not stupid enough to completely ignore anywhere from 60-80% of all internet users.
If slow web app performance helps shift users away from IE, so much the better. However, most of the people who think about their browser at any level are probably not using IE. Apple is doing their bit with an IE warning on the MobileMe site, but they're also one of few companies who can put that kind of thing on a high-profile site and get away with it. I'm sure that all of the web developers at Google, Yahoo, Facebook, et al would love to do the same, but their business models don't revolve around taking jabs at Microsoft either.
Yes, and just in time for the election, too. Big surprise.
Not only would it be possible, but it would be relatively simple (provided you could get enough physical security on the machine to ensure nobody loads up PortableFirefox or something). There's still the issue of a paper trail though, as you would still need the local voting server (from traffic alone, you couldn't have a single central DB, never mind potential security issues) talk back to the originating system. Even that wouldn't have to be overly complicated, provided you could rig up some sort of webservice-type-thing that would print out the confirmation data from the processing server (and then return a success and finally commit the DB transaction).
It's certainly not quite as simple as hacking together a few php scripts, but it wouldn't need to be overly complicated either. And most importantly, it would be relatively simple to open-source and then perform the appropriate checksumming on election day to ensure nothing flaky has gone on behind the scenes.
What the hell are you doing, writing to a flat file and dealing with filesystem locking? There are these magical things called databases that allow more than person to work from them at once... I don't think a mistake like that could be attributed to stupidity or incompetence - that would be nothing short of criminal neglect.
That C# is legible enough, even by non-coders (the modulus might throw people, but they'd still get the general idea). The real test would be if the joke was written in perl.
You know that sometimes, just sometimes, it's actually a good idea to upgrade? I'm as aware as anyone else of how terrible Adobe's software updater is, but Firefox's approach is almost as good as Sparkle-powered apps ("A new version is available! [release notes] Update?" Yes/No/Later, automatic download-patch-restart, done). They are NOT trying to force you to use the software in any specific way, but merely are making you aware that a newer version is available and that you should consider updating. When the program runs, it checks an RSS feed that contains version history and info (an Appcast, if you will) and if there's something newer available, you get prompted. The title is trolling; it's no different than any other updater.
I agree with Acrobat - Adobe seriously needs to work on their free reading software (use FoxIt Reader, by the way), since the only thing they can really change from version to version is speed and it seems to get progressively worse. Most apps add actual functionality and bug fixes, and so long as the update is free there's usually no reason to skip upgrading.
If it bothers you that much, you can disable the automatic update checking. The rest of us will continue to enjoy up-to-date apps.
Yes, they mean to imply as much; that doesn't make it the case though. And in this case, given the target demographic of a photography-oriented application, you would have to be (pardon my French) Fucking Retarded not to support the Mac platform.
Have you used Office for Mac? It might as well be an illusion.
That's a fair point, but half the purpose of having something that can load up in a browser window is for cross-platform compatibility since the server (in this case, IIS) is doing the heavy lifting. Considering that the number photographers using Macs is incredibly disproportionate to normal Mac/PC ratios (probably 50%+ among serious photographers, vs under 10% for normal users), they almost certainly doomed the project to failure before it started by not having a standard, cross-platform implementation.
If you need platform-specific stuff, make it a standalone desktop app that talks to the site's webservices layer. At least with that, there's a reasonable enough explanation of why it's not (yet) cross-platform. I'd understand if it's not too useful in Curl, but any other browser should be able to handle it fine.
Why bother? I'm not the one posting as AC.