I've been experimenting a lot with the HTML5 tag recently, and you can do some nice stuff - these are all pretty basic but using just HTML and JS I built a freaky clock, a 60s style UFO party viewed from above and some wireframe boxes. It was all quite painless, the only problem is that IE doesnt support it yet.
I get the odd spam in my inbox but it mostly works, there is the odd false positive as well, so unfortunately I have to keep checking my Spam folder.
Interestingly, I set up a 'junk' GMail address for usenet posting etc and the address has the word 'spam' in it; despite being used all over the net for a couple of years it hardly gets any spam at all, maybe the spammers filter out addresses with 'spam' etc in them assuming that they are obfuscated?
But since we're talking about online applications, it's reasonable to assume that the information is stored electronically at some point - and since it's usually more effort to remove old data then let it hang around, I would guess that a lot of it is still knocking around for months or years after they've crossed you off their list.
If anything, there is almost a negative correlation between certification and ability. It's as if people who don't know what they are doing get a certification to offset that minor problem.
Surely that would depend on what certification you are talking about? If someone gets a high score in, for example, the Sun Certified Java Programmer exam, then you at least know that they are familiar with many of the intricacies of the Java language, and a SCJD qualification means that they have written a networked Java system that has been gone through line-by-line by an examiner at Sun.
No qualification is a rubber-stamp guarantee that someone will be a good fit for a job, but it can help narrow down the things you need to check for.
Every time you come to a junction you have to check the way is clear before you move on.
Every time you put it in reverse you have to check behind you.
Every time you overtake you need to make sure there is room in the other lane
etc, etc
Screw up on any of those things just once and you could be dead - so could a lot of other folks.
I stand by the analogy - driving is something that requires constant vigilance, and yet can be performed by a large proportion of the adult population. The stakes are a bit higher if you get it wrong, which is why you have to earn a license, but most people appreciate that the responsibility of driving safely is the price they pay for the freedom of using a vehicle - and they don't whine about car manufacturers, or the people who maintain the roads, not making cars 'crash-proof'.
What if every time I got on the subway it was my job to check to see if the wheels were about to fall off?
Well if you're driving a car (which is probably a better analogy) then it is your job. There are certainly measures that can be taken by programmers and network admins to make things better, but the freedom to go anywhere on the web will always come with the price of some degree of responsibility, both for your own well-being and that of other users (again with the car-driving analogy). Surely using a computer to browse the web is too complex an activity to be made completely idiot-proof, without removing a significant amount of the freedom that makes it so worthwhile.
Sure, the trainee would get the blame for that one, but your system is still just as screwed regardless of whose fault it was. I don't think an idealised 'perfect world' (ie a world with no dumb trainees in it) vision of what a system should look like should stop you implementing a reasonable amount of security-in-depth. If there is no need to allow entry of particular characters in particular fields then why not explicity disallow it?
I think you're right - as long as you are sure that you know what's going to be done with the data after its been written away to your database. You might have your escaping/quoting routine solidly implemented for all inputs to your system, but the trainee down the hall who writes the reporting application that parses the table once a month might not be so savvy - the cunningly crafted SQL injection attack that your quoting has preserved and saved away into the db could wreak havoc when it gets read out again at the other end. The same goes for any HTML/XML that has been saved away, and then gets blindly written out by a web developer on the Order Summary page, or merged into some larger XML document without proper checks.
I suppose an apt analogy would be saying that it's ok to allow infectious material into a building as long as it is first correctly sealed in a bio-safe container - well that's true as long as you're sure the janitor isn't going to open it up later that evening and use it for a cookie jar.
Does that actually work then? Would be great if it did, but I thought the HTTP content-type header sent by the web server had to tell the browser that it was xhtml, like: Content-Type: application/xhtml+xml
and if it didn't then the DOCTYPE would be ignored. Maybe this now works in IE7, anybody know?
I think those rascals over at wired.com got her to review it for us (notice they didn't want her opinion on their own site!).
As for the perfect Vastu site, I would guess something like this.
If you can find out when they take their snapshots this sounds like a great way to get your chosen piece of misinformation or spam replicated to thousands of PDAs across the globe, some of whom will probably never bother to update.
Re:2 different evolutions--don't confuse them!
on
GUIs Get a Makeover
·
· Score: 1
Well if a feature is introduced into a piece of software, and it is a complete disaster and everyone hates it, then it's a fair bet that the next release will exclude that feature. Sometimes the feature will suck so bad that the company won't recover and will die off. On the other hand, if the feature is a great success then it will survive to the next release, and may be adopted by others. Natural selection is alive and well in the software industry, and the resulting 'survival of the fittest' mirrors many of the outcomes of biological evolution.
Maybe I'm reading this wrong, but the FAQ says Each time you run Browzar it places a simple text file on your computer which contains a date and time stamp of the precise moment your Browzar session began. Normally this file is deleted automatically when you close Browzar, but in the event of a crash this file remains on the computer. All you need to do is run Browzar again immediately after the crash and Browzar will clean up anything left over from the crash by checking the time and date stamp and removing everything after that that point.
The fact that this process is necessary, and that something would be 'left over' in the event of a crash suggests that it does write stuff to disk and then deletes it again later, rather than just not hitting the disk to start with. Not that secure then really, and if it is based on IE I wonder if it shares the same temp-files folder, cookies folders, and uses index.dat? Plenty of scope for browsing traces to 'leak' into IE if this thing crashes and you don't remember to re-run it to clean up after itself.
Absolutely not! All this means is that nothing has changed - we still don't know whether anything lives on Mars or not. If we try to introduce life there we run the risk of A) making it much harder to prove that any life subsequently discovered there is actually indigenous and B) wiping out, or irreversably changing, anything that does live there. Even if we had the means, we should hold back a good long while yet...
And all this money comes from adwords?
Are you kidding? Have you even been to the Google Store?! They do t-shirts, mugs - heck they even sell Lava Lamps! I'd like to see the adblocker that can block those babies...
I agree there won't be a flood of new Linux users as a result of this, but there may be a few - everytime a software vendor cuts off support for a product there is always some backlash from users who don't see why they should have to pay for a new version of something that they see (however naively) as still working perfectly well.
Re:Road users of the world rejoice
on
Talking iPods
·
· Score: 1
Do you actually know what the Darwin Award is?
If you can't get laid, you won the Darwin award.
Nope, that's not it...
Road users of the world rejoice
on
Talking iPods
·
· Score: 1
So this safety-driven innovation will make it easier to operate an iPod while driving a car... part of me is astonished that anyone would be stupid enough to try to navigate an iPod menu while driving, but another part of me remembers that we live in a society that consistently produces Darwin Award winners of the highest calibre.
That quote at the bottom that starts off sounding like a cautious endorsement from a safety watchdog is, in fact, saying they're still miles off: "If people don't need to take their eyes off the road and hands off the wheel then there are clear benefits to that."
and yet: "Users of the music players will still operate the Clickwheel as normal"
Sure - I take your point about POP3 in the case of GMail, but more generally unless there is an open API for services like this I have no choice as to how I access my data - I either use the GUI (or if I'm lucky the 'export' function) the vendor gives me, or I'm stuck. When data is stored locally on my PC I can access it using any compatible application, or (competency permitting) write my own - in a world where everything is sitting on someone else's servers they get to say whether I still have this choice or not.
This has the potential to provide Google, or whoever the vendor is, with the ultimate in software lock-in - no app will be able to access the remotely stored data unless they say so. While I trust Google to be slightly more open than most of the others who might potentially launch something like this, their record isn't exactly 100% - still no (official) API for GMail for example...
BBC Master - luxury! Our school was so poor that the computers were made by the woodwork teacher, and he could only afford to put 2 keys on 'em - a '1' and a '0'.
Slashdot Mirror
I've been experimenting a lot with the HTML5 tag recently, and you can do some nice stuff - these are all pretty basic but using just HTML and JS I built a freaky clock, a 60s style UFO party viewed from above and some wireframe boxes. It was all quite painless, the only problem is that IE doesnt support it yet.
I get the odd spam in my inbox but it mostly works, there is the odd false positive as well, so unfortunately I have to keep checking my Spam folder.
Interestingly, I set up a 'junk' GMail address for usenet posting etc and the address has the word 'spam' in it; despite being used all over the net for a couple of years it hardly gets any spam at all, maybe the spammers filter out addresses with 'spam' etc in them assuming that they are obfuscated?
The author did an excellent talk on this subject on the YUI Theatre wesite:
http://video.yahoo.com/video/play?vid=1040890 (Flash Video)
http://us.dl1.yimg.com/download.yahoo.com/dl/ydn/yui/theater/souders-performance.m4v (M4V)
definitely worth a watch
But since we're talking about online applications, it's reasonable to assume that the information is stored electronically at some point - and since it's usually more effort to remove old data then let it hang around, I would guess that a lot of it is still knocking around for months or years after they've crossed you off their list.
If anything, there is almost a negative correlation between certification and ability. It's as if people who don't know what they are doing get a certification to offset that minor problem.
Surely that would depend on what certification you are talking about? If someone gets a high score in, for example, the Sun Certified Java Programmer exam, then you at least know that they are familiar with many of the intricacies of the Java language, and a SCJD qualification means that they have written a networked Java system that has been gone through line-by-line by an examiner at Sun. No qualification is a rubber-stamp guarantee that someone will be a good fit for a job, but it can help narrow down the things you need to check for.
Every time you come to a junction you have to check the way is clear before you move on.
Every time you put it in reverse you have to check behind you.
Every time you overtake you need to make sure there is room in the other lane
etc, etc
Screw up on any of those things just once and you could be dead - so could a lot of other folks.
I stand by the analogy - driving is something that requires constant vigilance, and yet can be performed by a large proportion of the adult population. The stakes are a bit higher if you get it wrong, which is why you have to earn a license, but most people appreciate that the responsibility of driving safely is the price they pay for the freedom of using a vehicle - and they don't whine about car manufacturers, or the people who maintain the roads, not making cars 'crash-proof'.
What if every time I got on the subway it was my job to check to see if the wheels were about to fall off?
Well if you're driving a car (which is probably a better analogy) then it is your job. There are certainly measures that can be taken by programmers and network admins to make things better, but the freedom to go anywhere on the web will always come with the price of some degree of responsibility, both for your own well-being and that of other users (again with the car-driving analogy). Surely using a computer to browse the web is too complex an activity to be made completely idiot-proof, without removing a significant amount of the freedom that makes it so worthwhile.
Sure, the trainee would get the blame for that one, but your system is still just as screwed regardless of whose fault it was. I don't think an idealised 'perfect world' (ie a world with no dumb trainees in it) vision of what a system should look like should stop you implementing a reasonable amount of security-in-depth. If there is no need to allow entry of particular characters in particular fields then why not explicity disallow it?
I think you're right - as long as you are sure that you know what's going to be done with the data after its been written away to your database. You might have your escaping/quoting routine solidly implemented for all inputs to your system, but the trainee down the hall who writes the reporting application that parses the table once a month might not be so savvy - the cunningly crafted SQL injection attack that your quoting has preserved and saved away into the db could wreak havoc when it gets read out again at the other end. The same goes for any HTML/XML that has been saved away, and then gets blindly written out by a web developer on the Order Summary page, or merged into some larger XML document without proper checks.
I suppose an apt analogy would be saying that it's ok to allow infectious material into a building as long as it is first correctly sealed in a bio-safe container - well that's true as long as you're sure the janitor isn't going to open it up later that evening and use it for a cookie jar.
Does that actually work then? Would be great if it did, but I thought the HTTP content-type header sent by the web server had to tell the browser that it was xhtml, like:
Content-Type: application/xhtml+xml
and if it didn't then the DOCTYPE would be ignored. Maybe this now works in IE7, anybody know?
I think those rascals over at wired.com got her to review it for us (notice they didn't want her opinion on their own site!). As for the perfect Vastu site, I would guess something like this.
That's hardly a fair analogy - people ask for her advice, she's not busting in anywhere from what I can see.
If you can find out when they take their snapshots this sounds like a great way to get your chosen piece of misinformation or spam replicated to thousands of PDAs across the globe, some of whom will probably never bother to update.
Well if a feature is introduced into a piece of software, and it is a complete disaster and everyone hates it, then it's a fair bet that the next release will exclude that feature. Sometimes the feature will suck so bad that the company won't recover and will die off. On the other hand, if the feature is a great success then it will survive to the next release, and may be adopted by others. Natural selection is alive and well in the software industry, and the resulting 'survival of the fittest' mirrors many of the outcomes of biological evolution.
Maybe I'm reading this wrong, but the FAQ says
Each time you run Browzar it places a simple text file on your computer which contains a date and time stamp of the precise moment your Browzar session began. Normally this file is deleted automatically when you close Browzar, but in the event of a crash this file remains on the computer. All you need to do is run Browzar again immediately after the crash and Browzar will clean up anything left over from the crash by checking the time and date stamp and removing everything after that that point.
The fact that this process is necessary, and that something would be 'left over' in the event of a crash suggests that it does write stuff to disk and then deletes it again later, rather than just not hitting the disk to start with. Not that secure then really, and if it is based on IE I wonder if it shares the same temp-files folder, cookies folders, and uses index.dat? Plenty of scope for browsing traces to 'leak' into IE if this thing crashes and you don't remember to re-run it to clean up after itself.
Please don't try to be pedantic. It helps no one.
You must be new here...
Absolutely not! All this means is that nothing has changed - we still don't know whether anything lives on Mars or not. If we try to introduce life there we run the risk of A) making it much harder to prove that any life subsequently discovered there is actually indigenous and B) wiping out, or irreversably changing, anything that does live there. Even if we had the means, we should hold back a good long while yet...
And all this money comes from adwords?
Are you kidding? Have you even been to the Google Store?! They do t-shirts, mugs - heck they even sell Lava Lamps! I'd like to see the adblocker that can block those babies...
I agree there won't be a flood of new Linux users as a result of this, but there may be a few - everytime a software vendor cuts off support for a product there is always some backlash from users who don't see why they should have to pay for a new version of something that they see (however naively) as still working perfectly well.
Do you actually know what the Darwin Award is?
If you can't get laid, you won the Darwin award.
Nope, that's not it...
So this safety-driven innovation will make it easier to operate an iPod while driving a car... part of me is astonished that anyone would be stupid enough to try to navigate an iPod menu while driving, but another part of me remembers that we live in a society that consistently produces Darwin Award winners of the highest calibre.
That quote at the bottom that starts off sounding like a cautious endorsement from a safety watchdog is, in fact, saying they're still miles off:
"If people don't need to take their eyes off the road and hands off the wheel then there are clear benefits to that."
and yet:
"Users of the music players will still operate the Clickwheel as normal"
Sure - I take your point about POP3 in the case of GMail, but more generally unless there is an open API for services like this I have no choice as to how I access my data - I either use the GUI (or if I'm lucky the 'export' function) the vendor gives me, or I'm stuck. When data is stored locally on my PC I can access it using any compatible application, or (competency permitting) write my own - in a world where everything is sitting on someone else's servers they get to say whether I still have this choice or not.
This has the potential to provide Google, or whoever the vendor is, with the ultimate in software lock-in - no app will be able to access the remotely stored data unless they say so. While I trust Google to be slightly more open than most of the others who might potentially launch something like this, their record isn't exactly 100% - still no (official) API for GMail for example...
BBC Master - luxury! Our school was so poor that the computers were made by the woodwork teacher, and he could only afford to put 2 keys on 'em - a '1' and a '0'.
Those who obsess over whether MySpace can be profitable on its own terms may be missing the point ... it is already worth its weight in gold.
I'm not an HTML expert or anything, but roughly how much does myspace.com weigh?