I don't recall this being an issue for JNLP (webstart) applications since those are not run in the browser. They are a specific mime type that triggers the external JVM console to run the code as an external application. They are not limited by the browser's plugin the way applets are, only by the version of the JVM installed on the machine.
Speaking of subtlety, I noticed some with NPR (the only news radio I can pickup on my drive from the boonies to work). I thought I noticed a pattern and tried to monitor it every day. It held fairly well.
Nearly every campaign story NPR did led off with Obama or the Democrat supporter. McCain/Republican stories were presented second in what appeared to me to be over 90% of the time.
NPR basically made each story sound as if Obama was the candidate and McCain was the challenger.
Obama stories tended to have far more sound bites of Obama speaking than McCain, but that could have been because Obama talked more than McCain. The stories regularly spoke about the sizes of his crowds and their reactions, where the McCain stories talked about the message.
I started using Songbird a few weeks ago when I finally upgraded Ubuntu Gutsy to Hardy and found that the XMMS player was no longer available.
I tried many of the other players available, and came across a mention of Songbird and found I it meets my needs. I have links to Shoutcast streams, MP3 and MP4 videos and they all play just fine with Songbird. I like using m3u playlists and had trouble finding a player that would use them. Some claimed to but were broken.
My MP3 player is an IPod running Rockbox so I don't need my desktop music player to manage my music, I use the file manager. The various CD ripping tools create the correct directory entries.
To me this works out much better. My desktop symlinks the music library to match the directory structure on my IPod, so that I can create playlists either in Songbird, on the IPod or with a text editor and they work in either location.
This model works well for me and I think the Songbird team has done a really good job. That's my 2cents, buy YMMV.
The OP probably has thought about it, you need to do so as well.
Many people use online bill paying tied to a credit card, then at the end of the month they write one single check for the credit card bill. Do this with something like an American Express card (if your online bills will accept) and there is no finance charge.
It is a simple way to manage your monthly finances and all your monthly bills show up on one statement.
You apparently assumed the OP was living off credit cards, but some people actually do know how to manage using plastic.
So, if there is a subject in which I am not familiar, but want to learn, then I have to first locate and review multiple blogs on the subject and then determine which is probably accurate by the number of others that agree or disagree?
I suppose it might be better to first read about a subject in a peer reviewed publication so I have the background, then find the bloggers that semi match the publications. Of course that could lead to me dismissing someone with an opposing view point that might have a valid case.
Is anyone aware of a site or sites that host peer reviewed content where the identities of the reviewers is public so you can check into their credentials?
If you read bloggers who really know their subject,
So then the question is, how do you know which bloggers really do know their subjects? Anyone with a computer and an internet connection can start a blog. Is there any type of peer-reviewed rating system for blogs to help find those knowledgeable sorts?
Actually it may be on more desktops than just the folks that watched the Olympics. The Windows automatic updater has been including it as an update much like it includes updates of.Net. I saw it when I checked the suggested updates on my son's computer (I don't allow auto-patching).
So chances are, it has been pushed out to many Windows users already, they just don't know it. And if they have been browsing sites that use the framework, they haven't seen any problems since it is already installed, just like the Flash plugin.
Microsoft can put basically anything they wish onto the updater feed, as could Ubuntu with their auto-updater. The difference is that if someone wanted to they'd be able to review the source to any Debian updates and Ubuntu by default asks approval to do the downloads.
So for the most part, Silverlight will appear on the majority of Windows user's desktops, since unattended auto-update is the default settings. And Microsoft will crow about the wide-spread adoption of the platform based on downloads and installs, which they themselves pushed out.
Based on many of the emails I see flying around the office regularly that probably should have been rethought, it would seem to me a nice feature to add to any email client is the ability to set a delay on the outbox, then ask the user the annoying Are You Sure? before actually delivering the email. Make this an option, and maybe there would be fewer Oh Crap moments or hot-blooded emails sent.
I don't recall any belittling of Tim Kaine, I'd be happy to review any citations you have. I do recall the conversations and folks thought Kaine would be a strong add to the ticket, and people were also talking at the time about McCain considering Bobby Jindal of Louisiana.
Frankly I'd be more comfortable if Obama had actually picked an experienced executive as his number two instead of yet another life long Legislator.
Was Palin the absolute best choice considering the options, maybe not. There was obviously some maneuvering there to woo the disaffected female Clinton supporters and to go with an outsider.
But all of that aside, of the 4 primary ticket candidates, Palin is the only one with Executive experience, not just Legislative. And Obama has no real Legislative experience. Biden has experience on par with McCain, but maybe Obama should have gone with Tim Kaine.
It is all spin and personal views anyway. If it hadn't been Palin, but had been Jindal, the Obama spin machine would still be attacking. If Hillary had won the nomination instead of Obama, the McCain group would be challenging her lack of experience.
All I care about is that who ever wins doesn't cost me too much of my paycheck. I don't count on either one of them making any real changes that matter.
Well, if she had had the luxury of campaigning for 15 months, with handlers providing her with all the details she needed via a teleprompter at every stop, she probably wouldn't be as uninformed as you indicate. Of course, during that time she was doing the job she was elected to do, and gaining real world executive experience, unlike some others in this campaign.
I'd personally rather have a VP getting on-the-job training than the President.
Outside of obfuscation, how exactly do you close source a JavaScript library that your browser can access via HTTP? I suppose Microsoft could incorporate it directly into the browser, but that doesn't seem likely.
Thanks for the link. I'll take a look at what you're doing.
I also had looked at SpiderMonkey and one of the things about the code is that it looks like it is trying to be OO but in straight C. This is what, at least for me, makes the code difficult to work with. If I'm doing OO I prefer C++, I try to avoid doing it with macro #defines and large pointer-based structures in C.
Nothing wrong with it (as I recall GTK was that way as well), just a personal preference.
Do any of the engines mentioned in these postings offer a clean way of using JavaScript as a standalone engine for non-browser applications?
I don't want a Java based one (don't want the JVM). I'm trying to compile V8 alone but the code has issues right now if you don't use VC++. I've tried SpiderMonkey in the past but that code is just difficult to follow.
Interestingly under windows the WSH (Windows Scripting Host) can work with either JavaScript of VB script. The engine allows the JavaScript code to access many of the Windows objects.
I'd like to see a JavaScript engine with pluggable modules (sort of like TCL) and possibly a nice accessible GUI (like TK).
Any suggestions on which engine is best to use as the standalone interpreter with the easiest extensibility?
No the Constitution does not specify every law, but what it does say is that any power not granted to the Federal Government by the Constitution belongs to the States. But that is not what we have, we have an overly intrusive, oppressive Federal Government that has taken away State's rights.
The Congress basis all of their ability to make these laws on one clause: Interstate Commerce. The problem is they have stretched everything to be considered under that clause.
As for your comment about the 2nd Amendment, I suggest you go and read the historical record about the discussion of that one. The Amendment was proposed so that the people would have the ability to defend themselves against their government.
The original text was:
The right of the people to keep and bear arms shall not be infringed; a well armed and well regulated militia being the best security of a free country; but no person religiously scrupulous of bearing arms shall be compelled to render military service in person
And was not intended to go into the Bill Of Rights (which wasn't in the original drafts of the Constitution), but in Article I. This text was not listed in the Section 8 which discussed Congress' rights over the militia, but in Section 9 which list individual rights.
Subsequent versions of the text:
A well regulated militia, composed of the body of the people, being the best security of a free State, the right of the people to keep and bear arms shall not be infringed; but no person religiously scrupulous shall be compelled to bear arms.
A well regulated militia, composed of the body of the people, being the best security of a free state, the right of the people to keep and bear arms shall not be infringed; but no one religiously scrupulous of bearing arms shall be compelled to render military service in person.
A well regulated militia, composed of the body of the people, being the best security of a free state, the right of the people to keep and bear arms, shall not be infringed, but no one religiously scrupulous of bearing arms shall be compelled to render military service in person
A well regulated militia, being the best security of a free state, the right of the people to keep and bear arms, shall not be infringed.
And the final version
A well regulated militia being necessary to the security of a free State, the right of the People to keep and bear arms shall not be infringed.
Notice how state went from State - capitalized referring to the individual States, to state - lower referring to the union. This was because the Federalists that sought strong central government did not like this amendment. In the end it was written in the capital meaning it gave the State and the sovereign citizens of that State the right to defend itself from a central government. That all died with the Civil War when we went from being These United States to The United States, but that was the purpose of it.
As for hunting, the 5th Amendment reads in part
nor be deprived of life, liberty, or property, without due process of law
and as hunting was a necessity for Life, since there were no major grocery store chains then, citizens could not be deprived of the ability to hunt or their arms (property). Today you might make the case that hunting isn't a necessity, and I personally don't hunt, but I think the case can be made that right existed for the time.
But always keep in mind, the 10th Amendment:
The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.
The Constitution was never intended to list all the rights of the individual, but it IS intended to list all of the rights of the federal government. Unless listed in the Constitution the right does not reside with the Feds.
One thing tech folks tend to overlook is that in any organization that is not a technology company directly (Hardware/Software/SaaS), the IT staff and everything about it is considered a cost center. It does not generate any revenue.
Of course most of us recognize that most of the businesses we work for could not make revenue with out the technology, but quite often the IT staff and infrastructure is viewed in the same light as having to pay rent or power bills. A cost of doing business.
This often times leads to many of the issues between techies and business types. Techies will make suggestions on new ways to meet needs, but the business types will over rule based on cost. This makes it appear that the business "just doesn't get it" regarding technology, when it maybe that the technologists "just don't get it" regarding the costs. Nearly every decision is based on cost analysis.
Is it cheaper to pay for proprietary licensed software than run the risk of being the deep pocket user who is sued for using an open source package that might have a patent violation?
Is it cheaper to automate a process or just have the IT staff do it manually?
Do the benefits of paying for the most network security available out weigh the loss of revenue/customer confidence if a breach occurs?
Whereas technologists will look at these issues and tend to think "yeah, we need to do it because it is the right thing to do", or worse "we need to do it to be on the cutting edge", the business side looks at it from the balance sheet perspective.
The primary reality is, companies have IT because they have to have it, just like electricity, but just as a company will continually try to negotiate lower rates with the power company, they also do what they can to keep internal costs down in non-revenue generating areas.
I agree with the sentiments about a standardized mechanism for authentication, which makes me wonder why we don't see more use of the HTTP DIGEST model of authentication.
As I read your post asking about AJAX, JavaScript and PHP it seems to me that you are building web applications and using some form of HTTP client (probably a browser). Nearly all HTTP client packages I have seen support the HTTP DIGEST model. Once the credentials are set, each call to the server passes them along. Actually all of the HTTP authentication models do this, DIGEST happens to be more secure.
But nearly everyone avoids these for two reasons:
They can't have custom login forms and must rely on the client to prompt for the credentials
Specifically with a browser, there is not real log out mechanism
There are some javascript tricks that can be performed with various browsers that will clear the credential cache so it isn't impossible to log out, just painful.
Then, because each call to the server passes the credentials, there is no need for cookies or the like to key off of to find any server side session state, just the user id.
The nice part about this model is that the credentials are part of the communication protocol handler, not the application, so once set in the client, each and every HTTP call, from any of the application libraries, will use them, and most proxies don't cause problems either.
Couple that with ACLs on specific URLs (REST model) and you have something similar to the J2EE container managed authorizations allowing access to services.
Another benefit is that since it is the HTTPD that is performing the authentication checks, and not an application server processing a form, it is easier to protect the network. The HTTPD can live in the DMZ and only requires access to an authentication system like an LDAP directory server to confirm credentials, and the app server lives behind a firewall. No calls make it out of the DMZ without being authenticated.
Nearly all form based authentications I have encountered require the posts be passed through the DMZ to the back end for processing, basically meaning you have non-authenticated access to the application server making the DMZ pretty much irrelevant.
d = {"name":"Bob", "age":42}
print "Name is %s and age is %d" % (d["name"], d["age"])
Keep in mind that this is a complete python program, no further code is required.
So you don't count the Python runtime as further code?
These types of examples are meaningless. Any programming language can implement the same functionality, they just use different syntactic sugar to do it. So great, Python allows you to define a dictionary in a single line of text. Doesn't mean you can't define a dictionary to do the same thing in C++, it is just the form looks different.
But notice that in your language, you had to know that d["age"] is an integer and d["name"] is a string when you built your print method (%s, %d), where as in C++ you could do:
std::cout << "Name is " << d["name"] << " and age is " << d["age"];
So does that make C++ better than Python because I the programmer don't have to worry about a which format flag to use? No. Each language offers different types of simplifications based on what the design requirements for the language were. You like Python because you like the language simplifications it provides you. Nothing wrong with that, use what you like and what works for you. But just because another language doesn't provide the same techniques you like in yours, doesn't make it a worse language. It makes it different.
The bigger point that was made higher up is that C++ lacks the comprehensive consistently available libraries that Java, Python and C# developers get to depend on. Those others should be more viewed as environments for a language, versus C++ which is truly just a programming language.
Were there to be a common, consistent library for C++, available on all platforms, such as what exists in Java or Python, then C++ developers could have the level of productivity you enjoy from the tools you use and then we would have a good basis for comparison.
I saw a special on the Discovery channel about the Carboniferous age when the Earth's Oxygen levels were much higher than they are today. The theory is that super-oxygenated atmosphere allowed the insects to grow extremely large since they get oxygen by absorbing it from the air.
Great forests took root and swamps dominated the Carboniferous period, 300 million years ago, giving rise to metre-long dragonflies and huge spiders with leg-spans of nearly a metre. But most extraordinarily deadly of all was the Arthropleura, an animal that looked like a three-metre long woodlouse but moved like an anaconda...
Would not be fun to see the bugs getting that big again.
Encrypting a simple text string is not that difficult in Java, once the environment is properly configured. That is the tricky part.
In our environment we are trying to move to a model where our internal servers are all communicating over secure connections with certificate based authentication and I am working on a mechanism to do Certificate authentication from a Java client that is an application running in a J2EE container (JBoss).
We can use self-signed certs as it is all internal, but the setup has been a nightmare.
First we create a root cert with OpenSSL for the web server, not too bad to do. Then we create a user certificate to allow access to a certificate protected URL under the web server. Again, fairly simple. Now, we have to get the SSL cert and client cert into the Java client, and this is where it gets difficult. We bundle the client credentials into a PKCS12 file and import it into a browser to ensure it works, and we can get to the certificate protected resource.
The mechanism pushed by the Java specs is to either import the certs into the root certificate store for the installed JRE, or use a newly created certificate store that is identified by global properties. Neither works for us as we run multiple app servers on the same box (would share the JRE) and multiple client applications in the same JBoss (different apps need different credentials).
After much research and testing, I finally found a mechanism for creating a custom SSLSocketFactory (using the Apache HttpClient package allows using a custom factory per connection, doesn't require it globally replace the default) that loads the server cert into the TrustManager, and reads the client key/cert (in PKCS12 format without a password on the key) into an in-memory KeyStore. Turned out I couldn't use the Sun provider to read the PKCS12 file because that version required a password be provided (can't use NULL) and if you use an empty string ("") it generated a divide by zero error. Bouncy Castle though, works fine.
My point in this is that more code might be written more securely if some time was spent to make it easier to actually use the security. This one took me most of a week to finally work out the details and have a working prototype, with many many hours searching for samples.
So ok, maybe two lines to do a simple encryption is nice, but can we now do something to simplify the management of the keyring?
When using PKI, you send your public key to the server. The server can encrypt the string with your public key, that can only be decrypted with your private key. It would be the private key that doesn't travel over the wire.
As someone else points out, Kerberos doesn't use PKI by default but it can be made to do so.
HTTP Digest over HTTPS works well, except for one small issue. There is no consistent way across browsers to log out.
There are some JavaScript tricks that work with some browsers, but not consistently. Once the user has authenticated with the browser flower box (not a form), the browser caches the information and continues to use it since every request to the webserver generates a new challenge.
Aside from shutting down the browser completely (no lingering hidden windows), a user can't log off.
Actually it might be possible to make a game explicitly designed for small persistent servers
Which is what the original Neverwinter Nights from Bioware did. They provided the tools to create your own world, and server code that runs on both Windows and Linux to host it. Servers can set the max number of players.
For NWN there are hundreds of modules available, and a large community built around creating new content for them (Community Expansion Pack).
Bioware didn't actually open source the system, but they did document most, if not all, of the content data files which is what allowed the community to grow. And it has been around since 2002.
Contrast that with NWN 2 (created by Obsidian, published by Atari). They used a new middleware based on Granny with proprietary model formats and built the system using DirectX (planning for a console port that never happened) instead of OpenGL like the first, so there is no Linux or Mac client.
Because of this, there is no where near the community for NWN2 that NWN1 enjoys.
NWN1 provides just the type of small persistent world servers you mention, if you take the time to create the world. Or use a pre-built one.
I agree with everything you are saying, but look at what the article is saying
"The next generation controllers need to basically compensate for Vista shortfalls," he (Chairman and Chief Executive Officer Eli Harari) said.
The fact that the CEO is saying his company will have to compensate for the Vista issues shows just how much clout Microsoft has. SanDisk knows that Windows is the predominate operating system and that if they want their product to be used by the vast majority of consumers (read that as higher sales volumes) they must work with everything Microsoft throws out, whether it is bad or not.
So basically Microsoft doesn't really care what it does to other companies, they are king.
This isn't surprising, as just this past Friday I heard a story on the business report on how Nielsen is being seen as less and less relevant by the big media companies.
All they do is track about 12000 households and only track television, whereas people get shows on TV, internet and cell phones, and most homes get more than the basic networks.
Apparently the media companies are trying to work with all the set top box folks to collect all viewing habits in much larger populations through the boxes, cutting Nielsen right out.
The report even said that Nielsen has always acted like they were the only game in town and frequently ignored the media producing companies when they asked them to change things.
So now they are hurting and looking to save a few bucks.
Slashdot Mirror
I don't recall this being an issue for JNLP (webstart) applications since those are not run in the browser. They are a specific mime type that triggers the external JVM console to run the code as an external application. They are not limited by the browser's plugin the way applets are, only by the version of the JVM installed on the machine.
Speaking of subtlety, I noticed some with NPR (the only news radio I can pickup on my drive from the boonies to work). I thought I noticed a pattern and tried to monitor it every day. It held fairly well.
Nearly every campaign story NPR did led off with Obama or the Democrat supporter. McCain/Republican stories were presented second in what appeared to me to be over 90% of the time. NPR basically made each story sound as if Obama was the candidate and McCain was the challenger.
Obama stories tended to have far more sound bites of Obama speaking than McCain, but that could have been because Obama talked more than McCain. The stories regularly spoke about the sizes of his crowds and their reactions, where the McCain stories talked about the message.
I started using Songbird a few weeks ago when I finally upgraded Ubuntu Gutsy to Hardy and found that the XMMS player was no longer available.
I tried many of the other players available, and came across a mention of Songbird and found I it meets my needs. I have links to Shoutcast streams, MP3 and MP4 videos and they all play just fine with Songbird. I like using m3u playlists and had trouble finding a player that would use them. Some claimed to but were broken.
My MP3 player is an IPod running Rockbox so I don't need my desktop music player to manage my music, I use the file manager. The various CD ripping tools create the correct directory entries.
To me this works out much better. My desktop symlinks the music library to match the directory structure on my IPod, so that I can create playlists either in Songbird, on the IPod or with a text editor and they work in either location.
This model works well for me and I think the Songbird team has done a really good job. That's my 2cents, buy YMMV.
The OP probably has thought about it, you need to do so as well.
Many people use online bill paying tied to a credit card, then at the end of the month they write one single check for the credit card bill. Do this with something like an American Express card (if your online bills will accept) and there is no finance charge.
It is a simple way to manage your monthly finances and all your monthly bills show up on one statement.
You apparently assumed the OP was living off credit cards, but some people actually do know how to manage using plastic.
So, if there is a subject in which I am not familiar, but want to learn, then I have to first locate and review multiple blogs on the subject and then determine which is probably accurate by the number of others that agree or disagree?
I suppose it might be better to first read about a subject in a peer reviewed publication so I have the background, then find the bloggers that semi match the publications. Of course that could lead to me dismissing someone with an opposing view point that might have a valid case.
Is anyone aware of a site or sites that host peer reviewed content where the identities of the reviewers is public so you can check into their credentials?
If you read bloggers who really know their subject,
So then the question is, how do you know which bloggers really do know their subjects? Anyone with a computer and an internet connection can start a blog. Is there any type of peer-reviewed rating system for blogs to help find those knowledgeable sorts?
Actually it may be on more desktops than just the folks that watched the Olympics. The Windows automatic updater has been including it as an update much like it includes updates of .Net. I saw it when I checked the suggested updates on my son's computer (I don't allow auto-patching).
So chances are, it has been pushed out to many Windows users already, they just don't know it. And if they have been browsing sites that use the framework, they haven't seen any problems since it is already installed, just like the Flash plugin.
Microsoft can put basically anything they wish onto the updater feed, as could Ubuntu with their auto-updater. The difference is that if someone wanted to they'd be able to review the source to any Debian updates and Ubuntu by default asks approval to do the downloads.
So for the most part, Silverlight will appear on the majority of Windows user's desktops, since unattended auto-update is the default settings. And Microsoft will crow about the wide-spread adoption of the platform based on downloads and installs, which they themselves pushed out.
Based on many of the emails I see flying around the office regularly that probably should have been rethought, it would seem to me a nice feature to add to any email client is the ability to set a delay on the outbox, then ask the user the annoying Are You Sure? before actually delivering the email. Make this an option, and maybe there would be fewer Oh Crap moments or hot-blooded emails sent.
I don't recall any belittling of Tim Kaine, I'd be happy to review any citations you have. I do recall the conversations and folks thought Kaine would be a strong add to the ticket, and people were also talking at the time about McCain considering Bobby Jindal of Louisiana.
Frankly I'd be more comfortable if Obama had actually picked an experienced executive as his number two instead of yet another life long Legislator.
Was Palin the absolute best choice considering the options, maybe not. There was obviously some maneuvering there to woo the disaffected female Clinton supporters and to go with an outsider.
But all of that aside, of the 4 primary ticket candidates, Palin is the only one with Executive experience, not just Legislative. And Obama has no real Legislative experience. Biden has experience on par with McCain, but maybe Obama should have gone with Tim Kaine.
It is all spin and personal views anyway. If it hadn't been Palin, but had been Jindal, the Obama spin machine would still be attacking. If Hillary had won the nomination instead of Obama, the McCain group would be challenging her lack of experience.
All I care about is that who ever wins doesn't cost me too much of my paycheck. I don't count on either one of them making any real changes that matter.
Well, if she had had the luxury of campaigning for 15 months, with handlers providing her with all the details she needed via a teleprompter at every stop, she probably wouldn't be as uninformed as you indicate. Of course, during that time she was doing the job she was elected to do, and gaining real world executive experience, unlike some others in this campaign.
I'd personally rather have a VP getting on-the-job training than the President.
Outside of obfuscation, how exactly do you close source a JavaScript library that your browser can access via HTTP? I suppose Microsoft could incorporate it directly into the browser, but that doesn't seem likely.
Thanks for the link. I'll take a look at what you're doing.
I also had looked at SpiderMonkey and one of the things about the code is that it looks like it is trying to be OO but in straight C. This is what, at least for me, makes the code difficult to work with. If I'm doing OO I prefer C++, I try to avoid doing it with macro #defines and large pointer-based structures in C.
Nothing wrong with it (as I recall GTK was that way as well), just a personal preference.
Do any of the engines mentioned in these postings offer a clean way of using JavaScript as a standalone engine for non-browser applications?
I don't want a Java based one (don't want the JVM). I'm trying to compile V8 alone but the code has issues right now if you don't use VC++. I've tried SpiderMonkey in the past but that code is just difficult to follow.
Interestingly under windows the WSH (Windows Scripting Host) can work with either JavaScript of VB script. The engine allows the JavaScript code to access many of the Windows objects.
I'd like to see a JavaScript engine with pluggable modules (sort of like TCL) and possibly a nice accessible GUI (like TK).
Any suggestions on which engine is best to use as the standalone interpreter with the easiest extensibility?
No the Constitution does not specify every law, but what it does say is that any power not granted to the Federal Government by the Constitution belongs to the States. But that is not what we have, we have an overly intrusive, oppressive Federal Government that has taken away State's rights.
The Congress basis all of their ability to make these laws on one clause: Interstate Commerce. The problem is they have stretched everything to be considered under that clause.
As for your comment about the 2nd Amendment, I suggest you go and read the historical record about the discussion of that one. The Amendment was proposed so that the people would have the ability to defend themselves against their government.
The original text was:
The right of the people to keep and bear arms shall not be infringed; a well armed and well regulated militia being the best security of a free country; but no person religiously scrupulous of bearing arms shall be compelled to render military service in person
And was not intended to go into the Bill Of Rights (which wasn't in the original drafts of the Constitution), but in Article I. This text was not listed in the Section 8 which discussed Congress' rights over the militia, but in Section 9 which list individual rights.
Subsequent versions of the text:
A well regulated militia, composed of the body of the people, being the best security of a free State, the right of the people to keep and bear arms shall not be infringed; but no person religiously scrupulous shall be compelled to bear arms.
A well regulated militia, composed of the body of the people, being the best security of a free state, the right of the people to keep and bear arms shall not be infringed; but no one religiously scrupulous of bearing arms shall be compelled to render military service in person.
A well regulated militia, composed of the body of the people, being the best security of a free state, the right of the people to keep and bear arms, shall not be infringed, but no one religiously scrupulous of bearing arms shall be compelled to render military service in person
A well regulated militia, being the best security of a free state, the right of the people to keep and bear arms, shall not be infringed.
And the final version
A well regulated militia being necessary to the security of a free State, the right of the People to keep and bear arms shall not be infringed.
Notice how state went from State - capitalized referring to the individual States, to state - lower referring to the union. This was because the Federalists that sought strong central government did not like this amendment. In the end it was written in the capital meaning it gave the State and the sovereign citizens of that State the right to defend itself from a central government. That all died with the Civil War when we went from being These United States to The United States, but that was the purpose of it.
As for hunting, the 5th Amendment reads in part
nor be deprived of life, liberty, or property, without due process of law
and as hunting was a necessity for Life, since there were no major grocery store chains then, citizens could not be deprived of the ability to hunt or their arms (property). Today you might make the case that hunting isn't a necessity, and I personally don't hunt, but I think the case can be made that right existed for the time.
But always keep in mind, the 10th Amendment:
The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.
The Constitution was never intended to list all the rights of the individual, but it IS intended to list all of the rights of the federal government. Unless listed in the Constitution the right does not reside with the Feds.
One thing tech folks tend to overlook is that in any organization that is not a technology company directly (Hardware/Software/SaaS), the IT staff and everything about it is considered a cost center. It does not generate any revenue.
Of course most of us recognize that most of the businesses we work for could not make revenue with out the technology, but quite often the IT staff and infrastructure is viewed in the same light as having to pay rent or power bills. A cost of doing business.
This often times leads to many of the issues between techies and business types. Techies will make suggestions on new ways to meet needs, but the business types will over rule based on cost. This makes it appear that the business "just doesn't get it" regarding technology, when it maybe that the technologists "just don't get it" regarding the costs. Nearly every decision is based on cost analysis.
Whereas technologists will look at these issues and tend to think "yeah, we need to do it because it is the right thing to do", or worse "we need to do it to be on the cutting edge", the business side looks at it from the balance sheet perspective.
The primary reality is, companies have IT because they have to have it, just like electricity, but just as a company will continually try to negotiate lower rates with the power company, they also do what they can to keep internal costs down in non-revenue generating areas.
No, it's the Adipose.
I agree with the sentiments about a standardized mechanism for authentication, which makes me wonder why we don't see more use of the HTTP DIGEST model of authentication.
As I read your post asking about AJAX, JavaScript and PHP it seems to me that you are building web applications and using some form of HTTP client (probably a browser). Nearly all HTTP client packages I have seen support the HTTP DIGEST model. Once the credentials are set, each call to the server passes them along. Actually all of the HTTP authentication models do this, DIGEST happens to be more secure.
But nearly everyone avoids these for two reasons:
There are some javascript tricks that can be performed with various browsers that will clear the credential cache so it isn't impossible to log out, just painful.
Then, because each call to the server passes the credentials, there is no need for cookies or the like to key off of to find any server side session state, just the user id.
The nice part about this model is that the credentials are part of the communication protocol handler, not the application, so once set in the client, each and every HTTP call, from any of the application libraries, will use them, and most proxies don't cause problems either.
Couple that with ACLs on specific URLs (REST model) and you have something similar to the J2EE container managed authorizations allowing access to services.
Another benefit is that since it is the HTTPD that is performing the authentication checks, and not an application server processing a form, it is easier to protect the network. The HTTPD can live in the DMZ and only requires access to an authentication system like an LDAP directory server to confirm credentials, and the app server lives behind a firewall. No calls make it out of the DMZ without being authenticated.
Nearly all form based authentications I have encountered require the posts be passed through the DMZ to the back end for processing, basically meaning you have non-authenticated access to the application server making the DMZ pretty much irrelevant.
d = {"name":"Bob", "age":42}
print "Name is %s and age is %d" % (d["name"], d["age"])
Keep in mind that this is a complete python program, no further code is required.
So you don't count the Python runtime as further code?
These types of examples are meaningless. Any programming language can implement the same functionality, they just use different syntactic sugar to do it. So great, Python allows you to define a dictionary in a single line of text. Doesn't mean you can't define a dictionary to do the same thing in C++, it is just the form looks different.
But notice that in your language, you had to know that d["age"] is an integer and d["name"] is a string when you built your print method (%s, %d), where as in C++ you could do:
std::cout << "Name is " << d["name"] << " and age is " << d["age"];
So does that make C++ better than Python because I the programmer don't have to worry about a which format flag to use? No. Each language offers different types of simplifications based on what the design requirements for the language were. You like Python because you like the language simplifications it provides you. Nothing wrong with that, use what you like and what works for you. But just because another language doesn't provide the same techniques you like in yours, doesn't make it a worse language. It makes it different.
The bigger point that was made higher up is that C++ lacks the comprehensive consistently available libraries that Java, Python and C# developers get to depend on. Those others should be more viewed as environments for a language, versus C++ which is truly just a programming language.
Were there to be a common, consistent library for C++, available on all platforms, such as what exists in Java or Python, then C++ developers could have the level of productivity you enjoy from the tools you use and then we would have a good basis for comparison.
I saw a special on the Discovery channel about the Carboniferous age when the Earth's Oxygen levels were much higher than they are today. The theory is that super-oxygenated atmosphere allowed the insects to grow extremely large since they get oxygen by absorbing it from the air.
From the Discovery Channel
Great forests took root and swamps dominated the Carboniferous period, 300 million years ago, giving rise to metre-long dragonflies and huge spiders with leg-spans of nearly a metre. But most extraordinarily deadly of all was the Arthropleura, an animal that looked like a three-metre long woodlouse but moved like an anaconda...
Would not be fun to see the bugs getting that big again.
Encrypting a simple text string is not that difficult in Java, once the environment is properly configured. That is the tricky part.
In our environment we are trying to move to a model where our internal servers are all communicating over secure connections with certificate based authentication and I am working on a mechanism to do Certificate authentication from a Java client that is an application running in a J2EE container (JBoss).
We can use self-signed certs as it is all internal, but the setup has been a nightmare.
First we create a root cert with OpenSSL for the web server, not too bad to do. Then we create a user certificate to allow access to a certificate protected URL under the web server. Again, fairly simple. Now, we have to get the SSL cert and client cert into the Java client, and this is where it gets difficult. We bundle the client credentials into a PKCS12 file and import it into a browser to ensure it works, and we can get to the certificate protected resource.
The mechanism pushed by the Java specs is to either import the certs into the root certificate store for the installed JRE, or use a newly created certificate store that is identified by global properties. Neither works for us as we run multiple app servers on the same box (would share the JRE) and multiple client applications in the same JBoss (different apps need different credentials).
After much research and testing, I finally found a mechanism for creating a custom SSLSocketFactory (using the Apache HttpClient package allows using a custom factory per connection, doesn't require it globally replace the default) that loads the server cert into the TrustManager, and reads the client key/cert (in PKCS12 format without a password on the key) into an in-memory KeyStore. Turned out I couldn't use the Sun provider to read the PKCS12 file because that version required a password be provided (can't use NULL) and if you use an empty string ("") it generated a divide by zero error. Bouncy Castle though, works fine.
My point in this is that more code might be written more securely if some time was spent to make it easier to actually use the security. This one took me most of a week to finally work out the details and have a working prototype, with many many hours searching for samples.
So ok, maybe two lines to do a simple encryption is nice, but can we now do something to simplify the management of the keyring?
When using PKI, you send your public key to the server. The server can encrypt the string with your public key, that can only be decrypted with your private key. It would be the private key that doesn't travel over the wire.
As someone else points out, Kerberos doesn't use PKI by default but it can be made to do so.
HTTP Digest over HTTPS works well, except for one small issue. There is no consistent way across browsers to log out.
There are some JavaScript tricks that work with some browsers, but not consistently. Once the user has authenticated with the browser flower box (not a form), the browser caches the information and continues to use it since every request to the webserver generates a new challenge.
Aside from shutting down the browser completely (no lingering hidden windows), a user can't log off.
Actually it might be possible to make a game explicitly designed for small persistent servers
Which is what the original Neverwinter Nights from Bioware did. They provided the tools to create your own world, and server code that runs on both Windows and Linux to host it. Servers can set the max number of players.
For NWN there are hundreds of modules available, and a large community built around creating new content for them (Community Expansion Pack).
Bioware didn't actually open source the system, but they did document most, if not all, of the content data files which is what allowed the community to grow. And it has been around since 2002.
Contrast that with NWN 2 (created by Obsidian, published by Atari). They used a new middleware based on Granny with proprietary model formats and built the system using DirectX (planning for a console port that never happened) instead of OpenGL like the first, so there is no Linux or Mac client.
Because of this, there is no where near the community for NWN2 that NWN1 enjoys.
NWN1 provides just the type of small persistent world servers you mention, if you take the time to create the world. Or use a pre-built one.
I agree with everything you are saying, but look at what the article is saying
"The next generation controllers need to basically compensate for Vista shortfalls," he (Chairman and Chief Executive Officer Eli Harari) said.
The fact that the CEO is saying his company will have to compensate for the Vista issues shows just how much clout Microsoft has. SanDisk knows that Windows is the predominate operating system and that if they want their product to be used by the vast majority of consumers (read that as higher sales volumes) they must work with everything Microsoft throws out, whether it is bad or not.
So basically Microsoft doesn't really care what it does to other companies, they are king.
This isn't surprising, as just this past Friday I heard a story on the business report on how Nielsen is being seen as less and less relevant by the big media companies.
All they do is track about 12000 households and only track television, whereas people get shows on TV, internet and cell phones, and most homes get more than the basic networks.
Apparently the media companies are trying to work with all the set top box folks to collect all viewing habits in much larger populations through the boxes, cutting Nielsen right out.
The report even said that Nielsen has always acted like they were the only game in town and frequently ignored the media producing companies when they asked them to change things.
So now they are hurting and looking to save a few bucks.