Posts by CD001 925 publicly visible posts • joined 23 Jun 2009
I think there's only limited benefit from hashing (or AES encrypting) password's IF the rest of the user data is stored in an unencrypted format... I mean why protect the key if the data that key is supposed to protect is plain text?
Granted, if the punter is using that password on multiple websites then yes, you are preventing access to that password... but really, any and all "personal" data in the db should be encrypted.
... is determining where the alleged (ok - he's admitted it, but hey) crime took place.
McKinnon himself was in the UK but the servers he wandered into were in the US... it could be argued that the crime took place in the US since that's where the impact was felt.
However, say you fire a high power rifle in Texas and accidentally kill someone in Mexico (it's hypothetical ok); where would you be tried? The US or Mexico? Under what law? You've not committed a crime in Texas by firing a rifle so would you not face trial at all despite being guilty of manslaughter over the border?
lovin' the PHP haters - still writing assembly with Win 3.1 are we?
If you're coding for a web environment; on a FreeBSD server for instance, PHP is perfectly adequate - as long as you trust no-one (including client programmers) and fully sanitise everything but then, that's the same with any language. Yes, I could do all this in C++ or Java... but what's the point? We'd have to find client programmers that could understand those languages then.
PHP's interpreter is quicker than Ruby's and you don't necessarily have the inherent Mono overhead (remember kids - no .NET outside Windows) or even, if you don't want it, Zend Framework - PHP has grown up a lot since version 4 especially in the OOP department; granted it's not Java but it has traded in its Army Boots, Anarchist's T-Shirt and Vodka-Redbull for some comfy sneakers, a shirt and black coffee (although most PHP coders haven't yet).
Of course, what do I know, as I'm just a mentally ill, crayon wielding, web monkey... and worse still, by choice - you can keep your MFCs with C++ been there, done that and I'd rather be a web monkey. Funny thing is, my PHP code seems to fall over a lot less than the crap written by external contractors to run on the back office Win systems - but that's a whole other rant :)
----
Plugin that cannot be uninstalled.
----
Yes it can, MS released a patch that enabled you to uninstall (rather than just disable) that plug months ago - please try to keep up.
Granted, putting it on there in the first place was shonky as hell behaviour but that's a different issue entirely.
The ballot screen; here's a big fucking clue-stick - how many punters do you think will actually see that screen? Really? How many people do YOU know (apart from techies) who have actually done a Windows install from scratch? Every normal person gets their OS installed by the OEM - it's the OEMs that will see that screen; they'll decide which browser is installed by default - assuming MS doesn't pressure them to ensure that it'll be IE (hmmmm).
So MS will continue to abuse their monopoly position to ensure that the OEMs all install IE by default; the OEMs will claim it's because of customer demand and everyone will come out smelling of roses looking like they've bowed to the legal pressure from the EU... and nothing will have changed.
---- @ winkypop ----
I am no longer going to test for or support Opera for my various web sites. Opera users represent diddley-squat visitor numbers anyway.
If everyone did the same, the annoying twats/browser might just go away.
---------------------------
Except that because Opera actually works and follows standards you don't actually need to support it per-se - if you support the standards you support Opera or vice versa *shrugs*
What you're saying is "write shit code that only works on IE!" - yay, go you.
------------------
It typically comes up as an iframe inside a site, ie without a url bar so you can't verify that it's really coming from visa/mastercard or that it's even using ssl... A malicious site could easily spoof it.
------------------
Crap isn't it? - but that's PCI preferred method of doing it to circumvent pop-up blockers. Yes, I have recently completed the full 3D Secure & PCI DSS compliance malarky at the company I work for. Incidentally the iframe content doesn't come from either Visa or Mastercard but the customer's bank - if their bank isn't enrolled in the scheme 3DS verification is bypassed (unless you configure your PSP systems to block non-authed transactions).
The benefits of 3D Secure are to the card issuers and the merchants - the card issuers (Visa/Mastercard) accept less liability and the merchants can get a reduced cost-per-transaction charge... as I understand it, the card HOLDER is no more liable for the transaction than they were before - it's their bank that picks up the cost of the fraud rather than Visa/Mastercard. I guess the bank may well have a "Fuck You" clause however that'll shift liability to the customer.
PCI DSS compliance has the tiny benefit that your site has to undergo regular automated penetration testing to pick up on some of the more common security pitfalls (it's by no means perfect though). If you know what you're doing you're probably well aware of most of these issues anyway.
------------------
The VbV system is too stupid to know if it's me or my wife making the payment thereby requiring me to remember both my wife's and my own passwords
------------------
That's not necessarily the VbV system itself - it's more likely to be shonky implementation on the part of your bank.
A few weeks ago, I put a new homepage up (I'm an in-house developer), just some cosmetic tweaks inside the display area of the site, not touching the master template so these changes affect the homepage layout only and not the functionality of the rest of the site.
I placed a basic little IE6 browser sniffer on the page that gives a little message saying "this page is testing some newer code standards if it's not displaying properly please _update_your_browser _here_" - with a link to the IE8 download page (people are more likely to update their browser than switch to another one entirely).
Now being an in-house developer, I know a bit more about our customer base and I know they're generally not the most tech-savvy but since putting that link up for IE6 users the percentage of people using IE6 has dropped from ~35% to ~15% whilst IE8 usage has jumped from ~18% to ~37% now (some IE7 users have upgraded as well without prompting).
If you do it right you can quite easily make it so that the only things that actually break in IE6 are cosmetic without doing any enormous kludges - and if you let people know they're using an out-of-date PoS browser many will upgrade.
Depressingly it wasn't IE6 that "broke the internets" it was lazy/incompetent web designers who coded for IE rather than coding to standards (with IE kludges bolted on as extra)... it has never been THAT hard to get code that works across the board - JavaScript notwithstanding... but then if your site NEEDS JavaScript enabled to do the basic "add to cart -> proceed to checkout -> pay" process then I'd argue that your site was broken in the first place.
----
Meanwhile the few coders who have genuinely stood out over the years are the people who get the job done using whatever tool suits best, often self-taught, often humble, and with no desire to try to put themselves above anyone else because they are secure in their abilities. Maladjusted tits wearing trenchcoats and black sabbath t-shirts who think they are better than everyone else are ten-a-penny.
----
Damnit, what happens if you're a self-taught, humble, maladjusted tit who wears a trenchcoat and Sabbath t-shirt (oki, more likely to be Ministry in my case)? Although, weirdly enough, I've found the "thinking you're better than everyone else" mentality applies to a certain amount of Goths/Metallers irrespective of their trade.
Otherwise I'm in agreement but then I'm also only a "web graphic designer" - who applies object oriented principles to JavaScript, ActionScript and PHP ... oh and can program in Java or C++ (to a certain extent) if the need arises. I've done a bit of VB in the past but I miss my curly braces too much ;)
----
Seems a lot of web designers are using Flash to produce animated banners and the such like for advertising. Great eye candy, but wouldn't the creative use of animated GIFs be more apropos?
----
Depends... if you want smooth animation running through a few sequences then using an .swf will keep the filesize down - although, granted, you do have the player overhead. An animated gif is, essentially, a whole load of individual images strung together in a sequence, which REALLY increases the filesize if you attempt to do anything like a smooth tween.
You might also want multiple links in the same banner. e.g. "to request our catalogue - clicky, to see our products - clicky" and so on. There are times where Flash is the appropriate medium for banner ads and times when it's not.
Besides, wouldn't you rather have flash banners? They're easier to selectively block than images. Yes, I still have to go back to making banners occasionally since I'm the only person in the company who knows how to use Flash.
----
5million players and they can't gang up and tell various Chinese government departments and other affiliated assholes and cronies... where to FUCK OFF!
----
In China that mere 5 million would probably be outnumbered the those "various Chinese government departments and other affiliated assholes and cronies".
That's about one player for every 266 people; if that percentage was applied to the US it would make about 1.14 million subscriptions and in the UK approximately 230,000 - proportionally speaking (relative to the population size), there isn't THAT big a WoW gamer base in China; UK Gov ignores petitions on it's website from a mere 230,000 people ;)
Quote: "So he now has a criminal record which will show up if he ever wants to go near a school or work for the council."
Umm, no. You have to be convicted in a court of law for a criminal offence to get a record. Being stopped and searched or arrested then released does not give you a criminal record at all. Being arrested will get you on the police databases thus making you a candidate for a stitch-up by our infallible and uncorrupt [sic] Police Service, alas, but that is all.
------------------------------
Which is actually enough to get you barred from working in schools these days - this chap will at least be spared from ever taking those awful fkn school photos in future.
----
They should just update to IE8 and ignore the freetards who don't understand IT system administration!
----
Except, of course, that IE8 is more akin to Firefox than it is to IE6 - if they're jumping from IE6 to IE8 and their intranet systems are all full of shonky hacks that won't work in IE8 (compatibility mode isn't 100%) then they'd be just as stuffed as they would be should they have moved to FF in the first place.
However, when managing a huge install base it may be better to force an IE8 roll-out (intranet issues notwithstanding), at least it's less crap than IE6 and can be centrally managed.
--------
What I find is odd, is that most of the people that complain about Microsoft not making a version of their software for a niche product...
---------
Since Silverlight ties in with functionality on IIS servers it's already being created for a niche product - Win/IIS is NOT dominant in the web-server sphere; despite having made some serious inroads against the incumbent LAMP stack in the past couple of years it's still playing second fiddle to Apache.
If websites don't implement Silverlight, what's the point of the browser plug-in?
If I played games I'd buy a console.
... and ...
Serious Gamers will use Xbox/PS3 as these are almost PCs now anyway.
Except for 1 very important point - if you get a console, you only get "console games"; unless something has changed since I canned my subscriptions months ago you can only get WoW on the PC and that's just the start; it's not just MMOs that are (currently) PC domain only.
Console games tend towards having god-mode enabled, they're made easy - compare "Call of Duty" to "Call of Duty 2" for instance. The first was a PC game ported to consoles, the second was a console game ported to PC. The first could be tricky in places the second, well, you're wounded so you just sit still for a couple of minutes and you're back to full health.
I'm not against console games (I've got a PS3) but I also play games that have not, and probably will never, be ported to a console - X3, NWN2, etc... and for FPS games, give me a mouse and keyboard any day.
I would guess that the thinking behind netbooks is more that they're aimed at the appliance market rather than the PC market - to turn the "If I played games I'd buy a console." idea around a bit... "if I commuted by train a lot, I'd buy a netbook".
----
MySQL was crap.
The only good thing was it provided the bare minimum of features for a web application and was fast. (Which was enough, and the rest is history).
----
The important word in that statement is FAST. When I started cocking about in web app dev *coughs* years ago everyone was still on dial-up (56k if you were lucky) and whilst your back-end is largely irrelevant to the punter in front of their PC, get enough punters and you'll take any slight hike in speed that you can get.
That's why, when this really clean, uncluttered, trimmed down search engine came along we were all like "wow, look how quick it loads... and it just does the search... that's mint!" - that, of course was Google.
So while PostGRES has always been better than MySQL, MySQL had that "it just does the few things I want, and it does them quickly" kind of feel that was needed for websites at the time.
... that would probably make me a "criminal sexual deviant" (rather than the normal run-of-the-mill sexual deviant) because I own some Clive Barker, Richard Laymon and other books by similar authors.
Three books that sprung to mind without even thinking about it:
"Cabal"
"The Cellar"
"Resurrection Dreams"
... looks like the angry noises coming from Europe are beginning to be heard in UK circles - focusing on more important network upgrades sounds like an excuse to me... we don't want to admit we were wrong but we want even less to get buttraped by the EU.
Hopefully this will set a DPI precedent and all the ISPs will steer well clear.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
