Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:No. Human or machine, it's a fallacy (Score 1) 748

how do you enforce something 100% without going for a big brother solution? there are only so many cops.

Firstly, you don't have to enforce something 100% for it to be very effective. Even if the enforcement rate was 5%, that's still a 1 in 20 risk of getting caught, which is enough to put almost everybody off doing it.

Secondly, driverless cars are outfitted with a whole load of cameras and sensors. It would be relatively straightforward to save the most recent data in the event of a crash, which would make enforcing the laws trivial in the event of a crash.

Comment Re:"Not in THIS Stack Exchange site!" (Score 1) 78

They're not entirely code related, and I'm not sure what that means

Hint: If you consistently get a bunch of people telling you that your questions don't belong on Stack Overflow, then they don't belong on Stack Overflow. There's tremendous amounts of people who have no problem posting questions that are on-topic. If you keep getting told that yours are off-topic, then the problem is with you.

Finally, he did not respond to being told "we don't want that type of content on our site" by posting. He left.

Read his comment again. He was talking about what usually happens to him. Meaning this is a common pattern of behaviour.

The bottom line is you've got a community-driven website continually telling you that they don't want certain types of content. The people who keep trying to force it onto the website are behaving like spammers. Yes, that's abusive.

Comment Re:"Not in THIS Stack Exchange site!" (Score 1) 78

This is "The Soup Nazi" approach to helping people with their questions.

It's not. This is the equivalent of somebody going to a soup stand and asking for ice-cream, then complaining when the soup stand won't serve ice-cream. That's not what the soup stand is for and just because you really want ice-cream, it doesn't mean it's their responsibility to serve it to you, and it doesn't make them nazis for refusing. Where does this misguided notion that Stack Overflow shouldn't be allowed to define boundaries come from?

But I never, ever post there, because I am not thick-skinned enough to take the harassment from the junior dungeon-masters about the appropriateness of my question -or- answer.

If you have a question that Stack Overflow is designed to answer, then post it. If you have a question that Stack Overflow doesn't want, then don't post it. This is simple stuff and has nothing to do with how thin your skin is. Does successful moderation of off-topic things on Slashdot down to -1 make you afraid to post comments here?

Comment Re:A rose by any other name... (Score 2) 125

Flash didn't ask to become the de facto scripting language for the web. It only became that because

Flash has never been the de facto scripting language for the web. That has always been JavaScript.

the HTML standard lacked scripting and programming capability which Flash provided.

No, the HTML standard didn't lack scripting capability, it offered hooks for scripting languages, and they were in use since before Flash existed.

blame the folks in charge of the HTML standard. They dragged their feet for over a decade, and didn't update HTML to provide many of the capabilities Flash provided until HTML5. HTML 4.01 was standardized in Dec 1999. HTML 5 was standardized in Oct 2014. It should have been made standard in 2001-2003.

Wow, that's a total misrepresentation of what happened. Client-side scripting was not part of HTML. HTML provided hooks, scripting languages used those hooks to integrate into a page. This is an entirely sensible separation of concerns between content and behaviour. At some point, client-side scripting got glommed onto the HTML 5 specification. But in-between those two points, there were huge amounts of progress with client-side scripting.

You make it sound as though non-Flash client-side scripting arrived when HTML 5 brought it forth. It was always there, and always making progress, since before Flash existed. HTML 5 was merely the point at which they decided to define some things in the HTML specification rather than separate specifications.

Comment Re:"Not in THIS Stack Exchange site!" (Score 2) 78

Usually, the questions I have aren't entirely code-related, but they don't fall on any other Stack Exchange site's purview. So I post a question

If it's not code-related, don't post it to Stack Overflow. The site owners have been very clear about what type of content they want on their site, and questions like that are not it. The response to "we don't want that type of content on our site" is not "I'll post it anyway then complain when it gets removed". That's what spammers do. Don't post stuff where it's not wanted just because it benefits you. It's selfish and spammy. You don't have the right to abuse other people's websites for your own gain. If you want a website where you can post non-code-related questions, there are plenty of them out there. Stack Overflow is not one of them. You're posting the equivalent of -1, Flamebait there.

Comment Re:PHP (Score 5, Informative) 193

This is not a PHP thing, but a bad-developer thing.

I guess you didn't read past my first paragraph? Please do.

You can write the same crap in Java, .NET, Python or any language you want.

Go and search the web for tutorials in those languages. You will find that the situation is vastly better with these languages compared with PHP.

That's not PHP's fault.

It is - on many fronts.

Firstly, the language promoted for many, many years, a confusion between the various layers of the application. The whole magic quotes nonsense was an attempt to fix a problem relating to the database layer in the HTTP layer. This confused PHP developers for over a decade, and even though it has since been removed, it was in there for so long that an entire generation of PHP developers had their brains twisted out of shape with this confusion.

Secondly, the official documentation was super bad for years. Security vulnerabilities in the official tutorial for years, for example.

Thirdly, the API design is so bad it practically pushes unsuspecting developers into the wrong solution. addslashes()? No, use mysql_escape_string(). Oh wait, wasn't that mysql_real_escape_string()? Or perhaps mysql_really_really_i_promise_to_do_it_right_this_time_escape_string()?

Finally, the PHP community right from the very top embraces shitty practices, like ignoring failing tests in a release build. Again, a source of security vulnerabilities that simply doesn't need to happen.

Yes, you can write bad code in any language. But that doesn't mean that all languages are equal. PHP is far, far worse at this than its contemporaries and you shouldn't make excuses for it.

Comment PHP (Score 4, Interesting) 193

So why, in 2015, is SQLi still leading to some of the biggest breaches around?

Because typical PHP tutorials still teach old, broken ways of doing things and this shows no signs of abating. Go ahead and search the web for things like php mysql tutorial. The top hits are crap like this, written by incompetent developers who don't know what they are doing. PHP developers learn from crap like that, then they go on to write their own tutorials that are the same or worse.

And before you start, yes, this is something where PHP is stand-out bad. Go ahead and try the same searches with other languages. There is a vast difference in quality of learning materials. I mean, PHP had XSS vulnerabilities in its official tutorials until relatively recently. Newbies don't stand a chance in those circumstances.

Comment Won't work (Score 3, Insightful) 74

test it to see if it is actually the type of file that its file-name extension claims it is.

This won't work because a file can be a valid file in multiple formats at once and it can also be an invalid file that is nevertheless interpreted as a valid file as well.

Take for example, a plain-text file. Harmless, right? Nope. It can also be a valid HTML file containing executable JavaScript. Or an XML file containing a billion laughs attack.

Or take media type sniffing. Some browsers bend over backwards to interpret crap as HTML even when labelled otherwise by the Content-Type HTTP header. So one attack is to stuff enough HTML into PNG metadata to confuse a browser that doesn't follow the standards into thinking that it's HTML. This is a valid PNG file and anything that checks to see if it's really a PNG file will tell you that much. But it's still not safe.

Comment Re:Apple no longer looks as paranoid as it did. (Score 1) 69

Previously, they did not permit the use of third party libraries in your application; everything had to be built or sourced by you, because there's no intermediate library signing and vetting process that Apple can do on your behalf. They relaxed this when developers screamed like a stuck pig.

This has never been true and the bit about developers screaming like pigs is pure fantasy.

Perhaps you're getting it muddled up with the fact that iOS didn't support dynamically linked libraries? In any case, not many developers cared, we all just used statically linked libraries.

Comment Re:And we believe Gartner? Why? (Score 5, Informative) 113

They are so hilariously wrong so often you could build a successful career out of assuming they will be wrong about everything. A selection of their idiocies:

Comment Re:Let's get this out of the way (Score 1) 447

Sure, if you personally break the law, then you personally are liable.

couldn't you make the case that it was an act of criminal negligence

No. Criminal negligence doesn't simply mean "they did something that upset people". What makes you think they are doing something criminally negligent? What are they negligent of, and what makes it criminal?

Comment Re:Source control? (Score 1) 88

I can't think of anything in iOS 9 that should have touched code like this, which makes me wonder about the state of source control.

Why? Source control doesn't prevent regressions. Besides, they've clearly been working in this area for iOS 9, see the new network extension points for example.

Apple have had a few regression-type bugs before which again make me think their branching/merging strategies may not quite be up to snuff.

This doesn't even seem remotely related to branching/merging. To be blunt, it sounds like you're just learning source control and are seeing it everywhere.

anyone know of a changed area in iOS 9 that would have necessitated playing with something like this?

Read What's New in iOS. They update it every time they release a new version and it describes what's changed.

Slashdot Top Deals

We don't know who it was that discovered water, but we're pretty sure that it wasn't a fish. -- Marshall McLuhan