Keith Devens - Weblog: I hate PHP - August 13, 2003 - he also doesn't like PHP
Archive 28.6.2005 - 9.7.2005
Kid is a rather interesting Python library that implements a template engine with a focus on well-formed XML. The result is similar to Zope Page Templates - so an attribute language for XML with Python integration. And it's also fast: an XML template on my machine achieves around 70 hits/sec.
http://n3dst4.com/articles/phpannoyances/ - he doesn't like PHP either.
SPB-Linux is a very small Linux that can be booted from a USB flash drive and enhanced with various extensions (X, Mozilla, XFCE Desktop). It should also be relatively easy to extend with various system administration tools.
Spyce is a Python web framework with damn good performance: a simple page with a template behind it delivers over 90 hits per second on my machine (Spyce integrated into Apache via mod_python, memory cache). Take that, PHP!
Spyced: Why PHP sucks - a rather good analysis of what is rather annoying about PHP.
Why PHP sucks - and yet another person who doesn't like PHP.
For those who don't feel comfortable with English as a language for introductory literature, there is an online German-language Haskell course to work through. It looks quite decent - although I find that a bit little is explained.
larger Haskell sources
Who like me prefers to dig through sources to learn languages, here are a few larger Haskell projects to choose from:
- [Haskell User-Submitted Libraries][0] is a collection of partially older but still interesting Haskell projects. Downloadable is an IRC bot and in the CVS there is also a web server with a plugin interface.
- [Pugs][1] is a Perl 6 implementation in Haskell. [I've already mentioned it][2], it's still cool |:-)|
- [darcs][3] is a distributed source control system. [I've also mentioned it][4], but it's still cool.
Helium - Haskell Learning System
Helium is a Haskell subset compiler specifically developed for teaching. It provides more detailed error messages and further analyzes sources to make these messages possible. However, it is really only a subset of Haskell - and since type classes are missing, a quite important part is missing. But to get a taste of functional programming, it is quite useful.
As textbooks, The Craft of Functional Programming and The Haskell School of Expression are recommended. I ordered both - my Haskell knowledge is more than primitive and hopelessly outdated (if that is even possible with a relatively young language like Haskell).
Sometimes DarwinPorts Drives Me to Despair
For example, if I want to install ghc (a Haskell compiler), but it first wants to install Perl 5.8. As if I didn't already have a quite usable Perl 5.8.6 on the disk under Tiger, no, the DarwinPorts want their own versions of it. And then, depending on the path setting, I have either the Apple-Perl or the one from DarwinPorts active. Quite stupid - I think there should be pseudo-packages in the DarwinPorts that then refer to the pre-installed versions from Apple.
This causes problems especially when I also install packages manually. Because then sometimes the Perl accessible via the path is used - and with active DarwinPorts, that is the one there. But this is absolutely not the desired effect - after all, the Perl in this case only got in because the port for ghc has a build-dependency. But I don't want to use the DarwinPorts Perl at all ...
For the same reason, I find all the Python and Ruby modules in DarwinPorts unusable: they automatically pull in a new installation of Python and Ruby and do not use the pre-installed version. Rarely stupid ...
As a result, you can only use DarwinPorts on an OS X box for well-isolated tools - which is a bit of a shame, because the idea and the implementation itself are pretty great. Only too little consideration is given to the already installed stuff.
By the way, I installed ghc simply via the binary package from haskell.org. It says there that it is for 10.3, but it also works with 10.4 - at least what I do with it. And it saves me from having to build all that stuff.
One of the more complex topics in Haskell are the Monads - a way to simulate things like side effects and sequentiality in a purely functional language with lazy evaluation - simply because you sometimes want the output before the input, for example when querying data from the user, or when you want to save a state that is called again later. The tutorial helps to understand the concept of Monads.
Bomb Series in London
Bomb series in London: Explosions in several subway stations and buses have plunged London into chaos on Thursday. Apparently three explosions in subway stations and three explosions in double-decker buses. The suspicion of terrorist attacks is of course close at hand - after all, the G8 summit is in England.
Shiira - alternative WebKit browser
Shiira Project is an interesting web browser for the Mac that is based on WebKit. What makes Shiira special (apart from minor things like a more Cocoa-like layout instead of the tin box shape of Safari) is the ability to display all tabs loaded in a window in an overview of shrunk pages using a hotkey - similar to Exposé. Very stylish, I could also like this function in Safari ...
In addition, Shiia supports cUrl as an alternative to the WebKit downloader - but unfortunately the browser still has some strange properties, for example, the login to WordPress blogs does not always work with it and sometimes old data is displayed. Even with normal authentication it doesn't always work - I then get an error message instead of the browser asking for the password. However, everything looks quite neat with the WebKit downloader.
Since I have a rather small screen (usually set to 1024x768, as the notebook also has this size and I thus have 100 Hz on the display) this will probably not be my standard browser - the sidebar for bookmarks and history is simply impractical on small screens. I would therefore prefer a display of this information in the main page à la Safari or Camino.
SSL-VPN with Browser Control
Colleague found a pretty brilliant tool: SSL Explorer, a small https-server that together with a Java applet in the browser implements a VPN. Specifically, when the applet starts (which must be confirmed, as the applet requires additional capabilities), tunnel connections are established over https, and various applications are then integrated over these connections. For example, you can establish a VNC connection to an internal server with a click on a link, browse the local Windows network via web forms, transfer files, or access Linux servers behind the firewall via SSH. And the whole thing works with a simple Java-capable web browser - I tested it with Safari, for example, and it works flawlessly. Completely without additional client software to be installed. Ideal for roaming users who don't always have their own device with them.
Oh, and the whole thing is also under the GPL.
Hardened-PHP project
No idea how good this really is, but the Hardened-PHP project already sounds quite nice. Due to the high prevalence of PHP for web applications, it is a central point of entry for servers. Should put this on my ToDo list.
Music industry wants to taboo Allofmp3.com
Actually, it's more like censorship of positive reports about allofmp3 that the music industry is aiming for. So if you've ever said something good about allofmp3, or linked to it, or even recommended it: Waldorf and Stettler will surely send you a letter. And so the madness of cease and desist orders will continue, and the music industry will continue to finance lawyers but do nothing to stop their decline and will therefore eventually become completely insignificant. But of course, it's always someone else's fault ...
Software patents temporarily halted
Occasionally, there is some positive news: European Parliament says no to software patents. However:
Now the European Patent Office must be democratized so that software patents are no longer granted in Europe without legal basis. And we must ensure that software patents are not introduced through some other back door, such as the efforts for a common EU patent.
That is the problem - we must be extremely careful that the same thing is not now attempted through other means. I do not believe that the EU Council will simply abandon its ideas, on the contrary, I suspect that it is now evading to other solutions. Therefore, I would have preferred an adopted patent directive with the intended changes rather than the general rejection, because the topic is still open. And ultimately, a directive with clear definitions could have helped prevent pure software patents, for example, to remove patents like the MP3 patent - because after all, there are already quite a number of pure software patents in Europe, and these must be eliminated somehow.
Social welfare fraud intensified
To make it clear what it would mean if Black/Yellow instead of Red/Green ruled: CDU Minister wants relatives to pay for ALG II:
The Hessian Minister of Social Affairs spoke out in favor of reintroducing the so-called maintenance recourse for unemployment benefit II (ALG II) according to the "Berliner Zeitung" on Wednesday. As already with the social benefit, non-cohabiting parents or adult children would then also be held liable for the maintenance of an unemployed person before he receives state support.
This would then not only destroy the life of the unemployed person through unemployment, but also introduce collective punishment. Where all this is heading is also clear. And the minister does not hide this:
The election program of the Union will make it clear, "that we want to revive the low-wage sector," Lautenschläger continued.
The Union presumably envisions something like India in Germany. Are there real prospects for the citizens of the Federal Republic ...
Mexico's Settlement Older Than Previously Thought
Human footprints dating back 40,000 years have been found in Mexico:
Researchers in Mexico have discovered human footprints. The imprints are older than they should be according to the theory of the settlement of the Americas.
However, it is only a rumor that next to the footprints on the wall a graffiti with the words Kilroy was here was found.
PHP-Serialize for Python
Hurring.com : Code Vault : Python : PHP-Python Serialize : v0.3b is an implementation of the PHP serialize() stuff in Python. Very practical for WordPress: often serialized structures are stored in the options that you can resolve this way - you can write tools that work directly on the database, but are written in Python. The author has done the same for Perl - you can thus push simple data structures back and forth between Python, Perl and PHP.
Whiners and Open Source
IT decision-makers demand in an open letter more focus on the areas important to them:
In an open letter to "the" Open Source Community, IT decision-makers from various fields have urged to orient themselves more towards the actual needs of users from the corporate sector.
I always find it fascinating with what audacity some people make demands on voluntary work, only to then use it for their own purposes. Some demand the abolition of the GPL because the conditions don't suit them, the next demand focus on the desktop because they want an alternative to Microsoft, others demand more focus on high-performance servers because SUN machines with Solaris or IBM servers with AIX are too expensive for them.
Strangely enough, I only ever hear demands in open letters - but it would be much more sensible to simply support the corresponding project financially and with manpower. But that would be one's own effort, which one wants to avoid precisely. Demands for better support and better documentation also fit in here - both things that companies could easily set up themselves. But one is too good for that.
Sorry, but to me, such open letters to Open Source developers always sound like whiny little children who absolutely want an ice cream.
Sorry, folks, but that's not how it works. A large part of the Open Source Community still consists of hackers and enthusiastic amateurs and tinkerers. This often produces great crap and occasionally brilliant solutions. And it produces only what people feel like doing - if writing documentation is boring and annoying for someone, they will not spend their free time on it.
You have an itch? Scratch it. Yourself.
Then to the Bundestag
And he would have my vote. But of course, the established politicians have something to complain about and demand that he give up his acting career. Meanwhile, the opposite - that professional politicians should face the realities of life - would be much more desirable.
Furthermore, with his social commitment and dedication to his theater, he has shown that he has far more answers than the great prolethicians in Berlin. So give the man a chance. At worst, we have someone in the Bundestag whose demeanor is much more human and who still knows what the little people on the street really are.
Update: Peter Sodann has withdrawn his candidacy. Since I really like him as Kommissar Ehrlicher in Tatort, I don't even know if I should be sad about it.
Software patent directive on the verge of failure?
It would indeed be nice if the Software Patent Directive were on the verge of being scrapped:
According to Lehne, four smaller factions in the vote planned for Wednesday on the directive and possible amendments want to completely reject the European Council's proposal, according to an AFP report that can be found, among others, in the Berliner Zeitung.
Unfortunately, I'll only believe it when I see it. Because so far, the impending demise has been proclaimed several times, but the thing has still made it through. Moreover, I wouldn't be surprised if the Council simply sends the same directive back to the front without real changes. Or if the talk of scrapping it is simply an attempt to lull the software patent opponents into a false sense of security and get them to ease up on their efforts.
Therefore: continue to write and speak out against software patents. Write to your own EU representatives. Also write to those you otherwise have nothing to do with - and point out that the Software Patent Directive is selling Europe to the giants of the software industry.
Entanglements of the March Hare?
The Proletarians in Berlin are upset, but of course nothing is said about the farce of the occupation of the supervisory board of the German Stock Exchange. And this despite the fact that clear conflicts are evident:
In his main job, Merz is a lawyer and represents the CEO of the British hedge fund TCI, Christopher Hohn, as a legal advisor. The hedge fund manager had prevented the planned takeover of the London Stock Exchange (London Stock Exchange/LSE) by the German Stock Exchange.
And then the March Hare is supposed to be something in the Merkel cabinet soon. Great idea, great future.
Hit, sunk
"Deep Impact": NASA-Sonde trifft Kometen - great mission.
Every smile you fake ...
... we'll be watching you. Sting rules
And Pink Floyd, of course. But they are out of competition anyway.
Objects and Functions with JavaScript
Since the OO aspect of JavaScript is often overlooked, here's a text about Object Hierarchy and Inheritance in JavaScript.
I myself have been a fan of this approach to OO since my first encounters with prototype-based OO languages like Self and NewtonScript - the pigeonhole thinking of class-based OO approaches is often restrictive, especially when modeling real-world objects.
By the way, JavaScript also has a whole lot of other nice features that are often overlooked - first and foremost the nice anonymous functions, through which Closures in JavaScript are realized. And higher-order programming can also be implemented with it.
If you now combine Prototype-OO and Higher-Order-Programming, something like Prototype might come out - a library for JavaScript with a lot of interesting extensions such as elegant Ajax bindings, simpler callback construction and many other toys. Another possibility could arise from Bob Ippollitos MochiKit, if it is ever published (and lives up to the hype).
Prototype, by the way, requires a lot of imagination as to what can be done with it - there is no documentation after all.
Open-Source Blabbermouth
Eric Raymond claims the GPL could harm the success of Open Source:
Eric S. Raymond told Federico Biancuzzi of the Italian Linux magazine Linux&C during the international forum for free software in Brazil that the General Public License could hinder the progress of Open Source.
What lies behind this is of course only his boundless stupidity and craving for attention and the constant inferiority complex towards Richard Stallman - because unlike Eric, Richard has a concept and a consistent idea. Regardless of how one stands on what Richard Stallman says - one must acknowledge that he has a line and pursues it clearly.
Eric Raymond, on the other hand, falls for cheers that he is a millionaire and other stupid remarks - and thereby threatens other open source people like Bruce Perens. And otherwise talks a lot of nonsense.
Abolishing the GPL would be a very stupid idea, because in many areas it is precisely the GPL that protects open source projects - just look at the current GPL violations. If the corresponding sources were under the BSD license, no one would care and the topic would be done - companies would simply help themselves cheaply and that would be it.
But Eric Raymond has never understood the difference between free software and free beer ...
Shit hits Fan
The recently published Sharp Internet Explorer Exploit should make it clear to Microsoft that their stance on the recent IE hole was a bit overly naive. They should have released a patch instead of just an advisory. Ideally, a patch that completely removes Internet Explorer.
T-Mobile is stupid
Honestly. It was only during the first stage with a bunch sprint that I really realized how stupid they are. Sure, Zabel didn't often win stages - but he was constantly at the front when it came to the bunch sprint. And that's how the sponsor was constantly shown at the front. At every sprint finish. Great for advertising. And now? Nothing.
As I said, they are rarely stupid.
Further Dismantling of the Right to Education
The time about the withdrawal of the federal states from free teaching materials - because the tuition fees are not sufficient to protect the citizens' sons and daughters from the dirty worker children. It could be that one of them is so good that they receive one of the few scholarships - so we make sure in advance that they don't even get the chance to come that far.
Education is our highest good - and it is increasingly restricted. The prices for specialist literature have risen sharply and will be problematic for many parents. I know from my own family environment (and also from my own experience of my school days) how restricted pupils become when their parents cannot always bring in the money as the school expects - this is further exacerbated by the purchase of school books. Some parents will certainly consider whether to send their children to grammar school or rather let them skip the three additional years of schooling - with an even greater workload of necessary textbooks than in the previous stages.
The direction taken here is fundamentally wrong. This cannot simply be explained by a false understanding of savings; in some cases, intent must be assumed, as the parts that were once introduced to ensure equal opportunities for workers and their families are now being dismantled so massively.
Another Piece from the Madhouse
The Lufthansa profits from the deportation of foreigners (since the state pays full fees for an airport slot), but may not be subject to protest as part of an online action. Because that is reprehensible, even if it only concerned the transmission of the annual general meeting and not the actual booking business. Despite registration of the action and prior legal advice, the activist is now convicted. And what is the great damage involved? 43,000 euros for Lufthansa for alleged countermeasures ...
Sorry, but somewhere I have a problem with that. Of course, denial-of-service attacks are a problem and are a pretty massive demonstration - on the other hand, highway blockades, rail blockades or large protest marches on main roads are nothing else. That is, after all, an essential part of a demonstration that a form is chosen that is noticed due to the side effects. Standing somewhere with a candle in your hand, smiling politely, is not a demonstration, but a church convention.
The action against Lufthansa, however, had been prepared and carried out exactly like a demo - but the court ignores the right to demonstrate. It's the internet, who cares. Funny, just a few days ago, interior ministers still wanted to prevent the internet from becoming a lawless space. But they probably meant something else by that ...
GEMA in Delusions of Grandeur
Anyway, you can't explain something like this any other way: GEMA demands providers to block websites. I thought that at least a judicial determination would be necessary for something like this - yes, I know, Büssow did it without a court order, but at least he has the excuse of being part of the executive. GEMA is just a fee administration, nothing more. It's quite bold of them to make blocking demands ...
Kai's Horror Tools Flashback
Somehow almost like a zombie from the grave: ArtRage is a painting program with what Kai Krause once understood by intuitive interface - so contrary to any form of interface style guides, horribly colorful, squeaky, and somehow like the Teletubbies. Just the Ohhhhhhh sound is missing ...
Hmm. I like the program. Don't ask me why. I just do.
Take that, Otto!
Storing IP addresses by T-Online illegal:
As early as the hearing at the end of May, Voss had the impression that T-Online's lawyer had failed to convince the judge that storing IP addresses, in particular for billing purposes, was necessary. This assessment was confirmed in the decision made by the court.
For today's charades game
Rabenhorst doesn't like the confidence vote fake either. And he links to Werner Schulz's speech as a Word file. I was so bold and made a PDF file out of it.
It's really a tragedy what's going on there and how these Prolethikers are patting themselves on the back as if they've achieved something. The cowards have been given a four-year mandate to overthrow the government - and the only thing they're throwing are the pieces - and that's it.
Sorry, but that was really no masterpiece. One would almost wish that Köhler showed backbone and common sense just once and threw the whole nonsense in the trash. Or that the complaints against the mummers before the Constitutional Court are successful.
Especially absurd is the alleged reason: they want to let the voters decide and expect chances in new elections - sorry, what? What kind of reality loss is that? The state parliaments are not composed differently just because the SPD shirks its responsibility. If the SPD were re-elected, it would have the same state parliaments and thus the same Federal Council in front of it as now.
The Special Democrats can blabber around as they want, what they are doing here is nothing more than shirking their responsibility. They don't want to be re-elected. And the mandate given to them by the voters in the last federal election doesn't interest them either.
The Inn of Lost Freedom
David Souter, one of the judges who supported the absurd eminent domain decision of the Supreme Court, might now have to swallow his own medicine:
In the small town of Weare in New Hampshire, an investment firm wants to build a hotel at the address 34 Cilley Hill Road. However, there is still a house at this very address. Coincidentally, it belongs to federal judge David Souter. Yes, he is one of the judges who signed the ruling. The "Lost Liberty Hotel" would unfortunately not make sense anywhere else, as it is supposed to contain a museum about civil rights. And finally, the entire citizenry would benefit from the tax revenues and so on.
The ruling was about the fact that eminent domain is also legal when the motivation for the construction is not the greater good of society but pure profit - whoever has money then gets the right to the land, even if it is already inhabited. Let's hope that the building committee of the city has backbone and treats the judge according to his own ruling.
Danish Government Proposes Significant Changes to the Software Patent Directive
The Danish Government advocates for significant changes to the software patent directive:
The goals expressed by Denmark in [the additional remarks to the EU Council proposal], namely to exclude patents on pure software and business methods as well as to ensure interoperability, are now specified by the Dane in the letter.
However, this does not really seem reliable to me - Denmark has aligned itself with the Council line and has only left an additional remark. Whether they will actually stand by their demands or whether this is all just a show for their own parliament remains to be seen. But at least they are making a show of it - unlike our Minister of Justice, who openly opposes the Bundestag resolution.
Locusts at the Tap
Already a bit older, but an interesting report on the dismantling of a thriving company through turbo-capitalism and greed for money.
Interesting about this is not only how the company itself was massively damaged through pure financial exploitation, so that in the end there is actually no good situation left - the effects on the environment, such as the lower business tax revenues of the city, are also interesting. A movement that we can observe in many places at the moment - companies are sold for short-term profit and then go down the drain because the new owners have no interest in the company or the employees, but only in the return on their investment. At the same time, the respective region goes down the drain as well - because the investors also have no interest in the established structures. Locusts simply have no real home.
At the same time, a good example of the fact that this stupid talk about promoting investment in the economy is exactly that - stupid talk. Our problems will not become smaller because of this, the social system will not be saved. The opposite will be the case - because the investors who are getting involved are increasingly hedge funds or private equity funds or other financial investors who just want to make a quick euro - and they are rubbing their hands at the plans of the government and the opposition (if they are to form the next government).
Locusts simply have no interest in vocational training, employee training, minimum wages and domestic production. They also have no interest in our society or our social system.
Microsoft never learns
Error in Internet Explorer with uncertain consequences:
According to Bernhard Müller from SEC Consult, Microsoft can also reproduce the crashes but does not see any risk that foreign code could be executed. Therefore, Microsoft intends to make the handling of COM objects more robust in the future, but will not release a security update.
This is about a crash of the hard kind - in direct machine code. Anyone with even a rudimentary understanding of such things knows that this is a potential gateway for malware - appropriately set data for the crash and you might have a direct path into the system. But Microsoft sees no danger ...
Pass-Chips and their possible misuse
A bit older, but still interesting: Biometrics/BSI Lecture Program at CeBIT 2005. Particularly interesting are the statements about the authorization of the passport chip readers:
The ICAO standard suggests an optional passive authentication mechanism against unauthorized reading (Basic Access Control). Kügler estimated its effectiveness as only minor. However, Basic Access Control would be suitable for the facial image, as this involves only weakly sensitive data.
This is the part currently being discussed regarding the passport - the authentication of the reader by the passport via the data of the machine-readable zone. This method is not protected against copying the key - once it is determined, it can be used to identify a passport. Even from a greater distance.
The contactless chip in the passport according to ISO 14443 will (naturally) be machine-readable and digitally signed as well as contain the biometric data. As the reading distance, Kügler mentioned a few centimeters, but pointed out that with current technology, reading from several meters away is possible. To ensure copy protection, the RFID chip should actively authenticate itself using an individual key pair, which is also signed.
Important here: the copy protection is handled by an active two-way authentication. A passport could therefore only be read with a stored key if it is actively involved. The keys then transmitted are so to speak bound to the respective communication - because both the passport and the reader would have their own key pair. This makes attacks via sniffing of the authentication significantly more complicated, as two key pairs must be cracked to do something with the data. Unfortunately, however, only the basic procedure is currently planned, i.e., only the keys per reader. And it gets worse:
Kügler rated the fingerprint as a highly sensitive feature. Therefore, access protection must be ensured by an active authentication mechanism (Extended Access Control). This was not defined in the ICAO standard and is therefore only usable for national purposes or on a bilateral basis.
Otto Orwell dreams of storing fingerprints - the procedure for how these must be secured is not yet defined and standardized. Such storage would therefore not be usable across the board. It is also important to ensure that only authorized devices are allowed to read. To this end, all readers would receive a key pair, which must be signed by a central authority. Anyone who has ever dealt with a certification authority knows that there must inevitably be a revocation list - a way to withdraw certificates. This is especially important for passport readers if, for example, they are stolen (don't laugh, devices also disappear at border facilities - hey, entire X-ray gates have been stolen from airports). Unfortunately, the experts see it differently:
In the subsequent short discussion, the question was asked whether a mechanism is provided to revoke the keys of the readers. Kügler indicated that this is not the case so far. However, it is currently under discussion to limit the validity of the keys temporally, but this has not yet been decided.
Hello? So there is no way to revoke a device's key. And there is - currently - no expiration of a key. If someone gains access to a reader, they have the key of the device and its technology at their disposal to read every passport in the vicinity. Without the possibility of getting rid of a device used improperly. This is like a computer system where there is no way to change the password and no way to delete a user - even in case of proven misconduct.
And once again, the extended check (and this key technology plus certificate in the reader is probably only intended for this) is only a proposal (which may not even be implemented due to the lack of interest of the Americans in the whole thing):
Kügler then described the BSI's proposal regarding Extended Access Control. According to this, an asymmetric key pair with a corresponding, verifiable certificate is generated for each reader (authorization only per reader). Therefore, the chip must be able to provide computing power for Extended Access Control. [...] Within the EU, access protection by Extended Access Control is currently only to be seen as a proposal, said Kügler. Another (unnamed) BSI colleague agreed with him and added that the Americans do not demand a fingerprint as a biometric feature on the chip at all, but rather the digital facial image would suffice for them. Only within America is a digital recording of the fingerprint planned. For this reason, the technical implementation of Extended Access Control is not urgent.
Only in this proposal is it provided that the devices receive unique key pairs and certificates based on them. Why is all this so critical now? Well, the discussion constantly focuses only on the data and the reading of the data - but these are not even that critical. Because even the stored fingerprints are not the complete fingerprints for reconstruction, but only the relevant characteristics for re-identification (although the discussion is still ongoing as to whether these stored characteristics are really unique - especially in the global context we are talking about - or whether more data does not need to be stored than in a purely national approach).
But what is always possible when we talk about such passports: the authentication and identification of a person. A two-way authentication can alone as authentication already say who is near me. If, for example, I have stored a key of a passport for the simplified procedure, I can then determine at any time without contact whether this passport is nearby - of course only within the framework of the security of the cryptographic algorithms, but that would already be a fairly secure confirmation, because it would be a pretty failure of the whole procedure if two passports with the same key allow an authentication and this has hopefully been excluded by the developers.
I can therefore obtain the keys of persons - for the simplified procedure, the machine-readable line of the passport is sufficient for this - for example, simply through simple mechanical means such as burglary, pickpocketing, social engineering, etc. - and store them. I can then feed a reader with this that, for example, in a defined area simply checks several passport data that interest me when passing through a gate - for example, a revolving door with a predefined speed is very practical for this. Only the passport with the corresponding data in the machine-readable zone will release its data for this, or provide confirmation of the authentication.
I could therefore, for example, determine when a person enters and leaves a building - without the knowledge of that person and fully automatically. With an authentication time of 5 seconds, you can already check several keys while someone walks through the revolving door.
Of course, this is still not the identification of the person - but only of the passport. But especially when the person being monitored does not know about the monitoring, the passport is worn by the person. There is no reason not to have the passport with you. And abroad, it is often a bad idea not to have your passport with you - so it is compulsorily near the person in these cases.
Well, but according to Otto Orwell, all this is just scaremongering and anyway not true and completely wrong. Unfortunately, it is based on statements by employees of the BSI - who are basically his people.
When Web Designer is a Bad Word
For example, with companies that rant against ALT attributes on IMG tags and then incorrectly refer to them as ALT tags. Well, incompetence is their concept:
Just exactly what text can a person read or see in a 1 x 1 pixel gif? Zippo. Thus, the text or line reader, JAWS, cynthia, etc, should be smart enough to see that the image size of Height="1" and Width="1" and automatically know it's a spacer and then make a if-then condition to NOT PRONOUNCE alt tag in the spacer.gif.
I have edited quite a few table layouts myself - among other things because they were simply there - and I can't remember when the spacers were actually output in 1x1 pixels. Of course, the image itself was only 1x1 pixels in size, but the width and height attributes on the IMG tags were naturally according to the size that was to be spanned. In addition, there were a lot of other layout elements in the source that were candidates for ALT="" - for good reason, layout graphics should be correctly bypassed by screen readers. But according to their idea, the screen reader should first load the graphic element, which is completely useless for it, and look at how big it is. Just because the trolls are too lazy to write ALT="" on IMG tags.
Oh, and they also demand more intelligence from screen readers:
HERE IS SIMPLE SOLUTION so EVERYONE WILL NOT HAVE TO RE-WRITE THEIR PAGES just for you.
READ THE BIG TEXT FIRST, either font tags with say 3 to 7, or CSS styles with the biggest fonts sizes. Next, read the 2nd largest fonts second, and so on. This is JUST LIKE WHAT HUMAN WOULD DO ANYWAY.....So, look for Font tags with a setting 7 or 6 or 5 or 4 and down and in that order and then start reading it. Same with CSS, PIXELS sizes of say 24px should be read FIRST, NOT LAST!! How hard can this be? This what the browsers do anyway, so why can't you do it?
Exactly. The screen readers should just figure out what they need from the tag soup (including analyzing font tags and such junk), instead of the designer thinking about what he produces and providing a somewhat logical structure for text-only browsers. Hey, what are the h-tags and their friends for since HTML 1? Oh well, it's probably all just imagination ...
But you can find even more gems there, such as the discussion about CSS vs. Table Layouts, where CSS is of course made to look really bad. Because they just don't understand what CSS is all about and why you separate HTML and CSS and what's the good idea about it. Because they probably haven't had a single good idea in their entire sad designer life and therefore wouldn't even recognize a good idea if it hit them on the head with a big stick.
Oh yes, a word of warning to more current designers at the end: don't look at their source code, because it will give you hair loss, curled toenails, and rotten teeth.
Banalpatent again
Amazon receives patent on "related products" - yes, exactly, customers who bought this product also showed interest in the following additional products now has a US patent. And of course, something like this would never be enforceable as a patent in Europe (and pigs can fly). It's great to see how innovative software patents are and how important they are for strengthening the software industry - because with such a patent, one could make a fortune in the warning letter paradise of Germany and kick out annoying competition. By the way, they already have the patent on one-click ordering. Yes, web shops could become a legal minefield if the EU Council's software patent directive prevails. And patent lawyers will become fat and rich ...
Still Strange Finder Stories
My Finder still shows all applications twice or even three times in the context menu for a file in the Open With submenu. And I can't figure out for the life of me how to fix this. Hasn't anyone else had this problem? There must be a way to clean it up, after all, the menu is dynamically created by OS X from the installed applications - but there must be some kind of type registry somewhere where applications register themselves so that OS X knows they can read this file type. And that's the place you should be able to clean up. But how in the world do you do that? Where does OS X remember which programs can open which file types?
Schily considers data protection to be scaremongering
Privacy advocates' concerns are fear-mongering - at least according to Otto Orwell:
Concerns about biometric passports, RFID technology, and tele-surveillance, expressed for example by privacy advocates, are fear-mongering that one should not fall for, said Federal Interior Minister Otto Schily at the symposium "Computers in everyday life - opportunities for Germany" in Berlin. The mentioned technologies are not used to monitor or suppress citizens, but to increase their security.
Funny. I rather believe that Otto Orwell's talk is simply fear-mongering - what security is increased by massive and widespread spying on citizens? Certainly not the citizens' security - but they are being fed pseudo-risks and alleged solutions for them, just like the Bush administration, to reduce their civil rights in Germany. Without regard for facts, without regard for proportionality.
The ignorance he attributes to the critics is probably on his side. Because he may still be considered competent as a lawyer (I can't judge his competence there), he has no clue about cryptography and its risks - as they come into play, for example, in the context of passports valid for 10 years.
Who wants to make statements about the security of cryptographic methods today if they have to make this statement for a point in time 10 years from now? Yes, I know, Otto Orwell does - as I said, he simply has no idea what he is talking about. SHA1 was once described as a secure alternative to MD5 signatures - and has essentially failed. MD5 signatures are now completely unusable - as scientists have proven when they produced two real texts with meaningful content and identical MD5 signatures. I've had enough of pathetic politicians with brains too small, who want to impose their alleged doctrines on citizens with absurd claims. And I've long had enough of their idiotic argumentation loops with which they want to sell total surveillance as a security feature to citizens.
Who wants to laugh again ...
Study Shows Windows Beats Linux on Security - this time, Microsoft bought the desired results from the company Wipro. Just as absurd as previous attempts in the same direction. Contains such gems as:
“We already know how to secure a Windows-based solution and keep it running smoothly,” says Stephen Shaffer, the airline’s director of software systems. “With Linux, we had to rely on consultants to tell us if our system was secure. With Windows, we can depend on Microsoft to inform us of and provide any necessary updates.”
Sorry, but seriously: if my IT manager tells me he relies on Microsoft for the security of his systems, that would be a reason for me to fire the guy as quickly as possible.
WordPress 1.5.1.3
WordPress 1.5.1.3 includes an important security fix. So at least take the xmlrpc.php from the release.
Americans and Logic
Apparently, a majority of Americans are dissatisfied with Bush - Kids, just as info: 59 million of you voted for him.
iTunes Podcasting not with old iPods?
It seems that PodCasting is only supported with iPods starting from the Clickwheel-iPods. Those with the old mechanical wheel don't get a firmware update, and neither do the Touchwheel-iPods. Which I honestly find quite pathetic. The Touchwheel-iPods aren't that old after all, they don't need to be phased out already.
Not that it bothers me much - I don't read most of the blogs by podcasters, I wouldn't know why I would want to listen to them - but somehow it bothers me when gadgets are retired as too old too quickly. Especially when they are high-priced items like an iPod.