nice round number
"512 people would be going worldwide"
Presumably they can only fire people in powers of 2 ?
"Get me Steve from HR, tell him to free 2 bytes of allocated office space"
17 posts • joined 26 Oct 2007
It appears that customer accounts could be freely accessed from the website :
(just about everything except the credit card number was available "in just a few clicks")
The strangest part is that a "nice hacker" reported it to the SNCF, instead of selling them on eBay like anyone else would do
Jesus, that comes as close as it can to a declaration of war, doesn't it ?
Condescending tone, inflammatory rethorics, gratuitous insults...you forgot to mention Joan of Arc but otherwise a very good effort. I give this flame 3 flint stones out of 5.
A caveat : I'm a French engineer so of course I'm going to have a biased view. But I for one believe that nuclear power is currently the only viable solution for supplying sustainable electrical energy; and that as a country producing 3/4 of its electricity from nuclear plants, and having built quite a lot of power plants at home and abroad France (its industry, at any rate) certainly has the necessary know-how. Much as I'd like to see our French-hating neighbours personified by AC revert to the Middle Ages I honestly think this deal would have been a good thing for both countries.
Eagerly awaiting the French-bashing and green propaganda !
> However I was using ActionScript 3.0 so my website will be powered by "AAS".
Would that Action Script interact with the or be downloaded from the "Server Side" ?
If so then you can legitimately say you website is powered by "AASSS", although that probably makes it NSFW. As, indeed, any website using applets.
I just had a thought that made me giggle out loud.
Imagine that Phorm and BT lie and spin their way around the opt-in issue (as many commenters have suggested).
Imagine that the "service" Phorm offers comes back insidiously, and that a substantial proportion of computer-illiterate users are opted in.
So far, that would mean the little guy got shafted by the big corp; par for the course and not that unlikely.
Now, imagine that the other shoe drops; i.e. website owners objects to *their* content being intercepted. And, at the top of your head, which big web companies, interested in keeping their lucrative online advertisement business, would be likely to step into the arena ?
That's right, I had a dream of a massive legal struggle between BT, phorm, Google, Yahoo, Microsoft (they're bound to have a go at the thing, on one side or the other) and a few others probably... A corporate version of Alien vs Predator, with Godzilla and the Gremlins thrown in as well !
Man, I almost hope Phorm makes it that far, just so that I can grab the popcorn, kick back, and enjoy the show (almost, but not quite).
Matt, methinks you should get your head out of your a**e long enough to do some basic fact checking.
First, a quick reminder : islamic terrorist != AQ.
As far as France is concerned, I'd think the demographics are largely similar to those in the UK.
Second and third generation immigrants ? Check. The high point of immigration from Northen Africa was during the 60s and the 70s, following the economic boom of the time, the need for cheap labor, and the independence of our former colonies.
Education and cash to get internet access ? Check. Although earning levels are lower than average for that demographic group (as in the UK, I suspect), it's still plenty enough to afford ADSL; and although they don't usually have stellar academic records, they still go to school long enough to learn how to read; and, more importantly, to become disillusioned with their prospects if they stick to school and try to make something of themselves.
As a sidenote, the biggest French blog site is run by Skyrock, a hiphop / rap radio mostly popular in poor suburbs and housing estates (IIRC they pride themselves on being the rap radio with the most listeners *in the world*).
Chip on their shoulder ? Check. They've been brought up with a culture that doesn't mesh with the society they live in; they see themselves as unfairly put upon; they couldn't give a toss about lawful behaviour; they see the rest of France as racists peasants who'd toss them out given half a chance, not that they may be far wrong on that count unfortunately.
Islamic background ? Check. Algeria has been having problems with fundamentalist groups for more than 20 years now, and some of that has spilled over into France. AQ may have done a marketing coup recently by rebranding those terrorists as their Algerian branch, but they were along long before the world had heard of Osama. The biggest islamic terrorist attack in France dates back to 1995, when a couple of subway stations were blown up by these same Algerian radicals. 1995 ? The US was probably still selling weapons to OBL at that time.
Honestly, I think the main difference comes from government attitude towards radical preachers. You have a metric sh*tload of them in London; we have few if any. They find safe haven in the UK, so they settle there and do their thing. Most of the French blowhards who've been arrested in Irak or elsewhere under suspicion of terrorist activities have spent time and been coached in the English mosques.
So when French yoof want to fight back against society or become confused with their life of loafing around and selling drugs, they stand less chance of becoming indoctrined by radical preachers and learning how to make bombs. They keep dealing drugs instead, or try to ambush police and firefighters in street guerillas...
And that behaviour isn't yet classified as terrorism (whether it should be is another question entirely)
The broken Flash allows for XSS exploits (quote from original article : "Vulnerable content opens websites up to cross-site scripting (XSS) exploits that allow an attacker to perform any action available to a user of the targeted website"). So yeah, a spam pusher or russian mobster could put the flash on his website and steal the personal info you were about to submit... on his website.
The point here is that the vulnerable websites are corporate ones : banks, e-commerce, etc. When you run a website, and there's a vulnerability caused by something you (or most likely that chick from marketing who likes to download flash tutorials from the net to make purty blinking ads) put on one of your pages, you don't say "my customers should install the latest version of Adobe Flash Player, or even better switch to Links". You damn well go and fix it.
The reason is, you can't trust your users. You can't trust Grandma Jane who wants to buy a tricycle on-line for her grandson's birthday to have the latest version of IE/FF/whatever with all the plug-ins and the relevant Windows service pack.
The onus of making sure a user's input can't break your website, and that your website doesn't break the user's PC, is yours. If that means changing your pretty code so that it doesn't conflict with a buggy browser version, then so be it. Incidentally, this is why most commercial websites, at least those not done in Flash, use all sorts of ugly CSS tricks to work with the standards and with IE.
>"Intellectual property" should not be allowed to be bought and sold in the same way as real property.
This is the underlying principle behind a market economy : any type of property (i.e., something that someone can own) will eventually be sold, bought, traded, and give rise to speculation. What's more, there will eventually emerge a global marketplace where such sales and trades will be formalized and 'industrialized' so to speak, which in turn gives rise to more sophisticated and/or derivative products based on the original commodity.
This principle applies to just about everything : raw materials, currencies, stock, real estate... but also debts (your bank owns your debt, so why shouldn't it be free to sell it to another bank ? Hey, can anyone say 'subprimes' ?), stock options, derivative products (whose sole purpose is to be bought, sold, and speculated with), and much much more...
The only upside is that patents are currently used defensively mostly -except in the good ole district of Eastern Texas of course- and that there isn't yet (to my knowledge anyway) any agreed-upon mathematical formula for estimating the value of a patent. So using and abusing patents is still a somewhat artisanal process: you have to fight it out in court, there's no guaranteed return on investment, etc.
The day we know how to put an accurate value on a patent without 'exercizing' it (i.e. going to court), is the day patents will become just another commodity. Don't believe me ? Think stock options and the Black & Scholes formula.
All this leads me to wonder what will be the next 'property' playground. My bet is on privacy and/or private data. You own your private data right ? So... if you own it, it can be bought. If it can be bought, it can be sold again. Or traded. Or sold in bulk. This is already the case on the black market, it's only a matter of time before it becomes another legal avenue of financial frolicking.
IANAL, but it might be a good thing we don't actually 'own' fundamental rights (if I remember correctly, they're granted by the state although I suspect Your Constitution May Vary) or some poor sods are bound to sell them one day... or be defrauded of them.
@ different translations : had a quick look and listen to the footage, he does indeed say "casse toi alors, pauvre con" which more or less translates to "get lost then, you dumb sod/b***ard".
"Pauvre con" isn't too much of an insult in French; we use "con" all the time, despite the fact that it originally has the same meaning as c**t as a part of the female anatomy. The closest literal translation would be 'moron'.
"pauvre con" more or less means "you're too stupid for us to be arguing, you're a hopeless case" and is often used as a parting shot. So, not much of an insult...
@Ishkandar : ... and while you would indeed probably hear it on the streets of Paris quite often, the point is that the guy is supposed to be president. He can't start picking fight with all the people who don't like him, because then he'd have about 30 million Frenchmen lined up on his doorstep waiting for their turn. Chirac had his faults, but he knew how to handle himself. If that had been Chirac, he wouldn't even have acknowledged the original insult (not in public anyway. But the guy might have found himself in an involved discussion with the bodyguards out of camera view...)
Carry on. And if you've learned anything today, it's how to say c**t with a bit of continental flair.
FWIW, we had the same problem in France the first year they launched the online tax website. IIRC, they extended the deadline by 2 weeks because they were "unprepared" for the massive traffic they got. Since then the site has been working fine (although I usually try to fill in my tax forms in advance, so there may still be rush hour congestion just before the deadline), and filling in your tax form online earns you a massive 20€ rebate...
On a tangential note, a friend of mine works for the French government IT. He was responsible for setting up a website designed to alleviate red tape (basically, one web form to fill instead of queuing at 6 different buildings). Anyway, when they launched the pilot he made the mistake of talking about it to the PR leeches - adding, of course, that they weren't to talk about it as it was only a pilot. The next day it was on the evening news... Massive audience, poor little server dies horribly, many outraged cries of "who's the fucktard who can't build a decent website".
Werl, the easiest way out is to code all your websites in Flash ! It's a universal standard, can do purty moving thingamajigs and even "creative types" can code in it.
And all you need to do is plug in a big ole <object> in your page, and every browser will render the same thing ! (except Links, but that's only used by commie b**tards anyway).
So why don't we let the W3C play with itself in the corner and adopt a proprietary standard proven time and again by the stock exchange! Besides, ever since they took away the blink and marquee tags, HTML just hasn't been the same...
'At the bottom of the article it says: "Error: A thorough search of the Register database for "Sierra Leone" and "lunatics" returned  results. Please modify your search to contain at least one IT-related term." '
Indeed. Which leads to one (and only one) of 2 conclusions :
1- whoever coded the Register website knows that empty strings, badly built queries, null pointer exceptions and what have you will happen, knows to test for them and knows the value of a clean, userfriendly error message (instead of the traditional "what should never have happened, has happened. Sorry"). In which case, they should be rightly commanded.
2- in the original version of the article, the "related stories" paragraph was replaced by a crappy mySQL error message. Which quickly led to someone inserting a dirty hack to make it look as if the code had recovered gracefully from the lack of previous references to smelly african lunatics.
My money's on #2...
For the sake of conversation let's go with the assumption that the original specs were crap (which the article doesn't mention btw) and that the big question is 'should the coders have done something about it or not'.
Now, if everything from the specs to the finished (and I use the term loosely) code is done in-house, the coders can and *should have* raised the point of general spec-crapiness. You do what you're asked to do, but it doesn't take a genius to figure out that if you're coding crap, you're bound to have to recode it at some point and in the meantime Bad Things can happen to your website and your company - especially where security's involved.
If however you use an outside firm (be they in India or the building down the road), the specs become part of a contract between two companies, and as such the coders will have absolutely no say in the matter, even if they wanted to. It's not even a question of good or bad developers - from the moment the contract is signed specifying which specs will be coded for what price and in what time, the only way it's going to change is if you can convince the account manager there's more money to be made (and for that to happen, he has to convince the client to fork up extra dough).
Oh, and @Ed, the obvious answer is never EVER pay until you're completely satisfied with the code...
Biting the hand that feeds IT © 1998–2020