Re: About FP, folder permissions, and sysops...
- From: "Bob Lehmann" <nospam@xxxxxxxxxxxxxxxx>
- Date: Thu, 9 Mar 2006 20:01:51 -0700
Gee, Nicholas. I didn't realize you were such a sensitive guy.
But, since you felt the need to respond in a non-factual manner, even though
you are not "not hurt by my words"....
Perhaps my "Shame, shame, etc.. " didn't come off that well in print, but in
person, most developers would have taken it as a light-hearted admonishment
to always check the data before operating on it - That's like a programming
101 course.
1. > why you would want... adopt a position of passing, publicly, a verdict
on someone else's coding acumen or insight.
Because your flawed acumen & insight were posted publicly.
2. > About your incredulous response to my advice to Richard
I have no idea how you can characterize my comments as "incredulous". As I
said, checking the data is a 101 course, regardless of whether or not it was
"it was the early days of ASP". I'm fairly certain the concept existed way
back yonder in the COBOL days.
3. > First, as regards Microsoft's methods of encouraging web architects to
adopt their languages and proprietary software solutions
Your contention was that ASP is some evil scheme to entice developers to use
FP's admittedly lame auto-magically generated crap code is so far off-base,
it makes you look like a tinfoil hat-wearing paranoid. That is what I
addressed. I even agreed with you here....
YOU: >> but I am not a big fan of any FP included solution
ME: Not that I disagree, but.....
I simply disagreed with the drivel that followed.
4. > Even if you allowed an unmonitored FTP upload to your server
Please note that the OP is using a file upload method for putting files on
the server. Not anonymous FTP.
5. > When I was stricken with 500 Gb blah, blah, blah.....
> I had, of course, strict limits on size and type of file I'd allow to
come in.
Yeah, obviously. So how did the 500 Gb file make it to your server then?
6. > But none of this is the point, Bob. I have no interest in educating (or
chastizing) you.
Oh, yeah - That comes through loud and clear.
But what does this have to do with properly using a file upload element?Bob, I recommend you visit http://www.grc.com/dos/drdos.htm
7. >These groups are for helping out....
Precisely. And, when someone "helps" by posting incorrect information, it
*should* be challenged. How you arrive at the conclusion that this is
"infighting", I have no idea.
Have you ever worked somewhere where there were other developers besides
yourself?
Typically, very heated arguments can erupt discussing the details of a
development effort. But usually, we go have lunch together afterwards.
Nobody gets hurt feelings, or feels the need to have a private conversation
afterwards to soothe each other. Adults understand the concept of
challenging ideas and don't need a touchy-feely, give me a warm-fuzzy
because you hurt my feelings session to enable reconciliation.
And we certainly don't challenge each other with ridiculous statements
like...
But, just between us, Bob, your best interests would not be well served
by a competition in solutions architecture with me as your opponent.
I have my doubts. But, just between us, Nicholas - My Dad can beat up your
Dad anytime. So, nyahna, nyanhna, nya, nya. So, there!
PS - Thanks for conveniently snipping my response in your reply.
Bob Lehmann
"Nicholas Savalas - http://savalas.tv"; <nick@xxxxxxxxxx> wrote in message
news:1141911109.643974.7410@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Dear Bob,
I would not have responded publicly to your post, but your email
address <nos...@xxxxxxxxxxxxxxxx> gives me little choice.
I only take time to reply to you because of the last 5 words in your
post, "Shame, shame, shame on you!". I am not hurt by your words, just
curious as to why you would want to draw this attention to yourself,
and adopt a position of passing, publicly, a verdict on someone else's
coding acumen or insight.
First, as regards Microsoft's methods of encouraging web architects to
adopt their languages and proprietary software solutions (re: "I would
not be surprised to find out that was what MS intended") - they employ
the same methods as most software developers. They offer a free,
limited, and generic solution to encourage you to purchase the more
advanced and expensive design tools. No enterprise-level web
architecture can be realistically designed with FrontPage: the latest
web applications, in the Windows world, at least, require the purchase
of the Visual Studio .NET suite and a testing sandbox with extensive
development tools, server software, hardware acquisition, and skilled
engineering expenses.
Microsoft continues the tease and tickle tactic even today with their
free .NET editor 'Visual Web Developer 2005 Express Edition' available
at: http://msdn.microsoft.com/vstudio/express/vwd/default.aspx - anyone
who has used it knows that it is just a preliminary step on the path to
the far more powerful features of VS.NET. That's why they give the
Express Edition away for free, like they used to give away 'FrontPage
Express' with Internet Explorer - or don't you remember those days? How
many times have you written an application in ASP that was more useful
and flexible than the client had specified, only to have them next ask
for more and more control, features, bells and whistles? We all know
that Microsoft has gambled heavily on .NET because Sun Microsystems
won't share Java - we also know that it uses considerably less code per
string than Java and is therefore a superior language, but if
developers don't adopt it and author with it, Microsoft will be in
great trouble. That's why they need these groups, why they hold free
expos and seminars, and why they give away free ASP.NET software. This
is business. This is serious business.
About your incredulous response to my advice to Richard that he never
allow anonymous upload, "What if the requirements demand it??", no real
online strategy today allows direct server interaction by anonymous
users without serious credentials authentication and event logging.
Even if you allowed an unmonitored FTP upload to your server, you'd
create a series of challenge/response events to protect yourself, or
you'd be risking a production server loss.
When I was stricken with 500 Gb of data transfer in a single day, Bob,
it was the early days of ASP. I had, of course, strict limits on size
and type of file I'd allow to come in. But, remember how we all learned
about SQL code injection? They didn't explain it in a book, Bob. We
learned about form vulnerability, like all other network invasions
(DDOS attacks, for example) by enduring and surviving it.
Bob, I recommend you visit http://www.grc.com/dos/drdos.htm - that is
Steve "The Wizard" Gibson's own site - and, no matter how easily you
spurt out "Shame, shame..", there is no better computer security mind
that I know of than his, and even the servers at Gibson Research
Corporation had to take their lumps. In his own words, "At 2:00 AM,
January 11th, 2002, the GRC.COM site was blasted off the Internet by a
new (for us) distributed denial of service attack." If you never were
holding a production server together with prayers and chewing gum, Bob,
you must not have had a very interesting target of opportunity. I wear
my network survival episodes like a red badge of courage - and I
learned more on that day about the need for security inspection for
anonymous input all the way down to, and below, the character and cell
level, than I had in my fifteen years prior to that as an engineer in
this field.
But none of this is the point, Bob. I have no interest in educating (or
chastizing) you. You are, presumably, a fully grown adult, with
experience and talent. There must be good in you, because you come to
this forum to aid, however clumsily, these people in their infancy of
coding, much the way someone reached out to you when you didn't know a
tag line from a punch line. These groups are for helping out, not being
in. So let's keep the infighting off the main forums. My email address
and contact information, at least, are a matter of public record;
contact me whenever it suits you. I don't discriminate on the basis of
attitude, Bob. Let's be nice, and help those who come here with
questions and difficulties. We aren't the future; we are mentoring the
future. I trust you see the value of what we might accomplish at these
newsgroups if we stay focused and work together to assist others.
But, just between us, Bob, your best interests would not be well served
by a competition in solutions architecture with me as your opponent.
Until I hear from you again, I remain,
Sincerely,
Nicholas Savalas - http://savalas.tv - nick@xxxxxxxxxx
.
- Follow-Ups:
- Re: About FP, folder permissions, and sysops...
- From: Nicholas Savalas - http://savalas.tv
- Re: About FP, folder permissions, and sysops...
- References:
- Re: About FP, folder permissions, and sysops...
- From: Nicholas Savalas - http://savalas.tv
- Re: About FP, folder permissions, and sysops...
- Prev by Date: Re: Douche Bag MVPs
- Next by Date: Re: help, just deleted page in web site
- Previous by thread: Re: About FP, folder permissions, and sysops...
- Next by thread: Re: About FP, folder permissions, and sysops...
- Index(es):
Relevant Pages
|
|
