tag:blogger.com,1999:blog-33042626.post765174500970123392..comments2008-04-29T13:31:40.134-07:00Comments on Paul Buchheit: The dogmatic programmer - when software becomes religionPaul Buchheithttp://www.blogger.com/profile/08521809827597159995noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-33042626.post-77457846488833385532007-06-14T09:17:00.000-07:002007-06-14T09:17:00.000-07:00There's nothing wrong with just one person bending...There's nothing wrong with just one person bending a minor rule for one web app. Or two people, even. But when a lot of people are doing it (as is the case with the Internet), then it becomes a problem. It might never lead to a misguided missle, but when a lot of people ignore standards then it can lead to billions of lost dollars on an national scale. Consider how much money goes into making web sites work with the nonstandard quirks of each major browser.Anonymoushttps://www.blogger.com/profile/04653511283943003766noreply@blogger.comtag:blogger.com,1999:blog-33042626.post-66384804896444344402007-06-14T01:41:00.000-07:002007-06-14T01:41:00.000-07:00From the limited interaction I have had with web d...From the limited interaction I have had with web developers I find that they tend to be 'less dogmatic' and have the 'get the job done' approach. Perhaps that's why this industry is moving so fast.<BR/><BR/>Programmers working on traditional software compiler/OSes/desktop apps/comm software tend to be a little more dogmatic.Manojhttps://www.blogger.com/profile/08680789362388063736noreply@blogger.comtag:blogger.com,1999:blog-33042626.post-78443614644624510382007-06-14T00:58:00.000-07:002007-06-14T00:58:00.000-07:00Anil, there are many religious wars. What makes yo...Anil, there are many religious wars. What makes you think that I missed the MS one, or that am part of it? I don't use MS much, but I certainly don't hate them (and I worked there for a bit). I try to stay non-dogmatic about everything.<BR/><BR/>Austin, yes, for some people it is, but it doesn't have to be.<BR/><BR/>Charles, you are, of course, correct, but those people were going to break everything anyway...<BR/><BR/>Ben, that's very reasonable. I would be very careful with anything involving money.Paul Buchheithttps://www.blogger.com/profile/08521809827597159995noreply@blogger.comtag:blogger.com,1999:blog-33042626.post-1448096442493563532007-06-13T21:10:00.000-07:002007-06-13T21:10:00.000-07:00Another thing to consider is that many web servers...Another thing to consider is that many web servers try to get a cache hit for GET requests but process POSTs directly.Goldenrockhttps://www.blogger.com/profile/16034295669254253348noreply@blogger.comtag:blogger.com,1999:blog-33042626.post-57986960477182537692007-06-13T20:54:00.000-07:002007-06-13T20:54:00.000-07:00You can delete my ISP's bandwidth logs by using GE...You can delete my ISP's bandwidth logs by using GET variables.<BR/><BR/>I can't remember the line exactly but its something like this..<BR/><BR/>checktime.php?username=admin&password=password&cmd=del&id=1067<BR/><BR/>Its suppose to be used to delete a row of data in case the login messes up and it thinks you're already logged in but what they have done is allowed you to also delete the row of data after you have finished and logged out. Awesome now I haven't used my internet connection at all!<BR/><BR/>Also because of the id= variable you can also kick other people off the internet by deleting their rows.<BR/><BR/>While we're on the topic of GET variables. Please don't use the MySQL column name as the get variable name.<BR/><BR/>If you're using uid as the colume name in MySQL then please please please don't use uid as your get variable too. <BR/><BR/>I was able to figure out how to login to a video sharing website as Admin with this technique.Andrewhttps://www.blogger.com/profile/00115112799769819100noreply@blogger.comtag:blogger.com,1999:blog-33042626.post-60524604930785893262007-06-13T19:42:00.000-07:002007-06-13T19:42:00.000-07:00Good points. I agree that you've gotta be pretty p...Good points. I agree that you've gotta be pretty pragmatic on the web, and that was the aim of my blog post.<BR/><BR/>But I guess I've come away a bit scared of prefetching apps. If the GET is something non-mission critical like an upvote -- fine, be pragmatic. But if it involves a money transaction or something like that, be very careful.Ben Hoythttps://www.blogger.com/profile/05031061723963613401noreply@blogger.comtag:blogger.com,1999:blog-33042626.post-61343782809872340612007-06-13T16:30:00.000-07:002007-06-13T16:30:00.000-07:00The problem with "What's the worst that could happ...The problem with "What's the worst that could happen?" is that most people taking a shortcut likely have no idea what the worst could actually be.Anonymoushttps://www.blogger.com/profile/11728350858852005688noreply@blogger.comtag:blogger.com,1999:blog-33042626.post-1032961036894345912007-06-13T16:14:00.000-07:002007-06-13T16:14:00.000-07:00When?Software's been a religion for a while, last ...When?<BR/><BR/>Software's <I>been</I> a religion for a while, last time I remember.austinhttps://www.blogger.com/profile/04568181737985699678noreply@blogger.comtag:blogger.com,1999:blog-33042626.post-12066633990687776202007-06-13T16:06:00.000-07:002007-06-13T16:06:00.000-07:00I found it ironic. "...when software becomes relig...I found it ironic. <BR/>"...when software becomes religion".<BR/><BR/>There is another religious war that seems to have completely escaped you - Microsoft haters vs. M$ users/programmers/likers.<BR/><BR/>It is not hard to guess where you are :)Anil Philiphttps://www.blogger.com/profile/01997916311534632044noreply@blogger.com