I agree also it was the best course of action, though I feel unhappy that a more friendly solution was not found. You can lead a horse to water, but can't stop it from kicking your teeth out for the favor?
The quality of people on the lift list really is quite good -- it's an aspect to be proud of, for sure. -Ross On Oct 14, 2009, at 12:15 PM, marius d. wrote: > > Reading the thread in question I was quite surprised about the > attitude shown on the list by the person in question. I wholeheartedly > agree that the right decision has been made. > > Br's, > Marius > > On Oct 14, 6:49 pm, David Pollak <feeder.of.the.be...@gmail.com> > wrote: >> Folks, >> >> It is not lightly that I ban someone from the group... this is only >> the >> second time I've banned a substantive poster. I'm going to discuss >> some of >> the process and then touch on some of the substance of the >> questions that >> the poster was getting at. >> >> The Lift community, reflected on this list, is an inquisitive, >> friendly >> place where people who have a passion for building great web apps >> converge >> and contribute to making Lift a really great open source >> framework. Newbies >> are the lifeblood of the group because they come with fresh >> perspectives and >> new ways of looking at things. Questions from newbies help us >> refine and >> enhance Lift and the associated documentation. Folks who are >> building >> production apps on Lift receive the fastest turn-around because >> these folks >> are betting their careers and their enterprises (even enterprises >> of one) on >> Lift and they deserve the best support in the industry for taking >> this risk. >> >> A big part of why this community is successful (in terms of size, >> quality of >> discussion, and quality of results) is because we keep the quality of >> discussion high. How do we do this? The folks who have been on >> the list >> generally keep the level of discussion to the Lift ideals. We reward >> newbies with quick answers and encourage friendly discourse. We are >> generally slower to respond to those that are less reflective of >> the list >> ideals. I warn folks who are pushing boundaries (usually >> privately, but >> every once in a while publicly) and where the line is. >> >> In this case, nothing worked. The poster was neither asking >> questions, >> giving usable feedback, or being polite in his engagement with the >> folks on >> the list. I received a substantial number of private >> communications about >> this poster (which is pretty rare), and I took action. >> >> In terms of the substance, let me address to "threat" issue first. I >> threatened to ban the poster from the list. Perhaps DHH or Martin >> would not >> make such a threat. I am very sure that the quality of discussion >> on the >> Lift list is higher than that on the Rails list (one of the reasons I >> started Lift was to be part of a nicer community.) One cost of >> having a >> nicer place is excluding those who do not fit. The second "threat" >> I made >> was to relay a tongue-in-cheek private communication I received >> about the >> poster to the list (after receiving the okay from the guy that made >> the >> communication to me.) This "threat" was obvious, using video game >> rating >> language <http://www.esrb.org/ratings/ratings_guide.jsp>, "Comic >> mischief" >> and "Cartoon violence". It was something that even a 6 year old can >> distinguish from reality. Put another way, the poster was talking >> about >> Kafkaesque experiences with using Lift and I responded with >> Jonesian<http://www.youtube.com/watch?v=CrupqdGvsoc&feature=PlayList&p=62FED00 >> >> ...>language. >> >> In terms of the broader issue of Lift's HTML templating system >> being XHTML >> only, yes, that's true. Lift treats HTML templates as XML. Lift's >> templating system is not a String templating system but an XML >> templating >> system. This satisfies the needs to render content to HTML >> browsers. If >> there are needs for generating other kinds of content, Lift is not >> as good, >> but in many cases there are better libraries for doing so. Lift >> makes it >> very simple to integrate other rendering/templating engines into >> Lift, >> usually with a single line of code the dispatches the HTTP request >> to an >> alternate provider of a LiftResponse. If the poster had simply >> said, "I >> want to template non-HTML output, can you show me how?" he would >> have gotten >> a nice example (and I might have even rolled it into >> demo.liftweb.net or >> maybe Tim might have blogged about it. >> >> Keeping things in XML has a number of advantages and a few >> disadvantages. >> First, the disadvantages: (1) you can't template non-XHTML >> responses and (2) >> everything must be well formed XML. The advantages are (1) >> security (2) >> performance (it's easier to cache XML and the cost of mutating XML >> trees is >> O(log N)), (3) there is better separation of logic from the view >> (perhaps >> Terrance Parr's String Template library achieves this level of >> separation), >> and (4) the ability to mutate the resulting page (rewrite tags, >> move stuff >> to head/tail, consolidate scripts) is more performant and less >> error-prone >> than doing the same with a String-based representation. >> >> I will address Bill's security question. For String-based >> rendering systems >> that emit HTML, the developer is the one who must make a decision >> at each >> insertion point as to whether the incoming String needs to be >> escaped. >> Because Strings are untyped, you don't know what they mean, if >> they're >> "safe" to be passed directly or if they need to be escaped. On the >> other >> hand, keeping the output structure in XML, you know when you're >> promoting a >> String to an XML element and by default, it's done securely. The >> developer >> has to affirmatively do something that will introduce a >> vulnerability. >> Here's an example: >> >> val inputFromBadUser = "<script>alert('boo');</script>"val >> vulnerableStringTemplating = "<div>The other guy said: >> "+inputFromBadUser+"</div>" >> val safeXMLTemplating = <div>The other guy said: {inputFromBadUser} >> </div> >> >> Sure, it's possible to use the "Unescaped" class for a String and >> it's >> possible to parse the user's input as XML, but both of these cases >> are based >> on doing something other than the default. The default if you're >> using XML >> for XHTML templating is that things are secure. The default if >> you're using >> Strings to represent the output is is insecure unless the developer >> does the >> right thing at each insertion point. >> >> I thank you all for your participation in this community. It's the >> kind of >> place I like being part of and that's because of the quality of the >> people >> and the discussions. I want to make sure as we grow from 1,400+ >> members to >> 5,000 members that the group retains the quality and energy that it >> has. >> >> David >> >> On Tue, Oct 13, 2009 at 7:21 PM, David Pollak >> <feeder.of.the.be...@gmail.com >> >> >> >>> wrote: >>> You are banned from this group. >> >>> On Tue, Oct 13, 2009 at 6:24 PM, Aule <grshipl...@gmail.com> wrote: >> >>>> Bryan >> >>>> Been there, tried that. >>>> Oh - the mime type is "text/vnd.curl" >> >>>> Btw, actually a threat has been conveyed to me at mail.google.com >>>> and >>>> I have protested to Google >> >>>> I can't imagine Dave Hansen or MArtin Odersky or Bill Venners or >>>> Lex >>>> Spoon sending me a threat, but so it goes ... >> >>>> At least I will not get 4 years in an Egyptian prison for insulting >>>> Randy's Alma Mater (Madison). >> >>>> Oh Randy. I read my Paul Valéry in the original. www.hsinfosystems.com >>>> is missing the accent on his surname. >> >>>> Lift is not Scala; I will continue to recommend Scala. >> >>>> For me, the jury on Lift is not yet in. When some sycophants of >>>> Seaside got, nasty, I did not walk away from Seaside, warts and >>>> all. >> >>>> R >> >>>> On Oct 13, 8:10 pm, Bryan <germ...@gmail.com> wrote: >>>>> Hi Aule, >> >>>>>> I am still looking to see if I over-looked somewhere on the web >>>>>> where >>>>>> there is a 1.0.2 Boot.scala >> >>>>>> 1) showing unambiguously how to flip the default Content-Type >>>>>> 2) and having, in fact, the intended effect >> >>>>>> as I now know from a few trials over a few hours that this is >>>>>> not as >>>>>> simple as some web posts present. >> >>>>> I have not had a need for this, so I had to search some "web >>>>> posts" to >>>>> find the answer. Quckly, I found the following snippet: >> >>>>> LiftRules.determineContentType = { >>>>> case _ => "text/curl" >> >>>>> } >> >>>>> I have not verified this, so please let us know if it does not >>>>> help. >> >>>>>> Were it trivial, I had not mocked a framework, and you, Mr. >>>>>> Pollock, >>>>>> had not raged. >> >>>>> From my readings, Mr. Pollak has yet to show any rage. >> >>>>> --Bryan >> >>> -- >>> Lift, the simply functional web frameworkhttp://liftweb.net >>> Beginning Scalahttp://www.apress.com/book/view/1430219890 >> >>> Follow me:http://twitter.com/dpp >>> Surf the harmonics >> >> -- >> Lift, the simply functional web frameworkhttp://liftweb.net >> Beginning Scalahttp://www.apress.com/book/view/1430219890 >> Follow me:http://twitter.com/dpp >> Surf the harmonics > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~----------~----~----~----~------~----~------~--~---
