Not to harp on it but: *When some sycophants of Seaside got, nasty, I did not walk away from Seaside, warts and all. * suggests this person has had this problem elsewhere.
On Wed, Oct 14, 2009 at 3:37 PM, Jack Widman <jack.wid...@gmail.com> wrote: > The necessity of this kind of action (the banning) is absolutely no sign of > anything having been done wrong. There will ALWAYS be people like that. > > > On Wed, Oct 14, 2009 at 3:31 PM, koveen <liep...@xs4all.nl> wrote: > >> >> I think that when someone enters a group, expecting to be shot, >> it is a very kind act only to ban him. >> >> Ko >> >> On Oct 14, 7:49 pm, David Pollak <feeder.of.the.be...@gmail.com> >> wrote: >> > Folks, >> > >> > It is not lightly that I ban someone from the group... this is only the >> > second time I've banned a substantive poster. I'm going to discuss some >> of >> > the process and then touch on some of the substance of the questions >> that >> > the poster was getting at. >> > >> > The Lift community, reflected on this list, is an inquisitive, friendly >> > place where people who have a passion for building great web apps >> converge >> > and contribute to making Lift a really great open source framework. >> Newbies >> > are the lifeblood of the group because they come with fresh perspectives >> and >> > new ways of looking at things. Questions from newbies help us refine >> and >> > enhance Lift and the associated documentation. Folks who are building >> > production apps on Lift receive the fastest turn-around because these >> folks >> > are betting their careers and their enterprises (even enterprises of >> one) on >> > Lift and they deserve the best support in the industry for taking this >> risk. >> > >> > A big part of why this community is successful (in terms of size, >> quality of >> > discussion, and quality of results) is because we keep the quality of >> > discussion high. How do we do this? The folks who have been on the >> list >> > generally keep the level of discussion to the Lift ideals. We reward >> > newbies with quick answers and encourage friendly discourse. We are >> > generally slower to respond to those that are less reflective of the >> list >> > ideals. I warn folks who are pushing boundaries (usually privately, but >> > every once in a while publicly) and where the line is. >> > >> > In this case, nothing worked. The poster was neither asking questions, >> > giving usable feedback, or being polite in his engagement with the folks >> on >> > the list. I received a substantial number of private communications >> about >> > this poster (which is pretty rare), and I took action. >> > >> > In terms of the substance, let me address to "threat" issue first. I >> > threatened to ban the poster from the list. Perhaps DHH or Martin would >> not >> > make such a threat. I am very sure that the quality of discussion on >> the >> > Lift list is higher than that on the Rails list (one of the reasons I >> > started Lift was to be part of a nicer community.) One cost of having a >> > nicer place is excluding those who do not fit. The second "threat" I >> made >> > was to relay a tongue-in-cheek private communication I received about >> the >> > poster to the list (after receiving the okay from the guy that made the >> > communication to me.) This "threat" was obvious, using video game >> rating >> > language <http://www.esrb.org/ratings/ratings_guide.jsp>, "Comic >> mischief" >> > and "Cartoon violence". It was something that even a 6 year old can >> > distinguish from reality. Put another way, the poster was talking about >> > Kafkaesque experiences with using Lift and I responded with >> > Jonesian< >> http://www.youtube.com/watch?v=CrupqdGvsoc&feature=PlayList&p=62FED00.. >> .>language. >> > >> > In terms of the broader issue of Lift's HTML templating system being >> XHTML >> > only, yes, that's true. Lift treats HTML templates as XML. Lift's >> > templating system is not a String templating system but an XML >> templating >> > system. This satisfies the needs to render content to HTML browsers. >> If >> > there are needs for generating other kinds of content, Lift is not as >> good, >> > but in many cases there are better libraries for doing so. Lift makes >> it >> > very simple to integrate other rendering/templating engines into Lift, >> > usually with a single line of code the dispatches the HTTP request to an >> > alternate provider of a LiftResponse. If the poster had simply said, "I >> > want to template non-HTML output, can you show me how?" he would have >> gotten >> > a nice example (and I might have even rolled it into demo.liftweb.netor >> > maybe Tim might have blogged about it. >> > >> > Keeping things in XML has a number of advantages and a few >> disadvantages. >> > First, the disadvantages: (1) you can't template non-XHTML responses and >> (2) >> > everything must be well formed XML. The advantages are (1) security (2) >> > performance (it's easier to cache XML and the cost of mutating XML trees >> is >> > O(log N)), (3) there is better separation of logic from the view >> (perhaps >> > Terrance Parr's String Template library achieves this level of >> separation), >> > and (4) the ability to mutate the resulting page (rewrite tags, move >> stuff >> > to head/tail, consolidate scripts) is more performant and less >> error-prone >> > than doing the same with a String-based representation. >> > >> > I will address Bill's security question. For String-based rendering >> systems >> > that emit HTML, the developer is the one who must make a decision at >> each >> > insertion point as to whether the incoming String needs to be escaped. >> > Because Strings are untyped, you don't know what they mean, if they're >> > "safe" to be passed directly or if they need to be escaped. On the >> other >> > hand, keeping the output structure in XML, you know when you're >> promoting a >> > String to an XML element and by default, it's done securely. The >> developer >> > has to affirmatively do something that will introduce a vulnerability. >> > Here's an example: >> > >> > val inputFromBadUser = "<script>alert('boo');</script>"val >> > vulnerableStringTemplating = "<div>The other guy said: >> > "+inputFromBadUser+"</div>" >> > val safeXMLTemplating = <div>The other guy said: >> {inputFromBadUser}</div> >> > >> > Sure, it's possible to use the "Unescaped" class for a String and it's >> > possible to parse the user's input as XML, but both of these cases are >> based >> > on doing something other than the default. The default if you're using >> XML >> > for XHTML templating is that things are secure. The default if you're >> using >> > Strings to represent the output is is insecure unless the developer does >> the >> > right thing at each insertion point. >> > >> > I thank you all for your participation in this community. It's the kind >> of >> > place I like being part of and that's because of the quality of the >> people >> > and the discussions. I want to make sure as we grow from 1,400+ members >> to >> > 5,000 members that the group retains the quality and energy that it has. >> > >> > David >> > >> > On Tue, Oct 13, 2009 at 7:21 PM, David Pollak < >> feeder.of.the.be...@gmail.com >> > >> > >> > >> > > wrote: >> > > You are banned from this group. >> > >> > > On Tue, Oct 13, 2009 at 6:24 PM, Aule <grshipl...@gmail.com> wrote: >> > >> > >> Bryan >> > >> > >> Been there, tried that. >> > >> Oh - the mime type is "text/vnd.curl" >> > >> > >> Btw, actually a threat has been conveyed to me at mail.google.comand >> > >> I have protested to Google >> > >> > >> I can't imagine Dave Hansen or MArtin Odersky or Bill Venners or Lex >> > >> Spoon sending me a threat, but so it goes ... >> > >> > >> At least I will not get 4 years in an Egyptian prison for insulting >> > >> Randy's Alma Mater (Madison). >> > >> > >> Oh Randy. I read my Paul Valéry in the original. >> www.hsinfosystems.com >> > >> is missing the accent on his surname. >> > >> > >> Lift is not Scala; I will continue to recommend Scala. >> > >> > >> For me, the jury on Lift is not yet in. When some sycophants of >> > >> Seaside got, nasty, I did not walk away from Seaside, warts and all. >> > >> > >> R >> > >> > >> On Oct 13, 8:10 pm, Bryan <germ...@gmail.com> wrote: >> > >> > Hi Aule, >> > >> > >> > > I am still looking to see if I over-looked somewhere on the web >> where >> > >> > > there is a 1.0.2 Boot.scala >> > >> > >> > > 1) showing unambiguously how to flip the default Content-Type >> > >> > > 2) and having, in fact, the intended effect >> > >> > >> > > as I now know from a few trials over a few hours that this is >> not as >> > >> > > simple as some web posts present. >> > >> > >> > I have not had a need for this, so I had to search some "web posts" >> to >> > >> > find the answer. Quckly, I found the following snippet: >> > >> > >> > LiftRules.determineContentType = { >> > >> > case _ => "text/curl" >> > >> > >> > } >> > >> > >> > I have not verified this, so please let us know if it does not >> help. >> > >> > >> > > Were it trivial, I had not mocked a framework, and you, Mr. >> Pollock, >> > >> > > had not raged. >> > >> > >> > From my readings, Mr. Pollak has yet to show any rage. >> > >> > >> > --Bryan >> > >> > > -- >> > > Lift, the simply functional web frameworkhttp://liftweb.net >> > > Beginning Scalahttp://www.apress.com/book/view/1430219890 >> > >> > > Follow me:http://twitter.com/dpp >> > > Surf the harmonics >> > >> > -- >> > Lift, the simply functional web frameworkhttp://liftweb.net >> > Beginning Scalahttp://www.apress.com/book/view/1430219890 >> > Follow me:http://twitter.com/dpp >> > Surf the harmonics >> >> >> >> > > > -- > Jack > -- Jack --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~----------~----~----~----~------~----~------~--~---
