Reading the thread in question I was quite surprised about the attitude shown on the list by the person in question. I wholeheartedly agree that the right decision has been made.
Br's, Marius On Oct 14, 6:49 pm, David Pollak <feeder.of.the.be...@gmail.com> wrote: > Folks, > > It is not lightly that I ban someone from the group... this is only the > second time I've banned a substantive poster. I'm going to discuss some of > the process and then touch on some of the substance of the questions that > the poster was getting at. > > The Lift community, reflected on this list, is an inquisitive, friendly > place where people who have a passion for building great web apps converge > and contribute to making Lift a really great open source framework. Newbies > are the lifeblood of the group because they come with fresh perspectives and > new ways of looking at things. Questions from newbies help us refine and > enhance Lift and the associated documentation. Folks who are building > production apps on Lift receive the fastest turn-around because these folks > are betting their careers and their enterprises (even enterprises of one) on > Lift and they deserve the best support in the industry for taking this risk. > > A big part of why this community is successful (in terms of size, quality of > discussion, and quality of results) is because we keep the quality of > discussion high. How do we do this? The folks who have been on the list > generally keep the level of discussion to the Lift ideals. We reward > newbies with quick answers and encourage friendly discourse. We are > generally slower to respond to those that are less reflective of the list > ideals. I warn folks who are pushing boundaries (usually privately, but > every once in a while publicly) and where the line is. > > In this case, nothing worked. The poster was neither asking questions, > giving usable feedback, or being polite in his engagement with the folks on > the list. I received a substantial number of private communications about > this poster (which is pretty rare), and I took action. > > In terms of the substance, let me address to "threat" issue first. I > threatened to ban the poster from the list. Perhaps DHH or Martin would not > make such a threat. I am very sure that the quality of discussion on the > Lift list is higher than that on the Rails list (one of the reasons I > started Lift was to be part of a nicer community.) One cost of having a > nicer place is excluding those who do not fit. The second "threat" I made > was to relay a tongue-in-cheek private communication I received about the > poster to the list (after receiving the okay from the guy that made the > communication to me.) This "threat" was obvious, using video game rating > language <http://www.esrb.org/ratings/ratings_guide.jsp>, "Comic mischief" > and "Cartoon violence". It was something that even a 6 year old can > distinguish from reality. Put another way, the poster was talking about > Kafkaesque experiences with using Lift and I responded with > Jonesian<http://www.youtube.com/watch?v=CrupqdGvsoc&feature=PlayList&p=62FED00...>language. > > In terms of the broader issue of Lift's HTML templating system being XHTML > only, yes, that's true. Lift treats HTML templates as XML. Lift's > templating system is not a String templating system but an XML templating > system. This satisfies the needs to render content to HTML browsers. If > there are needs for generating other kinds of content, Lift is not as good, > but in many cases there are better libraries for doing so. Lift makes it > very simple to integrate other rendering/templating engines into Lift, > usually with a single line of code the dispatches the HTTP request to an > alternate provider of a LiftResponse. If the poster had simply said, "I > want to template non-HTML output, can you show me how?" he would have gotten > a nice example (and I might have even rolled it into demo.liftweb.net or > maybe Tim might have blogged about it. > > Keeping things in XML has a number of advantages and a few disadvantages. > First, the disadvantages: (1) you can't template non-XHTML responses and (2) > everything must be well formed XML. The advantages are (1) security (2) > performance (it's easier to cache XML and the cost of mutating XML trees is > O(log N)), (3) there is better separation of logic from the view (perhaps > Terrance Parr's String Template library achieves this level of separation), > and (4) the ability to mutate the resulting page (rewrite tags, move stuff > to head/tail, consolidate scripts) is more performant and less error-prone > than doing the same with a String-based representation. > > I will address Bill's security question. For String-based rendering systems > that emit HTML, the developer is the one who must make a decision at each > insertion point as to whether the incoming String needs to be escaped. > Because Strings are untyped, you don't know what they mean, if they're > "safe" to be passed directly or if they need to be escaped. On the other > hand, keeping the output structure in XML, you know when you're promoting a > String to an XML element and by default, it's done securely. The developer > has to affirmatively do something that will introduce a vulnerability. > Here's an example: > > val inputFromBadUser = "<script>alert('boo');</script>"val > vulnerableStringTemplating = "<div>The other guy said: > "+inputFromBadUser+"</div>" > val safeXMLTemplating = <div>The other guy said: {inputFromBadUser}</div> > > Sure, it's possible to use the "Unescaped" class for a String and it's > possible to parse the user's input as XML, but both of these cases are based > on doing something other than the default. The default if you're using XML > for XHTML templating is that things are secure. The default if you're using > Strings to represent the output is is insecure unless the developer does the > right thing at each insertion point. > > I thank you all for your participation in this community. It's the kind of > place I like being part of and that's because of the quality of the people > and the discussions. I want to make sure as we grow from 1,400+ members to > 5,000 members that the group retains the quality and energy that it has. > > David > > On Tue, Oct 13, 2009 at 7:21 PM, David Pollak <feeder.of.the.be...@gmail.com > > > > > wrote: > > You are banned from this group. > > > On Tue, Oct 13, 2009 at 6:24 PM, Aule <grshipl...@gmail.com> wrote: > > >> Bryan > > >> Been there, tried that. > >> Oh - the mime type is "text/vnd.curl" > > >> Btw, actually a threat has been conveyed to me at mail.google.com and > >> I have protested to Google > > >> I can't imagine Dave Hansen or MArtin Odersky or Bill Venners or Lex > >> Spoon sending me a threat, but so it goes ... > > >> At least I will not get 4 years in an Egyptian prison for insulting > >> Randy's Alma Mater (Madison). > > >> Oh Randy. I read my Paul Valéry in the original. www.hsinfosystems.com > >> is missing the accent on his surname. > > >> Lift is not Scala; I will continue to recommend Scala. > > >> For me, the jury on Lift is not yet in. When some sycophants of > >> Seaside got, nasty, I did not walk away from Seaside, warts and all. > > >> R > > >> On Oct 13, 8:10 pm, Bryan <germ...@gmail.com> wrote: > >> > Hi Aule, > > >> > > I am still looking to see if I over-looked somewhere on the web where > >> > > there is a 1.0.2 Boot.scala > > >> > > 1) showing unambiguously how to flip the default Content-Type > >> > > 2) and having, in fact, the intended effect > > >> > > as I now know from a few trials over a few hours that this is not as > >> > > simple as some web posts present. > > >> > I have not had a need for this, so I had to search some "web posts" to > >> > find the answer. Quckly, I found the following snippet: > > >> > LiftRules.determineContentType = { > >> > case _ => "text/curl" > > >> > } > > >> > I have not verified this, so please let us know if it does not help. > > >> > > Were it trivial, I had not mocked a framework, and you, Mr. Pollock, > >> > > had not raged. > > >> > From my readings, Mr. Pollak has yet to show any rage. > > >> > --Bryan > > > -- > > Lift, the simply functional web frameworkhttp://liftweb.net > > Beginning Scalahttp://www.apress.com/book/view/1430219890 > > > Follow me:http://twitter.com/dpp > > Surf the harmonics > > -- > Lift, the simply functional web frameworkhttp://liftweb.net > Beginning Scalahttp://www.apress.com/book/view/1430219890 > Follow me:http://twitter.com/dpp > Surf the harmonics --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~----------~----~----~----~------~----~------~--~---
