All kidding aside, JS is a pretty good example of Functional programming.
There are far worse gigs than JS programming. Not something you want to do 40 hours a week but JS can be downright FUN compared to a lot of other web technologies.
Suggesting that you could replace a MS-SQL server with SQLite basically forces anybody in the know to ignore every other point you make.
MySQL is good, unless you need a highly performent query analyzer.
Postgres is good, unless you need actual replication features.
SQLite is good, if your datastore is less than 1GB.
Oracle is no-doubt a valid replacement and improvement upon SQL Server. And I use MySQL more than any other DB. But you need to hire Percona to get the same performance out of MySQL that you get from SQL Server out of the box.
I'm not advocating against prepared statements. But honestly, that's a proof of concept that is highly unlikely to find itself out of the lab anytime soon.
The issue would only happen if the user was advanced enough to want to change the Character Set IN SCRIPT and still not fully understand the effects on that on m_r_e_s().
I wouldn't go around telling people that using m_r_e_s() is not satisfactory and safe. Qualify it! "It's not safe IF you set the charset in the script."
A little like saying your car isn't safe if you crash it into a brick wall.
Well, if you want to get technical, nobody changes the order of anything. They just deduct PENDING SUM from CURRENT BALANCE to reach AVAILABLE BALANCE.
To use your example:
Thursday: Current Balance: $50 Pending Sum: $0 Available Balance: $50
OWASP is invaluable for learning the WHY and HOW behind security.
But for an amateur, I think the first best thing he could do is apply the Suhosin patch for PHP: http://www.hardened-php.net/
This lets him worry about the why and how AFTER he's already closed many of the attack vectors a default PHP install leaves open. Especially if he's running below 5.2.x.
Furthermore, PHP has been more security focused since 5.01. You can learn a lot about security just by reading the release notes, even if you don't think you're learning about security!
For example, the filter_input() function. Instead of doing this:
And the idea of minimizing apps to ANYWHERE is an ancestor to the concept of a representing minimized apps on a dock/taskbar.
The sooner childish Slashdotters realize that we're all standing on the shoulders of giants the better the discussions here will be. I am, naturally, not holding my breath.
Software development is an iterative process. The company I'm currently with has been developing software for ages and I don't think they've ever actually innovated anything entirely new. Who cares. They HAVE produced good software that has made peoples lives easier, even if it hasn't set ablaze the world of software development.
OSX is a damn fine operating system. All indications are that Windows7 is going to turn out very well.
There is room in consumer-facing computing for 2 (or 3 or 4) different paradigms.
Actually, there is. The White House is an institution upon itself. The security, logistics, kitchen, cleaning, groundskeeping, engineering and, yes, IT staffs work for the Government but are not administration appointees.
The problem isn't a lack of staff.
The problem is a bureaucracy. Part of this is good: institutional pushback that serves to protect the White House and Executive Branch by not being overly concerned with the state of the art.
Part of this is bad: forcing the WH to stay in a perpetual 15-year time lag.
Many of their systems can't be upgraded by law. The can't just upgrade software that hasn't been approved by whatever Govt office is in charge of approving it.
Again, that's not all bad: Imagine it was public that the WH used, say, Novell Groupwise for their email server. If a foreign gov't was so inclined they could recruit a Novell programmer (or infliterate their own) and write code that will silently transmit copies of their emails. That sorta thing.
The first example is all about so-called "semantic web" technology. And the thing is, Google's index does contain the data you'd need to build semantic context about, as in your example, what a "BMW" is.
But that info Google makes available via its API to anybody willing to pay a couple cents.
The SECRET data Google has available is what makes your second example possible, and smaller ad networks simply don't have the breadth of publishers needed to gather a dataset that rich for each user.
The technique, linear-regression and nearest-neighbor analysis, can produce some very off the wall results on small datasets.
Google could probably build a faster (and perhaps better) semantic understanding, but that isn't "private info" in the sense that Last.fm is referring to.
You're confusing context-sensitive advertising with behavioral targeting.
All you need to do context sensitive advertising is a bot to crawl your publishers pages (Google uses MediaBot) and the ability to cache the HTML and do data-structure and keyword-density analysis on it.
This isn't easy, but having user data is unnecessary.
Of course, the best systems will pair context sensitivity with behavioral sensitivity and produce truly valuable ads.
I'm a developer at a large CPA advertising startup. We're building context-sensitive rotators right now.
Slashdot Mirror
All kidding aside, JS is a pretty good example of Functional programming.
There are far worse gigs than JS programming. Not something you want to do 40 hours a week but JS can be downright FUN compared to a lot of other web technologies.
SVN Blame, my friend. SVN Blame.
There's nothing wrong with the idea that the gross value of credit default swaps & derivatives is greater than the sum of the global product.
Global product is annualized.
It's like saying "His net worth was a few times more than his summed up household income, it had to crash"
That's a good illustration: You just injected content that I downloaded. In your case, it was the link.
Sure, there are a lot of apps that have some sort of facility for this. But there are just as many that don't.
For CSRF to work the attacker has to be able to inject his own content into your site that a victim can then come by and download.
Quite a few ways to do this, but if you take the precautions mentioned above, you'll be safe.
Tho, I would add one more IMPORTANT bullet point: Install the Suhosin Hardened PHP Patch.
And for fool-proof input sanitization, use filter_input() (and the other Filter functions PHP introduced at 5.something)
I wouldn't call it a poor design.
The design is to connect to the tower with the best reception.
The only real WTF was that the ship turned on their "tower" before it left port.
Come on, folks. The two most important things from this article are:
- It was INTRODUCED.
- By Republicans.
Do you have any idea how many bills are introduced that never make it to the floor, let alone the President's desk?
And it's introduced by Republicans. Do you really think Democratic leadership will let anything introduced by Republicans hit the floor?
Suggesting that you could replace a MS-SQL server with SQLite basically forces anybody in the know to ignore every other point you make.
MySQL is good, unless you need a highly performent query analyzer.
Postgres is good, unless you need actual replication features.
SQLite is good, if your datastore is less than 1GB.
Oracle is no-doubt a valid replacement and improvement upon SQL Server. And I use MySQL more than any other DB. But you need to hire Percona to get the same performance out of MySQL that you get from SQL Server out of the box.
Terriers are good Rat Dogs. I timeshare in St maarten and I've heard locals talk about this solution more than once.
I'm not advocating against prepared statements. But honestly, that's a proof of concept that is highly unlikely to find itself out of the lab anytime soon.
The issue would only happen if the user was advanced enough to want to change the Character Set IN SCRIPT and still not fully understand the effects on that on m_r_e_s().
I wouldn't go around telling people that using m_r_e_s() is not satisfactory and safe. Qualify it! "It's not safe IF you set the charset in the script."
A little like saying your car isn't safe if you crash it into a brick wall.
Ok, i'll bite... what makes them safer?
The only real safety issue with mysql_real_escape_string() is that you could forget to call it.
Past that, if you pass every param thru that function, you're safe from injection attacks.
Well, if you want to get technical, nobody changes the order of anything. They just deduct PENDING SUM from CURRENT BALANCE to reach AVAILABLE BALANCE.
To use your example:
Thursday:
Current Balance: $50
Pending Sum: $0
Available Balance: $50
Friday:
Current: $50
Pending: -$40
Available: $10
Saturday:
Current: $50
Pending: -$90
Available: -$40
Monday Start of Biz:
Post 1st $10 transaction: Move $10 from Pending to Posted, Subtract $10 from Current Balance. Is Available balance negative? Post Overdraft Fee.
Post 2nd $10 transaction: Move $10 from Pending to Posted, Subtract $10 from Current Balance. Is Available balance negative? Post Overdraft Fee.
Etc.
The RealWTF is simply that overdraft fees are charged if your Available balance is negative, not your Current balance.
OWASP is invaluable for learning the WHY and HOW behind security.
But for an amateur, I think the first best thing he could do is apply the Suhosin patch for PHP: http://www.hardened-php.net/
This lets him worry about the why and how AFTER he's already closed many of the attack vectors a default PHP install leaves open. Especially if he's running below 5.2.x.
Furthermore, PHP has been more security focused since 5.01. You can learn a lot about security just by reading the release notes, even if you don't think you're learning about security!
For example, the filter_input() function. Instead of doing this:
$phone_number = $_POST['phone_number'];
do this:
$phone_number = filter_input(INPUT_POST, 'phone_number', FILTER_SANITIZE_STRING);
That simple change applied to all of your $_POST, $_GET (and/or $_REQUEST) look-ups will shut down most of your application-level attacks.
Any PHP developer should learn and ALWAYS use the new Filter features: http://us2.php.net/manual/en/ref.filter.php
Uhh.. FF Extensions are written entirely in JavaScript and XML. It is "open source" even if it's not licensed openly.
No doubt a many a JS/AS coders have already popped open those files and you'd be hearing about it all over if this was some MS spyware attempt.
Not to mention the FM/AM Tuner wheel going back 60 years...
And the idea of minimizing apps to ANYWHERE is an ancestor to the concept of a representing minimized apps on a dock/taskbar.
The sooner childish Slashdotters realize that we're all standing on the shoulders of giants the better the discussions here will be. I am, naturally, not holding my breath.
Software development is an iterative process. The company I'm currently with has been developing software for ages and I don't think they've ever actually innovated anything entirely new. Who cares. They HAVE produced good software that has made peoples lives easier, even if it hasn't set ablaze the world of software development.
OSX is a damn fine operating system. All indications are that Windows7 is going to turn out very well.
There is room in consumer-facing computing for 2 (or 3 or 4) different paradigms.
I wonder what context-sensitive ads they were seeing?
"Extreme Rendition? Come enjoy all EXTREME sports at Vale."
"Global Thermonuclear War? Get WARGAMES on DVD for $1.99 at Overstock.com"
Actually, there is. The White House is an institution upon itself. The security, logistics, kitchen, cleaning, groundskeeping, engineering and, yes, IT staffs work for the Government but are not administration appointees.
The problem isn't a lack of staff.
The problem is a bureaucracy. Part of this is good: institutional pushback that serves to protect the White House and Executive Branch by not being overly concerned with the state of the art.
Part of this is bad: forcing the WH to stay in a perpetual 15-year time lag.
Many of their systems can't be upgraded by law. The can't just upgrade software that hasn't been approved by whatever Govt office is in charge of approving it.
Again, that's not all bad: Imagine it was public that the WH used, say, Novell Groupwise for their email server. If a foreign gov't was so inclined they could recruit a Novell programmer (or infliterate their own) and write code that will silently transmit copies of their emails. That sorta thing.
Although it should be noted that a significant amount of WH business is classified at Codeword level.
Not to mention, there are many legal advantages in not having conversation recorded in an IM conversation.
Also, doesn't it make more sense to think that they dump their fuel on emergency landings so it doesn't, you know, blow up?
Not to mention a fully functional ER, gym, press cabin, offices for WH Sr. Staff, a kitchen and enough food to last weeks without landing.
The real fallacy is that you're thinking all the money will only be spent once. That's not the case at all.
True.
The first example is all about so-called "semantic web" technology. And the thing is, Google's index does contain the data you'd need to build semantic context about, as in your example, what a "BMW" is.
But that info Google makes available via its API to anybody willing to pay a couple cents.
The SECRET data Google has available is what makes your second example possible, and smaller ad networks simply don't have the breadth of publishers needed to gather a dataset that rich for each user.
The technique, linear-regression and nearest-neighbor analysis, can produce some very off the wall results on small datasets.
Google could probably build a faster (and perhaps better) semantic understanding, but that isn't "private info" in the sense that Last.fm is referring to.
You're confusing context-sensitive advertising with behavioral targeting.
All you need to do context sensitive advertising is a bot to crawl your publishers pages (Google uses MediaBot) and the ability to cache the HTML and do data-structure and keyword-density analysis on it.
This isn't easy, but having user data is unnecessary.
Of course, the best systems will pair context sensitivity with behavioral sensitivity and produce truly valuable ads.
I'm a developer at a large CPA advertising startup. We're building context-sensitive rotators right now.
Of course it was. Show me any mature product that isn't.
But i cannot imagine any circumstances where the best strategy is to scrap and replace everything.
This isn't about purity of codebase, which is what the OSS adopters you mentioned concerned themselves with.
This is about a commerical software company who chose to cease shipping their flagship product while they redeveloped it.
If they had to do it, they should've maintained and upgraded the NS4 base with 4.x releases while the new product was in development.