It's NOT that hard to sanitize input and keep your mind on your user's flow options. Parametrized SQL? Don't know anything about it: must be proprietary fud.
It is MUCH HARDER to make and keep a program secure if it's written in a "secure language." These languages don't have as many pitfalls, so the programmer is not as aware and on the lookout for potential intrusions. If it's already all taken care of by the compiler, what need has the programmer to know about security? What need have they to know AES or DES, buffer overflow or multithreaded resource sharing?
I'd rather use "1 or 1" if someone let me put spaces and letters into their numerical inputs -- no nasty giveaway ' character -- but your point is taken, although you're ignoring mine.
My point is you can't make sprintf or memcpy or anything in that language "safe." It's why all the idiots who would want a safe programming language now write buggy crashy slow Java programs. Thank god, nobody has managed to "fix" C yet.
For the record, I don't generally use sprintf, I use myformat, a custom solution.
If you're using the sprintf family you should definitely be making use of the size modifiers or at least checking your buffers before using any %s type escapes.
If you just use snprintf you've not protected yourself against buffer underruns. Consider:
void getUser(const char *uid) { char buf[52]; snprintf(buf, 51, "select * from tbl where userid=%s and active=1", uid); }
Here, if you have a userid that is padded with a few spaces, it doesn't matter if you're active or not.
My grammer is extensive and has a few things to say to you.
The comma goes before the quote mark - "when,"
It was lower case because picking on peoples' grammar is a low blow. You know, to communicate additional information? And the full stops are because I talk that way.
How could you possibly think that the grades a teacher assigns are more based on the students than the teacher?
The teacher designs the class, or at least the exams, and teaches the students the material.
Sure a particular student may be more or less prepared to learn the material, may even have different aptitudes for the type of material. But overall the grades in the class are due to how well the teacher teaches and how well s/he judges their students.
Just FIRE him, stop making EXCUSES and hurting your kids.
It makes users think framing is okay and secure when a company like google does it. When in reality, framing lets you steal user information, session information, cookies, ad revenue,...
btw if you're going from "it is" to "its" you have to use an apostrophe. "it's spelled with an apostrophe."
Heh, the same goes for that "other" Neilsen, but nobody cares.
It's a lucky sperm club thing.
As for why you have to wait to post, it's so that you will think a little bit before you go and say something like, oh, say, "the lucky sperm club runs the world" and get yourself in trouble. (*fortunately I'm already in trouble)
The fundamental user model of a web page only provides reliable caching. Other than that, it's worse than worthless in that it inhibits the kind of things you can do with your internets.
Server side includes? Wow dude, just throw my security and privacy out the window along with all reason and common sense why don't you. Server side includes? You're using some microsoft bs then...
and MVC? No wonder. Next you'll be using a web 2.0 toolkit that lets you make websites in visual basic. Get a clue!
It's not advertising revenue I'm concerned with, but all the data I enter on those various sites that they should not be sharing with each other. Or with facebook. Or with Google. I guess at some point you have to give in, but not before making your security a top priority.
Admittedly with facebook et all they probably aren't stealing my passwords or form values.
But another side effect is that framing becomes "ok" for even less-well-known and less-accountable sites, even though it's clearly a very serious security issue.
The funniest thing is, DRM was the lame publicity stunt. Lame because everyone hated the idea that their rights needed to be managed. Steam is just not naming this one the same thing: that's good marketting practice, not really a lame publicity stunt. Of course it's still digital rights management, they just didn't add the "lame publicity": capital letters and an acronym.
It DOES appear to apply technological inhibitions against otherwise lawful behavior.
DRM's meaning is not overloaded at all and you can't just say "Our product is not DRM." The industry decides whether or not it's DRM, and this is clearly digital rights management.
You have it precisely. This is very simple team dynamics. How can they get it so confused? It's well known (although strange) that in small groups (2-5 I think) having a non-participating member in the group increases the group's performance. This is easy to see, if you look:
1) Non-participating member makes jokes. Other members get slightly jealous and annoyed: they want to disassociate with this joker and work more. They are also slightly amused, although they'd never admit it, and thus work is easier for them.
2) Non-participating members don't contribute to expected workfarce. If a project that takes 8 work hours is due in 2 hours with 4 working members, it'll not get done because all the workers expect to put in 2 hours. None of them can, of course: they have to blink sometime. But with 3 working members, they all overestimate the amount of work they need to do, and the work is done in an hour and a half.
3) If you're participating and someone else isn't, you're not the one who's gonna get fired. At least, not if you work at Microsoft. Job security definitely increases productivity.
The only problem is the lack of a sense of fairness. The nonworker of course is just sitting back, so everyone feels it's unfair. But if they can get over their frustration and anger dealing with that, (which they should be able to do, given that life is such a bitch anyway), the nonworker actually contributes more to the team than any of the workers do.
I think that's hilarious. School is way harder than the real world.
I'm coming back to academia from the 'real world,' where I worked a 'real job' as a domestic consultant. I got paid more than they ever indicated I would make in school. I got to have a hell of a lot more fun. And I got to meet some really cool people. Shit yeah I had to do a lot of work, who doesn't?
SCHOOL is SHOCKING. Speech class: standing ovation, for my speech alone. Grade? D+. Data structures: aced all the exams and tests. Except the final, which I somehow got a ZERO on, teacher never handed it back. Got a C- in the course. (at least a C- required for upper division courses, so I figure this is aimed at my GPA, since I won't likely retake it) Biology: Everyone in the class comes to me for help. My grade? D. Chemistry: Same as biology.
?? They're too worried about narcissism. I'm a genius, but I know I have faults. Still, they are harking on them way too much. I'm a great worker and the teachers are making me want to suicide.
How is your copy's value reduced to zero? Neither copy is of zero value at any point, since either copy may be sold (legally or illegally) for real value. Your value comes from the ability/"legal right" to distribute information, not from the information itself. Information by itself is invaluable, it's the withholding of information that can have a debt instead, are you following the basics here?
If I were to create a glut of availability for your information (eg distribute it for free), that would be violating your property rights - because you OWN the RIGHT to distribute that information, see? Not because you own the information itself.
When it comes to a particular song the same effect comes into play. If I just steal the song, I haven't hurt you. It's not until I start distributing that there is a problem. But here the problem is confounded by the idea that leeching is bad, so your social mores against leaching(eg, pay for what you get) lead you to DISTRIBUTE the data as well!! The morality is really screwed up if you follow it around;) anyway, enjoy...
Your medical information is not your property just because you have the right to control it. You have the right to control its dissemination to some small extent (you can prevent the public from seeing it, sometimes, if they aren't very interested). That doesn't make it property. That just means you have rights associated with it.
This was all just an excuse. Welcome to the culture war... nothing is what it seems.
In this episode we managed to equate information with materials, increase the corruption coefficient of several members of Parliament, and decrease the credibility coefficient of that annoying guy with the corruption coefficient of zero. Bob is so annoying.
1) it's not fine to steal things of low value. 2) the RIAA wants you to think stealing a song is like stealing a bar of soap, not like stealing a television - which means later they're going to be talking about the television more 3) stealing songs is not like stealing a bar of soap at all, because you didn't bring your own materials and copying machine(soap maker? lol..) to copy the soap, so you took the materials they used to make it.
most important and relevant of all, 4) MATERIALS are PROPERTY and INFORMATION is NOT.
By putting the soap in the bathroom, they put some soap in their hotel room. That doesn't mean you have the right to take it out of the hotel room. Do you have the right to take the television? It doesn't matter how much it cost.
I like the old analogies.
1) Hacking into a system is not like breaking into a house and stealing the jewels. It's more like looking through the window and seeing a winning lottery number.
2) Downloading music online is not like stealing CD's from the music store. It's more like reading the newspaper that someone left on the bus, oh and maybe making a copy with the special elite 9000DPI possibly-virus-infected portable ultralight camouflaged optical character recognizing handheld scanner which you, of course, being the super 1337 and ultra hip Civil Disobedient you are, never leave home without.
They can arrest you for taking the soap. They just don't because it would be awful for public relations. Yes PR is the reason, not because it didn't cost them anything or because they don't care about the soap, it's because of PR, otherwise they would arrest you. Does McDonald's still give you ketchup if you don't ask? No. The ketchup packets cost money. So do bars of soap. Remember: hotels are corporations, and corporations (at least ones who have to deal with the public) don't make money without looking like they have a heart. But the heart is fake, don't fall for it.
Similarly, arresting someone for downloading a song is a bad idea. Better to make their connection not work as well afterward. Better to fine them, make them waste their time in court, better to send a letter to their address and cause some fear and drama, better to tell their school that they are degenerate lowlives, better to spam congress and other cultural outlets about the depravity of today's children...
it's the same ol... I'm amazed, authority is not so scared that it won't allow itself a name anymore...
Slashdot Mirror
It's NOT that hard to sanitize input and keep your mind on your user's flow options. Parametrized SQL? Don't know anything about it: must be proprietary fud.
It is MUCH HARDER to make and keep a program secure if it's written in a "secure language." These languages don't have as many pitfalls, so the programmer is not as aware and on the lookout for potential intrusions. If it's already all taken care of by the compiler, what need has the programmer to know about security? What need have they to know AES or DES, buffer overflow or multithreaded resource sharing?
I'd rather use "1 or 1" if someone let me put spaces and letters into their numerical inputs -- no nasty giveaway ' character -- but your point is taken, although you're ignoring mine.
My point is you can't make sprintf or memcpy or anything in that language "safe." It's why all the idiots who would want a safe programming language now write buggy crashy slow Java programs. Thank god, nobody has managed to "fix" C yet.
For the record, I don't generally use sprintf, I use myformat, a custom solution.
If you're using the sprintf family you should definitely be making use of the size modifiers or at least checking your buffers before using any %s type escapes.
If you just use snprintf you've not protected yourself against buffer underruns. Consider:
void getUser(const char *uid)
{
char buf[52];
snprintf(buf, 51, "select * from tbl where userid=%s and active=1", uid);
}
Here, if you have a userid that is padded with a few spaces, it doesn't matter if you're active or not.
I'll just continue using gcc; nothing DID happen.
My grammer is extensive and has a few things to say to you.
The comma goes before the quote mark - "when,"
It was lower case because picking on peoples' grammar is a low blow. You know, to communicate additional information? And the full stops are because I talk that way.
How could you possibly think that the grades a teacher assigns are more based on the students than the teacher?
The teacher designs the class, or at least the exams, and teaches the students the material.
Sure a particular student may be more or less prepared to learn the material, may even have different aptitudes for the type of material. But overall the grades in the class are due to how well the teacher teaches and how well s/he judges their students.
Just FIRE him, stop making EXCUSES and hurting your kids.
It makes users think framing is okay and secure when a company like google does it. When in reality, framing lets you steal user information, session information, cookies, ad revenue, ...
btw if you're going from "it is" to "its" you have to use an apostrophe. "it's spelled with an apostrophe."
Heh, the same goes for that "other" Neilsen, but nobody cares.
It's a lucky sperm club thing.
As for why you have to wait to post, it's so that you will think a little bit before you go and say something like, oh, say, "the lucky sperm club runs the world" and get yourself in trouble. (*fortunately I'm already in trouble)
The fundamental user model of a web page only provides reliable caching. Other than that, it's worse than worthless in that it inhibits the kind of things you can do with your internets.
Server side includes? Wow dude, just throw my security and privacy out the window along with all reason and common sense why don't you. Server side includes? You're using some microsoft bs then...
and MVC? No wonder. Next you'll be using a web 2.0 toolkit that lets you make websites in visual basic. Get a clue!
It's not advertising revenue I'm concerned with, but all the data I enter on those various sites that they should not be sharing with each other. Or with facebook. Or with Google. I guess at some point you have to give in, but not before making your security a top priority.
The unintended and undesireable behavior:
My security is compromised.
Admittedly with facebook et all they probably aren't stealing my passwords or form values.
But another side effect is that framing becomes "ok" for even less-well-known and less-accountable sites, even though it's clearly a very serious security issue.
Where? No there isn't.
... so basically, the pirates will have to work for their dubloons just like everyone else! ARR!
Plus, it's still crackable, so who gives a sh!t?
The funniest thing is, DRM was the lame publicity stunt. Lame because everyone hated the idea that their rights needed to be managed. Steam is just not naming this one the same thing: that's good marketting practice, not really a lame publicity stunt. Of course it's still digital rights management, they just didn't add the "lame publicity": capital letters and an acronym.
It DOES appear to apply technological inhibitions against otherwise lawful behavior.
DRM's meaning is not overloaded at all and you can't just say "Our product is not DRM." The industry decides whether or not it's DRM, and this is clearly digital rights management.
does not restrict
Um, except that I can't take it to another computer, hello, what if mine blows up?
That's cute, but the so-called "gravitomagnetic effect" is not gravitational at all, it's purely magnetic. As Wikipedia puts it,
The main consequence of the gravitomagnetic force...is that a free-falling object near a massive rotating object will itself rotate.
not gravity. gravitomagnetic. It's just a gyroscope.
You have it precisely. This is very simple team dynamics. How can they get it so confused? It's well known (although strange) that in small groups (2-5 I think) having a non-participating member in the group increases the group's performance. This is easy to see, if you look:
1) Non-participating member makes jokes. Other members get slightly jealous and annoyed: they want to disassociate with this joker and work more. They are also slightly amused, although they'd never admit it, and thus work is easier for them.
2) Non-participating members don't contribute to expected workfarce. If a project that takes 8 work hours is due in 2 hours with 4 working members, it'll not get done because all the workers expect to put in 2 hours. None of them can, of course: they have to blink sometime. But with 3 working members, they all overestimate the amount of work they need to do, and the work is done in an hour and a half.
3) If you're participating and someone else isn't, you're not the one who's gonna get fired. At least, not if you work at Microsoft. Job security definitely increases productivity.
The only problem is the lack of a sense of fairness. The nonworker of course is just sitting back, so everyone feels it's unfair. But if they can get over their frustration and anger dealing with that, (which they should be able to do, given that life is such a bitch anyway), the nonworker actually contributes more to the team than any of the workers do.
I think that's hilarious. School is way harder than the real world.
I'm coming back to academia from the 'real world,' where I worked a 'real job' as a domestic consultant. I got paid more than they ever indicated I would make in school. I got to have a hell of a lot more fun. And I got to meet some really cool people. Shit yeah I had to do a lot of work, who doesn't?
SCHOOL is SHOCKING.
Speech class: standing ovation, for my speech alone. Grade? D+.
Data structures: aced all the exams and tests. Except the final, which I somehow got a ZERO on, teacher never handed it back. Got a C- in the course. (at least a C- required for upper division courses, so I figure this is aimed at my GPA, since I won't likely retake it)
Biology: Everyone in the class comes to me for help. My grade? D.
Chemistry: Same as biology.
?? They're too worried about narcissism. I'm a genius, but I know I have faults. Still, they are harking on them way too much. I'm a great worker and the teachers are making me want to suicide.
that would be 2 triplets. :(
How is your copy's value reduced to zero? Neither copy is of zero value at any point, since either copy may be sold (legally or illegally) for real value. Your value comes from the ability/"legal right" to distribute information, not from the information itself. Information by itself is invaluable, it's the withholding of information that can have a debt instead, are you following the basics here?
;) anyway, enjoy...
If I were to create a glut of availability for your information (eg distribute it for free), that would be violating your property rights - because you OWN the RIGHT to distribute that information, see? Not because you own the information itself.
When it comes to a particular song the same effect comes into play. If I just steal the song, I haven't hurt you. It's not until I start distributing that there is a problem. But here the problem is confounded by the idea that leeching is bad, so your social mores against leaching(eg, pay for what you get) lead you to DISTRIBUTE the data as well!! The morality is really screwed up if you follow it around
Your medical information is not your property just because you have the right to control it. You have the right to control its dissemination to some small extent (you can prevent the public from seeing it, sometimes, if they aren't very interested). That doesn't make it property. That just means you have rights associated with it.
This was all just an excuse. Welcome to the culture war... nothing is what it seems.
In this episode we managed to equate information with materials, increase the corruption coefficient of several members of Parliament, and decrease the credibility coefficient of that annoying guy with the corruption coefficient of zero. Bob is so annoying.
No. More importantly and relevantly,
1) it's not fine to steal things of low value.
2) the RIAA wants you to think stealing a song is like stealing a bar of soap, not like stealing a television - which means later they're going to be talking about the television more
3) stealing songs is not like stealing a bar of soap at all, because you didn't bring your own materials and copying machine(soap maker? lol..) to copy the soap, so you took the materials they used to make it.
most important and relevant of all,
4) MATERIALS are PROPERTY and INFORMATION is NOT.
Nope, still not a good analogy.
By putting the soap in the bathroom, they put some soap in their hotel room. That doesn't mean you have the right to take it out of the hotel room. Do you have the right to take the television? It doesn't matter how much it cost.
I like the old analogies.
1) Hacking into a system is not like breaking into a house and stealing the jewels. It's more like looking through the window and seeing a winning lottery number.
2) Downloading music online is not like stealing CD's from the music store. It's more like reading the newspaper that someone left on the bus, oh and maybe making a copy with the special elite 9000DPI possibly-virus-infected portable ultralight camouflaged optical character recognizing handheld scanner which you, of course, being the super 1337 and ultra hip Civil Disobedient you are, never leave home without.
They can arrest you for taking the soap. They just don't because it would be awful for public relations. Yes PR is the reason, not because it didn't cost them anything or because they don't care about the soap, it's because of PR, otherwise they would arrest you. Does McDonald's still give you ketchup if you don't ask? No. The ketchup packets cost money. So do bars of soap. Remember: hotels are corporations, and corporations (at least ones who have to deal with the public) don't make money without looking like they have a heart. But the heart is fake, don't fall for it.
Similarly, arresting someone for downloading a song is a bad idea. Better to make their connection not work as well afterward. Better to fine them, make them waste their time in court, better to send a letter to their address and cause some fear and drama, better to tell their school that they are degenerate lowlives, better to spam congress and other cultural outlets about the depravity of today's children...
it's the same ol... I'm amazed, authority is not so scared that it won't allow itself a name anymore...