Please, what is the source. I've searched for a good primary source that shows 'efficient ICE better than Coal power+electric car' is false, but I've not found one - just secondary stuff restating it.
It's certainly not a perfect interview scenario. However, "filtering those who've not spent 5 minutes with a database" is a useful function. Completely inappropriate people make it to interview regularly. Also, exploring the problem with those who don't twig immediately can give some insight into their problem solving abilities/strategies.
OpenOffice.org Writer 3.0 seems to make this error. It has just treated as integers, some telephone numbers that I entered into a table. So real programmers can make such mistakes.
Be wary of selling yourself short - overestimating average ability, relative to your own. You may find you're further along the bell curve than you think. Although, keep the maxim: I will do stupid things, sooner or later. Doctors recommend reading http://thedailywtf.com/ to maintain a healthy scepticism.
The iPhone platform is closed, Windows Mobile is much more open. The arbitrary way that Apple get to pick and choose really sucks.
However, iPhone wipes the floor with Windows Mobile on usability. Some slashdotters value openness more, some value UI more and are willing to overlook Apple's behaviour so far.
I used Blueyonder, before they were bought by NTL and became Virgin Media. They were the best ISP I've ever had. NTL was about the worse, sorry to hear they've dragged Blueyonder down.
It's a tricky situation in the UK, AFAICT there's no good ISP that doesn't require a BT land line. Alex.
I wonder what it would cost someone like Microsoft to have MSI spike the competition.
It would cost much less than allowing MSI do it in the normal course of their business. I know conspiracies are more entertaining than blaming human laziness, but trying to blame poor Linux/MSI integration on Microsoft takes the biscuit. Consider:
MSI are traditionally a hardware OEM, having close to zero customer-experience experience.
MSI were chasing ASUS, time to market would have been a big priority
Netbooks are sold cheap, so they're designed on a tight budget.
Be it Compiler building [haskell.org], version control [darcs.net], writing interpretters for popular imperrative languages [perlfoundation.org], Writing 3D shooters [haskell.org], or a whole host of other tasks.
I'm sure there are other prgrams written in haskell, but >95% of programmers won't tackle those problems in the real world.
However, an even better thing to do (then just create a read-only user), is to escape shit before you query the DB... PHP and MySQL have this nifty function mysql_real_escape_string [php.net] which will do that for you. It is better then using the general escape functions in PHP, for reasons that I read just recently. Basically, it takes into account the character encoding for the DB... http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string
Please repeat after me: String escaping is the wrong answer to SQL injection.
The person being hurt is the mailing list owner, who isn't a customer of Yahoo. The Yahoo subscribers, who marked it as spam will be quite happy, they're no longer receiving this email they forgot subscribing to. The remaining Yahoo subscribers may or may not notice they ceased receiving it. Many will assume that the mailing list has closed all together.
So I don't see any market pressure to force Yahoo's hand. Other than what little publicity the mailing list owner can generate.
I wish we had some widespread way of verifying a mailing list subscription, or cessation thereof.
I would allow this mailing list to prove to yahoo that the subscriptions are real. Also, for the subscribers that did tag it spam to automatically unsubscribe & later prove that they unsubscribed.
I receive too many emails, months after I provide my address to a site. After this time I think I ticked the 'no junk mail' box, but I cannot verify it to myself or to anyone else. Equally when I find the unsubscribe option, it's often a web link that provides no record to me that I unsubscribed.
I don't care how it's done, I just wish it were so. Alex.
Until I RTFA, I was ready to dismiss this as 'failing to understand signed packages. Wrong, they understand package signatures all too well.
The basic attacks seems to be.
1. Obtain old, signed packages. 2. Become a mirror for debian|fedora|ubuntu|$distro. 3. Wait for vulnerabilities to be found in some package. 4. Do not serve the updated packages, continue to serve the vulnerable version. 5. Log IPs of machines downloading from your mirror. 6. Root them.
This works because some package manager software will download and use package metadata even if it's older than what's cached.
One long term solution would be to sign package metadata and serve it only from one central location, over https/sftp. There may be others.
I have to take issue with you there on a couple of points. Stallman is a fanatic and he has entered crack pot country before. I happen to think he's right much of the time.
I take issue with:
It is interesting how most people today point at political and religious fanactics and all agree that fanaticism is never good, while many here worship at the feet of a fanatic.
1. Equating Stallman's fanaticism for free software, with the popular view of religious fanaticism is nothing but trolling. He isn't violent and he doesn't threaten bombings or beheading. 2. Fanaticism in the sense that Stallman portrays it is a good thing. 3. Demonstrably some people disagree with 'fanaticism is never good'. The fanatics quite like the idea for a start. Non-violent fanatics are a good thing, if only to remind us where we could do better/go further toward a goal.
Fission is a nice add on to reclaim some vertical space in Firefox. It makes the address bar behave as in Safari, so the status bar can be switched off.
Slashdot Mirror
Please, what is the source. I've searched for a good primary source that shows 'efficient ICE better than Coal power+electric car' is false, but I've not found one - just secondary stuff restating it.
Thanks, Alex
It's certainly not a perfect interview scenario. However, "filtering those who've not spent 5 minutes with a database" is a useful function. Completely inappropriate people make it to interview regularly. Also, exploring the problem with those who don't twig immediately can give some insight into their problem solving abilities/strategies.
OpenOffice.org Writer 3.0 seems to make this error. It has just treated as integers, some telephone numbers that I entered into a table. So real programmers can make such mistakes.
Be wary of selling yourself short - overestimating average ability, relative to your own. You may find you're further along the bell curve than you think. Although, keep the maxim: I will do stupid things, sooner or later. Doctors recommend reading http://thedailywtf.com/ to maintain a healthy scepticism.
Excellent, could you post the rest of the collection? I've been looking for 'best of ask slashdot' list for a while, mine is very incomplete.
Thanks, Alex
You're right.
The iPhone platform is closed, Windows Mobile is much more open. The arbitrary way that Apple get to pick and choose really sucks.
However, iPhone wipes the floor with Windows Mobile on usability. Some slashdotters value openness more, some value UI more and are willing to overlook Apple's behaviour so far.
Me, I care quite a lot in fact.
Perhaps: Software becomes bloated one bit at a time.
I used Blueyonder, before they were bought by NTL and became Virgin Media. They were the best ISP I've ever had. NTL was about the worse, sorry to hear they've dragged Blueyonder down.
It's a tricky situation in the UK, AFAICT there's no good ISP that doesn't require a BT land line. Alex.
It would cost much less than allowing MSI do it in the normal course of their business. I know conspiracies are more entertaining than blaming human laziness, but trying to blame poor Linux/MSI integration on Microsoft takes the biscuit. Consider:
I'm sure there are other prgrams written in haskell, but >95% of programmers won't tackle those problems in the real world.
Alex
Please repeat after me: String escaping is the wrong answer to SQL injection.
Now please move rapidly toward using prepared statements.
Also, setting up a least privilege is still a very good idea. That should be considered as required for any internet facing database.
Alex
These ones, mostly they've only been released in the Asian markets. It's rare that we see them in the west.
Yep. Bouncing off someones head would inflict little or no damage to a telegraph pole
I didn't say that the mailing list owner was to blame. I said that he or she is the one being harmed.
The mailing list owner has fewer eyeballs, that usually will mean lower advertising revenue.
The person being hurt is the mailing list owner, who isn't a customer of Yahoo. The Yahoo subscribers, who marked it as spam will be quite happy, they're no longer receiving this email they forgot subscribing to. The remaining Yahoo subscribers may or may not notice they ceased receiving it. Many will assume that the mailing list has closed all together.
So I don't see any market pressure to force Yahoo's hand. Other than what little publicity the mailing list owner can generate.
I wish we had some widespread way of verifying a mailing list subscription, or cessation thereof.
I would allow this mailing list to prove to yahoo that the subscriptions are real. Also, for the subscribers that did tag it spam to automatically unsubscribe & later prove that they unsubscribed.
I receive too many emails, months after I provide my address to a site. After this time I think I ticked the 'no junk mail' box, but I cannot verify it to myself or to anyone else. Equally when I find the unsubscribe option, it's often a web link that provides no record to me that I unsubscribed.
I don't care how it's done, I just wish it were so. Alex.
Until I RTFA, I was ready to dismiss this as 'failing to understand signed packages. Wrong, they understand package signatures all too well.
The basic attacks seems to be.
1. Obtain old, signed packages.
2. Become a mirror for debian|fedora|ubuntu|$distro.
3. Wait for vulnerabilities to be found in some package.
4. Do not serve the updated packages, continue to serve the vulnerable version.
5. Log IPs of machines downloading from your mirror.
6. Root them.
This works because some package manager software will download and use package metadata even if it's older than what's cached.
One long term solution would be to sign package metadata and serve it only from one central location, over https/sftp. There may be others.
Alex
I take issue with:
1. Equating Stallman's fanaticism for free software, with the popular view of religious fanaticism is nothing but trolling. He isn't violent and he doesn't threaten bombings or beheading.
2. Fanaticism in the sense that Stallman portrays it is a good thing.
3. Demonstrably some people disagree with 'fanaticism is never good'. The fanatics quite like the idea for a start. Non-violent fanatics are a good thing, if only to remind us where we could do better/go further toward a goal.
Alex.
"Because that's how the last version did it." What you were expecting something logical?
It was too tempting, I just had to run with it.
I expect it will stamp out the competition.
No, I've seen Internet Explorer be restored as default and the quick launch icon reappear following Windows Update sessions on Windows XP.
Ask and ye shall receive Vimperator.
Fission is a nice add on to reclaim some vertical space in Firefox. It makes the address bar behave as in Safari, so the status bar can be switched off.
A minor nitpick. MS have stated their intention to support ODF. Until they deliver it's dangerous to assume or to state as fact, that support. Alex.
Ah, thanks for the info. I'll check out conary. Now if only Debian and Ubuntu would do it..