Funny, that's the exact point of view I have (as an American). I'm pinning for Michelle Bachman to win the Republican nomination. I'll vote for her just to watch the far right policies destroy the economy and leave the Republicans unable to win an election for at least a decade or two. Even though I personally lean left, I can't wait to let the lunatic fringe of the Republican party leave the country in a wreckage, if only to provide a dramatic illustration of just how wrong headed that ideology is. It's the only way, you can't reason with them. Sometimes you just have to rub a dogs nose in his shit.
The first problem is that this isn't REAL "money". It is treated that way, and it's measured that way. But "created" fiat dollars can disappear even faster than it is created, as we learned beyond doubt in 2008. Sorry friend, but if it can go "poof" into thin air overnight, then it's not "real" wealth by any sane standard. It's nothing but numbers in a computer.
And gold is nothing but atoms in a specific configuration. What exactly are the intrinsic properties of gold that make it a more worthwhile "money" than bits in a computer? The very concept of "money" is artificial in the first place, what exact difference does it make if it's gold or bits? And no, the fact that our ancestors saw gold and thought, "Oooh, shiny" is not a good reason.
And if I read your argument wrongly, what then would REAL money be? Personally I'm partial to giant stone wheels
I knew VS 2008 had it. After I installed VS 2010 I noticed the distinct lack of Emacs bindings, but fortunately I don't have to use VS all that often. I did set Aptana nee Eclipse up to use Emacs bindings, although they're sorely lacking. I'd still be using emacs except my project just got too big (and with Django the file structure can be both wide and deep). RE: VS, I like Visual Studio, I hate MS technologies. Everything is so... goddamned stupid.
having to add spaces isn't all that convincing of an argument. Does it really impact your life that much that you'd have instead of "dir/w/a:d" you'd have to type "dir -w -a=d"? Or even better, in a script (for "documentation purposes") "dir --wide --attribute=d"
Don't be silly, given that \ is the "standard" escape character, every windows/dos path you might hard code in a string (one off scripts and the like) must be escaped so you end up with c:\\foo\\bar\\baz.txt ICK!! At least scripting languages like python will accept a linux style path in lieu of a MS-DOS one. I routinely find myself retyping paths after having used / (the proper separator!!!) instead of \. Unfortunately for me I found myself at a "Microsoft Shop" so as a consequence suck up whatever sloppy shit Microsoft is excreting on the world this week.
Ah yes, one of the first things I pirated... after DOS 6.22. I wonder why there hasn't been a open source, MS-DOS-like replacement shell like 4dos for modern Windows. Cygwin is nice and all, but it's one huge hell of an installation (to make it usable in an expected fashion). cmd is absolutely useless.
To this day I find myself waffling back and forth between saying "folders" or "directories"... sometimes in the same sentence. Emacs ruined me worse, I can't count the times I hit C-x C-s to save only to have VS cut the current line and then save. Thank goodness for Undo! And don't even get me started on the Emacs movement commands... C-Left/C-Right just is too much hand movement.
You're not the only one. I routinely get frusteratted when I try to type ls into a co-worker's pc that doesn't have my alias set. I wwent a few steps further and set aliases for rm, cp, mv and all the rest. Not by choice mind you, damned Windows Shop. At least I convinced my boss NOT to make me use ASP.NET, opting instead for Python and Django.
Oh, and said boss thinks VB (ala classic ASP) is just neato-keen and keeps making ignorant remarks about how he could whip up some planned application in VB in a couple of hours. Good lord, I've seen the abominations he's wreaked. It's enough to drive a man to drink.
It's pointless to argue with them. Debt, even when it's an overall boon to the economy == bad, torpedoing the economy with enormous budget cuts during a historic recession just so they can claim the holy grail of a balanced budget == good.
I've started to take a subversive turn in my political thinking. I WANT Michelle Bachmann to win. And when she destroys the economy, sets civil rights back 50 years or more and generally makes a god awful mess of everything, we won't see another disastrous Republican presidency for DECADES. Sure, it will make one hell of a mess, but maybe, just maybe, the Republicans will finally move left enough to cast off the lunatic fringe. Even the Democrats don't give their fringe as much sway as the Republicans do. Just look at the rise of the Tea Party, or the Christian Evangelicals. The Party bends over backwards to make these tards happy, and it's going to destroy them.
Not having actually tried commenting on Slashdot from anything but my PC, I would imagine that any lag is due in large part to the fact that Slashdot is a complete and total cluster fuck. It's only recently that commenting worked on a PC, let alone a fancy modern Tablet or Phone.
Honestly, I'm surprised Slashdot works at all on a mobile device, since it's frequently messed up even on much higher performance hardware. Go team Slashdot, wield that Javascript like a pistol, the kind that has a secret barrel that shoots you in the head when you try to attack the enemy,
What part of "they haven't released any binaries and therefore are not required, under the terms of the GPL to release code" do you not understand? Whether you think it's moral or not, they are in no way, shape, or form required to release any code what-so-ever until you can click on a shiny link that says, "Get the Goobuntu Live CD HERE!!!"
Look at you, asserting that your slashdot persona, Michael Kristopeit is your real name while vomiting insults and bile on all the well meaning folks of slashdot. So, feeb, prove that you are Michael Kristopeit, and that Michael Kristopeit is in fact a real person. Oh, you cant? So you're effectively just as anonymous as all the so called feebs you flame on teh internets? Makes you look kind of stupid, doesn't it? Not that you needed any help.
P.S. No, we don't want your phone number. No, we don't want your address. We want PROOF that you are who you say you are. Don't ask me how you're supposed to do that, you're the one who goes on and on about feebs and anonymousness. "Oh HO! I'm 'Michael Kristopeit' cower feeb, why don't you post under your real name?!" LOL! My name is Napolean Bonaparte, why do you cower behind your pseudonym feeb?
I don't entirely disagree, but the current negotiations involve those congress critters on the various budget related committees. In other words, most of congress doesn't have a relevant voice in the current debate and are therefore free to continue the day to day business of the congress while they wait for the budget committees to give them something to vote upon. Or would we rather that these congress critters (being uninvolved with the actual negotiations) spend the bulk of their time giving lengthy, pointless speeches about how important it is that the budget committees come to a compromise?
What this says to me is that one way or another, money is going to have to be borrowed. Either there will be borrowing to shore up the general budget (in lieu of the "stolen" SS funds), or there will have to be borrowing to shore up SS (after they "stole it"). Sounds like the commutative property of government spending to me.
Whether or not the spending is good or not, is a whole other argument.
The point appears to be so that Congress can play these stupid games every so often. Oh, and so some of our more soft-headed citizens can pretend that the debt limit actually means something, or keeps the total national debt contained.
So, if letting the db_query function escape strings for you is "subtle" how is int * foo = malloc(sizeof(int)*20);
any less subtle? Or do you prefer to write all the mechanics of every function out by hand every time?
The GP's example is much more easy on the eyes, easier to type and all around more idiot proof than expecting every half-assed dimwit PHP coder to remember to call addslashes() on query they have in their code. How is it subtle that security requires that all input from users be sanitized and that the function you're using is documented as performing that low level work for you?
If your DB library is really smart all you really have do do is write
db_query("SELECT * FROM foo WHERE bar=%s", $_GET['bar'])
or
db_query("INSERT INTO blah (x, y, x) values (%s, %s, %s)", x, y, z);
(or in la-la-land) db_query("INSERT INTO blah (x, y, z) VALUES ('"+x+"','"+y+"',"+z+"')");
By some amazing "subtle" magic, the placeholder versions quote and escape your input and you don't have to lift a finger. As a bonus, it's easier to both take a query someone gave you and put it in your code.
Say your DBA gave you the following (mysql) query:
select x, y, z from some_table where id=[ID] and date > [DATE]
To put that in your program, all you have to do is paste that query in, replace the placeholders with %s or ? or whatever, pass your data in and you're off and running. Your method requires adding a bunch of error prone quotes and pluses and other junk. Now what if the query is quite a bit more complex, and you have to debug it? Using the simple place holder method, you paste it into whatever tool you use to develop queries and replace the placeholders with your test data. In your method you have to painstakingly remove all the PHP cruft that the DB doesn't care about AND put the proper test data in. It's just stupid.
You've got library functions for a reason, let them do their job so yours is that much easier.
I'm pretty sure the "injection" portion of "SQL Injection" refers to the fact that the attacker is injecting SQL into a particular query, not necessarily that they are injecting bad data into your db. The typical example is something like:
"select * from users where username='bob' or 1=1"
which, in the right circumstances (from the attackers point of view) causes the app to display a bunch of information which was supposed to remain hidden.
A SQL injection attack may or may not let you alter a database, depending on what kind of privileges the user performing the query has.
While it's not often I agree with you, in this at least your are 100% correct. These delusional idiots have held our civilization in their sweaty grasp for so long that they think they were born to it. Unfortunately, even if we westerners managed to beat our religion, we'd still be stuck with the Muslim hordes hell bent on converting everyone to their shitty belief system.
I don't like it, but I wholeheartedly believe the 21st century is going to be marked by the wholesale slaughter of the deranged Muslim fanatics that refuse to let to of bronze age thinking. The moderate Muslims have only a slim chance of convincing their retarded brethren that they really don't have a snowballs chance in hell of converting the world to their brain dead religion. These sons of bitches live and breath absolute insanity. They are willing to die for a lie. How could anyone assume that they would just give up, and make way for some kind of sustainable civilization?
So long Islam, you had a good run. Too bad you're opposed to 90% of the world, and those are odds even Allah can't help you with.
It's already collapsed, but inertia keeps up the illusion of Power. Just wait until we turn our unfathomable military might upon our selves. Happy times are coming. Ya hoo.
Um, no; you've got that backwards. Bullying is more accepted now than it was back in the day. Which is why we've got national anti-bullying campaigns, increases in teen suicides, and stuff like the TSA. People aren't allowed to stand up for themselves anymore.
This statement doesn't make any sense. If bullying was more accepted, why would there be more national anti-bullying campaigns? You're confusing small time school yard bullying with federal bullying, which can only be so defined under certain limited circumstances.
I don't want to sound like I'm in favor of the thuggery currently practiced by our governmental institutions, but it's foolish to call such acts "bullying" while simultaneously trying to compare those bureaucratic acts of thuggery to an insecure child trying to push other kids around. They're not even in the same ballpark, let alone league.
It is indesuptible that there are petty bureaucrats flexing their muscle and inconvenicing us regular Volk with retarded procedures and regulation, but for gods sake, quit trying to make these naive metaphorical connections to schoolyard bullying.
Slashdot Mirror
Funny, that's the exact point of view I have (as an American). I'm pinning for Michelle Bachman to win the Republican nomination. I'll vote for her just to watch the far right policies destroy the economy and leave the Republicans unable to win an election for at least a decade or two. Even though I personally lean left, I can't wait to let the lunatic fringe of the Republican party leave the country in a wreckage, if only to provide a dramatic illustration of just how wrong headed that ideology is. It's the only way, you can't reason with them. Sometimes you just have to rub a dogs nose in his shit.
The first problem is that this isn't REAL "money". It is treated that way, and it's measured that way. But "created" fiat dollars can disappear even faster than it is created, as we learned beyond doubt in 2008. Sorry friend, but if it can go "poof" into thin air overnight, then it's not "real" wealth by any sane standard. It's nothing but numbers in a computer.
And gold is nothing but atoms in a specific configuration. What exactly are the intrinsic properties of gold that make it a more worthwhile "money" than bits in a computer? The very concept of "money" is artificial in the first place, what exact difference does it make if it's gold or bits? And no, the fact that our ancestors saw gold and thought, "Oooh, shiny" is not a good reason.
And if I read your argument wrongly, what then would REAL money be? Personally I'm partial to giant stone wheels
I knew VS 2008 had it. After I installed VS 2010 I noticed the distinct lack of Emacs bindings, but fortunately I don't have to use VS all that often. I did set Aptana nee Eclipse up to use Emacs bindings, although they're sorely lacking. I'd still be using emacs except my project just got too big (and with Django the file structure can be both wide and deep). RE: VS, I like Visual Studio, I hate MS technologies. Everything is so... goddamned stupid.
Ahem...
...you are out of your mind.
..buy a Mac.
having to add spaces isn't all that convincing of an argument. Does it really impact your life that much that you'd have instead of "dir/w/a:d" you'd have to type "dir -w -a=d"? Or even better, in a script (for "documentation purposes") "dir --wide --attribute=d"
The DOS style of command switches sucks.
Don't be silly, given that \ is the "standard" escape character, every windows/dos path you might hard code in a string (one off scripts and the like) must be escaped so you end up with c:\\foo\\bar\\baz.txt
ICK!! At least scripting languages like python will accept a linux style path in lieu of a MS-DOS one. I routinely find myself retyping paths after having used / (the proper separator!!!) instead of \. Unfortunately for me I found myself at a "Microsoft Shop" so as a consequence suck up whatever sloppy shit Microsoft is excreting on the world this week.
Ah yes, one of the first things I pirated... after DOS 6.22. I wonder why there hasn't been a open source, MS-DOS-like replacement shell like 4dos for modern Windows. Cygwin is nice and all, but it's one huge hell of an installation (to make it usable in an expected fashion). cmd is absolutely useless.
To this day I find myself waffling back and forth between saying "folders" or "directories"... sometimes in the same sentence. Emacs ruined me worse, I can't count the times I hit C-x C-s to save only to have VS cut the current line and then save. Thank goodness for Undo! And don't even get me started on the Emacs movement commands... C-Left/C-Right just is too much hand movement.
Real men use VBScript!! .... *shudder*
You're not the only one. I routinely get frusteratted when I try to type ls into a co-worker's pc that doesn't have my alias set. I wwent a few steps further and set aliases for rm, cp, mv and all the rest. Not by choice mind you, damned Windows Shop. At least I convinced my boss NOT to make me use ASP.NET, opting instead for Python and Django.
Oh, and said boss thinks VB (ala classic ASP) is just neato-keen and keeps making ignorant remarks about how he could whip up some planned application in VB in a couple of hours. Good lord, I've seen the abominations he's wreaked. It's enough to drive a man to drink.
Hmm, something about the idea of throwing 4chan in Gitmo appeals to me...
It's pointless to argue with them. Debt, even when it's an overall boon to the economy == bad, torpedoing the economy with enormous budget cuts during a historic recession just so they can claim the holy grail of a balanced budget == good.
I've started to take a subversive turn in my political thinking. I WANT Michelle Bachmann to win. And when she destroys the economy, sets civil rights back 50 years or more and generally makes a god awful mess of everything, we won't see another disastrous Republican presidency for DECADES. Sure, it will make one hell of a mess, but maybe, just maybe, the Republicans will finally move left enough to cast off the lunatic fringe. Even the Democrats don't give their fringe as much sway as the Republicans do. Just look at the rise of the Tea Party, or the Christian Evangelicals. The Party bends over backwards to make these tards happy, and it's going to destroy them.
So THAT'S why the instructions for the Ark included two hands of lead shielding!
Not having actually tried commenting on Slashdot from anything but my PC, I would imagine that any lag is due in large part to the fact that Slashdot is a complete and total cluster fuck. It's only recently that commenting worked on a PC, let alone a fancy modern Tablet or Phone.
Honestly, I'm surprised Slashdot works at all on a mobile device, since it's frequently messed up even on much higher performance hardware. Go team Slashdot, wield that Javascript like a pistol, the kind that has a secret barrel that shoots you in the head when you try to attack the enemy,
What part of "they haven't released any binaries and therefore are not required, under the terms of the GPL to release code" do you not understand?
Whether you think it's moral or not, they are in no way, shape, or form required to release any code what-so-ever until you can click on a shiny link that says, "Get the Goobuntu Live CD HERE!!!"
Buddy! Where have you been??
Look at you, asserting that your slashdot persona, Michael Kristopeit is your real name while vomiting insults and bile on all the well meaning folks of slashdot. So, feeb, prove that you are Michael Kristopeit, and that Michael Kristopeit is in fact a real person. Oh, you cant? So you're effectively just as anonymous as all the so called feebs you flame on teh internets? Makes you look kind of stupid, doesn't it? Not that you needed any help.
P.S. No, we don't want your phone number. No, we don't want your address. We want PROOF that you are who you say you are. Don't ask me how you're supposed to do that, you're the one who goes on and on about feebs and anonymousness. "Oh HO! I'm 'Michael Kristopeit' cower feeb, why don't you post under your real name?!" LOL! My name is Napolean Bonaparte, why do you cower behind your pseudonym feeb?
I don't entirely disagree, but the current negotiations involve those congress critters on the various budget related committees. In other words, most of congress doesn't have a relevant voice in the current debate and are therefore free to continue the day to day business of the congress while they wait for the budget committees to give them something to vote upon. Or would we rather that these congress critters (being uninvolved with the actual negotiations) spend the bulk of their time giving lengthy, pointless speeches about how important it is that the budget committees come to a compromise?
What this says to me is that one way or another, money is going to have to be borrowed. Either there will be borrowing to shore up the general budget (in lieu of the "stolen" SS funds), or there will have to be borrowing to shore up SS (after they "stole it"). Sounds like the commutative property of government spending to me.
Whether or not the spending is good or not, is a whole other argument.
The point appears to be so that Congress can play these stupid games every so often. Oh, and so some of our more soft-headed citizens can pretend that the debt limit actually means something, or keeps the total national debt contained.
So, if letting the db_query function escape strings for you is "subtle" how is
int * foo = malloc(sizeof(int)*20);
any less subtle? Or do you prefer to write all the mechanics of every function out by hand every time?
The GP's example is much more easy on the eyes, easier to type and all around more idiot proof than expecting every half-assed dimwit PHP coder to remember to call addslashes() on query they have in their code. How is it subtle that security requires that all input from users be sanitized and that the function you're using is documented as performing that low level work for you?
If your DB library is really smart all you really have do do is write
db_query("SELECT * FROM foo WHERE bar=%s", $_GET['bar'])
or
db_query("INSERT INTO blah (x, y, x) values (%s, %s, %s)", x, y, z);
(or in la-la-land)
db_query("INSERT INTO blah (x, y, z) VALUES ('"+x+"','"+y+"',"+z+"')");
By some amazing "subtle" magic, the placeholder versions quote and escape your input and you don't have to lift a finger. As a bonus, it's easier to both take a query someone gave you and put it in your code.
Say your DBA gave you the following (mysql) query:
select x, y, z from some_table where id=[ID] and date > [DATE]
To put that in your program, all you have to do is paste that query in, replace the placeholders with %s or ? or whatever, pass your data in and you're off and running. Your method requires adding a bunch of error prone quotes and pluses and other junk. Now what if the query is quite a bit more complex, and you have to debug it? Using the simple place holder method, you paste it into whatever tool you use to develop queries and replace the placeholders with your test data. In your method you have to painstakingly remove all the PHP cruft that the DB doesn't care about AND put the proper test data in. It's just stupid.
You've got library functions for a reason, let them do their job so yours is that much easier.
I'm pretty sure the "injection" portion of "SQL Injection" refers to the fact that the attacker is injecting SQL into a particular query, not necessarily that they are injecting bad data into your db. The typical example is something like:
"select * from users where username='bob' or 1=1"
which, in the right circumstances (from the attackers point of view) causes the app to display a bunch of information which was supposed to remain hidden.
A SQL injection attack may or may not let you alter a database, depending on what kind of privileges the user performing the query has.
While it's not often I agree with you, in this at least your are 100% correct. These delusional idiots have held our civilization in their sweaty grasp for so long that they think they were born to it. Unfortunately, even if we westerners managed to beat our religion, we'd still be stuck with the Muslim hordes hell bent on converting everyone to their shitty belief system.
I don't like it, but I wholeheartedly believe the 21st century is going to be marked by the wholesale slaughter of the deranged Muslim fanatics that refuse to let to of bronze age thinking. The moderate Muslims have only a slim chance of convincing their retarded brethren that they really don't have a snowballs chance in hell of converting the world to their brain dead religion. These sons of bitches live and breath absolute insanity. They are willing to die for a lie. How could anyone assume that they would just give up, and make way for some kind of sustainable civilization?
So long Islam, you had a good run. Too bad you're opposed to 90% of the world, and those are odds even Allah can't help you with.
It's already collapsed, but inertia keeps up the illusion of Power. Just wait until we turn our unfathomable military might upon our selves. Happy times are coming. Ya hoo.
Um, no; you've got that backwards. Bullying is more accepted now than it was back in the day. Which is why we've got national anti-bullying campaigns, increases in teen suicides, and stuff like the TSA. People aren't allowed to stand up for themselves anymore.
This statement doesn't make any sense. If bullying was more accepted, why would there be more national anti-bullying campaigns? You're confusing small time school yard bullying with federal bullying, which can only be so defined under certain limited circumstances.
I don't want to sound like I'm in favor of the thuggery currently practiced by our governmental institutions, but it's foolish to call such acts "bullying" while simultaneously trying to compare those bureaucratic acts of thuggery to an insecure child trying to push other kids around. They're not even in the same ballpark, let alone league.
It is indesuptible that there are petty bureaucrats flexing their muscle and inconvenicing us regular Volk with retarded procedures and regulation, but for gods sake, quit trying to make these naive metaphorical connections to schoolyard bullying.
yep, you're really sticking it to them. Good job, you should be proud of yourself.