I was thinking sanitation as in string sanitation and SQL injection as in '); drop table students; --. Thanks for pointing out the bigger picture, TheNinjaroach, vlm. I retract the word "NOTHING" from my previous post.
Re:Nice hacker
on
GitHub Hacked
·
· Score: 5, Insightful
This is NOTHING like lack of sanitizing or SQL injection.
Suppose your object has fields "name" and "is_special", and the web form only exposed "name" because "is_special" isn't supposed to be changed by regular users. The hacker who knows "is_special" exists, adds an "is_special" field to the web form on his browser and submits it. The developer probably uses "update_attributes" to process the form, and with default Rails settings it will commit the new "is_special" value to the database (properly sanitized, of course).
To prevent this, the developer may switch the settings to white-list, and provide a list of safe attributes for mass-assignment (update_attributes being one of the mass-assignment methods). Some people believe white-list mode should be the default settings. The hacker, probably being one of these people, found a great way to make his point that even seasoned Rails developers could use a push towards using white-lists.
Scratch is a nice intro to variables, events, loops, branches. But sadly, there are no methods/functions in Scratch. You cannot structure code, you cannot reuse code, any attempt to increase the scale of your Scratch project will result in frustration and very bad habits. It's alright to play with Scratch for a week or so. After that either give up on programming or move to the real deal.
Well said. MySQL ships with a few default config files for different scenarios, why not Apache?
Apache could ship with a set of default configs (small_lamp being one of them) and save deployers a lot of frustration. A tl;dr manual for small_lamp would be a welcome addition as well. I totally understand if the good people at Apache have been too busy over the last 10 years to produce a small_lamp config. I've been too busy as well, which is why I deploy on nginx.
Not quite as profitable as selling insurance, but AT&T has the second-best thing: SMS.
Astronomical margins, barely takes any airtime. If it were up to AT&T they'd probably be happy to get more text-loving customers and ditch all the data-loving customers.
Step 1 - Buy a made-in-China 3D printer.
Step 2 - Disassemble the printer and model all its parts in 3D.
Step 3 - Re-assemble the printer and print all the parts.
Step 4 - Assemble your very own not-made-in-China 3D printer.
Step 5 -...
Step 6 - Profit!
Not *that* old... I remember the Olympics of 1980 in Moscow and 1984 in Los Angeles. Those weren't "overhyped commercial extravaganza" at all. They were overhyped political extravaganzas.
In the unlikely event of the helium balloon bursting, the captain will yell the evacuation procedure in a chipmunk voice and everyone will die, of laughter.
Here's a novel way to reduce your commute carbon footprint by 20% or even 40%: Work from home one or two days a week.
I WFH 5 days a week. No commute. No A/C. Almost no showers. What could be greener? Now, if I could only find someone to pay me money for this work...
Your employer just adopted "commits-per-day" as a productivity metric.
You are expected to put in at least 6.
Why? Because you're getting paid to do your job. You had better one-up that British guy who racks up 5 commits-per-day on free software.
Slashdot Mirror
I was thinking sanitation as in string sanitation and SQL injection as in '); drop table students; --. Thanks for pointing out the bigger picture, TheNinjaroach, vlm. I retract the word "NOTHING" from my previous post.
This is NOTHING like lack of sanitizing or SQL injection.
Suppose your object has fields "name" and "is_special", and the web form only exposed "name" because "is_special" isn't supposed to be changed by regular users. The hacker who knows "is_special" exists, adds an "is_special" field to the web form on his browser and submits it. The developer probably uses "update_attributes" to process the form, and with default Rails settings it will commit the new "is_special" value to the database (properly sanitized, of course).
To prevent this, the developer may switch the settings to white-list, and provide a list of safe attributes for mass-assignment (update_attributes being one of the mass-assignment methods). Some people believe white-list mode should be the default settings. The hacker, probably being one of these people, found a great way to make his point that even seasoned Rails developers could use a push towards using white-lists.
Scratch is a nice intro to variables, events, loops, branches. But sadly, there are no methods/functions in Scratch. You cannot structure code, you cannot reuse code, any attempt to increase the scale of your Scratch project will result in frustration and very bad habits. It's alright to play with Scratch for a week or so. After that either give up on programming or move to the real deal.
He's Kim Dotcom. She's Mona Dotcom.
It was held by the brits from the second world war
First World War, not Second World War.
Well said. MySQL ships with a few default config files for different scenarios, why not Apache? Apache could ship with a set of default configs (small_lamp being one of them) and save deployers a lot of frustration. A tl;dr manual for small_lamp would be a welcome addition as well. I totally understand if the good people at Apache have been too busy over the last 10 years to produce a small_lamp config. I've been too busy as well, which is why I deploy on nginx.
Don't worry, it has a kill switch.
Not quite as profitable as selling insurance, but AT&T has the second-best thing: SMS. Astronomical margins, barely takes any airtime. If it were up to AT&T they'd probably be happy to get more text-loving customers and ditch all the data-loving customers.
I went to actually RTFA
You've learned your lesson, I hope.
MP3 files are both a wave form and a particle stream, but not simultaneously. The RIAA will tell us which and when.
Step 1 - Buy a made-in-China 3D printer. ...
Step 2 - Disassemble the printer and model all its parts in 3D.
Step 3 - Re-assemble the printer and print all the parts.
Step 4 - Assemble your very own not-made-in-China 3D printer.
Step 5 -
Step 6 - Profit!
"Librum facium"? Your Latin skills deserve in faciem palma.
"1234567890" and "12345678910" will be attempted as part of a dictionary attack. "1234567891011" is oddly safe =)
May I suggest changing your password to "12345"? It is an order of magnitude safer.
The lifetime of Russian nuclear power reactors, by design, goes up to 140%.
Ohhhhhh, flamebait Friday! /. publishes Neil McAllister stories on Fridays.
So that's why
Another mystery solved.
Thank you, sir.
Old COBOL Fart, we who are about to scrum salute you!
Also, don't grow apples
Not *that* old... I remember the Olympics of 1980 in Moscow and 1984 in Los Angeles. Those weren't "overhyped commercial extravaganza" at all. They were overhyped political extravaganzas.
The Bene Gesserit are unimpressed by your strategy, or the article for that matter.
In the unlikely event of the helium balloon bursting, the captain will yell the evacuation procedure in a chipmunk voice and everyone will die, of laughter.
Wait, what? They were supposed to keep the space shuttle and retire Bruce Willis. We are so fucked.
Here's a novel way to reduce your commute carbon footprint by 20% or even 40%: Work from home one or two days a week. I WFH 5 days a week. No commute. No A/C. Almost no showers. What could be greener? Now, if I could only find someone to pay me money for this work...
The story of why there's no Nobel prize in Mathematics is much more interesting, involves a woman.
Your employer just adopted "commits-per-day" as a productivity metric. You are expected to put in at least 6. Why? Because you're getting paid to do your job. You had better one-up that British guy who racks up 5 commits-per-day on free software.