How is this bullshit? If someone believes that someone else is stealing their code, you don't think they should be allowed to sue? I wouldn't like that. If someone gets sued and thinks it's wrong they shouldn't be able to try to get the case dismissed? I wouldn't like that either.
Both Sony and Nintendo bank on console exclusives, so there's nothing surprising or even underhanded about MS doing the same
I agree, but will also point out that this icon already gets used all the time when Microsoft does the exact same thing it's competitors do and everyone in the industry has to do (e.g., wmp included with windows is "borg" while iTunes coming with mac os is not).
I think it's also because having just one song isn't very useful. If I'm someone who doesn't keep music on my computer, am I really going to download just one or two songs? And then what, I'll leave my stereo and go to the computer when I want to hear just that song? Or I'll burn the one song on a cd?
No, he was right. Letting audience members hook into the sound board is indeed a thing of the past. Phish banned this not because it competes with the soundboard recording that they sell (they weren't doing that so much at the time) but because of incidents where people who were taping directly from the board would touch things on the board they shouldn't or otherwise messed things up. When recording the show threatens to get in the way of the people at the show's enjoyment, then it gets stopped. Phish stopped allowing people to patch in in Fall 1990. Nowadays, there's enough security in venues and around the soundboard that it wouldn't make sense. Audience recordings are obviously still legal. In fact, a lot more bands explicitly allow them now than in the past, due to the success of bands like phish and dave matthews (ugh), and the growing popularity of trading shows, now that computers make it so much easier. At one time, the shows would be recorded on DAT, and then people would have to copy analog tape copies for each other, often trading my mail. Now, most tapers I see record directly onto a laptop and then the shows are put up--often the next day-- as bit torents of losslessly compressed audio (for example, go look at http://www.sharingthegroove.org.
Also worth noting is that virtually no major bands(except Pearl Jam) allow video recording of their shows.
Btw, was anyone else at the (phish) shows in vegas two weeks ago? Man those were sick.
A lot of people have already discussed ideas like this. You should look into what they are saying, as there are some good proposals. There are also some problems with the way you propose things in that running a large mailing list would go from cheap to quite expensive. Better are systems that try to arrange it such taht you only pay if the recipient doesn't know you or hasn't specifically asked for your mail, although details of this are tricky.
It's annoying when you try to install it and it says it wants to install gnome libraries, or KDE libraries (whichever WM libraries you don't like installing, maybe both if you're limited on HD space)
It does sound annoying to try to install an app only discover that it has dependencies you didn't know about. There are two obvious solutions to this:
Apps should list all of their dependencies and you should carefully read that list before installing
The name of the app should have everything it used crammed into it.
Honestly, I can't imagine why the latter would seem like the more senisble choice.
Funny, because I was going to use Brainfuck as an example. But I decided on logowriter instead. It somehow felt more honest, since I've never actually written brainfuck (or befunge, etc.) code. Remember logowriter?
It might make sense (for patent holders) to make reverse engineering illegal
No, actually that doesn't make any sense at all. If you create something and patent it, I can read the patent to find out how it works. Why would I bother reverse-engineering it? Why would you care if I did, given that I would only learn the information that's already publicly available for free in the patent?
Really? It's possible to write obfuscated C code? Some programmers write more readable code than others? Thanks, this is big news. I feel enlightened now.
But I'll continue to live in reality where some languages make it easier to write readable code, while some make it harder. This relativistic position that what's imprtant is the fact that is is possible to write equally-readable code in any language is about as inetellectually appealing as "logowriter, x86 assembly and C++ are all turing-complete languages, so any program that can be written in one of these language can be converted into the others; so it doesn't matter which one you use". While it's obviously technically true that turing complete-languages are equivalently powerful, it ignores the reality that writing certain kinds of programs is easier in some languages, just like writing certain styles of code (e.g., unreadable code) is easier in some language. All languages are not the same.
Not being able to highlight and make notes in the book is good. It sucked to get a book in school that had been used by someone the year before who found it helpful to highlight two-thirds of the sentences (what does this accomplish?) and put notes all over the place. With these electronic books, at least you know you'll get a pristine non-marked up copy.
Someone please mod the parent up, it's a shame that is languishing at score 0. It's also a shame that the writeup didn't link to this blog when discussing the msdn blogs.
I don't think they're that stupid. If they see you sending identical emails to lots of people, they block it, even if they come in separate batches. Otherwise it would be too easy for spammers to do the same thing (I guess the first batch or two might get through). Even if this works for now, it seems likely that this could stop working at any time, so I would much perfer a real solution (like talking to hotmail and showing them what you're sending, or having users whitelist you if possible) to trying to hack around their spam filter in the same way that spammers do.
Re:Blame should be shared between coder and langua
on
PHP and SQL Security
·
· Score: 1
Languages which encourage the mixing of code and data make it extremely easy to write insecure code
In what way? I can see how it makes it easy to write unmaintainable code.
Because this is where all sorts of injection attacks come from (script injection, as well as the sql injection that's the focus here). If you mix code and data, and the data itself contains code, then that code can be executed, as it is now part of your script/ program. This means that a malicious user can put code in the data he supplies to your program and that code will get pasted in with the code you wrote, and run with the same security priviledges.
Constructors should parse special characters that could lead to injection.
No! No, no, no. You don't look for characters that "could lead to injection" and block (or escape) them, you look for input patterns that you know to be safe (ones that can't lead to injection) and only allow those. Trying to guess every possible input that can cause problems is not a good security practice. Please reread Writing Secure Code.
I agree that that was funny. I think the reason it was modded down isn't that it was unfunny; it was that a joke about compiling his letter (actually, the press release about the letter) had already been made, and this really is the same joke.
Non-profits can pretty much do anything they want with their money. Large paychecks, bonuses, wasteful spending, whatever
They can do whatever they want? I thought it was more like they were obligated to? They're not supposed to make a profit, so they have to spend whatever income they get somehow, right?
Right, because the average user doesn't care. My aunt and uncle don't care whether it is faulty RAM or a brownout or an AV that caused their computer to fail, they just want it to restart as soon as possible so they can get back to work. I understand that if your computer is rebooting frequently, you might want to know the source of the problem so you can fix it; this is why turning off autoreboot is an option you can turn on in those cases. If you don't know enough to turn off autoreboot, you're probably not the kind of person who should be trying to diagnose hardware failures anyway.
Slashdot Mirror
I don't get it. Would the message from Nintendo here be "We are evil"? Why would they want that?
So you don't like the fact that companies are treated like individuals. Okay.
And now you don't like the fact that companies aren't treated like individuals.
Well this is convenient. You can just sit here and argue this issue with yourself, while I go off and do something else. Have fun!
How is this bullshit? If someone believes that someone else is stealing their code, you don't think they should be allowed to sue? I wouldn't like that. If someone gets sued and thinks it's wrong they shouldn't be able to try to get the case dismissed? I wouldn't like that either.
I agree, but will also point out that this icon already gets used all the time when Microsoft does the exact same thing it's competitors do and everyone in the industry has to do (e.g., wmp included with windows is "borg" while iTunes coming with mac os is not).
I think it's also because having just one song isn't very useful. If I'm someone who doesn't keep music on my computer, am I really going to download just one or two songs? And then what, I'll leave my stereo and go to the computer when I want to hear just that song? Or I'll burn the one song on a cd?
No, he was right. Letting audience members hook into the sound board is indeed a thing of the past. Phish banned this not because it competes with the soundboard recording that they sell (they weren't doing that so much at the time) but because of incidents where people who were taping directly from the board would touch things on the board they shouldn't or otherwise messed things up. When recording the show threatens to get in the way of the people at the show's enjoyment, then it gets stopped. Phish stopped allowing people to patch in in Fall 1990. Nowadays, there's enough security in venues and around the soundboard that it wouldn't make sense. Audience recordings are obviously still legal. In fact, a lot more bands explicitly allow them now than in the past, due to the success of bands like phish and dave matthews (ugh), and the growing popularity of trading shows, now that computers make it so much easier. At one time, the shows would be recorded on DAT, and then people would have to copy analog tape copies for each other, often trading my mail. Now, most tapers I see record directly onto a laptop and then the shows are put up--often the next day-- as bit torents of losslessly compressed audio (for example, go look at http://www.sharingthegroove.org.
Also worth noting is that virtually no major bands(except Pearl Jam) allow video recording of their shows.
Btw, was anyone else at the (phish) shows in vegas two weeks ago? Man those were sick.
No, of course they're not banned. But using them to record the concert would be illegal if it were in violation of the band's policies.
A lot of people have already discussed ideas like this. You should look into what they are saying, as there are some good proposals. There are also some problems with the way you propose things in that running a large mailing list would go from cheap to quite expensive. Better are systems that try to arrange it such taht you only pay if the recipient doesn't know you or hasn't specifically asked for your mail, although details of this are tricky.
It does sound annoying to try to install an app only discover that it has dependencies you didn't know about. There are two obvious solutions to this:
- Apps should list all of their dependencies and you should carefully read that list before installing
- The name of the app should have everything it used crammed into it.
Honestly, I can't imagine why the latter would seem like the more senisble choice.Funny, because I was going to use Brainfuck as an example. But I decided on logowriter instead. It somehow felt more honest, since I've never actually written brainfuck (or befunge, etc.) code. Remember logowriter?
No, actually that doesn't make any sense at all. If you create something and patent it, I can read the patent to find out how it works. Why would I bother reverse-engineering it? Why would you care if I did, given that I would only learn the information that's already publicly available for free in the patent?
Doesn't this quote have a second half, something about it being "invariably fatal", or something similar? I think it works better that way.
Really? It's possible to write obfuscated C code? Some programmers write more readable code than others? Thanks, this is big news. I feel enlightened now.
But I'll continue to live in reality where some languages make it easier to write readable code, while some make it harder. This relativistic position that what's imprtant is the fact that is is possible to write equally-readable code in any language is about as inetellectually appealing as "logowriter, x86 assembly and C++ are all turing-complete languages, so any program that can be written in one of these language can be converted into the others; so it doesn't matter which one you use". While it's obviously technically true that turing complete-languages are equivalently powerful, it ignores the reality that writing certain kinds of programs is easier in some languages, just like writing certain styles of code (e.g., unreadable code) is easier in some language. All languages are not the same.
It's a college publication. They had a college student interview him, since that's who is on their staff. Who else were they going to use?
There are people who've been writing perl code for years and still don't believe the language is "human readable".
Yes, that's the "clan" to which he belongs. But he is a Muppet, so I don't see what the problem is.
Not being able to highlight and make notes in the book is good. It sucked to get a book in school that had been used by someone the year before who found it helpful to highlight two-thirds of the sentences (what does this accomplish?) and put notes all over the place. With these electronic books, at least you know you'll get a pristine non-marked up copy.
Someone please mod the parent up, it's a shame that is languishing at score 0. It's also a shame that the writeup didn't link to this blog when discussing the msdn blogs.
They have to destory email in order to save it.
I don't think they're that stupid. If they see you sending identical emails to lots of people, they block it, even if they come in separate batches. Otherwise it would be too easy for spammers to do the same thing (I guess the first batch or two might get through). Even if this works for now, it seems likely that this could stop working at any time, so I would much perfer a real solution (like talking to hotmail and showing them what you're sending, or having users whitelist you if possible) to trying to hack around their spam filter in the same way that spammers do.
Because this is where all sorts of injection attacks come from (script injection, as well as the sql injection that's the focus here). If you mix code and data, and the data itself contains code, then that code can be executed, as it is now part of your script/ program. This means that a malicious user can put code in the data he supplies to your program and that code will get pasted in with the code you wrote, and run with the same security priviledges.
No! No, no, no. You don't look for characters that "could lead to injection" and block (or escape) them, you look for input patterns that you know to be safe (ones that can't lead to injection) and only allow those. Trying to guess every possible input that can cause problems is not a good security practice. Please reread Writing Secure Code.
I agree that that was funny. I think the reason it was modded down isn't that it was unfunny; it was that a joke about compiling his letter (actually, the press release about the letter) had already been made, and this really is the same joke.
They can do whatever they want? I thought it was more like they were obligated to? They're not supposed to make a profit, so they have to spend whatever income they get somehow, right?
Right, because the average user doesn't care. My aunt and uncle don't care whether it is faulty RAM or a brownout or an AV that caused their computer to fail, they just want it to restart as soon as possible so they can get back to work. I understand that if your computer is rebooting frequently, you might want to know the source of the problem so you can fix it; this is why turning off autoreboot is an option you can turn on in those cases. If you don't know enough to turn off autoreboot, you're probably not the kind of person who should be trying to diagnose hardware failures anyway.