So long as queries are composed of strings, there will be injection attacks. There are tools to perform escaping, but they're optional: " 'SELECT * FROM users WHERE id=' + userid" is always going to be something the programmer can choose to do.
The only solution is to remove that option. Limit database interaction to framework ORMs or query building tools (e.g. Querydsl) and the programmer can no longer choose dangerous options.
I'm not suggesting Google is impervious to coercion, only that the have an incentive to maintain as secure a platform as they are able. They are no more vulnerable to corruption than OpenSSL was (though it could even be argued that their political and economic clout makes them less vulnerable; but I wouldn't get behind that position).
Google makes a lot of money on your data. They mine the crap out of your email. Their CEO has said privacy online is silly since if you've done nothing wrong you have nothing to hide. Summed up: they're indifferent to your sense of privacy.
But trust Google to protect it's own interests. It wants to control access to this data. They'll be happy to comply with government requests for data, but on their own terms, and not by willfully subverting the security itself and leaving the door wide open.
Being the doorkeeper makes them powerful. Being a doormat is not in their interest.
My top 5 concerns about the new net filter:
1) _______________everything______________.
2) _____________________________________________________
3) _______________________________is ______going________
4) _____________to ___________ be ____________________________
5) _______________ fine ____________________ .
limited access means a smaller group to monitor for problems. Buzz, for example, went live across the board and had serious privacy issues. If they'd done it on a smaller scale, maybe they could have nipped it in the bud.
illusion of exclusivity makes the product seem cooler. You want what you can't have.
There is a balance to be struck between building a competitive economic/technological advantage and the actual point of the technology: developing a technology that can be leveraged to reduce the environmental costs of producing energy.
But it's not just about road repair. Fossil fuel use externalities are not currently reflected in the price of gas.
Ideally, we should keep the gas tax (even increase it) to cover the damage done by gasoline and institute a road-use tax. We certainly should not replace the gas-tax with a road tax.
Further, I think it's more than reasonable to keep the cost of road maintenance in gasoline-tax. This further incentivizes people to use hybrids/electrics, a technology which in its early stages of development would benefit from an uneven playing field.
No, you get a -1 for delivering your evaluation of his humour in an antisocial and totally distasteful manner. I'd far rather tolerate "predictable redundant humour" than tolerate needlessly angry and misguided rantings.
So as site developers we have to:
- build a flash site for those who have flash.
- an html site for those who don't.
- and an alternate flash site for people with touch screen UI.
Excuse me while a find a bucket into which I can vomit.
Slashdot Mirror
So long as queries are composed of strings, there will be injection attacks. There are tools to perform escaping, but they're optional: " 'SELECT * FROM users WHERE id=' + userid" is always going to be something the programmer can choose to do. The only solution is to remove that option. Limit database interaction to framework ORMs or query building tools (e.g. Querydsl) and the programmer can no longer choose dangerous options.
The article references the SSL Labs tool which includes the TLS POODLE test: https://www.ssllabs.com/ssltes...
I google R stuff all the time and it is a pain in the ass. Google has gotten a lot better recently (or I've been lucky).
Adding "lang" to the end helps. It's a trend for non-single-letter languages (hacklang, golang, etc) but seems to work for R & C too.
I'm not suggesting Google is impervious to coercion, only that the have an incentive to maintain as secure a platform as they are able. They are no more vulnerable to corruption than OpenSSL was (though it could even be argued that their political and economic clout makes them less vulnerable; but I wouldn't get behind that position).
Google makes a lot of money on your data. They mine the crap out of your email. Their CEO has said privacy online is silly since if you've done nothing wrong you have nothing to hide. Summed up: they're indifferent to your sense of privacy. But trust Google to protect it's own interests. It wants to control access to this data. They'll be happy to comply with government requests for data, but on their own terms, and not by willfully subverting the security itself and leaving the door wide open. Being the doorkeeper makes them powerful. Being a doormat is not in their interest.
My top 5 concerns about the new net filter:
1) _______________everything______________.
2) _____________________________________________________
3) _______________________________is ______going________
4) _____________to ___________ be ____________________________
5) _______________ fine ____________________ .
Sounds like something Neil Stevenson might write.
I'd be willing to let this happen if google then released the derived heuristics as free open source software. I'll share if you share.
There is a balance to be struck between building a competitive economic/technological advantage and the actual point of the technology: developing a technology that can be leveraged to reduce the environmental costs of producing energy.
But it's not just about road repair. Fossil fuel use externalities are not currently reflected in the price of gas. Ideally, we should keep the gas tax (even increase it) to cover the damage done by gasoline and institute a road-use tax. We certainly should not replace the gas-tax with a road tax. Further, I think it's more than reasonable to keep the cost of road maintenance in gasoline-tax. This further incentivizes people to use hybrids/electrics, a technology which in its early stages of development would benefit from an uneven playing field.
ALT+SPACE, X
No, you get a -1 for delivering your evaluation of his humour in an antisocial and totally distasteful manner. I'd far rather tolerate "predictable redundant humour" than tolerate needlessly angry and misguided rantings.
More like KAOS.
Enter arma enim silent leges. Just sayin'.
Ironic that their thoughts on the 'controlability' of the internet would be disseminated through a leak made to ... the internet.
... in favour of the defendant. Sets a(nother) legal precedent supporting the idea that modifying something you own is legal.
Registration is to an aol email address.
I had visions of a real-world Snow Crash.
So as site developers we have to:
- build a flash site for those who have flash.
- an html site for those who don't.
- and an alternate flash site for people with touch screen UI.
Excuse me while a find a bucket into which I can vomit.