Prepared queries are good, but nothing beats actually sanitising the input properly to provide a global assurance that the user input contains nothing dodgy. I tend to match everything against a tight regexp, such that unless I say it's in, it's out. Unfortunately, you can't remove the single quote from things like "O'Reilly".
There's still very little need for assembly in most fields. Instruction sets are fairly compiler friendly, and compilers are fairly good nowadays. (Though XCode's codegen always fails to use 1 FPU register, which is a right pain.)
The last bit of FPU-intensive C code I wrote, when I threw it at Freescale's analysis tools, absolutely saturated every single floating point pipeline so that hand-coded asm code _could not have been faster_ than my fairly trivial, and fairly portable C.
I was in some ways very happy, but I had also been looking forward to actually learning how to code non-trivial PPC assembly loops, so was also disappointed.
If it does not provide content filtering, then it never claimed to protect you from dodgy content in the first place. So such devices are not failing to meet their specification.
I think you've missed his point. There are now two ways that, for example, a quote character can be passed as user input to your program: either as " or as %ublah.
Your program, sitting below the layer performing the unicode translations, doesn't need to do anything differently from before, as it doesn't matter which of the two methods were used. If you _relied on_ the layers above you to strip out, reject, escape, or whatever, quote characters, then you're writing teabag code, and should get a job selling flowers instead, as software engineering is beyond you.
Always validate user input to your own specification. Never rely on something external to do it.
This exploit hasn't changed the rules one little bit, it's just highlighted the fact that some idiots don't follow them.
Devices have been not popping up confirmation dialogues a lot longer than they have been popping up confirmation dialogue boxes. Pretty much every device I used before about 1990 never asked me to confirm my actions.
Are you sure you want me to toast this bread - I may burn it? Are you sure you want me to wash your laundry - the colours may run? Are you sure you want me to start the engine - you might crash?
Start MS Windows Calculator. Press Alt-F4. No confirmation popup - it just closes. Start MS Windows Charmap. Press Alt-F4. No confirmation popup - it just closes. Start MS Windows Clock. Press Alt-F4. No confirmation popup - it just closes.
Your presumtion of the non-existance of simply acting upon a stimulus is a complete fallacy.
""" And as for this "1-click" patent, the patent was [i]not[/i] obvious. I was a programmer before, during, and still am well after this was developed. Programmers just didn't do anything significant without asking for confirmation from the user. Period. End of Story. """
Wrong. Period. End of Story.
Can you explain why the PC videophone I was developing (way back before Amazon's patent) had what you might call 'one click' functionality where if you clicked on one of the auto-dial buttons, it would, grab a brandy and sit in a comfortably chair - this is gonna shock you, auto-dial the number corresponding to that button, _without confirmation_!
The concept of acting upon a stimulus is as old as the hills. The maintainance of user state, such that information does not need to be gathered repeatedly is exactly what cookies were invented for. The combination of acting immediately upon a stimulus using said stored information is not inventive in any way.
Thanks for that snippet of legal case history insight that I'm sure many US citizens and almost all foreigners will not be aware of. You seem to be fairly use nothing supersedes it?
But prime and irreducible are not interchangable terms. Non-zero non-unit x is prime if whenever x|ab, x|a or x|b. The concept they want is irreducibility, so that's the one they use by name, not primeness.
I've seen religion cause several naive people's minds implode much more than if they hadn't got a dose of god. In particular I've seen a couple of gay guys who were basically mentally tortured by the christian community they were unfortunately part of. Everything on that South Park episode was an understatement if the reality I've seen.
"the Koran is actually very clear on the rules of war, prohibiting things like the targeting of civilians, kidnapping, wanton destruction of buildings, torture, or killing any more than necessary to achieve the objectives."
Do you not realise how utterly contentless that statement is.
A: X say you should do Y B: They don't. Unless it's necessary. A: ??!??!?!?
If you read the Koran, you'll see that when it indicates that aggression is required, it's utterly brutal, with _everything_ being fair game. Of course, such passages are most often misquoted without the introduction that tells you when the mindless brutality is necessary, which incorrectly implies that mindless brutality is always necessary.
If Puthoff and Targ are unable to find rational explanations for what they witnessed Geller doing, then that probably means there's an utterly trivial explanation for it. Puthoff and Targ are either phenominally stupid, or are complicit in the effect they are trying to measure, every single time.
However, the DMCA takedown request was not claiming that the forged document was copyrighted. It was claiming that the photograph (and the signature) on that document are copyrighted, but not the document as a whole.
Everything that's needed is in the _data_, in the error bars. Commentary like "and we're not lying, honest" is unnecessary. But I've said that twice already...
But the results of a fabricator hold no more credibility because he says that he can reproduce his results. N*0=0.
Therefore there is absolutely no point at all in claiming that one can repeat ones results. Don't make useless claims - just show me the error bars. Of course, if one says one can't reproduce ones results, then one's a different type of loon. The only validation occurs when _others_ reproduce the results.
Would you now explain to someone who grew up in London during the IRA era, has spent several hours underground in a tube train which LT didn't want to move to a station due to such a threat, and was living in Manchester at the time of the Arndale Centre incident, precisely how bomb threats are "an unrelated concept" to terrorism?
Maybe you could be a virtual voyeur as I virtually raped your avatar. Or maybe you'd have a steady stream of female avatars, and replace them when I'm finished with them. Then you'd be some kind of virtual pimp, or something. I don't know, I'm a virtual beginner at all this, don't expect me to have an answer to every question.
Slashdot Mirror
Prepared queries are good, but nothing beats actually sanitising the input properly to provide a global assurance that the user input contains nothing dodgy.
I tend to match everything against a tight regexp, such that unless I say it's in, it's out.
Unfortunately, you can't remove the single quote from things like "O'Reilly".
There's still very little need for assembly in most fields. Instruction sets are fairly compiler friendly, and compilers are fairly good nowadays. (Though XCode's codegen always fails to use 1 FPU register, which is a right pain.)
The last bit of FPU-intensive C code I wrote, when I threw it at Freescale's analysis tools, absolutely saturated
every single floating point pipeline so that hand-coded asm code _could not have been faster_ than my fairly trivial, and fairly portable C.
I was in some ways very happy, but I had also been looking forward to actually learning how to code non-trivial PPC assembly loops, so was also disappointed.
If it does not provide content filtering, then it never claimed to protect you from dodgy content in the first place.
So such devices are not failing to meet their specification.
I think you've missed his point. There are now two ways that, for example, a quote character can be passed as user input to your program: either as " or as %ublah.
Your program, sitting below the layer performing the unicode translations, doesn't need to do anything differently from before, as it doesn't matter which of the two methods were used. If you _relied on_ the layers above you to strip out, reject, escape, or whatever, quote characters, then you're writing teabag code, and should get a job selling flowers instead, as software engineering is beyond you.
Always validate user input to your own specification. Never rely on something external to do it.
This exploit hasn't changed the rules one little bit, it's just highlighted the fact that some idiots don't follow them.
Devices have been not popping up confirmation dialogues a lot longer than they have been popping up confirmation dialogue boxes. Pretty much every device I used before about 1990 never asked me to confirm my actions.
Are you sure you want me to toast this bread - I may burn it?
Are you sure you want me to wash your laundry - the colours may run?
Are you sure you want me to start the engine - you might crash?
Start MS Windows Calculator. Press Alt-F4. No confirmation popup - it just closes.
Start MS Windows Charmap. Press Alt-F4. No confirmation popup - it just closes.
Start MS Windows Clock. Press Alt-F4. No confirmation popup - it just closes.
Your presumtion of the non-existance of simply acting upon a stimulus is a complete fallacy.
"""
And as for this "1-click" patent, the patent was [i]not[/i] obvious. I was a programmer before, during, and still am well after this was developed. Programmers just didn't do anything significant without asking for confirmation from the user. Period. End of Story.
"""
Wrong. Period. End of Story.
Can you explain why the PC videophone I was developing (way back before Amazon's patent) had what you might call 'one click' functionality where if you clicked on one of the auto-dial buttons, it would, grab a brandy and sit in a comfortably chair - this is gonna shock you, auto-dial the number corresponding to that button, _without confirmation_!
The concept of acting upon a stimulus is as old as the hills. The maintainance of user state, such that information does not need to be gathered repeatedly is exactly what cookies were invented for. The combination of acting immediately upon a stimulus using said stored information is not inventive in any way.
use = sure
+1 informative.
Thanks for that snippet of legal case history insight that I'm sure many US citizens and almost all foreigners will not be aware of. You seem to be fairly use nothing supersedes it?
In GF(2^n), x^2+1 = (x+1)^2. So x^2+1 isn't irreducible even though the binary number it you'd represents by it, 5, is prime.
But prime and irreducible are not interchangable terms.
Non-zero non-unit x is prime if whenever x|ab, x|a or x|b.
The concept they want is irreducibility, so that's the one they use by name, not primeness.
"I don't know if they were atheists or not, but religion had nothing to do with Japanese Kamikazes in WWII, for example."
Did you overlook the fact that the ultimate military leader, Hirohito, was considered a god?
I've seen religion cause several naive people's minds implode much more than if they hadn't got a dose of god.
In particular I've seen a couple of gay guys who were basically mentally tortured by the christian community they were unfortunately part of. Everything on that South Park episode was an understatement if the reality I've seen.
"the Koran is actually very clear on the rules of war, prohibiting things like the targeting of civilians, kidnapping, wanton destruction of buildings, torture, or killing any more than necessary to achieve the objectives."
Do you not realise how utterly contentless that statement is.
A: X say you should do Y
B: They don't. Unless it's necessary.
A: ??!??!?!?
If you read the Koran, you'll see that when it indicates that aggression is required, it's utterly brutal, with _everything_ being fair game. Of course, such passages are most often misquoted without the introduction that tells you when the mindless brutality is necessary, which incorrectly implies that mindless brutality is always necessary.
If Puthoff and Targ are unable to find rational explanations for what they witnessed Geller doing, then that probably means there's an utterly trivial explanation for it. Puthoff and Targ are either phenominally stupid, or are complicit in the effect they are trying to measure, every single time.
However, the DMCA takedown request was not claiming that the forged document was copyrighted. It was claiming that the photograph (and the signature) on that document are copyrighted, but not the document as a whole.
Yes I did read what you said.
Everything that's needed is in the _data_, in the error bars. Commentary like "and we're not lying, honest" is unnecessary. But I've said that twice already...
If you do the maths, it's probably unique. 1 in 2^128 things like that just don't occur randomly.
We should have done an altavista-bomb or hotbot-bomb on 'litigious bastards' back then for you ;-)
It's that island shaped like a shamrock, isn't it?
But the results of a fabricator hold no more credibility because he says that he can reproduce his results. N*0=0.
Therefore there is absolutely no point at all in claiming that one can repeat ones results. Don't make useless claims - just show me the error bars. Of course, if one says one can't reproduce ones results, then one's a different type of loon. The only validation occurs when _others_ reproduce the results.
"The experiments were reproducible."
That's for other scientists to say.
Loons tend to tell you their results are reproducable. Scientists tend to tell you to see for yourself.
Bomb threats, eh?
Would you now explain to someone who grew up in London during the IRA era, has spent several hours underground in a tube train which LT didn't want to move to a station due to such a threat, and was living in Manchester at the time of the Arndale Centre incident, precisely how bomb threats are "an unrelated concept" to terrorism?
But if virtual penises are not penises, and virtual rape is not rape, then what does that make something described as virtually awesome.
Did you perhaps forget to consider that I may have chosen my words very carefully indeed.
Maybe you could be a virtual voyeur as I virtually raped your avatar. Or maybe you'd have a steady stream of female avatars, and replace them when I'm finished with them. Then you'd be some kind of virtual pimp, or something.
I don't know, I'm a virtual beginner at all this, don't expect me to have an answer to every question.
http://www.penny-arcade.com/comic/2004/03/19
The only penny arcade I think I've ever found funny. Thanks for the reminder.