It has nothing to do with Microsoft at all, it's all because of Intel and IBM. The origional 8088 IBM systems could address 1MB of memory, and they decided to reserve the upper 384KB for hardware addressing, leaving 640K of conventional memory for programs. Then when the 286 came out and could address 16MB of memory they decided to use the same memory mapping so they wouldn't break compatability with older applications. During the DOS days Microsoft was trying to work around the 640K barrier using things like XMS and UMB's.
The 3GB barrier you complained about is because of the a similar thing, memory mapped I/O address space being reserved at the top of the memory area. Under 32-bit Windows they tried using PAE to allow the extra memory to be accessed but it broke a lot of drivers which expected pointers to always be 32 bits in size. Rather than break a ton of drivers they decided to keep the 4 GB limit on Windows XP (I think Windows Server may be able to address the full memory using PAE because it has more stable drivers).
Finally, the 192GB limit in 64-bit Windows is because of overhead involved for the Windows Memory Manager to keep track of pages beyond the 192GB barrier (like requiring larger internal data structures). Instead of having the memory manager waste resources so it can track insane amounts of memory which most people are nowhere near using, they set a limitation.
I see people with their $200 PalmPilots and it takes them twice as long to make notes as I do with a free pencil-and-paper. I see students carry laptops into classsrooms and same deal - they are slower than old fashioned note taking
I am slow at entering notes into my Palm but I have heard that it can be very fast if you master Grafitti. I can type a block of text a lot faster than I can write and I can also re-edit the text on the fly on a laptop which makes it much more efficient than paper for me. My wife can enter a block of text on her cell phone keypad as fast as she could type or write it. If you use the interface enough, you can get really fast at it, and if they use their Palm's or notebooks every school year I think many of them would get faster at it than on paper.
I remember what a pain in the ass it was to write exam essays in english class using a pen and paper. I would have killed for the ability to use Word like they do on the exams now. You spent more time copying from rough to good copy and the teachers had to read illegible cursive writing to mark them. We also had to do long division and stuff without a calculator. What a pita!
Kids are learning to use the computer at an early age, and they should use the tools that are available to them to advance. It won't make them goof off any more than you would with paper. In fact you can't make spitballs and airplanes out of computers so it's probably better!
Because a lot of the game is just catching and training pokemon, at your own pace and discretion. The storyline advances with a few quests and battles in between, but there's no rush to get to the end of the game, you can just hang out and level up your collection. If you want you can just catch 6 pokemon and blow through the storyline to the end...or you can try to catch them all.
I agree with you. I usually just want to play for a bit and relax after work, if the game gets to be too much work itself then I don't bother. I just can't devote the time I used to into games.
So the best games for me are the ones that let you always make progress. There can be difficult parts, enough to trip you up a few times and then you can keep going. Some games do this really well!
I've had that problem too but with USB storage devices. Some would work on my tower for the first time and then would never show up again when I plugged them back in later on. They worked fine on other systems but would never detect on my tower again.
After going crazy trying to find a solution for months I tried a powered USB hub and all of my problems went away. My desktop system has a lot of USB ports but it only seems to properly power two of them. I've found the same with my Compaq laptop. If I plug two hard drives into the USB it will lock up until you unplug one of them, because the USB cannot power both drives properly.
If you're not regularly using the laptop on the commute, at coffee shops, etc., you don't really need a laptop.
If you keep everything on the laptop you can keep separation between your work and personal computer. The laptop also allows you to move your software environment along with your files. I don't want to have to install crap like Lotus Notes on my personal machine and have to replicate the data between them. It's also good to keep company data off of your personal computer as much as possible. You may even have contracts or policies which specify how data is stored, and you can be sure the laptop will meet those requirements and not get you in trouble.
Re:Does it have a monitor and full-size keyboard?
on
Flight of the Desktops
·
· Score: 1
Have you ever tried using something like Windows calculator without a number pad? It's slow to enter the numbers from their horizontal keys, and things like the plus key require you hold shift every time too. With the number pad you can bang off calculations incredibly fast.
That particular model comes in two resolutions 1024x768 and 1400x1050. That laptop had a 1024x768 LCD and I ordered a 1400x1050 model for it. I admit, it is a bet... It might not work and you're warned on every site that sells LCDs that you shouldn't do it.
I have a friend who switches out laptop LCD panels all the time, even between completely different laptop brands. They all use the same three or four brands of LCD panel, it's just the ribbon cable that changes between different laptop brands. You can remove the ribbon cable from your old panel and swap it on the new one and it will work flawlessly.
If you hook up a panel that supports a higher resolution it will be available too. The max resolution of the panel is detected (by Plug and Play or something similar) and will be available automatically when you connect the new panel. I've seen it work every time.
He's not saying that Macs are immune, he's saying that Windows had some bad design concepts at one point. Microsoft went through a phase where they integrated things like scripting and COM into everything they could, but there was very little consideration for security. It wasn't until worms and malware started rampaging across Windows machines that they actually started considering and working on security.
Take Outlook for example. E-mail was normally safe because it's was only text and images. Then add VBA scripting capabilities and embedded ActiveX controls to the mix...suddenly there are huge vectors for hostile software to use in plain old e-mail messages. Internet Explorer would ask if you wanted to install an ActiveX control, if you said yes it would have full access to your system to do whatever it wanted. NT based systems ran will a full compliment of services exposed to the internet and ready to use.
No one considered that people on the internet might be assholes and take advantage of those handy features for completely hostile purposes. Even if they did Microsoft had no clue where to begin and would take years of hard lessons to get Windows into a decently secure state.
Can anyone explain why there is a significant difference between virus and malware,
A virus attaches it's code to programs and spreads itself to others when you run an infected execuable on a system. Viruses are pretty much old school and are easy to detect because they modify the code of executables. They also can't infect programs outside of the priviledge level of the infected software and also cannot do a lot of crazy things outside of the user's access level. They are pretty much old school and are not very profitable, just destructive or annoying.
Malware spreads through an exploit vector or social engineering. It installs software and drivers to the system which it attempts to hide through various tricks and obscure OS functionality. Malware can often have a rootkit driver which make them invisible or impossible to remove when booted normally. Malware is designed to make a profit too (like making your machine send spam, logging passwords or other info, popping up ads...).
The reason for the two different levels of software is because malware initially was difficult for vendors to define. Some software for example, presents it's negative aspects in the EULA and it's assumed to be valid software if you install it. Who's to say that WGA isn't spyware or any software that reports activities back to a central server? Malware is also hard to detect heuristically and antimalware apps instead rely on lists of file/registry locations and hashes.
But the two AV programs shouldn't be an issue because they do their blocking and checking at different points. Antivirus needs filter drivers so it can scan files for attached virus code or activity. Antimalware just needs to periodically scan a set of locations and ensure no malware is there. But yeah, most of them can be integrated pretty easily and it makes sense.
If you're just starting to wonder now then you're gonna be in for a shock. Apple has never been a really transparent company about what they do, and they've always just pushed and bundled things however they like.
Back in the day one of my employers ran a FileMaker server for all of their databases. The FileMaker server would crash fairly often and when it was reloaded it would perform a consistency check on each database. The consitency check would process every record entry in each database to see if it was closed properly. They had multiple databases with millions of records, so it could take days before the checks would complete and the databases are brought back online.
The solution was to have multiple snapshots. If the server crashed, we'd restore the databases from the most recent snapshot. We'd lose some data (whatever was added between the snapshot and the crash), but it was worth it to avoid the lengthy downtime from the consistency checks.
It sounds as if this could just as easily happen to a LAMP server if the same shoddy code were inserted into a Linux/Apache/MySQL/PHP stack. But why hasn't it happened?
What are you talking about? SQL injection happens on LAMP stacks all the time. PHP programmers are just as bad at sanitizing input as ASP programmers. This specific exploit uses ASP.NET which is why it doesn't directly affect LAMP.
... and without specific details, I have no way to know if the scripting language itself was compromised or of it is the script itself that enabled this.
There are specific details. I've never even heard of an entire scripting language being compromized. Obviously an SQL injection would occur because of a script not sanitizing inputs properly.
What do I mean by that? "Visual X programming" and other RAD tools are designed to get code written and published as quickly as possible. What is the problem with that? I gotta say, if code is to be generated quickly, it will likely receive less QA review... if any at all.
Code generation and QA review have no relation. Just because I can generate code fast doesn't mean people won't take the same amount of time checking it for problems.
PHP and many other languages that are typically used in LAMP stacks are edited with a text editor most of the time. Fancy IDEs exist but many people prefer the text editor. It's fast and simple. Hard to beat fast and simple... and programming with clippy at your side is nothing that any coder I know would be interested in.
Any real programmer would understand the advantages of an IDE over a text editor. It's much faster and simpler when the IDE can autocomplete things for you or display their syntax details inline. It also increases code accuracy and organization. Clippy hasn't been around since Office 2000 and was never in Visual Studio so you'll be ok.
But then it got worse when advanced processors emerged... you know, those i386 processors? They were DESIGNED to make virtual machines. What happened? You know what happened. We could have been using some awesome virtualization technologies decades before now and a lot easier than now.
i386 had nothing to do with making virtual machines at all except for Virtual 8086 mode which only virtualizes 16-bit real mode processes in 32-bit protected mode. Virtualizing the 32-bit end of the i386 is a whole different thing altogether. Virtual Device Drivers were made to help transition from MS-DOS to 32-bit Windows and were a terrible idea which never helped virtualization at all.
Code Red, Nimda, etc. weren't SQL injection attacks, Code Red was a buffer overflow and Nimda used an IIS traversal bug. They affected IIS4 and 5 which are ancient. Not only that, but Microsoft had the patches available for both issues months before the worms appeared, their spread was due to admin's not applying them. I remember having to patch some pretty critical Apache issues as well in those days.
Both Apache and IIS have been incredibly secure for years now, and there hasn't been many exploits for either of them. Current web server exploits are usually all related to installed web applications (like forums, blogs or CMS software).
Apache would be vulnerable to this kind of attack too, the only reason it isn't affected is because the web app uses ASP.NET.
Any script on any web server can fail to validate inputs and pass injected code to an SQL query. In this case IIS was affected because the banner software uses ASP.NET. You could easily have an Apache web server on Linux and it can pass injected SQL code to an MS SQL server or any other kind.
The link you provided refers to MSSQL Server which is not a web server. The SQL injection code is built on the web server and could be modified to work with other SQL servers. The injection code is MSSQL specific because the semicolon command syntax.
So yeah, SQL injection if fairly web server independant.
IIS is a web server, it has nothing to do with providing script functions or queries at all. All it does is take user input, run the script through the scripting language's interpreter, and serve the output. It doesn't know shit about how the script, scripting language, or SQL works.
If I have a PHP script that doesn't sanitize inputs, it's not up to IIS to insert PHP functions that will do it. How would it even know what to sanitize inputs for? It could sanitize the inputs for Perl which would do shit if I'm using them to form a query string.
If the author chose to use a less secure way then it is an exploit in his script.
If I copy an unchecked buffer in C and cause a buffer overflow exploit to be in my program, it's not an exploit in C or the Standard C Library, it's an exploit in my program only.
There's no way you could even correct C to somehow save you when you do something like that because it negates a primary function of the language. If it did it would no longer be the same language and would become something like C# instead.
In the 9/11 example, Gasoline can only provide a low level function: it burns. It can't be modified to prevent hijacking or to not burn in certain situations. The airplane flies, it also cannot decide who is pilot and who is hijacker. Those concerns are left to airline/airport security, who would be to blame.
Mod parent up. According to the GP "it is wrong to picture this as a lack or shortcoming of sql. sql is doing what query it is given to it. nothing else." That's precisely the problem! Most security vulnerabilities are the result of software doing exactly what it is told to do!
SQL's job is to efficiently run queries. It's job is not to not question and validate every statement that it receives. The SQL engine has no idea how the data is being used in the program that passed it the statement. That would be like requiring your intel processor to determine that every instruction will be part of a securly written block of code before it executes it.
A layer of abstraction between the low interface (SQL) and the user supplied parameters is what is needed. It's common sense. In this case, the script should be that layer and should clean and validate user input before forming them into queries and passing them to SQL. The script is the one that best understands how the user inputs and the query will interact.
Even if SQL did do more, it would only encourage lazy, insecure script developers who write insecure code and expect SQL to sort it all out in a consistent manner.
A lazer is simply not the correct type of technology for that type of weapon. A lazer will be great for guns which fire a direct beam at a target. To contain a laser into the shape and functionality of of a sword will be more work than it would be practical.
A sword has a set blade length, while lazer beams have an infinite length and would need to be contained somehow. A sword has a strong solid blade which can parry blows, a lazer is not solid at all. A sword has a sharp blade edge for cutting cleanly through opponents without getting stuck. A lazer would have to have enough heat to vaporize whatever it contacts or else it won't cut through opponents at all. A sword doesn't need a power source, lazers do.
The lightsaber itself only has a few advantages over a regular sword anyway: Carry space (lightsaber handle that blade expands from vs. whole sword & scabbard), blade maintainence (sword blades need to be kept sharp and free of oxidization), blade durability (sword blades can break, lightsabers shouldn't), blade strength/sharpness (sword blades cannot cut through all materials, lightsaber might be able to).
So a lightsaber would need to be constructed using a more suitable technology. It also would have to provide a significant enough advantage over a sword in the first place.
It probably will just check that you plucked the string at the proper time, not which note you played (just like their current controllers which use a button for each string, that is used for every note on that string).
Where is Intel's budget 6-core design? Is it because they refuse to make budget 6-core CPU's, or is it because they can't make budget 6-core CPU's?
This is a well known process and has occured many times with previous intel chips.
Intel has to retool and upgrade it's manufacturing plants so they can make the new processor. which costs a lot of money, and can't be done all at once.
The few plants that are capable of making the chip will pump them out and they will be expensive and only bought by customers with a high enough demand for them that they can justify spending the extra money. The money Intel makes from selling those initial expensive processors will go into retooling and upgrading more manufacturing plants. Eventually Intel will have several fabrication plants capable of making the processor and they will lower the price into the range of the regular consumer. Their budget line (Celerons) will simply be failed fabrications of the regular 6 core chip, with the faulty cores disabled.
Right now there's not any kind of screaming demand for 6 cores on the desktop. There's probably no one making destop motherboards thst support them anyway.
If doing the grunt work is the problem, maybe Blizzard should just let people type in the level they want instead of having them work for it? Probably because having to work for your level is a major part of the gameplay.
I remember playing Diablo online when it was easy to use hacks and cheats. The game sorta loses it's edge when everyone is at the highest possible level and can kill Diablo in a single hit. Sure it removed all of the grunt work of hsving to fight through each level and upgrade your character. But what else were you going to do in the first place? The game was reduced to either chilling in town or ending the game by killing Diablo...
It's not that they're lacking skills like twich reflexes or battlefield awareness. It's mainly because the console doesn't have a mouse. In FPS games for example, the mouse lets you look around, change direction and lock onto a target with a simple movement of your hand. A console requires multiple button presses or using the analog stick until things line up correctly. Anyone with a mouse is going to take take people to school in if their opponents are using a game controller or keyboard only in an FPS. It's not because you have more skill, it's just because they don't have the best tool for the job. Just like anyone using the keyboard and mouse in a fighting game like Soul Caliber will get taken to school by a console's controller, which is much better for quick, successive, button combinations.
Slashdot Mirror
It has nothing to do with Microsoft at all, it's all because of Intel and IBM. The origional 8088 IBM systems could address 1MB of memory, and they decided to reserve the upper 384KB for hardware addressing, leaving 640K of conventional memory for programs. Then when the 286 came out and could address 16MB of memory they decided to use the same memory mapping so they wouldn't break compatability with older applications. During the DOS days Microsoft was trying to work around the 640K barrier using things like XMS and UMB's.
The 3GB barrier you complained about is because of the a similar thing, memory mapped I/O address space being reserved at the top of the memory area. Under 32-bit Windows they tried using PAE to allow the extra memory to be accessed but it broke a lot of drivers which expected pointers to always be 32 bits in size. Rather than break a ton of drivers they decided to keep the 4 GB limit on Windows XP (I think Windows Server may be able to address the full memory using PAE because it has more stable drivers).
Finally, the 192GB limit in 64-bit Windows is because of overhead involved for the Windows Memory Manager to keep track of pages beyond the 192GB barrier (like requiring larger internal data structures). Instead of having the memory manager waste resources so it can track insane amounts of memory which most people are nowhere near using, they set a limitation.
I see people with their $200 PalmPilots and it takes them twice as long to make notes as I do with a free pencil-and-paper. I see students carry laptops into classsrooms and same deal - they are slower than old fashioned note taking
I am slow at entering notes into my Palm but I have heard that it can be very fast if you master Grafitti. I can type a block of text a lot faster than I can write and I can also re-edit the text on the fly on a laptop which makes it much more efficient than paper for me. My wife can enter a block of text on her cell phone keypad as fast as she could type or write it. If you use the interface enough, you can get really fast at it, and if they use their Palm's or notebooks every school year I think many of them would get faster at it than on paper.
I remember what a pain in the ass it was to write exam essays in english class using a pen and paper. I would have killed for the ability to use Word like they do on the exams now. You spent more time copying from rough to good copy and the teachers had to read illegible cursive writing to mark them. We also had to do long division and stuff without a calculator. What a pita!
Kids are learning to use the computer at an early age, and they should use the tools that are available to them to advance. It won't make them goof off any more than you would with paper. In fact you can't make spitballs and airplanes out of computers so it's probably better!
Because a lot of the game is just catching and training pokemon, at your own pace and discretion. The storyline advances with a few quests and battles in between, but there's no rush to get to the end of the game, you can just hang out and level up your collection. If you want you can just catch 6 pokemon and blow through the storyline to the end...or you can try to catch them all.
I agree with you. I usually just want to play for a bit and relax after work, if the game gets to be too much work itself then I don't bother. I just can't devote the time I used to into games. So the best games for me are the ones that let you always make progress. There can be difficult parts, enough to trip you up a few times and then you can keep going. Some games do this really well!
I've had that problem too but with USB storage devices. Some would work on my tower for the first time and then would never show up again when I plugged them back in later on. They worked fine on other systems but would never detect on my tower again.
After going crazy trying to find a solution for months I tried a powered USB hub and all of my problems went away. My desktop system has a lot of USB ports but it only seems to properly power two of them. I've found the same with my Compaq laptop. If I plug two hard drives into the USB it will lock up until you unplug one of them, because the USB cannot power both drives properly.
If you keep everything on the laptop you can keep separation between your work and personal computer. The laptop also allows you to move your software environment along with your files. I don't want to have to install crap like Lotus Notes on my personal machine and have to replicate the data between them. It's also good to keep company data off of your personal computer as much as possible. You may even have contracts or policies which specify how data is stored, and you can be sure the laptop will meet those requirements and not get you in trouble.
Have you ever tried using something like Windows calculator without a number pad? It's slow to enter the numbers from their horizontal keys, and things like the plus key require you hold shift every time too. With the number pad you can bang off calculations incredibly fast.
I have a friend who switches out laptop LCD panels all the time, even between completely different laptop brands. They all use the same three or four brands of LCD panel, it's just the ribbon cable that changes between different laptop brands. You can remove the ribbon cable from your old panel and swap it on the new one and it will work flawlessly.
If you hook up a panel that supports a higher resolution it will be available too. The max resolution of the panel is detected (by Plug and Play or something similar) and will be available automatically when you connect the new panel. I've seen it work every time.
He's not saying that Macs are immune, he's saying that Windows had some bad design concepts at one point. Microsoft went through a phase where they integrated things like scripting and COM into everything they could, but there was very little consideration for security. It wasn't until worms and malware started rampaging across Windows machines that they actually started considering and working on security.
Take Outlook for example. E-mail was normally safe because it's was only text and images. Then add VBA scripting capabilities and embedded ActiveX controls to the mix...suddenly there are huge vectors for hostile software to use in plain old e-mail messages. Internet Explorer would ask if you wanted to install an ActiveX control, if you said yes it would have full access to your system to do whatever it wanted. NT based systems ran will a full compliment of services exposed to the internet and ready to use.
No one considered that people on the internet might be assholes and take advantage of those handy features for completely hostile purposes. Even if they did Microsoft had no clue where to begin and would take years of hard lessons to get Windows into a decently secure state.
A virus attaches it's code to programs and spreads itself to others when you run an infected execuable on a system. Viruses are pretty much old school and are easy to detect because they modify the code of executables. They also can't infect programs outside of the priviledge level of the infected software and also cannot do a lot of crazy things outside of the user's access level. They are pretty much old school and are not very profitable, just destructive or annoying.
Malware spreads through an exploit vector or social engineering. It installs software and drivers to the system which it attempts to hide through various tricks and obscure OS functionality. Malware can often have a rootkit driver which make them invisible or impossible to remove when booted normally. Malware is designed to make a profit too (like making your machine send spam, logging passwords or other info, popping up ads...).
The reason for the two different levels of software is because malware initially was difficult for vendors to define. Some software for example, presents it's negative aspects in the EULA and it's assumed to be valid software if you install it. Who's to say that WGA isn't spyware or any software that reports activities back to a central server? Malware is also hard to detect heuristically and antimalware apps instead rely on lists of file/registry locations and hashes.
But the two AV programs shouldn't be an issue because they do their blocking and checking at different points. Antivirus needs filter drivers so it can scan files for attached virus code or activity. Antimalware just needs to periodically scan a set of locations and ensure no malware is there. But yeah, most of them can be integrated pretty easily and it makes sense.
If you're just starting to wonder now then you're gonna be in for a shock. Apple has never been a really transparent company about what they do, and they've always just pushed and bundled things however they like.
Back in the day one of my employers ran a FileMaker server for all of their databases. The FileMaker server would crash fairly often and when it was reloaded it would perform a consistency check on each database. The consitency check would process every record entry in each database to see if it was closed properly. They had multiple databases with millions of records, so it could take days before the checks would complete and the databases are brought back online.
The solution was to have multiple snapshots. If the server crashed, we'd restore the databases from the most recent snapshot. We'd lose some data (whatever was added between the snapshot and the crash), but it was worth it to avoid the lengthy downtime from the consistency checks.
What are you talking about? SQL injection happens on LAMP stacks all the time. PHP programmers are just as bad at sanitizing input as ASP programmers. This specific exploit uses ASP.NET which is why it doesn't directly affect LAMP.
There are specific details. I've never even heard of an entire scripting language being compromized. Obviously an SQL injection would occur because of a script not sanitizing inputs properly.
Code generation and QA review have no relation. Just because I can generate code fast doesn't mean people won't take the same amount of time checking it for problems.
Any real programmer would understand the advantages of an IDE over a text editor. It's much faster and simpler when the IDE can autocomplete things for you or display their syntax details inline. It also increases code accuracy and organization. Clippy hasn't been around since Office 2000 and was never in Visual Studio so you'll be ok.
i386 had nothing to do with making virtual machines at all except for Virtual 8086 mode which only virtualizes 16-bit real mode processes in 32-bit protected mode. Virtualizing the 32-bit end of the i386 is a whole different thing altogether. Virtual Device Drivers were made to help transition from MS-DOS to 32-bit Windows and were a terrible idea which never helped virtualization at all.
Code Red, Nimda, etc. weren't SQL injection attacks, Code Red was a buffer overflow and Nimda used an IIS traversal bug. They affected IIS4 and 5 which are ancient. Not only that, but Microsoft had the patches available for both issues months before the worms appeared, their spread was due to admin's not applying them. I remember having to patch some pretty critical Apache issues as well in those days.
Both Apache and IIS have been incredibly secure for years now, and there hasn't been many exploits for either of them. Current web server exploits are usually all related to installed web applications (like forums, blogs or CMS software).
Apache would be vulnerable to this kind of attack too, the only reason it isn't affected is because the web app uses ASP.NET.
Any script on any web server can fail to validate inputs and pass injected code to an SQL query. In this case IIS was affected because the banner software uses ASP.NET. You could easily have an Apache web server on Linux and it can pass injected SQL code to an MS SQL server or any other kind.
The link you provided refers to MSSQL Server which is not a web server. The SQL injection code is built on the web server and could be modified to work with other SQL servers. The injection code is MSSQL specific because the semicolon command syntax.
So yeah, SQL injection if fairly web server independant.
In part of the exploit's header there's:
GET /page.aspx utm_source=campaign&utm_medium=banner&utm_campaign=campaignid&utm_content=100×200;dEcLaRe%20@s%20vArChAr(8000)%20sEt%20@s=0x6445634C6152652040742076........
The banner serving software uses "page.aspx" which is an ASP.NET file. I think ASP.NET is only available for IIS.
IIS is a web server, it has nothing to do with providing script functions or queries at all. All it does is take user input, run the script through the scripting language's interpreter, and serve the output. It doesn't know shit about how the script, scripting language, or SQL works.
If I have a PHP script that doesn't sanitize inputs, it's not up to IIS to insert PHP functions that will do it. How would it even know what to sanitize inputs for? It could sanitize the inputs for Perl which would do shit if I'm using them to form a query string.
If the author chose to use a less secure way then it is an exploit in his script.
If I copy an unchecked buffer in C and cause a buffer overflow exploit to be in my program, it's not an exploit in C or the Standard C Library, it's an exploit in my program only.
There's no way you could even correct C to somehow save you when you do something like that because it negates a primary function of the language. If it did it would no longer be the same language and would become something like C# instead.
In the 9/11 example, Gasoline can only provide a low level function: it burns. It can't be modified to prevent hijacking or to not burn in certain situations. The airplane flies, it also cannot decide who is pilot and who is hijacker. Those concerns are left to airline/airport security, who would be to blame.
SQL's job is to efficiently run queries. It's job is not to not question and validate every statement that it receives. The SQL engine has no idea how the data is being used in the program that passed it the statement. That would be like requiring your intel processor to determine that every instruction will be part of a securly written block of code before it executes it.
A layer of abstraction between the low interface (SQL) and the user supplied parameters is what is needed. It's common sense. In this case, the script should be that layer and should clean and validate user input before forming them into queries and passing them to SQL. The script is the one that best understands how the user inputs and the query will interact.
Even if SQL did do more, it would only encourage lazy, insecure script developers who write insecure code and expect SQL to sort it all out in a consistent manner.
A lazer is simply not the correct type of technology for that type of weapon. A lazer will be great for guns which fire a direct beam at a target. To contain a laser into the shape and functionality of of a sword will be more work than it would be practical.
A sword has a set blade length, while lazer beams have an infinite length and would need to be contained somehow. A sword has a strong solid blade which can parry blows, a lazer is not solid at all. A sword has a sharp blade edge for cutting cleanly through opponents without getting stuck. A lazer would have to have enough heat to vaporize whatever it contacts or else it won't cut through opponents at all. A sword doesn't need a power source, lazers do.
The lightsaber itself only has a few advantages over a regular sword anyway: Carry space (lightsaber handle that blade expands from vs. whole sword & scabbard), blade maintainence (sword blades need to be kept sharp and free of oxidization), blade durability (sword blades can break, lightsabers shouldn't), blade strength/sharpness (sword blades cannot cut through all materials, lightsaber might be able to).
So a lightsaber would need to be constructed using a more suitable technology. It also would have to provide a significant enough advantage over a sword in the first place.
We could sit here for years inventing theories snd trying to figure it out.
- or -
We could just start blowing shit up and see what happens!
If it's one thing mankind is goot at...it's destroying things!
It probably will just check that you plucked the string at the proper time, not which note you played (just like their current controllers which use a button for each string, that is used for every note on that string).
This is a well known process and has occured many times with previous intel chips.
Intel has to retool and upgrade it's manufacturing plants so they can make the new processor. which costs a lot of money, and can't be done all at once.
The few plants that are capable of making the chip will pump them out and they will be expensive and only bought by customers with a high enough demand for them that they can justify spending the extra money. The money Intel makes from selling those initial expensive processors will go into retooling and upgrading more manufacturing plants. Eventually Intel will have several fabrication plants capable of making the processor and they will lower the price into the range of the regular consumer. Their budget line (Celerons) will simply be failed fabrications of the regular 6 core chip, with the faulty cores disabled.
Right now there's not any kind of screaming demand for 6 cores on the desktop. There's probably no one making destop motherboards thst support them anyway.
If doing the grunt work is the problem, maybe Blizzard should just let people type in the level they want instead of having them work for it? Probably because having to work for your level is a major part of the gameplay.
I remember playing Diablo online when it was easy to use hacks and cheats. The game sorta loses it's edge when everyone is at the highest possible level and can kill Diablo in a single hit. Sure it removed all of the grunt work of hsving to fight through each level and upgrade your character. But what else were you going to do in the first place? The game was reduced to either chilling in town or ending the game by killing Diablo...
It's not that they're lacking skills like twich reflexes or battlefield awareness. It's mainly because the console doesn't have a mouse. In FPS games for example, the mouse lets you look around, change direction and lock onto a target with a simple movement of your hand. A console requires multiple button presses or using the analog stick until things line up correctly. Anyone with a mouse is going to take take people to school in if their opponents are using a game controller or keyboard only in an FPS. It's not because you have more skill, it's just because they don't have the best tool for the job. Just like anyone using the keyboard and mouse in a fighting game like Soul Caliber will get taken to school by a console's controller, which is much better for quick, successive, button combinations.