Slashdot Mirror


User: julesh

julesh's activity in the archive.

Stories
0
Comments
8,446
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 8,446

  1. Re:Restricted access to "public" spec? on Porting to the Linux Standard Base · · Score: 1

    "Anyone have a "public" version of this doc?" ... that doesn't cost $40?

  2. Re:horrible drivers on The State of ATI Drivers on GNU/Linux · · Score: 1

    OK, you've talked me out of it. I was planning on buying ATI X1300 cards for my planned multi-screen setup, but it sounds as if that solution is likely to be unreliable.

    Does anyone know of any nVidia-based PCIe 1x cards on the market?

  3. Re:How difficult is it. on SQL Injection Attacks Increasing · · Score: 1

    When I tried PHP I can't believe that PHP (or rather the mysql database connection layer) has no concept of bind parameters.

    This is because the MySQL API itself has no such concept. Other database engines do, and the PHP implementations of their APIs support it just fine. But PHP include PEAR::DB which provides an implementation as a layer on top of standard functions.

  4. Re:Injection preventation doesn't need input check on SQL Injection Attacks Increasing · · Score: 1

    PEAR is not part of PHP, it's a class library that runs on top of the PHP framework.

    PEAR is distributed with PHP, and is installed along with it unless you specifically run ./configure --without-pear. You might as well argue that C++ doesn't support parameterized queries, cause, you know, ODBC et al aren't part of the core language. Or C doesn't, because the API library that's supplied with MySQL doesn't. Besides: if you're running any database other than MySQL, you get parameterized queries in the standard library. The reason for this is because the standard library consists mostly of direct conversions of vendor-provided APIs to the nearest possible PHP equivalent. The MySQL C API doesn't support the feature, so the MySQL PHP API doesn't. The Oracle one does. The Postgres one does. The Sybase one does. And so on.

    The fact is that there is a well known, commonly-used, officially sanctioned solution to this. The fact that it's an object oriented solution implemented in PHP rather than a procedural one implemented in C like all the stuff in the standard library doesn't matter.

    As such, the mysql interface class (The one that supports PHP 3.x)

    PHP 4 was released over six years ago. PHP 3 was the current version for only two years prior to that. Support for PHP 3 is no longer available; security fixes are no longer applied to it by the PHP developers, who haven't been accepting new bug reports for that version for over a year now. Using it would probably be suicidal, as it included a large number of design decisions that are now widely believed to lead to insecure applications in many situations. Why is compatibility with PHP 3 such an issue?

  5. Re:Injection preventation doesn't need input check on SQL Injection Attacks Increasing · · Score: 1

    I think misinformation that causes people to believe that using a particular type of system will make it harder to have a secure system is FUD: it will instill fear, create uncertainty and cause doubt. Whether it was intended to do so or not, I don't know. Given the anonymous nature of the original poster, I'm not inclined to give him the benefit of the doubt.

  6. Re:It's worth mentioning... on SQL Injection Attacks Increasing · · Score: 1

    it's worth mentioning that SQL injection is a real pain for web developers.

    It's also worth mentioning that it is NO HARDER for web developers to avoid SQL injection than it is for any other kind of developer. Targeting a web platform isn't an excuse.

  7. Re:Injection preventation doesn't need input check on SQL Injection Attacks Increasing · · Score: 3, Informative

    are there web application frameworks which don't support parameterized SQL statements?

    that would be PHP.


    Quit spreading FUD. PHP supports parameterized SQL just as well as any other language I've worked with. See, for example this doc page (search for "Example 2"). Even for databases whose native C APIs don't support the feature (i.e. MySQL), the database abstraction layer PEAR::DB that is distributed with PHP provides emulation.

  8. Re:How difficult is it. on SQL Injection Attacks Increasing · · Score: 1

    Your examples show exactly why web developers don't tend to use prepared statements / data binding for their DB queries: it is much *easier* to do it the other way.

    Frankly, this will continue until doing it the "right" way is almost as easy as doing it the quick hack way. The api should be:

    bind_query('SELECT value FROM REGISTRY WHERE name = ":name"', name=$name);

    I don't think this is possible in PHP, unfortunately, but the language ought to be extended to allow it. Many other languages can do it. This one is possible in PHP, though:

    bind_query('SELECT value FROM REGISTRY WHERE name = ":1"', $name);

  9. Re:How difficult is it. on SQL Injection Attacks Increasing · · Score: 1

    Or you could just use stored procedures.

    For most web applications, stored procedures are overkill and just too time-consuming to implement. If you have a relatively uncomplicated database (which is the case with 90% of web applications, I'd guess), then ad-hoc queries allow much faster development time. Even if you do make the effort to properly quote all your strings, and convert your numbers to numbers rather than using them directly.

  10. Re:FUD? on Virus Jumps to RFID · · Score: 1

    The point is, though, it's almost impossible to get barcodes wrong. In their most common implementation (i.e. UPC/EAN-13) they are fixed length numeric values. How can anyone screw that up?

  11. Re:64bit performance on Core 2 Reviews All Around the Web · · Score: 1

    The Techreport benchmarks (details here) were performed on Win XP 64 bit, with a number of the applications tested being 64 bit editions. If you look at the 64 bit app benchmarks, there's some variation (e.g. Windows Media Encoder it comes out slightly ahead of AMD's best, POVray it comes out slightly behind), but it seems pretty much neck-and-neck with AMD's current chips on 64 bit code.

  12. Re:So what will AMD do? on Core 2 Reviews All Around the Web · · Score: 1

    Our resources won't last forever, and it's always good to conserve.

    Unless you're a blind idiot of course.


    Yes. But there are much better ways of conserving energy than using a lower power processor in your computer. I hope you've switched all your incandescent light bulbs over to compact flourescent (typical average saving per houshold around 100 watts, and much cheaper than getting a new CPU), switch off electric appliances when not in use instead of leaving them on standby (similar savings, higher with some appliances... my kitchen's electric cooker with touch-sensitive controls uses 100 watts on standby!), use a small diesel-powered or preferably electric vehicle for any travel requirements (may save tens of kilowatts over the time you're using the vehicle), etc.

    Saving 60 watts by switching to a lower-power CPU is small fry.

  13. Re:C2D Motherboards are way too expensive on Core 2 Reviews All Around the Web · · Score: 1

    The prices for Core 2 Duo compatible motherboards are just plain atrocious [...] So chances are I will pick up either a nForce 590 SLI

    According to Tom's Hardware (here), the nForce 590 SLI does support the Core 2 Duo.

  14. Re:Never underestimate the quantity of stupid peop on Integrate iPod with Car or Risk Death · · Score: 1

    The driver who thinks he can drive the radio and the car at the same time is the problem.

    [...] just the thought process of "hmm...which CD has my Led Zeppelin and which CD has my Devo?" is enough distraction to take my focus off the road.


    This is why I generally recommend stuff with a simpler interface for in-car use. Take the iPod Shuffle, for example. Only one control of any relevance: skip to the next track. No worrying about choosing which playlist to use, or going through a menu to find a particular track, or whatever. Just hit the "next track" button if you don't like what's playing right now. Requires virtually zero thought.

  15. Re:FUD? on Virus Jumps to RFID · · Score: 1

    I fail to see how (in this case) RFID tags are any more dangerous than barcodes.

    Barcodes typically contain short, fixed-length information. It's very hard to get a system to handle such data wrong to the point where it can be infected by a worm. In fact, I think you'd have to be trying.

    RFID tags implement a computer-controlled bi-directional communication protocol with a host machine to enable the host to identify the tags that are close to it. Many include writable storage space for storing end-user defined data, which is in many cases variable length.

    Reading between the lines of this report, it seems that the attack is used to subvert existing tags, changing how they communicate with the host computer, to exploit a bug in the implementation of that communications protocol. The danger here is that you can walk into a shop with a transmitter, and a few minutes later have every tag in that shop under your control, trying to attack the scanners. This is much worse than barcodes.

  16. Re:Like the JPEG "virus" on Virus Jumps to RFID · · Score: 2, Funny

    [1] People debate terms like "alive", "dead", "reproduce" for hours on end, until they realize they're arguing over definitions, which by definition is pointless....

    No it isn't.

  17. Re:Vandalism isn't just one day on The Dangers of Open Content · · Score: 1
    I don't know how many people in the world think the main purpose of the FSLN was to establish a satellite of the USSR "two days driving time from Harlingen, Texas", but obviously that is what is considered in this article.

    Huh?

    The only mention of Texas in the article is in this sentence (previous sentence quoted for context):

    In 1966, this KGB-controlled Sandinista sabotage and intelligence group was sent to the U.S.-Mexican border. Their primary targets were southern NORAD facilities the oil pipeline running from El Paso, Texas to Costa Mesa, California.

    While I won't say that this is a good sentence, or discuss its accuracy (I'd never heard of this group before now), it hardly implies that this is the primary reason for the group's existence. It just claims that this is something that they did.

    you see, the FSLN had nothing to do with conditions in Nicaragua, since the world revolves around the U.S.

    I see an article that's nearly 10,000 words in length. I see about 5,000 words that discusses relationships between the U.S. and the party. Much of the rest of it IS spent discussing conditions in Nicaragua. Most of the U.S. discussions sound highly relevant to me, for instance allegations of U.S. interference with national elections. Look, you may not like the fact that the U.S. has exerted a lot of influence over international politics. I'm not happy with it either, but the fact remains that they have. And it seems they did in this case, too.

    I really don't see the problem with this article. It could do with some expansion concerning purely internal policies of this party; I'm assuming they did much more while in power than is described here. Other than that, it looks good to me.
  18. Re:Vandalism isn't just one day on The Dangers of Open Content · · Score: 1

    Remember that the Seigenthaler article was tehre for weeks and months. So forget the idea that it's just that people might come across the article on the minute or hour that it had a vandalized version.

    Theory tells us that the length of time a vandalised article will remain depends on how many people are looking at it, in a roughly linear fashion. Therefore we can work on the basis that for each case of vandalism, approximately the same number of people will see it vandalised.

    In this case, the article is quite popular, so it only took 4 minutes for the vandalism to be removed. As it will for any case of vandalism you care to link to on a topic that most of the people here have heard of.

  19. Re:Dangers of international content? on The Dangers of Open Content · · Score: 1

    Why would I trust it as a starting point if I can't trust it as a source?

    Because, according to Wikipedia rules, each article is supposed to contain a collection of links to authoritative sources that contain all of the information in the article[1]. Hopefully, you know enough to be able to assess when a source is trustworthy and therefore you are able to verify that the information is, if not correct, at least as likely to be correct as it would be if you had found it in (e.g.) Britannica.

    OK, in order to do this, you need to have a little understanding of evaluation of sources (e.g. don't trust stuff by unnamed individuals, don't trust self-published articles except when they're talking about the author and even then not if they seem self-aggrandising, etc.)

    [1]: Yes, I'm aware there are a huge number of articles on Wikipedia that don't follow this rule. But most of them are articles you wouldn't normally expect to find in an encyclopedia anyway, because they're about fringe topics.

  20. Re:"88 per cent of e-mails are junk" on A Humorous Introduction To IPv6 · · Score: 1

    s/mode/median/.

    Think before posting. Think before posting.

  21. Re:"88 per cent of e-mails are junk" on A Humorous Introduction To IPv6 · · Score: 1

    How would one go about calculating the average age at which a British child first receives a cell phone?

    # of kids with phones weighted by age then divided by all kids in the UK? Not sure it's doable without a national inquiry involving every child with a cell phone.


    Well, "average" is rather loosely defined. You can calculate the mode (which is one of the three values statisticians use that are generally understood to be averages by non-statisticians) by taking a sample of children of varying ages and finding the age at which the proportion with a phone increases from less than 50% to more than 50%.

  22. Re:Just Tubes? on A Humorous Introduction To IPv6 · · Score: 1

    But the Internet is just a series of tubes, right?

    Yeah, but if you want to send something to someone and you don't have a tube directly to them, what you do is you wrap up what you want to send in a "packet" and you put an "address" on the outside of it. We use "numbers" in the addresses because they're easier to look up in a "table" to find out what to do with it ("routing").

    The new Internet uses bigger numbers, so we've had to make the tubes bigger to take the bigger packets.

    See. This "tubes" thing works. :)

  23. Re:Why 128 bits? on A Humorous Introduction To IPv6 · · Score: 1

    Maybe you were thinking millionths of a square mile, because then 92,000 would be about right, but that's kind of an odd unit.

    FWIW, a mile was originally defined as 1,000 paces of a Roman legionary, so a millionth of a square mile is a square passuum.

  24. Re:London Times? on A Humorous Introduction To IPv6 · · Score: 1

    Exactly. If you live in New York and someone mentions "The Times" they assume you're talking about the New York Times. Same thing goes for LA. That's why you have toe specify London when talking about The Times (from London) because otherwise nobody will know which one you're talking about.

    The problem is that in Britain, we have a convention that if a newspaper mentions the name of a place in its title (e.g. The Coventry Evening Telegraph) it is a local paper that only covers issues local to that area. The Times is a national paper, rather than one that covers only London-related news; hence the original poster's suggestion of calling it the British Times in places where there might be ambiguity.

  25. Re:London Times? on A Humorous Introduction To IPv6 · · Score: 1

    You're right, however calling it the "London Times" when discussed in an international context, to distinguish it from the many other papers of the same name, is pretty common practice.

    It is. Doesn't make it any less wrong, though. And what newspapers of the same name? The only ones I'm aware of that share the "Times" designation all have a place name attached to them as part of their official name. There is no ambiguity here, except due to people abbreviating the names of their own local paper.

    The best way of describing it, IMO, for people who might misunderstand due to context, is "the British newspaper, the Times". "The British Times" as suggested by the GP would be better. "London Times" makes it sound like a local, rather than national paper.