An extention toy our brain would be an easy-to-remember algorithm that creates a unique password for each site. for example: Slashdot.org -> f(x) -> S.O${username} would give you a unique password on all sites staring with S in the Org domain, it would use 2 non-alphanumeric characters. That's pretty easy. But pretty short.
Or you can go to passhashER.com or install a browser plugin Both the site and the plugin use the same hashing algorithm. Neither ask for your username.
It's a corollary to "don't put all you eggs in one basket". I have no idea why you haven't thought to not keep them together. Yes it means password managers are not a good idea. They become a target for malware, just like bitcoin wallets. And depending on the exchange rate, and who you are, possibly ore valuable as well.
No, it's not "safe". It violates the first three rules of passwords: 1. Do not write passwords down 2. Do not store all of your passwords together. 3. If you do break #1, do not store your password in an un-safe location.
You sir, are wrong. What you describe is that we've figured out is how to produce cheap, tasty "food" with high profit margins. Of course you won't get good nutrition from processed crap.
And when you say "every healthy culture" to whom are you referring? There has never been a truly "healthy" culture. Europe? Plague. Ireland? potato famine. Eskimos? Epic osteoporosis. Basically it's always been a fight between nutrition and disease. If anything, this (modern western European) is the first culture to have the highest health and least disease. In fact, our diseases come from over-nutrition and poor choice of consumption. Why? Because we have too easy access and too many tasty choices!
The big feature of a meat-based diet is being able to eat all year-round. But for the consumers in major metropolitan markets, seasonality of fruits and veggies has no meaning. We've figured out the supply chain to keep the staples produced year-round.
Wednesday I got a visit from my neighbor asking for help with his computer. My heart sank. I had set him up with Mint 15 on his laptop and he was happily using it for the past 6 months. "What's wrong?" I asked. He said "something about "user profile service"". Oh, he means his desktop (Vista) so I fix it by doing a system restore. I asked about the laptop. "Its working fine, no complaints."
For this man to have no complaints, you have to understand what a dramatic experience computers are for him. He was a truck driver for the county. Never worked a day of his life at a computer, but his wife was a secretary. (She has passed on). So he tries to do stuff.. but any little thing that changes is a big deal. MSN shut down MSN messenger service and replaced it with Skype. That generated two visits from him - one the "little man" disappeared. And the new Skype icon that they installed for him. He even added his own MyFi to it.
And that is why I recommend Linux. It's never generated a support call to me from him.
UA, a Baltimore company hosts data science meetups. Why? Because UA is data science driven. All company decisions are made based on data. So it seems that the OP is complete BS, because it is effectively creating results, and those results are highly successful for a major corporation.
Re:Lousy coders will be lousy coders
on
The New PHP
·
· Score: 1
Well, it's like giving children knives and telling them to go play. They are too inexperienced to know the possible outcomes of knife usage. Whose fault is that? If you're going to give them a knife, make sure it at least has a sheath with it. The simple way to do this is to only give them a prepare/bind interface.
Meanwhile in PHP every sql demo and intro I see is gluing SQL together. You have to go looking for the bind interface.
Re:Too Little, Too Late & MtGox
on
The New PHP
·
· Score: 1
It's that same easy substitution, i.e. $sql = "SELECT fname, lname from people where id='$id'" that leads to data breaches.
Re:Too Little, Too Late & MtGox
on
The New PHP
·
· Score: 2
You never should have to sanitize your db inputs. Why? Because then you have to always unsantize them, else you end up with a crap string because it isn't escaped/unescaped enough times. The right thing to do is to use the database driver's bind interface. Basically, your DB values should be treated as opaque blobs as far as entry and retrieval go. Now if you need to verify a date, that's another matter. But you should be treating them as opaque blobs, full of nulls, quotes, semicolons and unprintable characters.
Re:Too Little, Too Late & MtGox
on
The New PHP
·
· Score: 1
You might not be aware of PHP in the old days, but they used to move all the variables into the script so that $_GET['x'] and $_POST['y']
would be $x and $y... ("register globals") So yeah, you couldn't tell where they came from. The situation with $_* greatly improved things especially when they deprecated register globals.
Re:Too Little, Too Late & MtGox
on
The New PHP
·
· Score: 1
In an object oriented language, as PHP attempts to be, $ is a stupid idea, just like decorating variables with types, like bInstalled (bool installed) it iMaxLength. It's not such a bad idea in JavaScript though, where anything goes.
Too Little, Too Late & MtGox
on
The New PHP
·
· Score: 1, Interesting
I've been complaining to a friend of mine about PHP. I was an early adopter around 1.0/2.0, avid user at 3, and have fallen out with it since then. PHP was good, even revolutionary at the time because you either had C or perl PHP had a friendliness to it... Something that ended up making it second rate.
It's always been second rate. Even the PHP devs themselves end up coding vulnerabilities. And look at MtGox. What was it coded in? PHP!
Why in 2014, do I have to decorate variables with '$'? Why is the assiciative array syntax take two characters that look a comparison operator? Why do I need == and ===? ANd vaiable confusion between $_GET, $_POST and $_COOKIE
No one can do a safe site in PHP, it's just too much work to 1) know best practices and 2) code it.
Finally the web has changed. Back when it enabled a dynamic site, it was the shit. In a web 2.0 world it is shit. You've got to work with MIME, HTML, PHP CSS, JSON, JavaScript.... There is no "php" solution.
Today, there are many ways to develop dynamic web content. My favorite two are Node[JS] and witty (webtoolkit.eu). While there is no "ace of the page" the Witty apprror say SPDY2.0, approach is best, where you write your application code and it renders code for whatever browser and browser capabilities it has. If Websockets, HTML6, or SPDY2.0 comes out, you just recompile your app against the new library that just uses the new features as appropriate.
In retrospect, there never really was a time when PHP was a "good thing".
If you remember, the O(N^2) shuffe sort is fastest on piles n =6 So I. make sorted piles of 6. These sorted piles of 6 are done using the brains only internal intutitve sort. Then you linear sort the piles of 6 together. I try to go for as many piles at the same time, not just 2. If fact this is more limited by distance than anything else. Since you are sorting things with a physical representation you need to take the time cost of moving yourself into account. With a deck of cards, there is no move costs but with dozens of 8x11 or A4 papers, reach becomes a factor.
I've been doing this since 2001 and I have yet to find a better way.
I remember when facebook replaced all of my contact info with @facebook.com addresses, the bulk update ripped through my phone and messed a lot of things up.
Well, you can do that with chess because using a computer is cheating. But if you don't use a computer in life, you are underperforming. The same way normal kids take ADD meds in college to get an edge on the other students.
True there is more to life than the numbers, but in a capitalist society, that's the measure of your ability.
Because a movie is boring if you know the script. And if you make decisions based on the script, you wind up in a validation trap: you can't change your decision because that would have produced a measurable waste. To put it in an understandable context, it's like changing majors. Would you change your major if you could see how much time and money were wasted coupled with additional time and cost?
And as much as we hate the mundane, our brains need it. If we only ever deal with exceptions, you wind up in a constant high-stress situation of dealing with what the computer can't handle, or handled incorrectly.
Slashdot Mirror
An extention toy our brain would be an easy-to-remember algorithm that creates a unique password for each site.
for example:
Slashdot.org -> f(x) -> S.O${username} would give you a unique password on all sites staring with S in the Org domain, it would use 2 non-alphanumeric characters. That's pretty easy. But pretty short.
Or you can go to passhashER.com or install a browser plugin Both the site and the plugin use the same hashing algorithm. Neither ask for your username.
My Apogee for my Perigee.
It's a corollary to "don't put all you eggs in one basket".
I have no idea why you haven't thought to not keep them together. Yes it means password managers are not a good idea. They become a target for malware, just like bitcoin wallets. And depending on the exchange rate, and who you are, possibly ore valuable as well.
No, it's not "safe". It violates the first three rules of passwords:
1. Do not write passwords down
2. Do not store all of your passwords together.
3. If you do break #1, do not store your password in an un-safe location.
I corrected it myself.
He *emailed* himself his own password list then whines when his account gets hacked.
NO SURPRISE HERE.
You sir, are wrong. What you describe is that we've figured out is how to produce cheap, tasty "food" with high profit margins. Of course you won't get good nutrition from processed crap.
And when you say "every healthy culture" to whom are you referring? There has never been a truly "healthy" culture. Europe? Plague. Ireland? potato famine. Eskimos? Epic osteoporosis. Basically it's always been a fight between nutrition and disease. If anything, this (modern western European) is the first culture to have the highest health and least disease. In fact, our diseases come from over-nutrition and poor choice of consumption. Why? Because we have too easy access and too many tasty choices!
The big feature of a meat-based diet is being able to eat all year-round. But for the consumers in major metropolitan markets, seasonality of fruits and veggies has no meaning. We've figured out the supply chain to keep the staples produced year-round.
Land Mammals
Wednesday I got a visit from my neighbor asking for help with his computer. My heart sank. I had set him up with Mint 15 on his laptop and he was happily using it for the past 6 months. "What's wrong?" I asked. He said "something about "user profile service"". Oh, he means his desktop (Vista) so I fix it by doing a system restore. I asked about the laptop. "Its working fine, no complaints."
For this man to have no complaints, you have to understand what a dramatic experience computers are for him. He was a truck driver for the county. Never worked a day of his life at a computer, but his wife was a secretary. (She has passed on). So he tries to do stuff.. but any little thing that changes is a big deal. MSN shut down MSN messenger service and replaced it with Skype. That generated two visits from him - one the "little man" disappeared. And the new Skype icon that they installed for him. He even added his own MyFi to it.
And that is why I recommend Linux. It's never generated a support call to me from him.
XKCD
It's called a counter example.
UA, a Baltimore company hosts data science meetups. Why? Because UA is data science driven. All company decisions are made based on data. So it seems that the OP is complete BS, because it is effectively creating results, and those results are highly successful for a major corporation.
Well, it's like giving children knives and telling them to go play. They are too inexperienced to know the possible outcomes of knife usage. Whose fault is that? If you're going to give them a knife, make sure it at least has a sheath with it. The simple way to do this is to only give them a prepare/bind interface.
Meanwhile in PHP every sql demo and intro I see is gluing SQL together. You have to go looking for the bind interface.
It's that same easy substitution, i.e. $sql = "SELECT fname, lname from people where id='$id'" that leads to data breaches.
You never should have to sanitize your db inputs. Why? Because then you have to always unsantize them, else you end up with a crap string because it isn't escaped/unescaped enough times. The right thing to do is to use the database driver's bind interface. Basically, your DB values should be treated as opaque blobs as far as entry and retrieval go. Now if you need to verify a date, that's another matter. But you should be treating them as opaque blobs, full of nulls, quotes, semicolons and unprintable characters.
You might not be aware of PHP in the old days, but they used to move all the variables into the script so that
$_GET['x'] and $_POST['y']
would be $x and $y... ("register globals") So yeah, you couldn't tell where they came from. The situation with $_* greatly improved things especially when they deprecated register globals.
In an object oriented language, as PHP attempts to be, $ is a stupid idea, just like decorating variables with types, like bInstalled (bool installed) it iMaxLength. It's not such a bad idea in JavaScript though, where anything goes.
I've been complaining to a friend of mine about PHP. I was an early adopter around 1.0/2.0, avid user at 3, and have fallen out with it since then. PHP was good, even revolutionary at the time because you either had C or perl PHP had a friendliness to it... Something that ended up making it second rate.
It's always been second rate. Even the PHP devs themselves end up coding vulnerabilities. And look at MtGox. What was it coded in? PHP!
Why in 2014, do I have to decorate variables with '$'? Why is the assiciative array syntax take two characters that look a comparison operator? Why do I need == and ===? ANd vaiable confusion between $_GET, $_POST and $_COOKIE
No one can do a safe site in PHP, it's just too much work to 1) know best practices and 2) code it.
Finally the web has changed. Back when it enabled a dynamic site, it was the shit. In a web 2.0 world it is shit. You've got to work with MIME, HTML, PHP CSS, JSON, JavaScript.... There is no "php" solution.
Today, there are many ways to develop dynamic web content. My favorite two are Node[JS] and witty (webtoolkit.eu). While there is no "ace of the page" the Witty apprror say SPDY2.0, approach is best, where you write your application code and it renders code for whatever browser and browser capabilities it has. If Websockets, HTML6, or SPDY2.0 comes out, you just recompile your app against the new library that just uses the new features as appropriate.
In retrospect, there never really was a time when PHP was a "good thing".
If you remember, the O(N^2) shuffe sort is fastest on piles n =6 So I. make sorted piles of 6. These sorted piles of 6 are done using the brains only internal intutitve sort. Then you linear sort the piles of 6 together. I try to go for as many piles at the same time, not just 2. If fact this is more limited by distance than anything else. Since you are sorting things with a physical representation you need to take the time cost of moving yourself into account. With a deck of cards, there is no move costs but with dozens of 8x11 or A4 papers, reach becomes a factor.
I've been doing this since 2001 and I have yet to find a better way.
In the Ted Video (link below) he claims to have treated phantom limb pain with a mirror. Yes, a chap mirror. No expensive VR.
Ted Talk: Vilayanur Ramachandran
I remember when facebook replaced all of my contact info with @facebook.com addresses, the bulk update ripped through my phone and messed a lot of things up.
Can I now get my original contacts restored?
The comic seems to hint at a relationship between he two. Is that correct? Do different values of the higgs field make for different speeds of light?
Well, you can do that with chess because using a computer is cheating. But if you don't use a computer in life, you are underperforming. The same way normal kids take ADD meds in college to get an edge on the other students.
True there is more to life than the numbers, but in a capitalist society, that's the measure of your ability.
Because a movie is boring if you know the script. And if you make decisions based on the script, you wind up in a validation trap: you can't change your decision because that would have produced a measurable waste. To put it in an understandable context, it's like changing majors. Would you change your major if you could see how much time and money were wasted coupled with additional time and cost?
And as much as we hate the mundane, our brains need it. If we only ever deal with exceptions, you wind up in a constant high-stress situation of dealing with what the computer can't handle, or handled incorrectly.