Slashdot Mirror


User: dkf

dkf's activity in the archive.

Stories
0
Comments
3,983
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 3,983

  1. Re:This is why... on PostgreSQL 8.1.4 Released to Plug Injection Hole · · Score: 1
    Is there a way to use names instead?
    Sure there is in SQL. "SELECT a,b,c FROM foo WHERE bar=:bar and baz=:baz;" is a piece of valid SQL that obtains the values to match against the bar and baz fields from some named context. What varies according to different drivers is what that named context is; apparently when using Zend_Db you bind using an associative array, and if you were using the Tcl bindings to SQLite you'd be using context variables. Check your documentation for how to do this with your code (and then wave goodbye to injection attacks on the database. :-)
  2. Re:The diplomatic response on The CVS Cop-Out · · Score: 1
    Volunteer developers are just that - volunteer developers. You are the user. Why can't you spend just a little efford in helping them to help you fix the problem? Retesting is nothing compared to all the time and efford it takes to fix the actual problem, and they're already doing it for you for free.
    Sure, but remember those users are also volunteer users. They have their own set of constraints that they're operating under, and if they're going to test for you, they'll be treating it as doing you a personal favour. Your best bet is to say something like "I've committed what I believe to be a fix for the problem to the developer branch of CVS, but it has not yet had the amount of testing to merit deployment. If you want, you can check the code out of CVS and test for us; that would help speed the progress to a release tremendously and would be really appreciated. Thanks!" See? That's much nicer, despite saying almost the same thing in terms of actions to be taken.
  3. Re:Fitlering different things on Google in Trouble for Suggesting Illegal Software · · Score: 1

    Better than that, the word "keygen" has lots of legitimate uses. For example, it's very useful if you're using ssh...

  4. Re:Define Program on Do Kids Still Program? · · Score: 2, Informative
    If HTML is a programming language then Tex would also be a programming language. But it's not.
    Minor correction: TeX really is a programming language; you can (with much twisted code) write while loops in it. That means it is Turing-complete, and hence a programming language by definition. But I agree that HTML isn't a programming language; if it was, you wouldn't need Javascript.
  5. Re:As a kid... on Do Kids Still Program? · · Score: 1

    Sounds to me like you really want to focus on getting really good grades so that you can get into as good a Computer Science school as possible. That's the only way you'll get pushed nearly hard enough (as you've found out already via those courses at the technical college, yes?) To do that, focus on making sure you're really good at math, sciences and english. Math is good because it helps you think logically, sciences ditto, and having the ability to write well will stand you in extremely good stead, and help distinguish you from your peers. If, after that, you have spare time, take up a non-computing hobby (e.g., I used to play double bass in two orchestras). Don't assume that you're going to have much time free until after you've been accepted onto that CS course; you're #1 goal right now is to get there. Well, unless you decide to go off and work in one of the sciences instead; good programming skills are very useful there too.

    If you do decide to do CS, remember that you're still not going to be really able to take on a major project until you've got some practical experience. Having something worthwhile go to pieces underneath you because of poor management is a real learning experience (and not one I'd care to repeat) as is wrestling with millions of lines of inherited code and a tight deadline. But get that CS foundation first; IMO, the courses in it to really pay attention to are those that teach you new ways to program, those that cover the basics of data structures, algorithms and complexity, and those that cover important topics like concurrency and security. (If you're still wanting to do games, you'll probably want to take a look into AI, but that was never my speciality.)

    Don't lose heart! There's really interesting stuff going on. But you have to learn a whole bunch of stuff first or you'll be floundering, taking wrong decisions and wasting time. But the real things to try to learn are how to think about problems, how to find facts really fast, how to sort the dross from the real deal, how to manage your time and prioritize, and how to not piss off other people. The last two are vital anyway, whatever you do, and they're hard to learn (especially for adolescents; all those hormone changes do not help).

  6. Re:No way on Nintendo Revolution Renamed 'Wii' · · Score: 1
    This is probably true in English

    No. 'Wii' as a name is just too easy to take the piss out of...

  7. Re:On the other hand... on Judge Rules in Favor of Websurfing at Work · · Score: 1

    The gripping hand is that your work must get done. But as long as the work gets done, what's the problem with surfing?

  8. Re:Microsoft charging money for security tools? on Microsoft Admits to Hiding Flaw Details · · Score: 1
    The purpose of "anti-malware" tools is *not* to protect against software flaws, it's to protect against user mistakes.
    True.

    User mistake #1: Using Windows
    User mistake #2: Using IE
    User mistake #3: Using Outlook

    Protect against those three, and malware ceases to be a heavy worry. Funny that...

  9. Re:cellphones vs passengers. on Legal Restrictions on Cellphone Use Gain Traction · · Score: 1
    The difference between a cell phone conversation and talking with a passenger is that a passenger can help you looking at the road and slow the conversation when in heavy traffic. Someone on the phone will not and will not understand so easily why there is a pause in the conversation because the driver notice something strange.
    Ah, that just means we need in-car videoconferencing...
  10. Re:precision on Is Corporate Speak Invading Your IT Department? · · Score: 2, Funny
    There's a significant difference between saying someone has Chronic Myeloid Leukemia, vs Acute Myeloid Leukemia.
    Around here, we refer to both of those as "Opportunities for Synergistic Patient-Doctor Care Interaction."
    Surely you actually mean "Opportunities to Optimize the Synergistic Stakeholder Interrelation Interaction Index"? If you're going to spout this sort of rubbish, remember that it is important that nobody should have any idea what you're talking about since you're doing it to cover up the fact that you don't know either.
  11. Re:Some of us... on LOTR Jumps the Shark · · Score: 1
    Don't get me wrong, I love the films, but... dwarf tossing?
    Remember, not all of us saw the R-Rated version of the film...
  12. Re:Looking back... on Tim Berners-Lee on the Web · · Score: 1
    http://slashdot.org
    http:/org.slashdot

    Should both be allowed addresses. They aren't.

    Oh, but they are. The second is just a relative URL which would need to be resolved with respect to some other one. If resolved relative to the first one, it indicates the URL that would be written out in full as: http://slashdot.org/org.slashdot
  13. Re:POVRay on Sun Grid Compute Utility · · Score: 2, Funny
    Well, now that you asked, you can use all that computing power to...
    • Compile gentoo with KDE in only 20hrs
    • Browse 10 pages in Firefox
    • Run Windows XP Pro AND Notepad at the same time
    • Get 20FPS in BF2
    • Run a "Hello World" java applet
    Actually, only the compilation stands a chance of working as it is the only one that can work well as a batch job. The others require some kind of interactive display hardware in there, and you can bet you won't have that in the public offering. (Maybe you can get it from the top-end stuff, but if you're big enough for that, you're big enough to have your own supercomputer). My main concern relates to aspects of system security though; their FAQ is seriously deficient on details...
  14. Re:Biggest change: on A Look at GNOME 2.14 · · Score: 2, Interesting
    I think you'll find it was IBM that did that particular bit of ripping off as part of their CUA effort (and that's what both Windows and Motif derived from, explaining why things looked that way on so many platforms).

    So GNOME continues to try to break out of the mold cast for them a generation or so ago. Never mind that we were only just starting to get to the point where real know-nothing users actually expected things that way, it's important to know that the spirit of gratuitous difference lives on...

  15. Re:Open Source Acrobat on Unipage - A PDF Alternative? · · Score: 2, Interesting
    After all, there is a PDF alternative, it's called DVI. In fact I think it predates PDF. But it's installed base is pretty close to zero (it's mostly only used by people who have LaTeX on Linux installed, and who for some reason aren't outputting directly to PDF). So it's not as though there aren't any alternatives. It's just that those alternatives don't really offer any compelling reasons to switch from PDF.
    DVI isn't really an alternative to PDF except for certain simple tasks. DVI's biggest advantage is that its viewers tend to be very fast to start up, but its major problem is that it doesn't do embedding of graphics well (OK, a feature that can be abused, but also one that's really useful in many documents). FWIW, even in the academic world you're starting to see PDF taking over from DVI (and PS) since it works well, has reasonable viewers, and many free creation tools (including directly from LaTeX, my favourite route).
  16. Re: achilles heels of spam/phishing: href and img on Meng Wong's Perspectives on Antispam · · Score: 1

    Most nigerian spam I receive doesn't come as HTML, and so will avoid such filters. OTOH, even someone only the very slightest bit suspicious will spot those messages for what they are. Let's face it, if someone offers you lots of money out of the blue for doing something borderline criminal, you've got to figure it for a con or you're too stupid to have money in the first place...

  17. Re:SSL Certs on Phishing Site Using Valid SSL Certificates · · Score: 1
    Imagine if certs had, in place of all the X.500 fields that get filled in wrong anyway, a slot for a company logo?
    That's actually (relatively) easy to do through a certificate extension. More difficult would be persuading the likes of VeriSign and GeoTrust to agree to sign public keys with such a field attached. On the other hand, it would also be reasonable to have a new higher-order role for certificates: that of acting as an online bank. The public CAs would then take on the responsibility for verifying that the applicant is a bank if they apply for such a cert (normal SSL certs wouldn't have the extension, and that's OK since they're not for banks.)

    IMO, the root of the SSL-authenticated phishing problem is that some CAs are not making any real attempt to verify the identity of the site they're authorizing or that there is no trademark enfringement..

  18. Re:On Garbage Collection and Stability on Ultra-Stable Software Design in C++? · · Score: 1

    Recovery from a memory fault can be incredibly difficult, since you don't know what else got smashed before the fault (usually nothing, but not always). On the other hand, interpreters can have much higher crash resilience than compiled languages simply because their code is relatively dense and the number of places that need to be audited is smaller. (Well, comparatively.)

    Speaking personally, I take it as close to a personal insult when my code crashes for any reason at all. My aim is that all faults should be trapped/trappable faults, though admittedly that's not always possible (memory shortage can be awkward for example, because it's sometimes hard to predict how much memory would be needed to execute a suitable recovery strategy...)

  19. Re:Genesis? on Symantec's Genesis to Usher in a New Age of Trust? · · Score: 1
    Microsoft have been telling developers to write LUA-friendly apps for 6+ years now. They share zero blame for any remotely current application needlessly requiring Administrator level privileges to run.
    Not really. They should have been pushing much harder on this, doing things like refusing the use of trademarks to apps that are security-stupid when run on recent-enough Windows versions. It's not like it's all that hard to get right (e.g. no writing of shared filesystem space or shared registry keys) so beating stupid third party developers over the head with a stick over this issue is fair.
  20. Re:Application Programming on Beyond Java · · Score: 1
    Will I code the apps themselves in Ruby? No!

    Why not? Have you tried, or are you just being predjudiced against those languages commonly called "scripting languages" because of some mis-heard sounding off by someone who should know better? Ruby (and Tcl and Perl and Python and ...) is first-and-foremost a programming language. It happens to be implemented using an interpreter, but that really just means that the level of complexity of the primitives is a bit different to what you're probably used to.

  21. Re:TCL/TK on Simple Windows Development Tools? · · Score: 1
    There's a theme engine about for Tk that provides a bunch of native widgets (it's distributed with ActiveTcl for example). I've been using it for a good while now, and with it Tk apps on WinXP look exactly native (better than firefox or MS office for example!) I am also informed that it works really well on OSX too, though for true native-ness there, you need to change the selection of widgets that you use (e.g. menubuttons are preferred over comboboxes).

    I also believe that there's a theme that bridges to Qt so things can look great if you use Linux too, but I've not used that theme so I can't answer from personal experience. I'm not sure that the quality of that theme's implementation is all that good either - I've heard things, but don't remember the details - but as always more developer eyeballs are welcome to help make it better so that vendors like SuSE can ship a version of the theming engine that uses a look by default that fits with their desktop.

    I have no idea at all about the possibility of themes to interoperate with GTK.

  22. Re:2020? on Russia to Mine on the Moon by 2020 · · Score: 1
  23. Re:Java Questions. on Wicked Cool Java · · Score: 3, Interesting
    Is there a way for a java app to trap keypresses when the java app is out of focus, without using a native interface?
    No. This is a huge security issue, and is unlikely to ever be included in Java.
    It's also a really sucky interface. I can remember using an app that once trapped certain keypresses for its own purposes (OK, it wasn't Java). Never ever again. There is no circumstance where having some random annoying program pop up every time you're trying to write something complex in some other program is going to be counted as anything other than bad. If you think you need it for some app, think again. Better yet, change careers to something where your psychopathic and sadistic tendencies can be of marginal benefit to society, like flower arranging or tax collection.
  24. Re:It's impossible to waste energy in the winter on Standby Electronics a Waste? · · Score: 1

    FYI, supercomputer processing time is really pretty cheap. At least compared with licensing costs for the sorts of software people usually want to run on supercomputers...

  25. Re:Not a major concern on Computer Science Students Outsource Homework · · Score: 1

    This is why the teachers like to keep an eye on what is going on, and especially look at who is there in class doing the work. Don't think you can out-wily the teachers, and don't think that trying to use an abuse of the rules will work; that sort of thing is obvious (if you're good enough to make it not obvious, it's easier to do the work for real!) and will instead get a round of "special modifications" applied to the marks by the course examining board.