Well, it's a given that if it's user-entered it has to be escaped. It's good to call it out, though, because it may slip by people who aren't as experienced.
But to be safer, use mysql_real_escape_string, pg_escape_string or whatever your local database connection supports.
When you're storing passwords, you almost never need the actual password anymore. What you need is a one-way function that can be used so when the user enters the password, the right bits come out (that match the original).
That may be md5, crypt, or whatever, but multiple methods are always better. And it has to be deterministic (ie: the password goes in, and the result is always the same).
If you do need the password later (because you need to stash it for enabling access to other systems), your options are pretty bad. One way or another someone will be able to extract that password, because if they have the database they probably have your source as well. However, since database access is more difficult to secure than your source code, it doesn't hurt to do a couple of transformations on the in-database passwords. You could base64/rot13 it, or do something that's relatively difficult to do in a high-level language (rotating the bits on a 3-byte chunk of the password 5 bites to the right comes to mind).
The big thing is you need to provide a reset mechanism. You can use a questions/answers format or an email link, but in the end users will always forget their password, the answer to their reset questions, and won't get your reset email, so have a process for your support person to reset a password.
How can you tell that Apple wants this thriving grey market to happen? Because it sells phones without a contract.
Think about it. Apple could have sold phones (1) only at AT&T stores, or (2) only with activation. It didn't. Why? Because it wants iPhones out there.
Everyone with a brain can see that more phones in the market = better for the manufacturer. Why? Simple.
In the case of Apple, lots of unlocked phones on your network = better business in the future. Imagine that there are 400k unlocked phones on China Mobile's network. That's $16m USD worth of phones. China Mobile would have gotten a big chunk of that - if they had sold the phones instead of Apple. Plus, unlockers are a small percentage of the potential users; there's a lot more demand for legit iPhones. Who really wants to deal with your iPhone getting locked after every update? Only early adopters want to deal with this.
Plus, the experience is better on a supported network. Visual Voicemail is pretty useful, and having your network set up automagically is nice, though setting it up on other networks isn't that hard - but grandpa isn't going to do that.
It's not a waste of money, because humans are not random. They may seem random, but that's because you don't know what to look for.
This example explains it the best: if I'm on top of a building and you're at street level and I tell you "there's a red car coming, then a green car, then a yellow car and they should be near you in 2 minutes." Am I seeing the future?
You don't need to be a psychic to see the future. You just have to be able to look at things in the right way.
1. Microsoft's Internet Strategy has succeeded all too well. Their Internet strategy was to tie IE to Windows, and preserve their desktop monopoly. They have done that very effectively. Unfortunately, the Internet really did pass them by, as was predicted back in the Netscape days. It just took a lot longer than anyone expected.
2. Microsoft is practically incapable of creating a profitable business that's outside its Office and Windows franchise. The XBox 360 division showed a profit this quarter, but has been running at a net loss (billions) since its inception. The Internet properties (MSN, Windows Live) have been, at best, mediocre, and another net loss. The enterprise division is OK, but it's an extension of Office and Windows; would anyone care about them if the desktop monopoly wasn't there? No.
Ask yourself this: if Microsoft invested $10 billion in MSN, would they be able to compete with Yahoo! and google? If not, why do they think that buying Yahoo! for $45 billion is going to help them compete with google?
Microsoft can't even compete with itself effectively; look at the Vista vs XP war that's being waged right now, and the battle to upgrade Office. Really, the only reason people are buying Windows right now is it comes on their PC. If there was a real alternative, one that was able to play games + internet + multimedia that was easy to deal with, Windows would be gone from retail in 3 years. Of course, it would need to be Windows-compatible, which is a bummer.
Linux, fans, linux as it is today is not the answer. But it might be down the road, with a better, more integrated and responsive UI.
The other day, my SAN filled up with unauthorized images. My IT hero j*s*n, archived all the images for me so I could examine them in the privacy of my own home. He also cleared out the SAN so more images could show up.
Dell is good at selling commodity products to businesses and value consumers. When they try and move up the food chain, they don't do so well, the Alienware acquisition notwithstanding.
This makes sense; engineers have to understand how systems work. A successful terrorist operation depends on understanding systems and how to bypass them.
What's controversial about that? It's like saying "hackers really understand computers"
As with any automated attack system, it should shut down in one month if it hasn't received a command signal. That way we don't have a "robots slaughter everyone" sort of scenario.
Of course, if they're really efficient they can kill everyone in a month. So be sure to adjust that window as necessary.
Just as an FYI, "nuclear powered" tends to mean "Plutonium." That was true for Soviet satellites. There wasn't much info floating around for the keyhole class satellites (which this one presumably is, since it's prefixed 'KH'). But it's a good bet that it had one.
I'd like to think that the designers, when they designed the satellite, realized that re-entering a chunk of Plutonium was a bad idea and designed a mechanism to eject it in an escape orbit. Hopefully it's now-uncontrolled orbit is due to the ejection of said nuclear material.
BTW, I like the way the article mentioned "beryllium" as the hazardous material. Beryllium and copper used to be used to make golf clubs, and you can still find BeCu clubs on eBay today. I highly doubt that anyone would issue a press release warning about 10 tons of old Ping BeCu clubheads hurtling towards us from space. But it's fun to read nonetheless.
If you really want to be a good developer, you have to be able to learn how real people work and how to run a project. That's tough - I'm not sure if anyplace has classes on this. But - everything you write fits into a workflow of some sort, and if you can understand the context in which your stuff runs your software will be better for it.
Project Management is almost a must, esp. since you're in the business program too. Projects that come in on time are better than ones where you have to do a "death march" to the end. They make everyone happier, and makes everyone look good. A good PM is usually the difference between 4 80 hour weeks at the end of a project that fails and a nice, 9-6 project that cruises to delivery.
Actually, you're sort of right and sort of wrong. The skill of your IT administrators doesn't do any good if someone whacks your servers with some bug that you had no idea about.
Want a secure system? Don't hook it to a network. That's not really practical.
You could get something really obscure and hard to crack, like OS/390 or an AS/400. Nobody would know the first thing about how to break into a system like that (unless it was running z/Linux).
The fact is, choosing an OS for security can be a magic bullet. External infrastructure management helps only so much. If an internal machine is compromised, you're screwed if you have a Windows-based infrastructure. Security policies (and products) usually aren't designed to handle internal threats. Would that be different with a Mac? Yeah, actually, it would, and you're a fool if you don't know otherwise. If remotely exploiting a Mac was easy, there would be script bundles out there that did it. The only real exploits on the Mac today take advantage of users, not remote vulnerabilities. There's a big difference.
"The researchers chose men because dopamine levels change during a woman's menstrual cycle, which would have complicated the study."
So...if a woman already had fewer D2 receptors, and her dopamine levels change naturally, then she'd be even more unable to learn from negative experiences. Doesn't that sound familiar?
Not just that, but their tragic lack of health care would cause defections of key people in the workforce, leading to the almost total destruction of the organization.
In fact, it may be better to use Photoshop 7, because the interface isn't as messy (if I remember correctly).
The functionality may be less than CS3, but hey, back in the day PS7 was the king of the hill.
Now that MovieMaker thing, I'm not sure about. But as a tip, the most important part of a Video is the Audio. I've seen a lot of movies where the visuals are great, but the audio sucks - and it really takes away from the effect. Good audio and bad video is better than bad audio and good video.
There are other ways to do a 64-bit back end and a 32-bit front end than use shared memory. It's just Adobe has a large, old codebase that has been transitioned across so many different architectures (68000 series, Power PC series, and now x86 32/64) that re-engineering it will be difficult. Apple has made the transition relatively easy up until now, so companies haven't had to pay the price until now.
Troll. Adobe has made billions of Dollars off of the products they sold on the Mac OS. In fact, without Apple, there would be no Adobe (and vice versa). This kind of bullshit is a sign of not only ignorance, but of some sort of technical snobbery that is incredibly irritating.
So what you're saying is all those Multix users had an upgrade path? Unix isn't Open, it's interoperable (except for Linux and the various BSDs). There's a difference.
"They can't keep selling it at a loss and hope to eventually make a profit"
Who says they want to make a profit?
These days, they can't dump software (like the way they dumped IE). Instead, they can just sell it at a loss until their Office/Windows monopoly runs out...which'll be never.
Microsoft Home & Entertainment has lost billions of dollars during its history. They're not about to stop that anytime soon.
In space, I'm not sure you can characterize an air leak as 'minor.' If I was up there, I'd be spending pretty much all of my time trying to find and seal it.
Has anyone done an analysis of the other algorithms? Could be that this one is iffy enough that everyone will use the other ones...which have issues that are more difficult to find.
Program Services: $ 540,384 Software Development: $11,775,516 Sales and Marketing: $ 4,836,238 General & Admin: $ 2,624,055
"Profit" (or, change in net assets, since it's a non-profit): $27,893,735
Damn, it's good to be free. You'd think that the foundation would donate its money to fund other OSS projects, but as software people have discovered, the first priority of a foundation is to ensure the existence (and a lucrative existence at that) of its staff.
This has to be one of the most creative promotional stunts ever. It's difficult enough to get anyone to listen to new music, but tying your piece to the last supper is truly a work of genius.
The Symbian VP is right: google's android platform will fail.
Why?
Because quite simply, google sucks at customer service. And the OS business is all about customer service.
How do I know that google's customer service sucks? Simple: I've used them for things other than search. Have you ever tried to get a detailed sales report out of google checkout? You can't. You can ask about it, but it disappears into the void that is google checkout's customer service. Can they tell you if they're ever going to have reporting? Nope.
What does the sales report include? Dates, amounts, and state. What about customer names and addresses? Nope. What about anything else? Sorry.
Google's service philosophy is "help yourself." That doesn't help when you need features of a product that don't exist.
If google can't give you a useful sales report for the last month, how can they support a mobile phone launch?
The answer, of course, is they can't. Unless it's advertising-related, google can't concentrate for long enough to make a mature product...or they're too arrogant to listen. gmail still doesn't have folders, which is totally different than keywords (which is their 'justification'). Yeah, whatever.
Think about it: safe data movement has been around since filesystems existed. However, the new Finder is multi-threaded. It could be that the error handler is doing the wrong thing with the thrown exception...after all, what -do- you do with an exception in a subthread? What mechanism do you use to throw it upwards to the parent thread?
That's the joy of error handling, which is totally separate (though completely integral) to your normal architecture issues.
Slashdot Mirror
Well, it's a given that if it's user-entered it has to be escaped. It's good to call it out, though, because it may slip by people who aren't as experienced.
But to be safer, use mysql_real_escape_string, pg_escape_string or whatever your local database connection supports.
When you're storing passwords, you almost never need the actual password anymore. What you need is a one-way function that can be used so when the user enters the password, the right bits come out (that match the original).
That may be md5, crypt, or whatever, but multiple methods are always better. And it has to be deterministic (ie: the password goes in, and the result is always the same).
If you do need the password later (because you need to stash it for enabling access to other systems), your options are pretty bad. One way or another someone will be able to extract that password, because if they have the database they probably have your source as well. However, since database access is more difficult to secure than your source code, it doesn't hurt to do a couple of transformations on the in-database passwords. You could base64/rot13 it, or do something that's relatively difficult to do in a high-level language (rotating the bits on a 3-byte chunk of the password 5 bites to the right comes to mind).
The big thing is you need to provide a reset mechanism. You can use a questions/answers format or an email link, but in the end users will always forget their password, the answer to their reset questions, and won't get your reset email, so have a process for your support person to reset a password.
It's time for an eBay competitor.
How can you tell that Apple wants this thriving grey market to happen? Because it sells phones without a contract.
Think about it. Apple could have sold phones (1) only at AT&T stores, or (2) only with activation. It didn't. Why? Because it wants iPhones out there.
Everyone with a brain can see that more phones in the market = better for the manufacturer. Why? Simple.
In the case of Apple, lots of unlocked phones on your network = better business in the future. Imagine that there are 400k unlocked phones on China Mobile's network. That's $16m USD worth of phones. China Mobile would have gotten a big chunk of that - if they had sold the phones instead of Apple. Plus, unlockers are a small percentage of the potential users; there's a lot more demand for legit iPhones. Who really wants to deal with your iPhone getting locked after every update? Only early adopters want to deal with this.
Plus, the experience is better on a supported network. Visual Voicemail is pretty useful, and having your network set up automagically is nice, though setting it up on other networks isn't that hard - but grandpa isn't going to do that.
It's not a waste of money, because humans are not random. They may seem random, but that's because you don't know what to look for.
This example explains it the best: if I'm on top of a building and you're at street level and I tell you "there's a red car coming, then a green car, then a yellow car and they should be near you in 2 minutes." Am I seeing the future?
You don't need to be a psychic to see the future. You just have to be able to look at things in the right way.
Every new AT&T activation is a two-year contract. It's not apple's fault. Sorry, please play again.
Two things stand out from this bid:
1. Microsoft's Internet Strategy has succeeded all too well. Their Internet strategy was to tie IE to Windows, and preserve their desktop monopoly. They have done that very effectively. Unfortunately, the Internet really did pass them by, as was predicted back in the Netscape days. It just took a lot longer than anyone expected.
2. Microsoft is practically incapable of creating a profitable business that's outside its Office and Windows franchise. The XBox 360 division showed a profit this quarter, but has been running at a net loss (billions) since its inception. The Internet properties (MSN, Windows Live) have been, at best, mediocre, and another net loss. The enterprise division is OK, but it's an extension of Office and Windows; would anyone care about them if the desktop monopoly wasn't there? No.
Ask yourself this: if Microsoft invested $10 billion in MSN, would they be able to compete with Yahoo! and google? If not, why do they think that buying Yahoo! for $45 billion is going to help them compete with google?
Microsoft can't even compete with itself effectively; look at the Vista vs XP war that's being waged right now, and the battle to upgrade Office. Really, the only reason people are buying Windows right now is it comes on their PC. If there was a real alternative, one that was able to play games + internet + multimedia that was easy to deal with, Windows would be gone from retail in 3 years. Of course, it would need to be Windows-compatible, which is a bummer.
Linux, fans, linux as it is today is not the answer. But it might be down the road, with a better, more integrated and responsive UI.
The other day, my SAN filled up with unauthorized images. My IT hero j*s*n, archived all the images for me so I could examine them in the privacy of my own home. He also cleared out the SAN so more images could show up.
Thank you, j*s*n! You're my hero!
Remember the Dell DJ?
Dell is good at selling commodity products to businesses and value consumers. When they try and move up the food chain, they don't do so well, the Alienware acquisition notwithstanding.
This makes sense; engineers have to understand how systems work. A successful terrorist operation depends on understanding systems and how to bypass them.
What's controversial about that? It's like saying "hackers really understand computers"
As with any automated attack system, it should shut down in one month if it hasn't received a command signal. That way we don't have a "robots slaughter everyone" sort of scenario.
Of course, if they're really efficient they can kill everyone in a month. So be sure to adjust that window as necessary.
Just as an FYI, "nuclear powered" tends to mean "Plutonium." That was true for Soviet satellites. There wasn't much info floating around for the keyhole class satellites (which this one presumably is, since it's prefixed 'KH'). But it's a good bet that it had one.
I'd like to think that the designers, when they designed the satellite, realized that re-entering a chunk of Plutonium was a bad idea and designed a mechanism to eject it in an escape orbit. Hopefully it's now-uncontrolled orbit is due to the ejection of said nuclear material.
BTW, I like the way the article mentioned "beryllium" as the hazardous material. Beryllium and copper used to be used to make golf clubs, and you can still find BeCu clubs on eBay today. I highly doubt that anyone would issue a press release warning about 10 tons of old Ping BeCu clubheads hurtling towards us from space. But it's fun to read nonetheless.
If you really want to be a good developer, you have to be able to learn how real people work and how to run a project. That's tough - I'm not sure if anyplace has classes on this. But - everything you write fits into a workflow of some sort, and if you can understand the context in which your stuff runs your software will be better for it.
Project Management is almost a must, esp. since you're in the business program too. Projects that come in on time are better than ones where you have to do a "death march" to the end. They make everyone happier, and makes everyone look good. A good PM is usually the difference between 4 80 hour weeks at the end of a project that fails and a nice, 9-6 project that cruises to delivery.
Actually, you're sort of right and sort of wrong. The skill of your IT administrators doesn't do any good if someone whacks your servers with some bug that you had no idea about.
Want a secure system? Don't hook it to a network. That's not really practical.
You could get something really obscure and hard to crack, like OS/390 or an AS/400. Nobody would know the first thing about how to break into a system like that (unless it was running z/Linux).
The fact is, choosing an OS for security can be a magic bullet. External infrastructure management helps only so much. If an internal machine is compromised, you're screwed if you have a Windows-based infrastructure. Security policies (and products) usually aren't designed to handle internal threats. Would that be different with a Mac? Yeah, actually, it would, and you're a fool if you don't know otherwise. If remotely exploiting a Mac was easy, there would be script bundles out there that did it. The only real exploits on the Mac today take advantage of users, not remote vulnerabilities. There's a big difference.
"The researchers chose men because dopamine levels change during a woman's menstrual cycle, which would have complicated the study."
So...if a woman already had fewer D2 receptors, and her dopamine levels change naturally, then she'd be even more unable to learn from negative experiences. Doesn't that sound familiar?
Not just that, but their tragic lack of health care would cause defections of key people in the workforce, leading to the almost total destruction of the organization.
Old software isn't useless software.
In fact, it may be better to use Photoshop 7, because the interface isn't as messy (if I remember correctly).
The functionality may be less than CS3, but hey, back in the day PS7 was the king of the hill.
Now that MovieMaker thing, I'm not sure about. But as a tip, the most important part of a Video is the Audio. I've seen a lot of movies where the visuals are great, but the audio sucks - and it really takes away from the effect. Good audio and bad video is better than bad audio and good video.
There are other ways to do a 64-bit back end and a 32-bit front end than use shared memory. It's just Adobe has a large, old codebase that has been transitioned across so many different architectures (68000 series, Power PC series, and now x86 32/64) that re-engineering it will be difficult. Apple has made the transition relatively easy up until now, so companies haven't had to pay the price until now.
Troll. Adobe has made billions of Dollars off of the products they sold on the Mac OS. In fact, without Apple, there would be no Adobe (and vice versa). This kind of bullshit is a sign of not only ignorance, but of some sort of technical snobbery that is incredibly irritating.
So what you're saying is all those Multix users had an upgrade path? Unix isn't Open, it's interoperable (except for Linux and the various BSDs). There's a difference.
"They can't keep selling it at a loss and hope to eventually make a profit"
Who says they want to make a profit?
These days, they can't dump software (like the way they dumped IE). Instead, they can just sell it at a loss until their Office/Windows monopoly runs out...which'll be never.
Microsoft Home & Entertainment has lost billions of dollars during its history. They're not about to stop that anytime soon.
In space, I'm not sure you can characterize an air leak as 'minor.' If I was up there, I'd be spending pretty much all of my time trying to find and seal it.
Minor would be something like itchy underwear.
Has anyone done an analysis of the other algorithms? Could be that this one is iffy enough that everyone will use the other ones...which have issues that are more difficult to find.
Revenues: $66,840,850
Expenses: $19,776,193
Expenses breakdown:
Program Services: $ 540,384
Software Development: $11,775,516
Sales and Marketing: $ 4,836,238
General & Admin: $ 2,624,055
"Profit" (or, change in net assets, since it's a non-profit): $27,893,735
Damn, it's good to be free. You'd think that the foundation would donate its money to fund other OSS projects, but as software people have discovered, the first priority of a foundation is to ensure the existence (and a lucrative existence at that) of its staff.
This has to be one of the most creative promotional stunts ever. It's difficult enough to get anyone to listen to new music, but tying your piece to the last supper is truly a work of genius.
The Symbian VP is right: google's android platform will fail.
Why?
Because quite simply, google sucks at customer service. And the OS business is all about customer service.
How do I know that google's customer service sucks? Simple: I've used them for things other than search. Have you ever tried to get a detailed sales report out of google checkout? You can't. You can ask about it, but it disappears into the void that is google checkout's customer service. Can they tell you if they're ever going to have reporting? Nope.
What does the sales report include? Dates, amounts, and state. What about customer names and addresses? Nope. What about anything else? Sorry.
Google's service philosophy is "help yourself." That doesn't help when you need features of a product that don't exist.
If google can't give you a useful sales report for the last month, how can they support a mobile phone launch?
The answer, of course, is they can't. Unless it's advertising-related, google can't concentrate for long enough to make a mature product...or they're too arrogant to listen. gmail still doesn't have folders, which is totally different than keywords (which is their 'justification'). Yeah, whatever.
This may be a bug in the Finder thread code. Why?
Think about it: safe data movement has been around since filesystems existed. However, the new Finder is multi-threaded. It could be that the error handler is doing the wrong thing with the thrown exception...after all, what -do- you do with an exception in a subthread? What mechanism do you use to throw it upwards to the parent thread?
That's the joy of error handling, which is totally separate (though completely integral) to your normal architecture issues.