Legally, it's really simple. You create a policy that says that if you're caught browsing porn on the Internet, you get fired. Managers back it up with action by, when people are caught browsing porn, they fire the person who was doing it.
And that's the key: if you catch someone viewing porn. If someone sneaks a peak at a Google image search for ${cute actress du jour}, and no one sees it and it doesn't interrupt their work, then who cares? I don't get the powertripping that rationalizes actively watching every employee like a hawk in case they see an occasional boob over their lunch break.
And don't bring up the hypothetical bogeyman of sexual harassment lawsuits. If an employee is so discreet and rare with their booblooking that you can only catch them with monitoring software, then they wouldn't be exposing you to legal action in the first place. And if they do, then you have the policy manual prohibiting porn viewing and a justifiably quick firing to fall back on.
Thank you for that. It's easy to slag off on people for making dumb design decisions, and sometimes we need reminders of how intelligent people can come up with some pretty awful ideas when working outside their expertise. If my boss ordered me to build a bridge, and we eventually came to depend on it, a civil engineer would probably want to shoot me when he saw the results.
For example, if you are screening for illegal/disallowed characters in your input string, you could write a series of if/then to test for each one, or you could define a string comprised of disallowed characters and write a loop to test for the presence of any of those characters in the input string.
My only problem with your approach is that I'd use a whitelist instead. For example, in Python I'd write something like:
if [char for char in inputstring if char not in allowedchars]: print 'Found bad data!'
My company used to play whack-a-mole with input validation. "Oh! What's the code for \u? Add that to the list!" I've gradually brought the other programmers around to the idea of specifying what we can accept and rejecting everything else.
If you're served with a lawsuit, you need to respond to protect yourself.
If someone in the UK sued me, given that I have no customers there and have never been there and have no plans to go there, I doubt I'd bother doing anything beyond asking someone to tell me what happened afterward.
This gives users an guaranteed exploit that they otherwise only had a potential risk of having. Instead of maybe someone else finding this exploit that's been lurking in the code for nine years, we now have the glorious option of knowing about and implementing an out-of-schedule fix, or definitely being exposed.
Do you think all those Windows machines tethered to giant botnets got there because each owner refused to install the available security updates? Is it just remotely possible that some of those machines got owned by exploiting vulnerabilities that haven't been published yet? I will never 'til my dying days understand the logic that results in "I didn't know about it therefore I was safe until someone told me."
Windows XP is released in dozens of languages with support contracts for all of them
If the regression tests for the American English version of XP don't cover the Brazilian version of XP, then the system is hopelessly broken and the whole thing should be thrown away. Unless the bug involves some string handling function in the locale libraries, it shouldn't be harder to test 15,000 different language releases than it would be to test just one.
So, if they're so great, why does the boss have to put a gun to people's head?
[This is Kirk:-) ]
I have no idea. Maybe I learned this stuff back before the misteaching was as widespread, or maybe it was because performance with MySQL was so miserable at the time unless you prepared your queries first (which required them to be parameterized), or because my boss threatening to choke me unless I did it that way, or just that I was lucky enough to have read a paper on SQL injection and get scared straight early in my career. I really don't remember. At any rate, I don't know what factors led me to doing things the right way instead of the (temporarily) easy way, or why they haven't been similarly affected other programmers.
Unlike some other posters, I don't think your idea's inherently bad. I just don't think it'll be used. People who care enough about their data and understand the security implications of creating ad-hoc query strings will have been using parameterized queries or ORMs already. People who don't know or don't care aren't likely to see your way of doing things - even if it was clearly superior and brilliant and obviously correct - and adopt it.
Including PS/2 connectors would have better met that goal without discouraging any customers with USB-only peripherals.
The subset of people who would want a Mini and who refuse to upgrade past PS/2 keyboards and mice is null. If you want to bitch about an adapter, bitch that it doesn't support VGA or DVI without buying the extra cable. But seriously, you just can't credibly whine that you'll have to shell out another $5 to buy a keyboard and mouse from this decade.
The Dell I'm typing this on doesn't have PS/2 jacks. The (much older) Dell it's sitting on doesn't have PS/2 jacks. My home server doesn't have PS/2 jacks. Neither of my laptops have PS/2 jacks. I suppose you think that Dell, HP, IBM, Gigabyte, and Apple are all being miserly bastards, but the truth is that you have obsolete peripherals that won't work on the majority of new systems. Either buy an adapter (as I said I did so I can keep using my Model M) or go to the Salvation Army and ask if you can have a spare USB keyboard and mouse. They're ubiquitous now.
Other topics off-limits to bitching: the lack of parallel parallel ports, serial mice ports, and ISA slots.
I'll be blunt: if you can afford a Mini, you can afford either a new USB keyboard or a PS/2-to-USB adapter for your old one. In the list of reasons why you might not want a Mini, this non-issue is so far down as to be nonexistent.
The developer culture around SQL, where the majority of tutorials, cookbook methods, forum support groups, "expert" examples, etc. reinforce doing SQL the insecure way.
It's easy enough to straighten out, though. At my current job, committing non-parameterized SQL strings into production is a firing offense and everyone is told that from the beginning. It's right up there with "don't stab the boss" and "don't smoke crack at your desk".
I laugh here, but it really is that serious. There's not a single legitimate reason for ever using anything other than parameterized queries. They're easier to write ("How many quotes do I need to put here?"), easier to maintain (because you don't ever have to mix SQL and code), always as fast as constructed queries and usually faster, and generally superior in every single way.
I still think it'd be a lot cheaper to lift water from Luna than Earth. You can always launch the long shots from orbit after gathering the components from wherever makes the most sense. Mine and process whatever raw materials you can from a moon base, launch the Mars astronauts from Earth to rendezvous with their ship, and go from there.
The idea of stepping stones comes from our recent experience on Earth where the places we were going to already had resources we could use (air, water, food). Space isn't like that. [...] The moon was a logical step which we have gone beyond. There is no point going back down a 2km/s gravity well for the sake of putting soil under our feet.
The moon has water, and therefore air. Given the choice between lifting enough water for a Mars trip from the Earth or from a gravity well small enough that the Eagle could take off from it, it seems like using the Moon as a staging area could be a pretty reasonable decision.
The poor still pay taxes, dick wad. Taxes payed for the Apollo Missions. I'll bet anything the poor outnumber you sophisticated science-types about a million to one. Also, I think they'd rather have $2 worth of free antibiotic than whatever fantastic discoveries await you on the Moon at a cost of trillions (but, oh, man, tang and microwave ovens made it sooo worth it!).
As my dad said, "poor people have poor ways". I've been broke a few times in my life, but I've never been poor because I always understood the concept of long-term investment. I've I'd been poor, I would have spent four years partying my ass off instead of working my way through college because it would have been more fun at the time.
In short, I don't give a rat's ass what poor people think. I'm not talking about people who don't have money today - that's being broke and it's a temporary condition. But people who continue to make stupid decisions that keep themselves impoverished? I'll be damned if I want their input when deciding policy.
It's standard practice in software development to create a special fast path for a common scenario when performance matters. They can fall back to the slow path if the swf is trying to do something incompatible with the fast path.
A million times yes. Youtube is the third-busiest site in the world, and you'd think Adobe would make a little effort to provide an optimized codepath for that site. I tire of the excuses about how much work Flash has to do to render a video. I guarantee that if they rolled out an optimized function that did without all the cruft not directly related to rendering a video, almost everyone would adopt it overnight.
I don't disagree with anything you said. My main point, though, was that other video players manage not to complete suck when running on the same systems that Flash can barely manage. I don't care whether my CPU is a Befunge virtual machine; VLC and MPlayer are FOSS programs that work, and you'd think Adobe's resources would let them get Flash working.
Legally, it's really simple. You create a policy that says that if you're caught browsing porn on the Internet, you get fired. Managers back it up with action by, when people are caught browsing porn, they fire the person who was doing it.
And that's the key: if you catch someone viewing porn. If someone sneaks a peak at a Google image search for ${cute actress du jour}, and no one sees it and it doesn't interrupt their work, then who cares? I don't get the powertripping that rationalizes actively watching every employee like a hawk in case they see an occasional boob over their lunch break.
And don't bring up the hypothetical bogeyman of sexual harassment lawsuits. If an employee is so discreet and rare with their booblooking that you can only catch them with monitoring software, then they wouldn't be exposing you to legal action in the first place. And if they do, then you have the policy manual prohibiting porn viewing and a justifiably quick firing to fall back on.
There's nothing wrong with buying a company for $400m and selling it for $200m ten years later if you make $300m in profit from it during that time.
I totally agree with the gist of what you're saying. But ICQ? Did AOL ever see a penny of revenue (let alone profit) from it?
Thank you for that. It's easy to slag off on people for making dumb design decisions, and sometimes we need reminders of how intelligent people can come up with some pretty awful ideas when working outside their expertise. If my boss ordered me to build a bridge, and we eventually came to depend on it, a civil engineer would probably want to shoot me when he saw the results.
For example, if you are screening for illegal/disallowed characters in your input string, you could write a series of if/then to test for each one, or you could define a string comprised of disallowed characters and write a loop to test for the presence of any of those characters in the input string.
My only problem with your approach is that I'd use a whitelist instead. For example, in Python I'd write something like:
My company used to play whack-a-mole with input validation. "Oh! What's the code for \u? Add that to the list!" I've gradually brought the other programmers around to the idea of specifying what we can accept and rejecting everything else.
If you're served with a lawsuit, you need to respond to protect yourself.
If someone in the UK sued me, given that I have no customers there and have never been there and have no plans to go there, I doubt I'd bother doing anything beyond asking someone to tell me what happened afterward.
No, they didn't. No one knew about the trick until the discoverer told the world, including the thieves.
LOL. Do you actually believe that the world was safe from that vulnerability before Tavis published it?
Thieves already knew about the trick. They just didn't bother telling Ford or Ford owners about it.
This gives users an guaranteed exploit that they otherwise only had a potential risk of having. Instead of maybe someone else finding this exploit that's been lurking in the code for nine years, we now have the glorious option of knowing about and implementing an out-of-schedule fix, or definitely being exposed.
Do you think all those Windows machines tethered to giant botnets got there because each owner refused to install the available security updates? Is it just remotely possible that some of those machines got owned by exploiting vulnerabilities that haven't been published yet? I will never 'til my dying days understand the logic that results in "I didn't know about it therefore I was safe until someone told me."
Windows XP is released in dozens of languages with support contracts for all of them
If the regression tests for the American English version of XP don't cover the Brazilian version of XP, then the system is hopelessly broken and the whole thing should be thrown away. Unless the bug involves some string handling function in the locale libraries, it shouldn't be harder to test 15,000 different language releases than it would be to test just one.
Then he bought IIRC US$ 380 in accessories for it.
...none of them required to use it.
He bought a US$ 50 pre-paid creadit card only to discover that itunes did not accept it.
Dang! It sucks that not being able to use it with one company voided it so that he lost his $50.
So, if they're so great, why does the boss have to put a gun to people's head?
[This is Kirk :-) ]
I have no idea. Maybe I learned this stuff back before the misteaching was as widespread, or maybe it was because performance with MySQL was so miserable at the time unless you prepared your queries first (which required them to be parameterized), or because my boss threatening to choke me unless I did it that way, or just that I was lucky enough to have read a paper on SQL injection and get scared straight early in my career. I really don't remember. At any rate, I don't know what factors led me to doing things the right way instead of the (temporarily) easy way, or why they haven't been similarly affected other programmers.
Unlike some other posters, I don't think your idea's inherently bad. I just don't think it'll be used. People who care enough about their data and understand the security implications of creating ad-hoc query strings will have been using parameterized queries or ORMs already. People who don't know or don't care aren't likely to see your way of doing things - even if it was clearly superior and brilliant and obviously correct - and adopt it.
What does this have to do with computer science? It's more of a software engineering issue.
Including PS/2 connectors would have better met that goal without discouraging any customers with USB-only peripherals.
The subset of people who would want a Mini and who refuse to upgrade past PS/2 keyboards and mice is null. If you want to bitch about an adapter, bitch that it doesn't support VGA or DVI without buying the extra cable. But seriously, you just can't credibly whine that you'll have to shell out another $5 to buy a keyboard and mouse from this decade.
The Dell I'm typing this on doesn't have PS/2 jacks. The (much older) Dell it's sitting on doesn't have PS/2 jacks. My home server doesn't have PS/2 jacks. Neither of my laptops have PS/2 jacks. I suppose you think that Dell, HP, IBM, Gigabyte, and Apple are all being miserly bastards, but the truth is that you have obsolete peripherals that won't work on the majority of new systems. Either buy an adapter (as I said I did so I can keep using my Model M) or go to the Salvation Army and ask if you can have a spare USB keyboard and mouse. They're ubiquitous now.
Other topics off-limits to bitching: the lack of parallel parallel ports, serial mice ports, and ISA slots.
I'll be blunt: if you can afford a Mini, you can afford either a new USB keyboard or a PS/2-to-USB adapter for your old one. In the list of reasons why you might not want a Mini, this non-issue is so far down as to be nonexistent.
Being that the device is ascetic
I dunno - I thought it was pretty fun.
Well, it's aimed at people who already have a USB keyboard, a USB mouse and a USB microphone.
I even bought a USB adapter for my Model M. You might love you some PS/2, but you're about the only one left.
I would stand in line NOT to buy the iphone 4.
You're here on Slashdot; you just did.
The developer culture around SQL, where the majority of tutorials, cookbook methods, forum support groups, "expert" examples, etc. reinforce doing SQL the insecure way.
It's easy enough to straighten out, though. At my current job, committing non-parameterized SQL strings into production is a firing offense and everyone is told that from the beginning. It's right up there with "don't stab the boss" and "don't smoke crack at your desk".
I laugh here, but it really is that serious. There's not a single legitimate reason for ever using anything other than parameterized queries. They're easier to write ("How many quotes do I need to put here?"), easier to maintain (because you don't ever have to mix SQL and code), always as fast as constructed queries and usually faster, and generally superior in every single way.
I still think it'd be a lot cheaper to lift water from Luna than Earth. You can always launch the long shots from orbit after gathering the components from wherever makes the most sense. Mine and process whatever raw materials you can from a moon base, launch the Mars astronauts from Earth to rendezvous with their ship, and go from there.
The idea of stepping stones comes from our recent experience on Earth where the places we were going to already had resources we could use (air, water, food). Space isn't like that. [...] The moon was a logical step which we have gone beyond. There is no point going back down a 2km/s gravity well for the sake of putting soil under our feet.
The moon has water, and therefore air. Given the choice between lifting enough water for a Mars trip from the Earth or from a gravity well small enough that the Eagle could take off from it, it seems like using the Moon as a staging area could be a pretty reasonable decision.
The poor still pay taxes, dick wad. Taxes payed for the Apollo Missions. I'll bet anything the poor outnumber you sophisticated science-types about a million to one. Also, I think they'd rather have $2 worth of free antibiotic than whatever fantastic discoveries await you on the Moon at a cost of trillions (but, oh, man, tang and microwave ovens made it sooo worth it!).
As my dad said, "poor people have poor ways". I've been broke a few times in my life, but I've never been poor because I always understood the concept of long-term investment. I've I'd been poor, I would have spent four years partying my ass off instead of working my way through college because it would have been more fun at the time.
In short, I don't give a rat's ass what poor people think. I'm not talking about people who don't have money today - that's being broke and it's a temporary condition. But people who continue to make stupid decisions that keep themselves impoverished? I'll be damned if I want their input when deciding policy.
Brunette?
It's standard practice in software development to create a special fast path for a common scenario when performance matters. They can fall back to the slow path if the swf is trying to do something incompatible with the fast path.
A million times yes. Youtube is the third-busiest site in the world, and you'd think Adobe would make a little effort to provide an optimized codepath for that site. I tire of the excuses about how much work Flash has to do to render a video. I guarantee that if they rolled out an optimized function that did without all the cruft not directly related to rendering a video, almost everyone would adopt it overnight.
I don't disagree with anything you said. My main point, though, was that other video players manage not to complete suck when running on the same systems that Flash can barely manage. I don't care whether my CPU is a Befunge virtual machine; VLC and MPlayer are FOSS programs that work, and you'd think Adobe's resources would let them get Flash working.
On OS X? That's what I was talking about just now.