EULA's are not active contracts, and are largely invalid because you cannot read them in entirety (or at all usually) on the packaging before making your purchase, leaving you vulnerable to stipulations that were unknown at the time of purchase.
Out of curiosity, what's to prevent you from modifying software you bought to remove the EULA dialog before you ever agree to the EULA? Since that's not an inherently illegal action, wouldn't that be a positive defense?
Publisher: Your honor, the EULA says he can't do that!
Defendant: I removed the EULA before I read it.
Publisher: That's not allowed! I says so right there in the EULA!
Defendant: Which I never read.
Judge: Dismissed.
Which is fine. Adapters don't have to support all the styles, they just have to tell you which one they support.
Did I other imply otherwise?:-) I just wish the sqlite3 module maintainer would update it to use pyformat params, although it's still perfectly functional.
It does require a little more sophistication than just reading the file a line at a time and splitting at the commas, but not much more.
I was being a little rhetorical, having parsed CSVs before. Still, in no way can that be considered "a little more sophisticated". Given a file with a unique separator - that is, one not contained in the data - you can darn near mmap() the file and walk across it. That small bit of extra processing to handle escapes can easily add an order of magnitude more cycles to the workload.
Umm... just write a few one-liner perl scripts to get info out.
Those inevitably suck for almost anything where the data isn't guaranteed to be 100% consistently formatted. If a column is zip codes, you're probably OK. If it's a company name, say, you're good until the first time you need to store "Acme, Inc.". How do you escape commas? Do you quote the whole column? If so, then how do you escape quotes?
CSV files are of the devil. They're so attractively simple at first, then BAM!, they get you when you least expect it. At least consider less-common characters like pipes or carets.
Actually, the Python SQLite adapter supports the standard Python DB API (PEP 249), and so you can just follow its recommendations (which includes using placeholders).
Yes and no. While it's DBAPI 2.0 compliant, it only supports the "qmark" paramstyle:
>>> sqlite3.paramstyle 'qmark'
(Python 2.5.2 on FreeBSD 7.) The "named" paramstyle looks an awful lot like dkf's Tcl example. My favorite is "pyformat", such as in my PostgreSQL example, but alas sqlite3 was telling the truth above when it claimed not to support it:
>>> mydb.execute("insert into contacts values(%(first)s, %(last)s, %(email)s)", {'first':'Spooky','last':'Monster','email':'spook@spammity.spam'}) Traceback (most recent call last): File "<stdin>", line 1, in <module> sqlite3.OperationalError: near "%": syntax error
"qmark"-style parameters are just fine, though:
>>> mydb.execute("insert into contacts values(?, ?, ?)", ('Spooky','Monster','spook@spammity.spam')) <sqlite3.Cursor object at 0x83206e0>
Take a look at a brick and mortar store retail store that sells computers. You probably won't see anything over $1000, because that's not what the market that buys computers there wants.
Take a look at a new car lot. You probably won't see anything over $50,000, because that's not what the market that buys computers there wants. Unless there's a BMW sign over it.
Why is it so hard to believe that people want luxury items? Sales of HD TVs are through the roof, and apparently some people are even buying Blu-Ray players. Is it impossible that the same people with that level of disposable income might - gasp! - want a nice computer, too?
Put differently, the gap in absolute price between an average Dell and an iMac is a whole lot smaller than the difference between a Ford and a Mercedes. I'm not in the least surprised that quite a few people who can afford the small luxuries in life think that Apples are a good deal.
Actually, I think "spouse" is pretty relevant. Think your babysitter's digging through your hard drive? Get a new one. Don't trust your maid? Get a new one. Landlord gives you the creeps? Move. But it'd be a whole lot harder to just get rid of a spouse (ask Hans), and the emotional consequences for doing so are hopefully more significant than deciding not to hire the same plumber next time.
Well, I meant those as examples, not an exhaustive list. But yeah, there's an almost unlimited number of ways an attacker could get information.
Oh, and another protection: format the drive, re-install Windows, and immediately install TrueCrypt to encrypt the entire drive (same idea for Linux, but the original question was for Windows). That should go a long way to prevent non-hardware attacks.
There's no way to be 100% certain that nothing's being logged. Possible data gathering points:
Software logger in the OS
Rootkit
Keyboard plugged into a hardware logger
Keyboard contains a hardware logger
Computer case contains a hardware logger
Linksys router is actually running Linux, using tcpdump to log outbound packets or forward them to another computer
No, there is no software you can run that will tell you if you're being monitored, by virtue of the fact that such software is impossible.
Have her get a cheap laptop - maybe an Eee PC - and configure OpenVPN to a friendly router. You're a geek, right? If you're serious about her privacy, make it happen.
Due to other client data being in the same database I am unable to allow you access.
Note that the story didn't mention anything about other clients, and if that was actually an issue, I think management would probably have nixed the idea already. As much as we tend to joke about PHBs, darn few are unable to grasp that concept.
You are selling them INFORMATION that you compile from YOUR data... you are not selling the data itself.
That's the kind of thing you have to establish well before this point, though. It might be awfully hard to make the case that their queries is fundamentally different from the output of your queries.
As a DBA, my heart sinks at the thought of amateurs pawing through my database. Unfortunately, 'because you are stupid' is not considered a valid business reason to reject their request. So can any Slashdotters assist me in building my case to restrict access? Have you experienced a similar situation? Have you had to support this sort of end user access? How would you advice me to keep my customer away from my precious tables?
Let me translate that into non-Oracle DBA terms:
"Whine! Whine! Whine! I hold the key! Me! This is magic! Whine!"
Another translation into Customerese:
"It's my data AND I WANT TO SEE IT, NOW!"
Seriously, what non-ego-driven reason do you possibly have from not allowing your customers to access their property, aka "their data"?
This is Slashdot, for heaven's sake - the most popular place on the Interweb where one of the world's richest men can take the billions he has personally earned as the Former CEO of one of the most successfull software companies in the world and give it away to save lives and fight HIV/AIDS and a host of other diseases that kill millions of children each year...and be called "evil".
He's called "evil" because he got his money by
Monopoly abuse ("that's a nice little program you've got there, Stac...")
Running competitors into the ground (no, that's not business as usual)
Raw hypocrisy ("Open Source is Evil. Just don't look at ftp.exe.")
Flat-out fraud ("sure, IBM, I have an OS I can sell you")
The guy's an ass who's held computing back for the last 25 years through actions that'd get you and me imprisoned, or at least run out of business.
By your logic, it doesn't matter how he got his wealth as long as he gives a little bit away. Well, nuts to that. Warren Buffett's doing pretty OK for himself and I'm unaware of any similar allegations against him.
It's OK that Bill's fake-donating money to charity, but he's still an ass.
Yeah, I miss my Amiga too, but at $20 a gig, I don't mind throwing a little memory at a problem if it means I can develop robust software in a tenth the time.
My first Unix window manager was Window Maker, and for some reason I always lumped it in the same category as AfterStep. Tell me, what is it about AS's virtual desktops that you like so much?
Patty the Daytime Hooker? Yeah, we'd complain.
Out of curiosity, what's to prevent you from modifying software you bought to remove the EULA dialog before you ever agree to the EULA? Since that's not an inherently illegal action, wouldn't that be a positive defense?
Publisher: Your honor, the EULA says he can't do that!
Defendant: I removed the EULA before I read it.
Publisher: That's not allowed! I says so right there in the EULA!
Defendant: Which I never read.
Judge: Dismissed.
Any lawyers care to opine?
Did I other imply otherwise? :-) I just wish the sqlite3 module maintainer would update it to use pyformat params, although it's still perfectly functional.
I was being a little rhetorical, having parsed CSVs before. Still, in no way can that be considered "a little more sophisticated". Given a file with a unique separator - that is, one not contained in the data - you can darn near mmap() the file and walk across it. That small bit of extra processing to handle escapes can easily add an order of magnitude more cycles to the workload.
What's a munite? And what's it in?
Umm... just write a few one-liner perl scripts to get info out.
Those inevitably suck for almost anything where the data isn't guaranteed to be 100% consistently formatted. If a column is zip codes, you're probably OK. If it's a company name, say, you're good until the first time you need to store "Acme, Inc.". How do you escape commas? Do you quote the whole column? If so, then how do you escape quotes?
CSV files are of the devil. They're so attractively simple at first, then BAM!, they get you when you least expect it. At least consider less-common characters like pipes or carets.
Yes and no. While it's DBAPI 2.0 compliant, it only supports the "qmark" paramstyle:
(Python 2.5.2 on FreeBSD 7.) The "named" paramstyle looks an awful lot like dkf's Tcl example. My favorite is "pyformat", such as in my PostgreSQL example, but alas sqlite3 was telling the truth above when it claimed not to support it:
"qmark"-style parameters are just fine, though:
The sqlite3 module as shipped with Leopard says that it supports question mark substitution, so his example would be better written like:
BTW, the same could be written for PostgreSQL like:
Hopefully sqlite3 will get the same standard substitution in the future, but at least it is possible to do it safely today.
James Taylor, son.
Take a look at a new car lot. You probably won't see anything over $50,000, because that's not what the market that buys computers there wants. Unless there's a BMW sign over it.
Why is it so hard to believe that people want luxury items? Sales of HD TVs are through the roof, and apparently some people are even buying Blu-Ray players. Is it impossible that the same people with that level of disposable income might - gasp! - want a nice computer, too?
Put differently, the gap in absolute price between an average Dell and an iMac is a whole lot smaller than the difference between a Ford and a Mercedes. I'm not in the least surprised that quite a few people who can afford the small luxuries in life think that Apples are a good deal.
Forget apple.com. How about The Open Group saying that OS X is Unix?
Actually, I think "spouse" is pretty relevant. Think your babysitter's digging through your hard drive? Get a new one. Don't trust your maid? Get a new one. Landlord gives you the creeps? Move. But it'd be a whole lot harder to just get rid of a spouse (ask Hans), and the emotional consequences for doing so are hopefully more significant than deciding not to hire the same plumber next time.
Well, I meant those as examples, not an exhaustive list. But yeah, there's an almost unlimited number of ways an attacker could get information.
Oh, and another protection: format the drive, re-install Windows, and immediately install TrueCrypt to encrypt the entire drive (same idea for Linux, but the original question was for Windows). That should go a long way to prevent non-hardware attacks.
There's no way to be 100% certain that nothing's being logged. Possible data gathering points:
No, there is no software you can run that will tell you if you're being monitored, by virtue of the fact that such software is impossible.
Have her get a cheap laptop - maybe an Eee PC - and configure OpenVPN to a friendly router. You're a geek, right? If you're serious about her privacy, make it happen.
Note that the story didn't mention anything about other clients, and if that was actually an issue, I think management would probably have nixed the idea already. As much as we tend to joke about PHBs, darn few are unable to grasp that concept.
That's the kind of thing you have to establish well before this point, though. It might be awfully hard to make the case that their queries is fundamentally different from the output of your queries.
Let me translate that into non-Oracle DBA terms:
"Whine! Whine! Whine! I hold the key! Me! This is magic! Whine!"
Another translation into Customerese:
"It's my data AND I WANT TO SEE IT, NOW!"
Seriously, what non-ego-driven reason do you possibly have from not allowing your customers to access their property, aka "their data"?
For a parallel, see check kiting. Banks don't particularly like it when you make promises in hopes of being able to keep them.
It didn't take.
The hanger or the Cub Scout?
What does a fella have to do to earn the "evil" label in your book? Hang a Cub Scout?
He's called "evil" because he got his money by
The guy's an ass who's held computing back for the last 25 years through actions that'd get you and me imprisoned, or at least run out of business.
By your logic, it doesn't matter how he got his wealth as long as he gives a little bit away. Well, nuts to that. Warren Buffett's doing pretty OK for himself and I'm unaware of any similar allegations against him.
It's OK that Bill's fake-donating money to charity, but he's still an ass.
Here's a twenty; go buy some RAM.
Yeah, I miss my Amiga too, but at $20 a gig, I don't mind throwing a little memory at a problem if it means I can develop robust software in a tenth the time.
How thin are you talking? KDE 3.5 runs pretty good on my K6-3/333MHz laptop with 384MB of RAM, and it's actually fast on my Eee PC at 630MHz.
My first Unix window manager was Window Maker, and for some reason I always lumped it in the same category as AfterStep. Tell me, what is it about AS's virtual desktops that you like so much?