I've found what I would consider security issues in Banner's web products before. Stuff that if you pass the correct variables to it, will display information from the database without doing any kind of user validation.
To understand the issue, you have to know that it uses Oracle Application Server which basically lets you execute packages in the database. All of the main web packages do user validation but some of them call other packages to display the content of the page (which don't always do validation).
So, if you know what variables to pass to said packages, you can bypass their security. SCT told me that since those were only supporting packages, they were functioning properly and they wouldn't do anything to change them.
Granted, you have to have a pretty in depth knowledge of how their web products work but that's a good number of employees at any school using Banner. We have access to all of the package/program source so we can customize it for our university's needs.
Oh well, I've ranted about SCT enough.:)
What was funnier though was when I discovered that our database had execute any procedure granted to public, i.e. the web user. That essentialy opened up any database procedure to be executed by an anonymous user via the web. I think that one was our fault instead of SCT's and it was fourtunately taken care of fairly quickly.
I can't say that I've ever seen windows explorer even do that. Granted, I've never been one for the iconic view so maybe 98 did that and I just forgot but XP wraps icons at the edge of your window and then gives you a vertical scroll bar if needed.
My assumption was that he meant if you have a detail list and your MP3s have really long file names that go outside your window. Then you would have both scroll bars and neither would be redundant. The same would apply to paint programs where the window you're working in is smaller than your image in both dimensions. I'm not sure that I would want one of these mice for that use but it may be handy in the right situation/application.
Oh, and not that it has anything to do with the parent post but every web page should be designed to eliminate the need for side scrolling if possible because that's just a pain in the ass.
"There is no salvage in Linux (yes idiot users will delete files they want to keep)"
Funny store about that from when I worked at our Help Desk..
Some lady called up all worried because she accidentaly deleted some new mail that she didn't want to delete. Her email program wasn't set up to move deleted messages to a trash folder or anything so they were indeed gone. However, I was able to get her new mail for that day back using salvage. Instead of being happy that I got her oh so important email back, she got mad because I also recovered some other new messages that she didn't want to be recovorable.
I always wondered why they were obsessed with earth in the first place. Surely there were some beings nearby which would take priority over a planet that's hundreds of years away.
informative?! I was going for funny!:)
I was thinking back to a place I worked at in college. I showed some coworkers how they could change their desktop settings and the next time I saw their computer, the buttons and fonts were so big I could read everything from the other side of the room.
Then when you would go back to display properties, everything was so damn big it wouldn't even fit on the screen so you couldn't click the 'Ok' button.
So your monthly electric bill was only $25? I don't remember mine ever being that low.. even when I lived in a 1 bedroom studio.
I agree with your point though. I don't know if mine is high enough to justify the cost of installing solar panels on my roof. Not to mention the repair cost when a pesky tree drops limbs on them.
"global warming just sucks"
it won't suck when I can sit on my porch in the midwest and look out to see a nice view of the beach.. at least not for me;)
" so if you miss the maximize button by one pixel, you close the window."
try this*..
1. right click on the desktop
2. click properties
3. click the appearance tab
4. under font size, select 'extra large fonts'
if you're still missing the button, well you can try setting your resolution to 640x480 but you probably have some serious hand-eye coordination problems:)
"and yet all of our developers (100%) run Windows at their desk; because it's fundamentally impossible (STILL) to run a business any other way. Not even the most linux-loving among us can practically use it for his desktop O/S."
What is it that you're developing? Windows applications in VB? I could see where that might be a little tricky on Linux.
"when a popular color runs out (usually red or blue), I'm forced to run to the drug store and but a whole 'nother set"
Sounds better than most ink jet printers to me. At least you don't have to run to the store and buy a new kid complete with his own box of half used crayons.:)
" If I wanted to, I could SSH log into it while at work, load a CD in the tray, burn it, and remove it all remotely. Of course, the CD would still be in my basement, so the exercise would be somewhat pointless!"
That's simple. Just build an add on that carries it up stairs, sticks it in an addressed envelope and drops it in the mail.:)
"Once the message is sent, the writer must wait for an automated response to the e-mail address listed, asking whether the addressee intended to send the message."
Maybe president@whitehouse.gov was just getting too much spam and they decided something needed to be done after GW lost too much money to that poor Nigerian widow.
You're absolutely right. I don't feel sorry for people that get mugged or raped either. If they have so little conviction that they won't put up a fight then they deserve it.
What's that? You don't agree with that part?
It hardly seems fair to place blame on a victim for taking the route that harms them the least.
" I have to stop writing as my parents are coming to tell them goodbye (I haven't told them yet as it was decided 5 minutes ago.)"
And you even told slashdot before your parents.. they must really feel loved.:)
If consumers have problems with megabytes, why not market an MP3 player as holding for instance an hour of music. Somewhere on the back or side of the packaging, it could have more detailed specs that list it as having 64mb.
Then their software can default to a bitrate of 128 (but could be changed by more technically inclined users) and convert any MP3s you drag into it to that bitrate.
Maybe there's already players that work like that. Mine doesn't but it's also kind of old and cheap.
Don't forget, back in the pre-internet days, if you got stuck in a game, you had to have friends to get tips from. Now I just hop on gamefaqs for my hints... Woohoo! I don't need friends any more.:)
"When television first starting being broadcast in the UK, there was no transmission perhaps an hour in the evening so that parents could put there children to bed."
Was this so the parents would stop watching tv or the kids?:)
The point of the parent post was that the majority of problems with drugs are caused by being illegal.
Unless you overdose.
The same could be said for alcohol but it's still legal.
Or are negligent becuase you're high or strung out (whilst driving, etc.)
See my first point about alcohol. Alcohol is still legal, driving while intoxicated is not. This also applies to several medications that reduce your alertness.
Or have to steal to feed your habit.
If drugs were legal, they wouldn't cost as much. This was one of the points of the parent post.
Or are blackmailed by someone who threatens to tell your boss about your coke addiction.
Again, if they were legal, this wouldn't be an issue.
Or get poisoned by a bad fix.
If they were legalized, there would be control/regulation to stop this.
Or catch HIV or another nasty illness from sharing a dirty needle with another addict.
This has more to do with a person's lifestyle. Are you going to make sex illegal because HIV is spread by people that sleep around and don't use protection?
Or are ripped off by your dealer.
Your dealer would go out of business because there would be honest dealers.
Or are hurt because you found yourself in the wrong place at the wrong time when you needed to get a fix badly.
Just pop into your local gas station and buy yourself some drugs.
Or lose your life, family, friends and material possessions because of your addiction.
See above, drugs would be more of affordable if they were legal. Furthermore, it's possible to become addicted to alcohol and lose these things but it's still legal
A Final thought:
Cigarettes are addictive and cause cancer, yet they're still legal.
I've never heard of cigarettes having any kind of medicinal value, however I have heard of marijuana having medicinal value. So why are cigarettes legal when marijuana isn't it?
" Maybe they should have a good read of the article about why games are good for you. Video games are good for your kids! (Oh, they're good for adults too....)"
I'm in agreement that games can be educational for kids but if they're imposing a curfew that kids can't play games between 10:00pm and 6:00am then they're probably playing way too much. Just like any other addiction, too much of a good thing isn't a better thing.
Granted, the curfew still sucks. I think it should be more up to the parents to take care of their kids. With a curfew, everyone is affected whether or not they had problems.
Slashdot Mirror
I've found what I would consider security issues in Banner's web products before. Stuff that if you pass the correct variables to it, will display information from the database without doing any kind of user validation. :)
To understand the issue, you have to know that it uses Oracle Application Server which basically lets you execute packages in the database. All of the main web packages do user validation but some of them call other packages to display the content of the page (which don't always do validation).
So, if you know what variables to pass to said packages, you can bypass their security. SCT told me that since those were only supporting packages, they were functioning properly and they wouldn't do anything to change them.
Granted, you have to have a pretty in depth knowledge of how their web products work but that's a good number of employees at any school using Banner. We have access to all of the package/program source so we can customize it for our university's needs.
Oh well, I've ranted about SCT enough.
What was funnier though was when I discovered that our database had execute any procedure granted to public, i.e. the web user. That essentialy opened up any database procedure to be executed by an anonymous user via the web. I think that one was our fault instead of SCT's and it was fourtunately taken care of fairly quickly.
I can't say that I've ever seen windows explorer even do that. Granted, I've never been one for the iconic view so maybe 98 did that and I just forgot but XP wraps icons at the edge of your window and then gives you a vertical scroll bar if needed.
My assumption was that he meant if you have a detail list and your MP3s have really long file names that go outside your window. Then you would have both scroll bars and neither would be redundant. The same would apply to paint programs where the window you're working in is smaller than your image in both dimensions. I'm not sure that I would want one of these mice for that use but it may be handy in the right situation/application.
Oh, and not that it has anything to do with the parent post but every web page should be designed to eliminate the need for side scrolling if possible because that's just a pain in the ass.
"There is no salvage in Linux (yes idiot users will delete files they want to keep)"
Funny store about that from when I worked at our Help Desk..
Some lady called up all worried because she accidentaly deleted some new mail that she didn't want to delete. Her email program wasn't set up to move deleted messages to a trash folder or anything so they were indeed gone. However, I was able to get her new mail for that day back using salvage. Instead of being happy that I got her oh so important email back, she got mad because I also recovered some other new messages that she didn't want to be recovorable.
good point, all of those tshirt submissions and not one captured the true essence of slashdot... the flame/troll posting AC.
I think what they really meant by 'to cheap/lazy' was that they're too lazy to check article submissions/dupes/etc. before posting them. :)
Kind of like most of my posts, but hey, mine don't show up on the front page.
I always wondered why they were obsessed with earth in the first place. Surely there were some beings nearby which would take priority over a planet that's hundreds of years away.
informative?! I was going for funny! :)
I was thinking back to a place I worked at in college. I showed some coworkers how they could change their desktop settings and the next time I saw their computer, the buttons and fonts were so big I could read everything from the other side of the room.
Then when you would go back to display properties, everything was so damn big it wouldn't even fit on the screen so you couldn't click the 'Ok' button.
So your monthly electric bill was only $25? I don't remember mine ever being that low.. even when I lived in a 1 bedroom studio.
I agree with your point though. I don't know if mine is high enough to justify the cost of installing solar panels on my roof. Not to mention the repair cost when a pesky tree drops limbs on them.
"global warming just sucks" ;)
it won't suck when I can sit on my porch in the midwest and look out to see a nice view of the beach.. at least not for me
" so if you miss the maximize button by one pixel, you close the window."
:)
try this*..
1. right click on the desktop
2. click properties
3. click the appearance tab
4. under font size, select 'extra large fonts'
if you're still missing the button, well you can try setting your resolution to 640x480 but you probably have some serious hand-eye coordination problems
* instructions for Windows XP
"and yet all of our developers (100%) run Windows at their desk; because it's fundamentally impossible (STILL) to run a business any other way. Not even the most linux-loving among us can practically use it for his desktop O/S."
What is it that you're developing? Windows applications in VB? I could see where that might be a little tricky on Linux.
"High-tech industry executives estimate that a new H-1B engineer will typically create demand for an additional 3 to 5 American workers."
:)
hrm, let's see..
1 person to toast the buns
1 person to cook the meat
1 person to assemble the sandwhich
1 person to take the order
yup, I guess that's 3-5 jobs
"when a popular color runs out (usually red or blue), I'm forced to run to the drug store and but a whole 'nother set" :)
Sounds better than most ink jet printers to me. At least you don't have to run to the store and buy a new kid complete with his own box of half used crayons.
" If I wanted to, I could SSH log into it while at work, load a CD in the tray, burn it, and remove it all remotely. Of course, the CD would still be in my basement, so the exercise would be somewhat pointless!" :)
That's simple. Just build an add on that carries it up stairs, sticks it in an addressed envelope and drops it in the mail.
"Once the message is sent, the writer must wait for an automated response to the e-mail address listed, asking whether the addressee intended to send the message."
Maybe president@whitehouse.gov was just getting too much spam and they decided something needed to be done after GW lost too much money to that poor Nigerian widow.
Or you'll be prosecuted as a terrorist for performing a DOS on their web form. :)
You're absolutely right. I don't feel sorry for people that get mugged or raped either. If they have so little conviction that they won't put up a fight then they deserve it.
What's that? You don't agree with that part?
It hardly seems fair to place blame on a victim for taking the route that harms them the least.
" I have to stop writing as my parents are coming to tell them goodbye (I haven't told them yet as it was decided 5 minutes ago.)" :)
And you even told slashdot before your parents.. they must really feel loved.
Just call it ++, no bloody C, D or E.
(that's a trek reference for anyone that doesn't catch it)
whew. At least I can still make a spring loaded gun to shoot people that enforce #1-6.
If consumers have problems with megabytes, why not market an MP3 player as holding for instance an hour of music. Somewhere on the back or side of the packaging, it could have more detailed specs that list it as having 64mb.
Then their software can default to a bitrate of 128 (but could be changed by more technically inclined users) and convert any MP3s you drag into it to that bitrate.
Maybe there's already players that work like that. Mine doesn't but it's also kind of old and cheap.
Don't forget, back in the pre-internet days, if you got stuck in a game, you had to have friends to get tips from. Now I just hop on gamefaqs for my hints... Woohoo! I don't need friends any more. :)
"When television first starting being broadcast in the UK, there was no transmission perhaps an hour in the evening so that parents could put there children to bed."
:)
Was this so the parents would stop watching tv or the kids?
The point of the parent post was that the majority of problems with drugs are caused by being illegal.
Unless you overdose.
The same could be said for alcohol but it's still legal.
Or are negligent becuase you're high or strung out (whilst driving, etc.)
See my first point about alcohol. Alcohol is still legal, driving while intoxicated is not. This also applies to several medications that reduce your alertness.
Or have to steal to feed your habit.
If drugs were legal, they wouldn't cost as much. This was one of the points of the parent post.
Or are blackmailed by someone who threatens to tell your boss about your coke addiction.
Again, if they were legal, this wouldn't be an issue.
Or get poisoned by a bad fix.
If they were legalized, there would be control/regulation to stop this.
Or catch HIV or another nasty illness from sharing a dirty needle with another addict.
This has more to do with a person's lifestyle. Are you going to make sex illegal because HIV is spread by people that sleep around and don't use protection?
Or are ripped off by your dealer.
Your dealer would go out of business because there would be honest dealers.
Or are hurt because you found yourself in the wrong place at the wrong time when you needed to get a fix badly.
Just pop into your local gas station and buy yourself some drugs.
Or lose your life, family, friends and material possessions because of your addiction.
See above, drugs would be more of affordable if they were legal. Furthermore, it's possible to become addicted to alcohol and lose these things but it's still legal
A Final thought:
Cigarettes are addictive and cause cancer, yet they're still legal.
I've never heard of cigarettes having any kind of medicinal value, however I have heard of marijuana having medicinal value. So why are cigarettes legal when marijuana isn't it?
" Maybe they should have a good read of the article about why games are good for you. Video games are good for your kids! (Oh, they're good for adults too....)"
I'm in agreement that games can be educational for kids but if they're imposing a curfew that kids can't play games between 10:00pm and 6:00am then they're probably playing way too much. Just like any other addiction, too much of a good thing isn't a better thing.
Granted, the curfew still sucks. I think it should be more up to the parents to take care of their kids. With a curfew, everyone is affected whether or not they had problems.