>> it's an indication of how most negotiated deals work
Not on Earth, anyway. Most sensible people go into negotiations with a list of things they absolutely must have and a list of things they'd like to have, and might even have a list of BS that they're willing to trade away or drop to get their "must haves" and "nice to haves" passed. What politicians' constituents want is some idea of which items are on which list before the final decision is made to they can influence the deal.
When politicians say things like "I was for it before I was against it", "we have to pass it before we know what's in it", or "nothing is decided until everything is decided" that really means, "I give zero fucks about this issue, but I'll vote for whatever deal comes out of here because I think most people at least want some lip service paid to this issue and I like my cushy job."
>> NASA...acknowledges that any successor space station or orbiting module will be far smaller than the $140 billion space station...message from NASA to the US industry is simple:...we have this marvelous facility available with unique capabilities, and we want you to use the heck out of it."
So...are you selling off taxpayers' $140B investment for pennies on the dollar or are you going to deorbit the existing spacestation and prod private industry to replace it when it's gone?
If you like "red alerts", get ready for the "the threat level is orange; the threat level has always been and will always be orange" 3.0: DHS just announced a new threat level alert system.
The Islamic Paris terrorists texted each other on a public network. One of the Islamic California terrorists pledged support to ISIS on Facebook.
If our national governments aren't bothering to watch the people who "like" ISIS's homepage or otherwise raise flags on themselves in public, why would we think any restrictions on encryption (that they won't watch either) would improve public safety?
>> above will allow you to take the user entered name and put it into a SQL query without fear of little Bobby Tables wrecking havoc with your systems
[FACEPALM/] That's not even "checking user input" (i.e., making sure the user submitted an expected response) - that's "mindless scrubbing of a single naughty character."
Please send me a couple of the URLs where your apps live and I'll just go get the rest of I want from there.
If this was from a dynamic scanning company, I would have suspected these results would occurred because that code often run in environments often configured to show web users raw error output, such as "your database call failed - here's what I tried so you can tune your SQL injection attempt appropriately."
[rant] In general, I've found that the utility of "dynamic" (or pentesting) web scanners has dropped precipitously lately as web apps have pushed their presentation out to Javascript apps (making it easier to probe a finite set of web services with standard testing and fuzzing tools) and almost all new environments are set to display terse "got error - now fuck off" messages to end users (if not just a redirect back to the app's home page) if a probe generates an error (that would have generated useful output 10 years ago). [/rant]
>> Ignoring the first two
This is a horrible assumption to make. I remember I looked at bringing Veracode in house specifically because I had a multi-million line legacy web app written in "classic ASP" that powered several hundred million dollars of annual purchases.
>> What are the most likely objections that a hosting provider might have to enabling this?
I know one of mine (HostGator) threw a fit (charged me for installation) when I got my X.509 server cert from another provider.
I suspect many of them were looking forward to the brave new world of "HTTPS by default" as a big money-maker and aren't too pleased with the fact that the consumer's price for certs has already been driven down to $0.
Slashdot Mirror
>> has become a gun show
So...only "small arm", non-automated hacks are for sale then?
>> how Apple conducts market research
I thought Apple didn't conduct market research. http://appleinsider.com/articl...
>> it's an indication of how most negotiated deals work
Not on Earth, anyway. Most sensible people go into negotiations with a list of things they absolutely must have and a list of things they'd like to have, and might even have a list of BS that they're willing to trade away or drop to get their "must haves" and "nice to haves" passed. What politicians' constituents want is some idea of which items are on which list before the final decision is made to they can influence the deal.
When politicians say things like "I was for it before I was against it", "we have to pass it before we know what's in it", or "nothing is decided until everything is decided" that really means, "I give zero fucks about this issue, but I'll vote for whatever deal comes out of here because I think most people at least want some lip service paid to this issue and I like my cushy job."
>> NASA...acknowledges that any successor space station or orbiting module will be far smaller than the $140 billion space station...message from NASA to the US industry is simple: ...we have this marvelous facility available with unique capabilities, and we want you to use the heck out of it."
So...are you selling off taxpayers' $140B investment for pennies on the dollar or are you going to deorbit the existing spacestation and prod private industry to replace it when it's gone?
If you like "red alerts", get ready for the "the threat level is orange; the threat level has always been and will always be orange" 3.0: DHS just announced a new threat level alert system.
http://www.nbcnews.com/news/us...
>> Is it just my observation, or are there way too many stupid people in the world?
If you start every morning staring at yourself in the mirror like that, you may want to consult a therapist.
>> the Obama administration has in the past indicated that it wants to ratify the treaty, although that won't happen with this Senate.
I call BS. Obama had the votes to do what he wanted in the Senate early in his term, and he didn't bother to ratify it.
...or London in 1952?
http://history1900s.about.com/...
"Red Alert"...commies...heh!
NOW can we put the "Bill as Borg" icon back for Microsoft, Dice?
>> a runtime that runs 100% the same on all platforms
(spits out milk through nose)
>> TDD test cases and toss them over the fence ...makes those test cases pass without much understanding of what the original problem was
As designed. That's how TDD breaks up work...
>> Did you not read the article you linked to?
You must be new here. :)
I believe the US rejected the comprehensive treaty: the president signed it in 1996 but the Senate rejected it in 1999. Therefore, rejected?
http://www.history.com/topics/...
>> a guy got backstage at a Grateful Dead concert by doing a "Pizza for Jerry Garcia" bit. (It helped that he had a couple pizzas.)
It also helped that stoners are known to get the munchies. Nixon, not so much.
The Islamic Paris terrorists texted each other on a public network. One of the Islamic California terrorists pledged support to ISIS on Facebook.
If our national governments aren't bothering to watch the people who "like" ISIS's homepage or otherwise raise flags on themselves in public, why would we think any restrictions on encryption (that they won't watch either) would improve public safety?
>> Laurence Tubiana, the French envoy for the talks, said: "Nothing is decided until everything is decided."
Hmmm...where have we heard that before?
>> VR Patriots Experience Puts You In the Pocket With Brady
But what if I don't want to throw a 100-yard pick six against a shitty team from Philly?
>> Canada's communter train service
But do they have anything for commuters?
>> above will allow you to take the user entered name and put it into a SQL query without fear of little Bobby Tables wrecking havoc with your systems
[FACEPALM/] That's not even "checking user input" (i.e., making sure the user submitted an expected response) - that's "mindless scrubbing of a single naughty character."
Please send me a couple of the URLs where your apps live and I'll just go get the rest of I want from there.
>> I'd love to port these (classic ASP apps) to PHP or some other language...all new applications are to be written in Cold Fusion
Why not port to ASP.NET? I've done that conversion dozens of times now. And what kind of hell are you living in that Cold Fusion is even on table?
>> ColdFusion always smelled
Let me stop you right there. No, seriously, that pretty much sums it up.
>> we might wind up inheriting the bird (if it doesn't go to my wife's brother) and could even wind up passing it down to my kids
Or you could have near-chicken for dinner one night and save yourself decades of annoying chirping.
If this was from a dynamic scanning company, I would have suspected these results would occurred because that code often run in environments often configured to show web users raw error output, such as "your database call failed - here's what I tried so you can tune your SQL injection attempt appropriately."
[rant] In general, I've found that the utility of "dynamic" (or pentesting) web scanners has dropped precipitously lately as web apps have pushed their presentation out to Javascript apps (making it easier to probe a finite set of web services with standard testing and fuzzing tools) and almost all new environments are set to display terse "got error - now fuck off" messages to end users (if not just a redirect back to the app's home page) if a probe generates an error (that would have generated useful output 10 years ago). [/rant]
>> Ignoring the first two
This is a horrible assumption to make. I remember I looked at bringing Veracode in house specifically because I had a multi-million line legacy web app written in "classic ASP" that powered several hundred million dollars of annual purchases.
>> What are the most likely objections that a hosting provider might have to enabling this?
I know one of mine (HostGator) threw a fit (charged me for installation) when I got my X.509 server cert from another provider.
I suspect many of them were looking forward to the brave new world of "HTTPS by default" as a big money-maker and aren't too pleased with the fact that the consumer's price for certs has already been driven down to $0.