I think you're talking at cross-purposes. The relative costs of different goods is different in different places.
The other poster used the phrase "real ales", which is a strong indication he's probably located in Britain. If you need an additional hint, he implied that Vista is an import good, which almost certainly means he's *not* located in the US.
In the US, almost all beer is national-brand stuff, brewed in a small number of locations, bottled, and transported hundreds or even thousands of miles. I am given to understand (though I've not been there personally) that in Britain you can walk into almost any pub and buy stuff that's actually brewed locally.
So I'm kind of guessing here, but the considerations may be slightly different where you live versus where he lives.
Not weird enough, and not really redundant enough either, for a B-movie title.
I suggest Attack of the Mutant Killer Space Lawyers!
Dialup is plenty fast enough, if you use it right.
on
Dealing With Dialup
·
· Score: 1
You do have to slightly adjust your usage patterns, but it's not a very big deal. Some general tips:
* Learn to use a downloading tool that knows how to automatically retry and resume where it left off whenever the connection has to be redialed in the middle of a download. If you're comfortable with the command line, wget is awesome (I once used it to download a three-CD set of ISOs for a Linux distro over a shared 33.6 dialup connection; it took a few days but it worked), but if not, I'm sure there are more GUI-oriented downloading utilities available. Get one that does automatic retry/resume, and use it for all downloads of any significant size.
* Get an offline mail reader, such as Pegasus Mail. Forget about the text-based criterion (for email, that really doesn't have any significant impact on bandwidth requirements) and worry about getting one that is designed under the assumption that the incoming mail is transferred one time from a POP3 server to your PC and then stored locally forever, and the outgoing mail is queued up and sent in a batch later. Dialup, even 28.8, is orders of magnitude more bandwidth than you need for sending and receiving email, but you don't want to have to start over if the connection drops while you're reading or composing, so a mailreader that wants to read directly out of a mail spool (like a lot of older Unix-oriented text-based ones) is highly undesirable. IMAP is right out. Don't even think about webmail.
* Learn to use tabbed browsing as a queue. You don't left-click links. You middle-click them, which appends them to the end of the queue (i.e., opens them in a new tab at the end of the tab list, where they start loading). Then you go on as you were, reading the page you're currently looking at. When you're done reading the current page, you close the tab, and the next tab to the right becomes current automatically. First In, First Out (i.e., the first one that loaded is the first one you read, then the next, and so on). This system takes a little bit of getting used to, but once you become accustomed to it it actually works very very well.
* Learn to use bookmark keywords for reference situations. The traditional workflow for looking up a word on dictionary.com (just an example) is to open a new window or tab, click the bookmark, *wait for the page to load*, type the word you want to look up, *wait for the page to load again*, and read the definition. You can cut your waiting in half, i.e., only wait for one page to load once, by using a bookmark keyword. Even better, if you hit Ctrl-tab once after starting it, you don't have to do nothing while you wait: you've just appended that page to your queue (see previous tip) and gone back to the first page in the queue, which you can continue reading while you wait.
* If you don't already have the FlashBlock extension, you need it. (Either that or just don't install the Flash plugin in the first place.)
* If you read usenet, you need an offline newsreader.
* Grow a backbone and learn to say "no" and make it stick when people tell you you just *have* to see this hilarious thing they found on YouTube (which in fact is not actually funny at all just stupid).
* Grow a backbone and learn to say "no" and make it stick when people want you to try out this great new social networking service that tells your friends whenever you're online, sign up for an "instant messaging" account, or cetera. Give them your email address, your postal address, and your phone number. If they actually want to get ahold of you, they'll be willing to use one of those methods to do it. You ABSOLUTELY do not want instant messaging software installed, because it consumes bandwidth all the time, even when you're not actively using it, and on narrow pipes that can cause real problems. If your operating system comes with instant messaging software out of the box, disable or uninstall it.
> > explicitly mentioning your competitor usually does them more good than it does you.
> No, it actually lets a small company ride the success of the bigger company. > THAT is the biggest reason why a "smaller" brand compares itself to a bigger one. > If I say "Dr. Bob soda tastes like Dr. Pepper, but costs less", then I am riding > the success and good will of the Dr. Pepper brand, using comparative advertising, > in a perfectly legal way.
That only really benefits you if you're a *WHOLE LOT* smaller, so much smaller that you don't care that the larger company gets more sales out of your advertising than you do. Once you get large enough to be an actual viable competitor, you're much better off with positive advertising of your own product.
The reason for this is simple: the majority of consumers don't want an imitation when they can get the real thing.
If you look at companies that make substantial use of comparison advertising and actually name their competitors, you will find consistently that they DO NOT overtake said competitors in market share while running that kind of campaign.
And yes, I know Apple has done it for decades. Where has it got them? 3% market share, that's where, which is not much more than they had two decades ago. (Granted, there are other factors holding them back, and it's 3% of a bigger total market now. Still.)
Pepsi tried it for a while in the 80s and abandoned it, because it wasn't getting them where they wanted to be. They haven't overtaken (or really even approached) Coke in cola sales, but their Mountain Dew brand has dominated the citrus-pop market, shoving former leaders 7-up and Sprite (which is a Coca-Cola brand) into the background. They didn't get there by saying "Mountain Dew is better than 7-up and Sprite". They got there by saying things like "Do the Dew", portraying the high caffeine content as a positive and even exciting feature.
Wendy's also tried comparison advertising for a while (Where's the Beef) but only after they had turned from that path to embrace more effective forms of advertising did they overtake Burger King (which, I might add, was actively using comparison advertising at the time when they were overtaken).
Taco Bell was stagnant when they advertised themselves as better than and/or different from burger joints, but when they dropped that and switched to price (59, 79, 99) and theme (e.g., Extreme Summer) advertising, then they really started to take off. (They didn't overtake McDonald's, but they did overtake Burger King at one point, something they could never have done while running the anti-burger adverts.)
Church's Fried Chicken ran a campaign in the eighties explaining how much better they were than KFC. KFC (already the market leader in fried chicken) gained market share, and today nobody under the age of 25 has heard of Church's. I don't think they even *do* national advertising any more.
John Kerry in 2004 ran a campaign for U.S. President on a comparison basis, advertising that he would be a better president than the incumbent. (I specifically remember the comment, right after he chose his running mate, "We have better ideas, better vision, a better sense of the difficulties in the lives of average Americans.... And we have better hair.") No candidate has ever won the Presidency on a campaign like that, and Kerry won't receive a major-party nomination again. I doubt if his running mate will either.
I could go on, but if you pay attention you can find the examples yourself. Just look for companies that do comparison advertising, watch for a couple of years, and see where it gets them compared to the competitor they advertised against.
> > product is 10% better than "the other leading brand" > > There's a reason for this. It's called marketing bullshit. > If you say "we are 10% better than XYZ" someone can do their > own tests to show that you are lying.
"10% better" is too vague to objectively disprove in any meaningful way. But there's another, more significant reason: explicitly mentioning your competitor usually does them more good than it does you. When Burger King says that their Big King sandwich is "Like a Big Mac, except it's bigger and tastes better", sales of Big Macs at McDonald's increase by a couple hundred percent (short term). BK would be better off to describe how apetizing the Big King is, show a couple of glamour shots of people biting into them, and maybe say that it's "bigger than other burgers" or something like that. Mentioning the Big Mac is a mistake, because it makes people want one.
This is _especially_ true if your competitor is already more popular than you are (as, for instance, McDonald's is an easy order of magnitude more popular than Burger King, at least partly because their advertising has historically been rather a lot better).
Did you know that the headquarters and main office for First Federal Bank is in Galion, Ohio, less than half a dozen blocks from my house? Yeah, and there are all of nine additional locations (counting the drive-through-only location six blocks the other direction from my house, loan-office-only locations, and everything), all within a sixty-mile radius, so if you've seen a First Federal bank anywhere else, it's obviously an imposter.
> "Diesel" is a pretty common word but uncommon when applies to bookstores.
That's because "Diesel" is used almost exclusively to refer to engines. It's hardly used for anything else at all. Using it for a business that has nothing to do with mechanics, engines, or electricity is fairly novel.
"Orion", on the other hand, while it has a special meaning in astronomy, is much more widely used *outside* the field of astronomy than inside. The word has become very _general_ in the English language and is widely used for a lot of different stuff. Just a quick run through the first two pages of Google results reveal that Orion is a nature magazine, audio electronics, server software, music software, high-performance car parts, plumbing, safety products (flares and first-aid kits and whatnot), something to do with Metallica, a military transition and placement firm, a township in Michigan, and a news website,... and I can't really tell what kind of "solutions" orion.com is selling, but that doesn't seem to have anything to do with astronomy, either. (Could be software, but from just looking at their website I'm not really sure.)
You'll notice there were definitely fields of endeavor represented more than once in that list, software and music being the most obvious. The word is so common and so generic, it probably shouldn't be eligible by itself for trademark protection. (As part of a phrase, perhaps.)
It's almost like calling your business Alpha Corporation or Beta Enterprises. Even if you're not doing typesetting or other work related to writing systems, it's still not even vaguely unique. Terrible, terrible name for a business, but way too common to be legitimately trademarkable.
The thing is, that's not the whole United States. It's pretty much just a few neighborhoods, really, most of them in southern California (which is *technically* a part of the US but culturally a completely alien universe).
Where I live in Ohio, we don't lock the house, because it would be too much of a bother to have to carry a house key around all the time. (I'm not saying nobody locks their house. Some people do, sure. But at my house we don't.)
Guns? People who go hunting usually use those (though there is also bow hunting).
> Fortunately for me, I'm also probably borderline in some personality disorder > or another and dislike the physical company of other people 99% of the time.
I think I at least somewhat understand where you're coming from there, though 99% would be an exaggeration in my case. 80-85% would be closer.
I work five hours a day, almost all of that surrounded by co-workers, and by the end of a workweek I feel like I've been laundered in my grandmother's wringer washer. I'm not tired of doing my job, really, at least not in terms of the actual stuff I get paid to accomplish -- in fact sometimes I do work-like stuff at home on the weekend and enjoy it -- I just get tired of being around people. Tired of hearing people talk. Tired of having my thoughts interrupted every five minutes for no good reason. Tired of hearing people chitchat about stuff that doesn't matter. Tired of seeing people, and being seen by people. Tired of not being able to think out loud without someone overhearing. Tired of being around people.
But if you give me a few days to recover, I do actually get to the point where I'm ready to be around people again, for a little while. Like I said, I guess I like to be physically alone (preferably, the only person in the building) about 80-85% of the time, if I can get it.
But 99%, that sounds really extreme. Are you sure that's not an exaggeration, brought on by your frustration with not getting the solitude you do need? Because, 99%, wow, that's, like, a hermit-grade need for solitude.
> Just putting myself, a computer nerd/software engineer, in the place of the math nerds, I don't think I > would want to go to a party that's math themed. Parties are like miniature breaks from what we do normally.
Clearly you are not a math nerd.
Yeah, math majors do take breaks from math. (I think those are usually called "gen ed classes".)
But not to go to the kind of event that a non-math-major calls a "normal party". Math nerds *hate* normal parties. You start talking about beer and loud music, and we start making plans to be busy doing something else, so we really wouldn't have time to come, please accept our apologies. If somehow we fail to avoid getting dragged to a normal party, we make a study of finding the most unobtrusive place to sit (or stand) around and quietly wait for a chance to escape.
This is not to say that math nerds don't have fun. We do. But it has to be at least a little bit intellectually challenging. Otherwise it's mind-numbingly boring.
Note that I'm talking here about pure/theoretical math majors, not math-ed majors, and *certainly* not most applied-math fields (e.g., accounting). Math-ed majors for the most part are basically education majors, with math as a sort of side interest. Accounting is basically business-department stuff, people who are more interested in making money than understanding group theory -- not math nerds, in other words.
I'm not saying the party has to be math-themed. There are other possibilities. But if it's going to be fun for math majors, it definitely needs to be somewhat different from the kind of party you would plan for "normal" people.
Heh. I majored in math, and I have to say, I'd pretty much rather have an unnecessary root canal performed on me by an inebriated dental-school student, and pay most of two weeks' wages out of pocket for the privilege, than attend the kind of party most college students would plan.
However, there are ways to get a group of people together and actually have a good time. Some key points:
1. Avoid calling it a "party". That sets the wrong expectations. Call it a "game night" or something. 2. Have some group games available that are actually fun to play and require at least a little intelligence (e.g., Taboo, Beyond Balderdash, that sort of thing). Have a variety of them, and make sure there are enough people coming that you can get two different ones going at the same time, because there'll always be somebody who's really not into the game somebody else really feels the need to play. It's generally also a good idea to have a couple of chess sets available. Maybe they won't get used, but having them around is a good precaution. 3. Don't just not provide alcohol: prohibit it. It only takes one drunk person to ruin _everybody's_ time. Tell the frat boys to go have their own party at a bar someplace and leave you out of it. 4. Do have food. It doesn't have to be fancy. You can get away with just pizza and pretzels and pop, although some good snacks (like popcorn with a peanut butter and honey and karo syrup mixture drizzled over it, or homemade cookies) won't go amiss. Even if you want to get fancy, still stick with foods that can be eaten conveniently without silverware, e.g., eggrolls. Sitting down to a formal meal is not fun. 5. Don't over-organize. Have some prepared activities available, and make sure everybody knows they're available, but don't push an agenda. The ultimate fun exterminator is something along the lines of "Hey, it's 6:59, so we've got one minute to finish this up so we can start the next activity on time!" If people are enjoying themselves, let them keep doing so. If things come to a lull and people start looking bored, that's when you whip out a planned activity. 6. You can decorate if you want, but it doesn't actually make the event more fun, so I wouldn't bother.
Fine, you trust your users, but do you trust every website your users ever visit, and every email message they receive, not to contain malicious links? Is port 80 closed at the firewall so that your ASP site cannot be accessed from the outside world? Trusting your users is one thing. Trusting anything that ever sends a request to your web server is something else altogether.
> MySQL+PHP being two pillars (and the last half) of LAMP
Not exclusively. So PHP is only one of several possibilities for the language pillar of LAMP. If anything the P was originally Perl. Later it got extended to be Perl/Python/PHP.
Personally, I rather like expanding LAMP to Linux + Apache + mod_perl + Postgres. YMMV.
But honestly Apache is really the key piece. I'm willing to work with a different RDBMS, and maybe even a different language (though I do really _like_ Perl, and am not sure what I'd do without the CPAN), and I have no problem working with a different kernel (such as an OpenBSD kernel perhaps), but I really don't want jack diddly squat to do with IIS. Apache is just so good, why would anyone ever work with anything else in its place? You really have to be drinking the Redmond Kool-Aid by the quart to want to work with IIS.
Actually, this particular attack is targetted toward sites that make heavy use of ASP -- which is VERY strongly associated with IIS.
That doesn't mean that SQL injection attacks in general are only ever a problem on ASP or IIS. They're not, of course. You can (absolutely SHOULD NOT EVER, but can) interpolate or concatenate user-supplied data directly into SQL, without validation or metacharacter escaping or parameter binding, in any language, on any platform, and you can target the payload SQL for any RDBMS, or with some care possibly even for multiple different ones.
But this particular attack does specifically target sites implemented in ASP, and it makes use of TSQL for its payload.
> IIS has no part in resisting SQL injection attacks - it passes data to the application > underneath and that app is responsible for properly escaping it before talking to the database
Almost. The app is responsible, but the actual app code itself shouldn't have to manually do the escaping, because the database interface library it's using should be doing that automatically whenever parameters are bound. (The app does have to be responsible to pass user-supplied data as bound arguments, though, rather than interpolating it directly into the SQL.)
> *if* you're going to graft user data into SQL commands. And you shouldn't be
No, you shouldn't be. User data should be passed to the database interface as bound variables.
> And you shouldn't be - you should really be coding against stored procedures
No, you should be using an abstraction layer library. You shouldn't need to have any SQL, *including* stored procedure calls, embedded directly in the main code of the application itself. All of that should be in the abstraction layer library. (The abstraction layer may be prefab, like an ORM, or it may be a specifically crafted custom abstraction layer designed to meet the particular needs of the application. But it should be isolated from the rest of the application code so that the database guys can review it and maintain it without having to troll through all the application code, and also so that non-database programmers maintaining the bulk of the application codebase don't have to mess with it in detail.)
As for stored procedures, they are overused. The most common thing I've seen them used for is to embed application logic in the database, which is an inherently bad idea and harms maintainability severely. I'm not saying they can't ever have a valid use, but they *certainly* should not be used as a panacea for all database access. That's just wrong in so many ways I don't know where to start.
> In 2008... why is it really so easy to put a damned single or double quote into a SQL form and then > make it possible to execute your malicious code on that server? Shouldn't disabling this be a > fundamental security rule for databases?
The database can't tell if the application is sending the quote mark (or whatever) on purpose, or because someone has subverted it. The application needs to vette any SQL it is sending to the database, to make sure that it is what it intends to send.
I don't know very much ASP, so I'm going to use a language I do know, Perl, as the example for my explanation. There are approximately four ways to handle doing database stuff in Perl. Three of these are fairly easy to make safe, but the way that seems easiest to new programmers who have never done database stuff before is inherently bug-prone and dangerous. (Note that "safe" in this context does not mean nothing can ever go wrong. It means that data containing special characters like quote marks and stuff do not cause breakage.)
One of the safe ways is to use an abstraction layer library that is determined to be safe (probably because behind the scenes it uses parameter binding, discussed below). ORMs (Object Relational Mappers) are the predominant type of abstraction layer for this. Class::DBI is probably the most popular one in Perl circles, but there are others. (Note: I have not personally checked that Class::DBI is safe. Assuming that it _is_ safe, then code that uses it is also safe. If I were actively using it, I would of course actually check its safeness.)
A related way is to sort of roll your own abstraction layer, and make sure that it is safe (probably by having it use parameter binding, discussed below). This is what I generally do. (I experimented with Class::DBI and found that my code was actually less maintainable, so I've gone back to a hand-rolled abstraction layer. The one I use is functional rather than object-oriented, but I think the real reason it makes my code more maintainable is because its capabilities are a better match for my typical usage scenarios.)
The most fundamental way to be safe is to use binding parameters. This is the part where my explanation is going to get fairly Perl-specific.
Assuming you are using DBI and that $db is your database handle, the first thing a database-newbie generally does is along these lines: my $query = $db->prepare("INSERT INTO MYTABLE VALUES ($valueA, $valueB, $valueC)"); # Unsafe! $query->execute(); # This is highly bug-prone. Don't ever do it this way.
The reason that's unsafe is simple: because the values are interpolated directly into the string that you send to DBI (the basic database interface in Perl), DBI has no way tell whether special characters like quote marks are there on purpose because they are part of your code, or whether they got interpolated along with the rest of a variable that came from user input.
But the safe way is to use binding parameters, which looks something like this: my $query = $db->prepare('INSERT INTO MYTABLE (FIELDA, FIELDB, FIELDC) VALUES (?, ?, ?)'); $query->execute($valueA, $valueB, $valueC);
Note that the values are *not* directly interpolated into the SQL. They are passed to the database interface library (DBI) separately and are treated as data only, not as SQL. If they contain characters that are special to SQL, those characters are still treated as data only. (In the case of the query above, for instance, if $valueA contains a single quote mark, then a value containing a single quote mark will be inserted into FIELDA in the new record you are inserting into MYTABLE.)
I don't happen to know what mechanism ASP provides, but if it provides something similar to this and the programmers aren't using it, then what you've got is very sloppy programmers.
It is also *possible*, of course, to handle this issue correctly even if the language and database interface you are using don't provide such a mechanism.
> They put out the tools (Visual Studio) and application development platform > (SQL server, IIS, ASP, etc) that developers could easily build solutions with.
You're not fooling me. I've seen some of those tools. IIS is two orders of magnitude more of a pain to administer than Apache. Visual Studio's interface is... unusably horrible. ASP reminds me an aweful lot of PHP: it's very easy to slap together a page that mostly works, but maintaining all the code that runs an entire site is an absolute nightmare.
SQL Server is pretty decent to work with, once you get used to it, with a couple of fairly severe caveats, the worst being that you can't do a case-sensitive search or comparison in TSQL even optionally. For some very common kinds of data that effectively means you either have to pull all the records into your application and do your search/test in application code, which isn't exactly good for performance, or use a third-party library like xp_pcre.
Granted, you probably have to install xp_pcre or something an aweful lot like it anyway, because SQL Server also doesn't have regular expression support out of the box. What the heck kind of software for developers doesn't have regular expression support these days? I can see not having that in Word, because, you know, it's meant for end users. But no regular expression support in something as inherently technical as a database engine? Seriously? So, yeah, pretty much you have to install a third-party regex library if you're going to use SQL Server for much.
But apart from those issues, SQL Server is really not all that bad. (I'm assuming here that you're putting it behind a firewall, but that's frankly a good idea for any database, and for any Windows system for that matter, so it's not really a requirement specific to SQL Server.)
> The LAMP stack and associated technologies are catching up but Microsoft > has a huge head start.
Head start? You're out of your chair. IIS has a very long way to go to even begin to catch up with Apache, just for instance. And Visual Studio is categorically the worst IDE I have ever laid eyes on.
Unless you're talking about a head start in _mindshare_ among ISVs. In which case, yeah, they do have that. In spades.
> community college and graduate level training/education programs
I suppose that could be a contributing factor, but then that just raises the question "How does MS get and maintain that kind of mindshare in education circles?"
Yeah. A lot of the independent software vendors who develop line-of-business software (in the "let us know you're interested and we'll assign a sales team to come out and demo it for you and an implementation manager to put together a proposal" price range) are highly enamored of Microsoft. A have not quite got a handle on *why* they like Microsoft so much, but a lot of them really really do.
And they don't just build their products around the Windows API, either. It goes much deeper than that. They build them to embed SQL Server and rely heavily on thousands of TSQL stored procedures and use MSMQ for IPC and ASPX for anything with a web interface and so on and so forth. Any Microsoft technology they can get their hands on, they embed it in their product. On purpose. And they apparently *like* it.
I don't know how Microsoft has achieved this kind of deep mindshare among ISVs. I just know that they have it.
Slashdot Mirror
I think you're talking at cross-purposes. The relative costs of different goods is different in different places.
The other poster used the phrase "real ales", which is a strong indication he's probably located in Britain. If you need an additional hint, he implied that Vista is an import good, which almost certainly means he's *not* located in the US.
In the US, almost all beer is national-brand stuff, brewed in a small number of locations, bottled, and transported hundreds or even thousands of miles. I am given to understand (though I've not been there personally) that in Britain you can walk into almost any pub and buy stuff that's actually brewed locally.
So I'm kind of guessing here, but the considerations may be slightly different where you live versus where he lives.
> Just had a scary thought: Shatner. [shivers]
William Shatner costars with Adam Sandler and Lindsay Lohan.
HTH.HAND.
> Youtube-dl, using the -s option will give you a video URL you can download with wget.
Yes, but by the time you have the whole thing downloaded three hours later, they will have sent you links to six more of the blasted things.
You have to just learn to say no. They're never actually funny anyway.
> Attack of the space-lawyers!
Not weird enough, and not really redundant enough either, for a B-movie title.
I suggest Attack of the Mutant Killer Space Lawyers!
You do have to slightly adjust your usage patterns, but it's not a very big deal. Some general tips:
* Learn to use a downloading tool that knows how to automatically retry and resume where it left off whenever the connection has to be redialed in the middle of a download. If you're comfortable with the command line, wget is awesome (I once used it to download a three-CD set of ISOs for a Linux distro over a shared 33.6 dialup connection; it took a few days but it worked), but if not, I'm sure there are more GUI-oriented downloading utilities available. Get one that does automatic retry/resume, and use it for all downloads of any significant size.
* Get an offline mail reader, such as Pegasus Mail. Forget about the text-based criterion (for email, that really doesn't have any significant impact on bandwidth requirements) and worry about getting one that is designed under the assumption that the incoming mail is transferred one time from a POP3 server to your PC and then stored locally forever, and the outgoing mail is queued up and sent in a batch later. Dialup, even 28.8, is orders of magnitude more bandwidth than you need for sending and receiving email, but you don't want to have to start over if the connection drops while you're reading or composing, so a mailreader that wants to read directly out of a mail spool (like a lot of older Unix-oriented text-based ones) is highly undesirable. IMAP is right out. Don't even think about webmail.
* Learn to use tabbed browsing as a queue. You don't left-click links. You middle-click them, which appends them to the end of the queue (i.e., opens them in a new tab at the end of the tab list, where they start loading). Then you go on as you were, reading the page you're currently looking at. When you're done reading the current page, you close the tab, and the next tab to the right becomes current automatically. First In, First Out (i.e., the first one that loaded is the first one you read, then the next, and so on). This system takes a little bit of getting used to, but once you become accustomed to it it actually works very very well.
* Learn to use bookmark keywords for reference situations. The traditional workflow for looking up a word on dictionary.com (just an example) is to open a new window or tab, click the bookmark, *wait for the page to load*, type the word you want to look up, *wait for the page to load again*, and read the definition. You can cut your waiting in half, i.e., only wait for one page to load once, by using a bookmark keyword. Even better, if you hit Ctrl-tab once after starting it, you don't have to do nothing while you wait: you've just appended that page to your queue (see previous tip) and gone back to the first page in the queue, which you can continue reading while you wait.
* If you don't already have the FlashBlock extension, you need it. (Either that or just don't install the Flash plugin in the first place.)
* If you read usenet, you need an offline newsreader.
* Grow a backbone and learn to say "no" and make it stick when people tell you you just *have* to see this hilarious thing they found on YouTube (which in fact is not actually funny at all just stupid).
* Grow a backbone and learn to say "no" and make it stick when people want you to try out this great new social networking service that tells your friends whenever you're online, sign up for an "instant messaging" account, or cetera. Give them your email address, your postal address, and your phone number. If they actually want to get ahold of you, they'll be willing to use one of those methods to do it. You ABSOLUTELY do not want instant messaging software installed, because it consumes bandwidth all the time, even when you're not actively using it, and on narrow pipes that can cause real problems. If your operating system comes with instant messaging software out of the box, disable or uninstall it.
> Just remember that the ONLY way to ensure data cannot be recovered on a HD
> is to raise the drive temp past the Curie Point for the magnetics
Actually, I'm pretty sure grinding the whole thing to the fine consistency of talcum powder works also.
> why can't i buy platypus cheese?
It wouldn't be safe to eat. Platypus milk is from Australia, so of course it's poisonous.
> > explicitly mentioning your competitor usually does them more good than it does you.
> No, it actually lets a small company ride the success of the bigger company.
> THAT is the biggest reason why a "smaller" brand compares itself to a bigger one.
> If I say "Dr. Bob soda tastes like Dr. Pepper, but costs less", then I am riding
> the success and good will of the Dr. Pepper brand, using comparative advertising,
> in a perfectly legal way.
That only really benefits you if you're a *WHOLE LOT* smaller, so much smaller that you don't care that the larger company gets more sales out of your advertising than you do. Once you get large enough to be an actual viable competitor, you're much better off with positive advertising of your own product.
The reason for this is simple: the majority of consumers don't want an imitation when they can get the real thing.
If you look at companies that make substantial use of comparison advertising and actually name their competitors, you will find consistently that they DO NOT overtake said competitors in market share while running that kind of campaign.
And yes, I know Apple has done it for decades. Where has it got them? 3% market share, that's where, which is not much more than they had two decades ago. (Granted, there are other factors holding them back, and it's 3% of a bigger total market now. Still.)
Pepsi tried it for a while in the 80s and abandoned it, because it wasn't getting them where they wanted to be. They haven't overtaken (or really even approached) Coke in cola sales, but their Mountain Dew brand has dominated the citrus-pop market, shoving former leaders 7-up and Sprite (which is a Coca-Cola brand) into the background. They didn't get there by saying "Mountain Dew is better than 7-up and Sprite". They got there by saying things like "Do the Dew", portraying the high caffeine content as a positive and even exciting feature.
Wendy's also tried comparison advertising for a while (Where's the Beef) but only after they had turned from that path to embrace more effective forms of advertising did they overtake Burger King (which, I might add, was actively using comparison advertising at the time when they were overtaken).
Taco Bell was stagnant when they advertised themselves as better than and/or different from burger joints, but when they dropped that and switched to price (59, 79, 99) and theme (e.g., Extreme Summer) advertising, then they really started to take off. (They didn't overtake McDonald's, but they did overtake Burger King at one point, something they could never have done while running the anti-burger adverts.)
Church's Fried Chicken ran a campaign in the eighties explaining how much better they were than KFC. KFC (already the market leader in fried chicken) gained market share, and today nobody under the age of 25 has heard of Church's. I don't think they even *do* national advertising any more.
John Kerry in 2004 ran a campaign for U.S. President on a comparison basis, advertising that he would be a better president than the incumbent. (I specifically remember the comment, right after he chose his running mate, "We have better ideas, better vision, a better sense of the difficulties in the lives of average Americans.... And we have better hair.") No candidate has ever won the Presidency on a campaign like that, and Kerry won't receive a major-party nomination again. I doubt if his running mate will either.
I could go on, but if you pay attention you can find the examples yourself. Just look for companies that do comparison advertising, watch for a couple of years, and see where it gets them compared to the competitor they advertised against.
> > product is 10% better than "the other leading brand"
>
> There's a reason for this. It's called marketing bullshit.
> If you say "we are 10% better than XYZ" someone can do their
> own tests to show that you are lying.
"10% better" is too vague to objectively disprove in any meaningful way. But there's another, more significant reason: explicitly mentioning your competitor usually does them more good than it does you. When Burger King says that their Big King sandwich is "Like a Big Mac, except it's bigger and tastes better", sales of Big Macs at McDonald's increase by a couple hundred percent (short term). BK would be better off to describe how apetizing the Big King is, show a couple of glamour shots of people biting into them, and maybe say that it's "bigger than other burgers" or something like that. Mentioning the Big Mac is a mistake, because it makes people want one.
This is _especially_ true if your competitor is already more popular than you are (as, for instance, McDonald's is an easy order of magnitude more popular than Burger King, at least partly because their advertising has historically been rather a lot better).
My personal favourite is First Federal Bank.
Did you know that the headquarters and main office for First Federal Bank is in Galion, Ohio, less than half a dozen blocks from my house? Yeah, and there are all of nine additional locations (counting the drive-through-only location six blocks the other direction from my house, loan-office-only locations, and everything), all within a sixty-mile radius, so if you've seen a First Federal bank anywhere else, it's obviously an imposter.
> "Diesel" is a pretty common word but uncommon when applies to bookstores.
... and I can't really tell what kind of "solutions" orion.com is selling, but that doesn't seem to have anything to do with astronomy, either. (Could be software, but from just looking at their website I'm not really sure.)
That's because "Diesel" is used almost exclusively to refer to engines. It's hardly used for anything else at all. Using it for a business that has nothing to do with mechanics, engines, or electricity is fairly novel.
"Orion", on the other hand, while it has a special meaning in astronomy, is much more widely used *outside* the field of astronomy than inside. The word has become very _general_ in the English language and is widely used for a lot of different stuff. Just a quick run through the first two pages of Google results reveal that Orion is a nature magazine, audio electronics, server software, music software, high-performance car parts, plumbing, safety products (flares and first-aid kits and whatnot), something to do with Metallica, a military transition and placement firm, a township in Michigan, and a news website,
You'll notice there were definitely fields of endeavor represented more than once in that list, software and music being the most obvious. The word is so common and so generic, it probably shouldn't be eligible by itself for trademark protection. (As part of a phrase, perhaps.)
It's almost like calling your business Alpha Corporation or Beta Enterprises. Even if you're not doing typesetting or other work related to writing systems, it's still not even vaguely unique. Terrible, terrible name for a business, but way too common to be legitimately trademarkable.
> Where, exactly, in Ohio do you live?
Galion.
The thing is, that's not the whole United States. It's pretty much just a few neighborhoods, really, most of them in southern California (which is *technically* a part of the US but culturally a completely alien universe).
Where I live in Ohio, we don't lock the house, because it would be too much of a bother to have to carry a house key around all the time. (I'm not saying nobody locks their house. Some people do, sure. But at my house we don't.)
Guns? People who go hunting usually use those (though there is also bow hunting).
When XP had been out for a year and a half, the game market was still mostly about Windows 98.
But not now. Give it time.
> and we're geeks right? We either have MSDN or know someone that does.
Actually... no. Not unless you count people I "know" because they post on slashdot or similar places.
I've got a PAUSE account, but no MSDN.
> Fortunately for me, I'm also probably borderline in some personality disorder
> or another and dislike the physical company of other people 99% of the time.
I think I at least somewhat understand where you're coming from there, though 99% would be an exaggeration in my case. 80-85% would be closer.
I work five hours a day, almost all of that surrounded by co-workers, and by the end of a workweek I feel like I've been laundered in my grandmother's wringer washer. I'm not tired of doing my job, really, at least not in terms of the actual stuff I get paid to accomplish -- in fact sometimes I do work-like stuff at home on the weekend and enjoy it -- I just get tired of being around people. Tired of hearing people talk. Tired of having my thoughts interrupted every five minutes for no good reason. Tired of hearing people chitchat about stuff that doesn't matter. Tired of seeing people, and being seen by people. Tired of not being able to think out loud without someone overhearing. Tired of being around people.
But if you give me a few days to recover, I do actually get to the point where I'm ready to be around people again, for a little while. Like I said, I guess I like to be physically alone (preferably, the only person in the building) about 80-85% of the time, if I can get it.
But 99%, that sounds really extreme. Are you sure that's not an exaggeration, brought on by your frustration with not getting the solitude you do need? Because, 99%, wow, that's, like, a hermit-grade need for solitude.
> Just putting myself, a computer nerd/software engineer, in the place of the math nerds, I don't think I
> would want to go to a party that's math themed. Parties are like miniature breaks from what we do normally.
Clearly you are not a math nerd.
Yeah, math majors do take breaks from math. (I think those are usually called "gen ed classes".)
But not to go to the kind of event that a non-math-major calls a "normal party". Math nerds *hate* normal parties. You start talking about beer and loud music, and we start making plans to be busy doing something else, so we really wouldn't have time to come, please accept our apologies. If somehow we fail to avoid getting dragged to a normal party, we make a study of finding the most unobtrusive place to sit (or stand) around and quietly wait for a chance to escape.
This is not to say that math nerds don't have fun. We do. But it has to be at least a little bit intellectually challenging. Otherwise it's mind-numbingly boring.
Note that I'm talking here about pure/theoretical math majors, not math-ed majors, and *certainly* not most applied-math fields (e.g., accounting). Math-ed majors for the most part are basically education majors, with math as a sort of side interest. Accounting is basically business-department stuff, people who are more interested in making money than understanding group theory -- not math nerds, in other words.
I'm not saying the party has to be math-themed. There are other possibilities. But if it's going to be fun for math majors, it definitely needs to be somewhat different from the kind of party you would plan for "normal" people.
> How about not having one?
Heh. I majored in math, and I have to say, I'd pretty much rather have an unnecessary root canal performed on me by an inebriated dental-school student, and pay most of two weeks' wages out of pocket for the privilege, than attend the kind of party most college students would plan.
However, there are ways to get a group of people together and actually have a good time. Some key points:
1. Avoid calling it a "party". That sets the wrong expectations. Call it a "game night" or something.
2. Have some group games available that are actually fun to play and require at least a little intelligence (e.g., Taboo, Beyond Balderdash, that sort of thing). Have a variety of them, and make sure there are enough people coming that you can get two different ones going at the same time, because there'll always be somebody who's really not into the game somebody else really feels the need to play. It's generally also a good idea to have a couple of chess sets available. Maybe they won't get used, but having them around is a good precaution.
3. Don't just not provide alcohol: prohibit it. It only takes one drunk person to ruin _everybody's_ time. Tell the frat boys to go have their own party at a bar someplace and leave you out of it.
4. Do have food. It doesn't have to be fancy. You can get away with just pizza and pretzels and pop, although some good snacks (like popcorn with a peanut butter and honey and karo syrup mixture drizzled over it, or homemade cookies) won't go amiss. Even if you want to get fancy, still stick with foods that can be eaten conveniently without silverware, e.g., eggrolls. Sitting down to a formal meal is not fun.
5. Don't over-organize. Have some prepared activities available, and make sure everybody knows they're available, but don't push an agenda. The ultimate fun exterminator is something along the lines of "Hey, it's 6:59, so we've got one minute to finish this up so we can start the next activity on time!" If people are enjoying themselves, let them keep doing so. If things come to a lull and people start looking bored, that's when you whip out a planned activity.
6. You can decorate if you want, but it doesn't actually make the event more fun, so I wouldn't bother.
> We trust our users.
Fine, you trust your users, but do you trust every website your users ever visit, and every email message they receive, not to contain malicious links? Is port 80 closed at the firewall so that your ASP site cannot be accessed from the outside world? Trusting your users is one thing. Trusting anything that ever sends a request to your web server is something else altogether.
> MySQL+PHP being two pillars (and the last half) of LAMP
Not exclusively. So PHP is only one of several possibilities for the language pillar of LAMP. If anything the P was originally Perl. Later it got extended to be Perl/Python/PHP.
Personally, I rather like expanding LAMP to Linux + Apache + mod_perl + Postgres. YMMV.
But honestly Apache is really the key piece. I'm willing to work with a different RDBMS, and maybe even a different language (though I do really _like_ Perl, and am not sure what I'd do without the CPAN), and I have no problem working with a different kernel (such as an OpenBSD kernel perhaps), but I really don't want jack diddly squat to do with IIS. Apache is just so good, why would anyone ever work with anything else in its place? You really have to be drinking the Redmond Kool-Aid by the quart to want to work with IIS.
Actually, this particular attack is targetted toward sites that make heavy use of ASP -- which is VERY strongly associated with IIS.
That doesn't mean that SQL injection attacks in general are only ever a problem on ASP or IIS. They're not, of course. You can (absolutely SHOULD NOT EVER, but can) interpolate or concatenate user-supplied data directly into SQL, without validation or metacharacter escaping or parameter binding, in any language, on any platform, and you can target the payload SQL for any RDBMS, or with some care possibly even for multiple different ones.
But this particular attack does specifically target sites implemented in ASP, and it makes use of TSQL for its payload.
> IIS has no part in resisting SQL injection attacks - it passes data to the application
> underneath and that app is responsible for properly escaping it before talking to the database
Almost. The app is responsible, but the actual app code itself shouldn't have to manually do the escaping, because the database interface library it's using should be doing that automatically whenever parameters are bound. (The app does have to be responsible to pass user-supplied data as bound arguments, though, rather than interpolating it directly into the SQL.)
> *if* you're going to graft user data into SQL commands. And you shouldn't be
No, you shouldn't be. User data should be passed to the database interface as bound variables.
> And you shouldn't be - you should really be coding against stored procedures
No, you should be using an abstraction layer library. You shouldn't need to have any SQL, *including* stored procedure calls, embedded directly in the main code of the application itself. All of that should be in the abstraction layer library. (The abstraction layer may be prefab, like an ORM, or it may be a specifically crafted custom abstraction layer designed to meet the particular needs of the application. But it should be isolated from the rest of the application code so that the database guys can review it and maintain it without having to troll through all the application code, and also so that non-database programmers maintaining the bulk of the application codebase don't have to mess with it in detail.)
As for stored procedures, they are overused. The most common thing I've seen them used for is to embed application logic in the database, which is an inherently bad idea and harms maintainability severely. I'm not saying they can't ever have a valid use, but they *certainly* should not be used as a panacea for all database access. That's just wrong in so many ways I don't know where to start.
> In 2008... why is it really so easy to put a damned single or double quote into a SQL form and then
> make it possible to execute your malicious code on that server? Shouldn't disabling this be a
> fundamental security rule for databases?
The database can't tell if the application is sending the quote mark (or whatever) on purpose, or because someone has subverted it. The application needs to vette any SQL it is sending to the database, to make sure that it is what it intends to send.
I don't know very much ASP, so I'm going to use a language I do know, Perl, as the example for my explanation. There are approximately four ways to handle doing database stuff in Perl. Three of these are fairly easy to make safe, but the way that seems easiest to new programmers who have never done database stuff before is inherently bug-prone and dangerous. (Note that "safe" in this context does not mean nothing can ever go wrong. It means that data containing special characters like quote marks and stuff do not cause breakage.)
One of the safe ways is to use an abstraction layer library that is determined to be safe (probably because behind the scenes it uses parameter binding, discussed below). ORMs (Object Relational Mappers) are the predominant type of abstraction layer for this. Class::DBI is probably the most popular one in Perl circles, but there are others. (Note: I have not personally checked that Class::DBI is safe. Assuming that it _is_ safe, then code that uses it is also safe. If I were actively using it, I would of course actually check its safeness.)
A related way is to sort of roll your own abstraction layer, and make sure that it is safe (probably by having it use parameter binding, discussed below). This is what I generally do. (I experimented with Class::DBI and found that my code was actually less maintainable, so I've gone back to a hand-rolled abstraction layer. The one I use is functional rather than object-oriented, but I think the real reason it makes my code more maintainable is because its capabilities are a better match for my typical usage scenarios.)
The most fundamental way to be safe is to use binding parameters. This is the part where my explanation is going to get fairly Perl-specific.
Assuming you are using DBI and that $db is your database handle, the first thing a database-newbie generally does is along these lines:
my $query = $db->prepare("INSERT INTO MYTABLE VALUES ($valueA, $valueB, $valueC)"); # Unsafe!
$query->execute(); # This is highly bug-prone. Don't ever do it this way.
The reason that's unsafe is simple: because the values are interpolated directly into the string that you send to DBI (the basic database interface in Perl), DBI has no way tell whether special characters like quote marks are there on purpose because they are part of your code, or whether they got interpolated along with the rest of a variable that came from user input.
But the safe way is to use binding parameters, which looks something like this:
my $query = $db->prepare('INSERT INTO MYTABLE (FIELDA, FIELDB, FIELDC) VALUES (?, ?, ?)');
$query->execute($valueA, $valueB, $valueC);
Note that the values are *not* directly interpolated into the SQL. They are passed to the database interface library (DBI) separately and are treated as data only, not as SQL. If they contain characters that are special to SQL, those characters are still treated as data only. (In the case of the query above, for instance, if $valueA contains a single quote mark, then a value containing a single quote mark will be inserted into FIELDA in the new record you are inserting into MYTABLE.)
I don't happen to know what mechanism ASP provides, but if it provides something similar to this and the programmers aren't using it, then what you've got is very sloppy programmers.
It is also *possible*, of course, to handle this issue correctly even if the language and database interface you are using don't provide such a mechanism.
> They put out the tools (Visual Studio) and application development platform
> (SQL server, IIS, ASP, etc) that developers could easily build solutions with.
You're not fooling me. I've seen some of those tools. IIS is two orders of magnitude more of a pain to administer than Apache. Visual Studio's interface is... unusably horrible. ASP reminds me an aweful lot of PHP: it's very easy to slap together a page that mostly works, but maintaining all the code that runs an entire site is an absolute nightmare.
SQL Server is pretty decent to work with, once you get used to it, with a couple of fairly severe caveats, the worst being that you can't do a case-sensitive search or comparison in TSQL even optionally. For some very common kinds of data that effectively means you either have to pull all the records into your application and do your search/test in application code, which isn't exactly good for performance, or use a third-party library like xp_pcre.
Granted, you probably have to install xp_pcre or something an aweful lot like it anyway, because SQL Server also doesn't have regular expression support out of the box. What the heck kind of software for developers doesn't have regular expression support these days? I can see not having that in Word, because, you know, it's meant for end users. But no regular expression support in something as inherently technical as a database engine? Seriously? So, yeah, pretty much you have to install a third-party regex library if you're going to use SQL Server for much.
But apart from those issues, SQL Server is really not all that bad. (I'm assuming here that you're putting it behind a firewall, but that's frankly a good idea for any database, and for any Windows system for that matter, so it's not really a requirement specific to SQL Server.)
> The LAMP stack and associated technologies are catching up but Microsoft
> has a huge head start.
Head start? You're out of your chair. IIS has a very long way to go to even begin to catch up with Apache, just for instance. And Visual Studio is categorically the worst IDE I have ever laid eyes on.
Unless you're talking about a head start in _mindshare_ among ISVs. In which case, yeah, they do have that. In spades.
> community college and graduate level training/education programs
I suppose that could be a contributing factor, but then that just raises the question "How does MS get and maintain that kind of mindshare in education circles?"
> Anyone still got MS in high esteem?
Yeah. A lot of the independent software vendors who develop line-of-business software (in the "let us know you're interested and we'll assign a sales team to come out and demo it for you and an implementation manager to put together a proposal" price range) are highly enamored of Microsoft. A have not quite got a handle on *why* they like Microsoft so much, but a lot of them really really do.
And they don't just build their products around the Windows API, either. It goes much deeper than that. They build them to embed SQL Server and rely heavily on thousands of TSQL stored procedures and use MSMQ for IPC and ASPX for anything with a web interface and so on and so forth. Any Microsoft technology they can get their hands on, they embed it in their product. On purpose. And they apparently *like* it.
I don't know how Microsoft has achieved this kind of deep mindshare among ISVs. I just know that they have it.