That's why I questioned it. This is ineffective and not really the way to go. Your domain may well determine that certain characters are not allowed but this whole practice of not allowing data that vaguely look like other things is wrong.
I find it sad in a way that the same exploits (SQL injection, etc.) are still the same old standbys. This is something MS really can't do anything about because it is the app developers who have to sanitize their inputs and use parametrized queries.
You mean escaped outputs rather than sanitized inputs, right?
Not that there's anything wrong with making sure your inputs make sense, but it's the output that matters.
You sound very sensible but yoy post gives me an opportunity to rant about one of my pet peeves: braking to turn off cruise control. Please just use the switch! It's very disconcerting to see brake lights @ 110 on a freeway and it can (and does) set off chain reactions. nothing personal - just a good post to hook onto.
I can't put into words how much I agree with this! I am so pissed off with the whole "must not allow angle brackets, hyphens etc because of injection attacks" mentality.
Any decent software will escape according to the requirements of the output, be it SQL, HTML, XML or whatever the next great thing is. Deal with it properly and you can accept anything you like. Trouble is, I run out of energy arguing this point when some one says "Oh, but who has a surname with bracket, colon, javascript....blah. I don't really have an argument against it and then have to explain why Mary OI'Toole can't log in. It's so easy to write software that does not have a problem with this stuff. Unfortunately, most web developers don't understand that there is life beyond HTML and don't get it. The end result is usually both unnecessary restrictions and badly escaped text meaning specific encoding makes it into the database or is overly escaped and fucks up when displaying it.
Amusingly, Veracode, who proport to check software for this stuff cannot even push out their boilerplate recommendations without refering to "developer's" and the like.
I don't get it. It's not hard.
Ironic as well that TFA has  all over the place, presumably because whoever wrote the site can't escape text properly!
Exactly. Support, service, replacement etc are way more important than marginal performance for your average desktop.
Maybe you could go the "power saving" , "recycleability" or some other angle.
Windows 7 comes with a benchmarking tool if you want a creditable (to PHBs) indicator.
What I reckon they did was invent a square wheel (i.e. sub-optimal search algorithm) then googled ranking algorithms, stumbled upon the aforementioned papers and then didn't re-invent it all over again.
A side effect of this was the introduction of the term 'dogfooding' which was then re-invented by Microsoft.
Maybe.
Is that like the "War on drugs" where the consuming party shouts in moral outrage and actively persecutes the producers, irrespective of juristiction and the laws of the producer? (The laws may or may not roughly align, but that's not the point).
So it's reasonable to you to pay 20EU a month for something that effectively costs nothing?
Well don't forget that charges are mainly based on what the market can bear rather than some utopian ideal of as low as you can make it.
Even so, there are some operating costs to running the network infrastructure, staff, account maintenance, advertising etc (to keep market share at a useful critical mass etc). I doubt it actually cost 20 a month per account but it certainly does not cost nothing to administer an account in any sort of business.
Even the tiny cost of your slashdot account is paid for, in this case by advertisers and subscribers.
How about sending all their recently used URLs to everyone in the address book cc themselves?
That should raise the profile a bit and send most people scurrying off to the nearest AV software.
For example, that innocent "item.price" could actually be calling an stored procedure that makes all kind of querys to get the right price for the current session customer.
In Java, item.getPrice() would be a hint to this fact
Complete bollocks as well you know. The first thing any Java programmer does with any variable needed in the outside world is to write getXXX() and setXXX() precisely so they can change the behaviour of get & set operations. Don't get me started on EJB, at least the old style anyway.
I agree with you on exceptions BTW.
Just "George W Bush" gives this snippet at #3
George W. Bush is running for President of the United States to keep the country
prosperous Arf!
Re:a bunch of questions
on
C# In-Depth
·
· Score: 1
I'm fairly sure it is short for While End. It's certainly been around for a long time (when line numbers were in use and there was no such thing as "End If" before anyone brings up the fact it's "the wrong way round").
Many South American counties have 'por kilo' restaurants. They are basically a buffet where they weigh your plate and multiply it by a fixed cost. Meat, veg, soup, everything. Very easy.
He's not talking about taking a dump in public - it's about that in Japanese culture you 'do not see' your neighbours in order to keep sane in crowded situations. The whole point is that not everyone has the same opinion as you (or Google) do.
FWIW I completely agree with dintech. The article is about the effect this has within Japanese culture not the USA.
And yes, it does somewhat reinforce a certain stereotype.
Slashdot Mirror
That's why I questioned it. This is ineffective and not really the way to go. Your domain may well determine that certain characters are not allowed but this whole practice of not allowing data that vaguely look like other things is wrong.
I find it sad in a way that the same exploits (SQL injection, etc.) are still the same old standbys. This is something MS really can't do anything about because it is the app developers who have to sanitize their inputs and use parametrized queries.
You mean escaped outputs rather than sanitized inputs, right? Not that there's anything wrong with making sure your inputs make sense, but it's the output that matters.
Best comment ever.
Thanks.
You sound very sensible but yoy post gives me an opportunity to rant about one of my pet peeves: braking to turn off cruise control. Please just use the switch! It's very disconcerting to see brake lights @ 110 on a freeway and it can (and does) set off chain reactions.
nothing personal - just a good post to hook onto.
I can't put into words how much I agree with this!
I am so pissed off with the whole "must not allow angle brackets, hyphens etc because of injection attacks" mentality.
Any decent software will escape according to the requirements of the output, be it SQL, HTML, XML or whatever the next great thing is. Deal with it properly and you can accept anything you like.
Trouble is, I run out of energy arguing this point when some one says "Oh, but who has a surname with bracket, colon, javascript....blah. I don't really have an argument against it and then have to explain why Mary OI'Toole can't log in. It's so easy to write software that does not have a problem with this stuff. Unfortunately, most web developers don't understand that there is life beyond HTML and don't get it. The end result is usually both unnecessary restrictions and badly escaped text meaning specific encoding makes it into the database or is overly escaped and fucks up when displaying it.
Amusingly, Veracode, who proport to check software for this stuff cannot even push out their boilerplate recommendations without refering to "developer's" and the like.
I don't get it. It's not hard.
Ironic as well that TFA has  all over the place, presumably because whoever wrote the site can't escape text properly!
Exactly. Support, service, replacement etc are way more important than marginal performance for your average desktop.
Maybe you could go the "power saving" , "recycleability" or some other angle.
Windows 7 comes with a benchmarking tool if you want a creditable (to PHBs) indicator.
What I reckon they did was invent a square wheel (i.e. sub-optimal search algorithm) then googled ranking algorithms, stumbled upon the aforementioned papers and then didn't re-invent it all over again.
A side effect of this was the introduction of the term 'dogfooding' which was then re-invented by Microsoft.
Maybe.
Is that like the "War on drugs" where the consuming party shouts in moral outrage and actively persecutes the producers, irrespective of juristiction and the laws of the producer? (The laws may or may not roughly align, but that's not the point).
However, by American norms she's a tad heavy,
Holy crap!
No offence, but I find it incredible you would even be eligible for a license.
Oh FFS. They kick, bite & punch the other team not each other.
The USA flag on the story is a bit misleading too. I am fairly sure that fireworks were invented in China long before the USA existed.
- the law of the land
- would be way too much work to move 50,000 people to a new standard
Sounds like a couple of pretty good reasons. What's the issue?
So it's reasonable to you to pay 20EU a month for something that effectively costs nothing?
Well don't forget that charges are mainly based on what the market can bear rather than some utopian ideal of as low as you can make it.
Even so, there are some operating costs to running the network infrastructure, staff, account maintenance, advertising etc (to keep market share at a useful critical mass etc). I doubt it actually cost 20 a month per account but it certainly does not cost nothing to administer an account in any sort of business.
Even the tiny cost of your slashdot account is paid for, in this case by advertisers and subscribers.
If you are running millions of data through mission critical servers you use a decent database.
Well there are 100s of shops selling hard core porn of various flavours quite openly in Melbourne alone. You would never know it was illegal.
How about sending all their recently used URLs to everyone in the address book cc themselves? That should raise the profile a bit and send most people scurrying off to the nearest AV software.
For example, that innocent "item.price" could actually be calling an stored procedure that makes all kind of querys to get the right price for the current session customer. In Java, item.getPrice() would be a hint to this fact
Complete bollocks as well you know. The first thing any Java programmer does with any variable needed in the outside world is to write getXXX() and setXXX() precisely so they can change the behaviour of get & set operations. Don't get me started on EJB, at least the old style anyway.
I agree with you on exceptions BTW.
Just "George W Bush" gives this snippet at #3
George W. Bush is running for President of the United States to keep the country prosperous
Arf!
I'm fairly sure it is short for While End. It's certainly been around for a long time (when line numbers were in use and there was no such thing as "End If" before anyone brings up the fact it's "the wrong way round").
A McCain vote==Palin vote and I'm not sure I would class her as a moderate.
Many South American counties have 'por kilo' restaurants. They are basically a buffet where they weigh your plate and multiply it by a fixed cost. Meat, veg, soup, everything. Very easy.
Try this:
javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.getElementsByTagName("img"); DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=(Math.sin(R*x1+i*x2+x3)*x4+x5)+'px'; DIS.top=(Math.cos(R*y1+i*y2+y3)*y4+y5)+'px'}R++}setInterval('A()',50); void(0);
Lifted from some site I can't remember now.
He's not talking about taking a dump in public - it's about that in Japanese culture you 'do not see' your neighbours in order to keep sane in crowded situations.
The whole point is that not everyone has the same opinion as you (or Google) do.
FWIW I completely agree with dintech. The article is about the effect this has within Japanese culture not the USA.
And yes, it does somewhat reinforce a certain stereotype.