"This is why end users (web pages) should only talk to stored procedures and not directly to tables."
I don't see how this would matter. If the stored procedure doesn't wrap complex operations in a transaction, then you run the same risks as writing directly to the tables from PHP (or any other language).
I wholeheartedly agree with using transactions. I can't overstate their importance.
I have several tables with over 3 million rows, and most aggregates return immediately (or nearly immediately). count(*) is the only dog since it reads every row to get the count, but it's acceptable since I rarely count all rows in the table. I've often wondered why the developers couldn't keep an internal count of all active rows, so count(*) would return immediately, but I'm sure they have their reasons.
You've got to be joking about PostgreSQL having a weak optimizer. If it's weak, only the computer can tell.
Your Wiki link spent most of its space praising PostgreSQL for its advanced features, while your intent is clearly to denigrate it. If that represents PosgreSQL's worst facets, then I am very, very happy.
I am developing a database design program (SourceForge name is dbarchitect) which I have been using in my side businesses. One of my coworkers started using it to design his databases at work.
I showed it to my boss, who liked it, and now it is becoming a part of our work processes. Since it speeds my application development, my bosses are happy to let me have it. I use some work time to improve it, and nobody cares because my increased productivity outweighs the work time I spend on it.
"They say the plane was about 10,000 feet up and the laser came from 15 miles away."
Which article were you reading? The USA Today article linked in the story makes no mention of altitude or distance. It merely says that the plane was flying over the man's house (which makes it damn near impossible for the beam to enter the cockpit).
I think the bulk of the 25 years maximum sentence comes from lying to federal officials when they questioned him.
"Loki is closed. Thanks for your patronage. Tried & failed already."
Aside from your misquoting of Loki's site, your facts are wrong. Loki failed not for lack of demand or customers, but because the owner and his wife were pilfering the company's coffers and employees' credit cards.
At first I thought you said to calculate the impact of yourself, so I did. The result was just a mild "thump".
The really impressive part was that someone standing less than a mile from my impact crater would feel the gentle air displacement in a little over 3 seconds.
"Sorry but then perhaps you should keep your company in America..."
I would love to see Microsoft not do business outside the United States. Can you imagine the sheer magnitude of the celebration parties that would take place in the rest of the world?
"...these were Taco's words, not the submitter's. If you're gonna flog someone for their ignorance, then please at least try to smack the right person..."
I realized this soon after posting, so my apologies to dantheman82. It's Taco that seems to have the bizarre outlook.
"There's a lot of scary things here, but to me what is most scary is that American copyright owners can mobilize foreign police to do their bidding."
Perhaps dantheman82 needs to understand the concept of international copyright law. Many countries, including those in the story, have agreements to enforce each other's copyrights.
The sites being shut down were rampantly violating the copyrights of an organization big enough to fight back.
What's scary is that the submitter thinks shutting these sites down is somehow wrong and unjust. There are a lot of things wrong with the big music companies, but this is not one of them.
If there's something to be angry about, be angry that these governments wouldn't take the time and effort to protect your small time products in the same manner they protect the big big time products.
"I figured most of the money came from putative damages...."
I've seen lots of people use this term, which doesn't actually exist in this context. The word you are looking for is punative as in "punish", which is what this type of judgement is meant to do.
The U.S. court system is a complete joke to spammers, though. The effect these unenforceable judgements have is more humorous than anything else.
"ever heard of lion? ok, technically a worm, not a virus...."
Hence my statement that there has never been a successful virus written for Linux is still correct.
Lion and Ramen exploited a very specific flaw in very specific server software in very specific versions of Red Hat Linux, and managed to ever compromise only a handful of machines. Contrast this with most Windows infections where Windows is working exactly as Microsoft intended.
Worms won't be of concern to non-technical Linux desktop users since they won't have any server processes running. Explicit user action is still required for a Linux desktop to be harmed by malicious programs.
But none that spread without the user's active participation. Every single Linux virus that has ever been written requires:
1) The user to be root. 2) The user to explicitly download and save the file. 3) The user to explicitly set the execute attribute on the downloaded file. 4) The user to explicitly run the downloaded file after performing steps 1-3 above.
There have been precisely zero successful Linux viruses -- ever. They have all been lab experiments that have all failed without the above four steps being taken.
"I think it's probably only a matter of time before linux viruses and spyware become more prevalent."
You have half a point here, but mainly in regards to spyware. As Linux becomes more popular on the desktop, the possibility of spyware on Linux increases. After all, spyware can be easily embedded in trojan binaries which clueless users will happily install and run. There is little that can be done to protect completely clueless uses, regardless of how hard we try. Probably the only real protection that can be offered to the non-technical Linux desktop user is to firewall off most outgoing ports at install time.
Viruses, however, are a completely different issue. Linux provides near absolute protection for the clueless user against automatically propagating viruses. Writing a Linux (or any other system) virus is a trivial matter. Getting it to automatically spread is damn near impossible -- and that's the necessary key for a successful virus.
Linux distributions provide the mechanism to combat even trojans. All RPMs can be digitally signed by their distributors to prove their authenticity. This has been the case for years, and is highly effective. The only problem here is the need to make the use of Linux cryptographic tools seamless for the user.
This has progressed noticably over the last couple years, and is already quite good for the above average user (who knows how to acquire and verify keys).
All the mechanisms are available in Linux to protect users from all forms of malware. Unlike Windows, the possible infection vectors have not been integrated into the kernel by intent and design.
When Windows gets automatically infected by viruses, the system is working as intended. Microsoft has stated more than once that these problems are not bugs, and will not be fixed.
When Linux gets compromised (which is rare), it is a result of a manual attack against a specific implementation error that is not working as designed and intended. These are embarassments that get fixed.
Trojans are the only real threat to desktop Linux systems since the user could, with some work, explicitly disable the protections available and make himself vulnerable. Viruses are a non-issue since they can't automatically propagate under Linux.
When you rob a bank, the damage you can do is severely limited to what you can physically remove from the premises in a short period of time (usually no more than a few minutes).
When you steal credit card information from a large national chain store, the damage you can do is magnified by about a billion times. You're no longer limited by time and locale. You can steal a lot more money over a much longer period of time, causing many orders of magnitude greater losses.
So yes, stealing credit card information electronically is many times more devastating than robbing a bank. So yes, attempts to do so should warrant harsh treatment.
[tongue_in_cheek]Since prisons are so overpopulated, I suggest peeling the skin from the offender's bones[/tongue_in_cheek].
"your [sic] honor, when we pulled him over he had a rifle in his trunk..."
Using your (very poor) analogy, let's make it resemble the case at least somewhat:
Prosecutor: "Your honor, when we found him, he was perched on the top of a hill using his sniper rifle to zoom in on innocent bystanders. He didn't actually shoot anyone, but only because we stopped him before he could pull the trigger."
You: Well, those people shouldn't have been walking around where the sniper could see them.
With all due respect to Aaron, I have to disagree with his perspective. If all the applications a user needs are available on both Linux and Windows, then switching from Windows to Linux becomes much easier.
This works in Linux's favor when viewed from both directions:
1) As a Windows user, one can switch to Linux and still have all the familiar applications formerly used under Windows. From the user's pespective, it's the applications that count. They don't care about the operating system underneath. However, when they're told that they can use the same applications; the same data; and be free from viruses, they'll be very open to the idea. From the user's perspective, "it's the applications, stupid." (note that I'm adapting Clinton's campaign slogan; I'm not calling Aaron stupid).
2) As a Linux user and desktop application developer, being able to write applications to a common API (Qt, et. al.), using common tools (KDevelop, gcc, Qt Designer, etc.), on either operating system is a big plus. This extends, not diminishes, the reach of FOSS. From a developer's perspective, "it's the API, stupid."
This is an opportunity to embrace and extend Microsoft, and to finally bring competition back to the desktop market. With a common target API defined by FOSS, it ceases to matter what Microsoft does to the Windows API. If Microsoft changes the Windows API (or ditches it entirely in favor of Dot Net), only the FOSS interface has to be changed to adapt rather than having to adapt every end-user application. High performance, cross platform development becomes much more easily obtained. This helps Linux.
"Our... IT deparment can't even keep the [Windows] network running...."
"...educate the students on where to get the free [Windows] VirusScan software..."
Windows isn't the problem, yet the Windows network dies upon a mild to moderate pounding? Windows isn't the problem, yet you need special software to make sure someone isn't automatically installing malicious software behind your back and without your approval?
I had to jump through a gauntlet of hoops to be vulnerable. I was about to give up when I finally, after several frantic minutes of trying, configured my Konqueror (version 3.1.0) to see the hijacked page.
By default, I run with Java and Javascript turned off. My list of exceptions is very short. I also have Konqueror set for Smart popup blocking. This last setting was the key. I had to set Konqueror to Allow all popup windows before I was vulnerable.
This is a semi-sophisticated attack that exploits the complicated nature of modern web browsers. However, as we learned in Star Trek -grin-, the more complicated the plumbing, the easier it is to clog the drain.
Anyone using even a modicum of common sense has nothing to worry about with this vulnerability. This is most certainly a bug (either in the standard, or in the implementation), but I rate it as very low.
This guy never ceases to amaze me. I wouldn't even know where to begin deciphering a codec. If I accomplished it at all, it would be only once. And then it would be blind luck.
UIs that mutate are annoying as hell and harder to learn as things keep changing."
This is absolutely true. Konqueror, by way of example, is closer to the ideal user interface than any of the examples in the article.
Frequency of usage should -never- determine where on the toolbar an item is positioned. Konqueror allows me to make my toolbar have whatever I want, wherever I want it. The user should be the sole determinant of what appears on the toolbar, and where it appears on the toolbar. The same thing applies to the size of the toolbar icons. Konqueror has only one missing feature here: it doesn't allow me to individually size my toolbar icons. My selected size applies to all icons (except for the kget icon which doesn't honor user size preferences).
When a user interface's layout automatically changes, that is usually a UI design flaw. The only exception I can think of off the top of my head is context sensitivity (show the appropriate controls for a given task).
"On the other hand, I've seen parents completely ignore the ratings and description of the games time and time again."
My nephew (11 years old) has played Quake, Quake 2, Q3A, Unreal Tournament, UT2004, GTA3, Medal of Honor; and will soon be playing Call of Duty -- Finest Hour, and GTA-SA.
Why do I (and his father) let him play these games? Because his father and I play these games with him, and we know that he has his head screwed on right.
He's not stupid, and he fully understands (and has for years) the difference between a video game and reality. It's up to the adults who know a particular kid well to judge his/her mental maturity. Making the cutoff point for sales based on age is pointless and self-defeating.
All the above takes a backseat to the fact that video games do not create bad people. Bad people are created in the real world.
"I think good games and physical conditioning are going to merge and really catch on--even with those who are not really in shape."
All modern games have cheat codes. If physical conditioning games catch on, it won't be long before cheat codes for things like "movement acceleration" (where a real movement represents some upwardly scaled virtual movement) remove most benefits that such a game would provide.
Slashdot Mirror
"This is why end users (web pages) should only talk to stored procedures and not directly to tables."
I don't see how this would matter. If the stored procedure doesn't wrap complex operations in a transaction, then you run the same risks as writing directly to the tables from PHP (or any other language).
I wholeheartedly agree with using transactions. I can't overstate their importance.
I have several tables with over 3 million rows, and most aggregates return immediately (or nearly immediately). count(*) is the only dog since it reads every row to get the count, but it's acceptable since I rarely count all rows in the table. I've often wondered why the developers couldn't keep an internal count of all active rows, so count(*) would return immediately, but I'm sure they have their reasons.
You've got to be joking about PostgreSQL having a weak optimizer. If it's weak, only the computer can tell.
Your Wiki link spent most of its space praising PostgreSQL for its advanced features, while your intent is clearly to denigrate it. If that represents PosgreSQL's worst facets, then I am very, very happy.
I am developing a database design program (SourceForge name is dbarchitect) which I have been using in my side businesses. One of my coworkers started using it to design his databases at work.
I showed it to my boss, who liked it, and now it is becoming a part of our work processes. Since it speeds my application development, my bosses are happy to let me have it. I use some work time to improve it, and nobody cares because my increased productivity outweighs the work time I spend on it.
"They say the plane was about 10,000 feet up and the laser came from 15 miles away."
Which article were you reading? The USA Today article linked in the story makes no mention of altitude or distance. It merely says that the plane was flying over the man's house (which makes it damn near impossible for the beam to enter the cockpit).
I think the bulk of the 25 years maximum sentence comes from lying to federal officials when they questioned him.
"Loki is closed. Thanks for your patronage. Tried & failed already."
Aside from your misquoting of Loki's site, your facts are wrong. Loki failed not for lack of demand or customers, but because the owner and his wife were pilfering the company's coffers and employees' credit cards.
At first I thought you said to calculate the impact of yourself, so I did. The result was just a mild "thump".
The really impressive part was that someone standing less than a mile from my impact crater would feel the gentle air displacement in a little over 3 seconds.
Abusing science is fun and educational.
I recommend just telling them that you no longer support Windows. Then you could actually enjoy your holidays (and every other day in the year).
And leading by example works.
"Sorry but then perhaps you should keep your company in America ..."
I would love to see Microsoft not do business outside the United States. Can you imagine the sheer magnitude of the celebration parties that would take place in the rest of the world?
"...these were Taco's words, not the submitter's. If you're gonna flog someone for their ignorance, then please at least try to smack the right person..."
I realized this soon after posting, so my apologies to dantheman82. It's Taco that seems to have the bizarre outlook.
"There's a lot of scary things here, but to me what is most scary is that American copyright owners can mobilize foreign police to do their bidding."
Perhaps dantheman82 needs to understand the concept of international copyright law. Many countries, including those in the story, have agreements to enforce each other's copyrights.
The sites being shut down were rampantly violating the copyrights of an organization big enough to fight back.
What's scary is that the submitter thinks shutting these sites down is somehow wrong and unjust. There are a lot of things wrong with the big music companies, but this is not one of them.
If there's something to be angry about, be angry that these governments wouldn't take the time and effort to protect your small time products in the same manner they protect the big big time products.
"I figured most of the money came from putative damages...."
I've seen lots of people use this term, which doesn't actually exist in this context. The word you are looking for is punative as in "punish", which is what this type of judgement is meant to do.
The U.S. court system is a complete joke to spammers, though. The effect these unenforceable judgements have is more humorous than anything else.
"ever heard of lion? ok, technically a worm, not a virus...."
Hence my statement that there has never been a successful virus written for Linux is still correct.
Lion and Ramen exploited a very specific flaw in very specific server software in very specific versions of Red Hat Linux, and managed to ever compromise only a handful of machines. Contrast this with most Windows infections where Windows is working exactly as Microsoft intended.
Worms won't be of concern to non-technical Linux desktop users since they won't have any server processes running. Explicit user action is still required for a Linux desktop to be harmed by malicious programs.
"There are some linux viruses...."
But none that spread without the user's active participation. Every single Linux virus that has ever been written requires:
1) The user to be root.
2) The user to explicitly download and save the file.
3) The user to explicitly set the execute attribute on the downloaded file.
4) The user to explicitly run the downloaded file after performing steps 1-3 above.
There have been precisely zero successful Linux viruses -- ever. They have all been lab experiments that have all failed without the above four steps being taken.
"I think it's probably only a matter of time before linux viruses and spyware become more prevalent."
You have half a point here, but mainly in regards to spyware. As Linux becomes more popular on the desktop, the possibility of spyware on Linux increases. After all, spyware can be easily embedded in trojan binaries which clueless users will happily install and run. There is little that can be done to protect completely clueless uses, regardless of how hard we try. Probably the only real protection that can be offered to the non-technical Linux desktop user is to firewall off most outgoing ports at install time.
Viruses, however, are a completely different issue. Linux provides near absolute protection for the clueless user against automatically propagating viruses. Writing a Linux (or any other system) virus is a trivial matter. Getting it to automatically spread is damn near impossible -- and that's the necessary key for a successful virus.
Linux distributions provide the mechanism to combat even trojans. All RPMs can be digitally signed by their distributors to prove their authenticity. This has been the case for years, and is highly effective. The only problem here is the need to make the use of Linux cryptographic tools seamless for the user.
This has progressed noticably over the last couple years, and is already quite good for the above average user (who knows how to acquire and verify keys).
All the mechanisms are available in Linux to protect users from all forms of malware. Unlike Windows, the possible infection vectors have not been integrated into the kernel by intent and design.
When Windows gets automatically infected by viruses, the system is working as intended. Microsoft has stated more than once that these problems are not bugs, and will not be fixed.
When Linux gets compromised (which is rare), it is a result of a manual attack against a specific implementation error that is not working as designed and intended. These are embarassments that get fixed.
Trojans are the only real threat to desktop Linux systems since the user could, with some work, explicitly disable the protections available and make himself vulnerable. Viruses are a non-issue since they can't automatically propagate under Linux.
When you rob a bank, the damage you can do is severely limited to what you can physically remove from the premises in a short period of time (usually no more than a few minutes).
When you steal credit card information from a large national chain store, the damage you can do is magnified by about a billion times. You're no longer limited by time and locale. You can steal a lot more money over a much longer period of time, causing many orders of magnitude greater losses.
So yes, stealing credit card information electronically is many times more devastating than robbing a bank. So yes, attempts to do so should warrant harsh treatment.
[tongue_in_cheek]Since prisons are so overpopulated, I suggest peeling the skin from the offender's bones[/tongue_in_cheek].
"your [sic] honor, when we pulled him over he had a rifle in his trunk..."
Using your (very poor) analogy, let's make it resemble the case at least somewhat:
Prosecutor: "Your honor, when we found him, he was perched on the top of a hill using his sniper rifle to zoom in on innocent bystanders. He didn't actually shoot anyone, but only because we stopped him before he could pull the trigger."
You: Well, those people shouldn't have been walking around where the sniper could see them.
With all due respect to Aaron, I have to disagree with his perspective. If all the applications a user needs are available on both Linux and Windows, then switching from Windows to Linux becomes much easier.
This works in Linux's favor when viewed from both directions:
1) As a Windows user, one can switch to Linux and still have all the familiar applications formerly used under Windows. From the user's pespective, it's the applications that count. They don't care about the operating system underneath. However, when they're told that they can use the same applications; the same data; and be free from viruses, they'll be very open to the idea. From the user's perspective, "it's the applications, stupid." (note that I'm adapting Clinton's campaign slogan; I'm not calling Aaron stupid).
2) As a Linux user and desktop application developer, being able to write applications to a common API (Qt, et. al.), using common tools (KDevelop, gcc, Qt Designer, etc.), on either operating system is a big plus. This extends, not diminishes, the reach of FOSS. From a developer's perspective, "it's the API, stupid."
This is an opportunity to embrace and extend Microsoft, and to finally bring competition back to the desktop market. With a common target API defined by FOSS, it ceases to matter what Microsoft does to the Windows API. If Microsoft changes the Windows API (or ditches it entirely in favor of Dot Net), only the FOSS interface has to be changed to adapt rather than having to adapt every end-user application. High performance, cross platform development becomes much more easily obtained. This helps Linux.
"The Windows XP code base includes all of the extraneous crap that gets bundled with and on top of the kernel."
When you put everything into the kernel, don't be surprised when people start including those in their kernel reports.
"IE and Windows aren't the problem."
... IT deparment can't even keep the [Windows] network running...."
"Our
"...educate the students on where to get the free [Windows] VirusScan software..."
Windows isn't the problem, yet the Windows network dies upon a mild to moderate pounding? Windows isn't the problem, yet you need special software to make sure someone isn't automatically installing malicious software behind your back and without your approval?
Am I the only one amused by this?
I had to jump through a gauntlet of hoops to be vulnerable. I was about to give up when I finally, after several frantic minutes of trying, configured my Konqueror (version 3.1.0) to see the hijacked page.
By default, I run with Java and Javascript turned off. My list of exceptions is very short. I also have Konqueror set for Smart popup blocking. This last setting was the key. I had to set Konqueror to Allow all popup windows before I was vulnerable.
This is a semi-sophisticated attack that exploits the complicated nature of modern web browsers. However, as we learned in Star Trek -grin-, the more complicated the plumbing, the easier it is to clog the drain.
Anyone using even a modicum of common sense has nothing to worry about with this vulnerability. This is most certainly a bug (either in the standard, or in the implementation), but I rate it as very low.
I run a small, and growing, side business in addition to my full time job. I target only Linux, and refuse all other jobs.
My first product worked so much better than the alternatives, and cost so much less to implement, that I have no problem making good money this way.
This guy never ceases to amaze me. I wouldn't even know where to begin deciphering a codec. If I accomplished it at all, it would be only once. And then it would be blind luck.
My hat's off to Jon.
"PROBLEM:
UIs that mutate are annoying as hell and harder to learn as things keep changing."
This is absolutely true. Konqueror, by way of example, is closer to the ideal user interface than any of the examples in the article.
Frequency of usage should -never- determine where on the toolbar an item is positioned. Konqueror allows me to make my toolbar have whatever I want, wherever I want it. The user should be the sole determinant of what appears on the toolbar, and where it appears on the toolbar. The same thing applies to the size of the toolbar icons. Konqueror has only one missing feature here: it doesn't allow me to individually size my toolbar icons. My selected size applies to all icons (except for the kget icon which doesn't honor user size preferences).
When a user interface's layout automatically changes, that is usually a UI design flaw. The only exception I can think of off the top of my head is context sensitivity (show the appropriate controls for a given task).
"On the other hand, I've seen parents completely ignore the ratings and description of the games time and time again."
My nephew (11 years old) has played Quake, Quake 2, Q3A, Unreal Tournament, UT2004, GTA3, Medal of Honor; and will soon be playing Call of Duty -- Finest Hour, and GTA-SA.
Why do I (and his father) let him play these games? Because his father and I play these games with him, and we know that he has his head screwed on right.
He's not stupid, and he fully understands (and has for years) the difference between a video game and reality. It's up to the adults who know a particular kid well to judge his/her mental maturity. Making the cutoff point for sales based on age is pointless and self-defeating.
All the above takes a backseat to the fact that video games do not create bad people. Bad people are created in the real world.
"I think good games and physical conditioning are going to merge and really catch on--even with those who are not really in shape."
All modern games have cheat codes. If physical conditioning games catch on, it won't be long before cheat codes for things like "movement acceleration" (where a real movement represents some upwardly scaled virtual movement) remove most benefits that such a game would provide.