Not relational databases are the only possible tool for companies that have a usage pattern similiar to Google's. In the real life, that set includes Google, and nobody else.
They've already spent 5mil on that deal, it is easy for somebody to push a time consrained decision into them, claiming that it will be good and pointing all the things they'll lose if they don't sign.
Not only the nuclear winter. At around the same time, astronomers started* to study the climate of the other planets of the Solar System, palenontologues started* to study the ancient climate changes that happened on Earth, and the people thinking about nuclear warfare started* to study man-made climate change.
* Yeah, I know, there were older studies. But not with as strong conclusions.
I was under the impression that the possibility of creating new viroses by the combination of vaccines were already well known. I have no quotation, but I always tought that was the reason people with the flu are advided to not take anti-flu vaccines.
What day? The day the Chinese army will be so busy fighting their own people that they'll have to stop spying overseas? Because that's the war they are currently fighting.
It's unreasonable to expect the entire industry to stand still because the granny contingent refuses to buy a new pc or tablet.
Those grannies are paying your salary (well, paying the typical web developer's salary, may not apply personaly to you), are you sure you want them to go away?
On Linux you just connect your hard disk, and, if you have more than 1 network interface, change the MACs that are hardcoded at the udev rules (they couldn't keep it simple, could they?).
Web, store & view personal photo collections, store and listen to music, covers 100% of use by 90% of the people
Current portables aren't good enough for "store & view personal photo collections", and after you include all the functionality that is missing for that use case you'll get a PC in a new form factor.
Significant saving? It is seriously cheap to put a linux box in the DMZ and use it as a firewall (probably cheaper than their monthly expenditure for network access.)
You are assuming that they have a LAN, that they have physical space at the same place they have their servers, and that they have separated application and DB servers. If you own a datacenter and have specialized servers, putting the DB ou of the DMZ is a no brainer. Most small business aren't in that situation.
That's exactly what it is doing. You're sanitizing input. Escaping strings IS evaluating strings for dangerous elements...
Now, if that is what you meant, ok. The way you phrased it didn't make it clear.
- Many small companies have their DB at the DMZ because they only have a DMZ. Most of the time, they also only have one server at the DMZ... It is a significant saving for them. Also, as a rule, putting your DB inside a firewall doesn't protect against SQL injection.
- In a SQL injection attack, you inject the SQL by the application. In this case, that means they send the SQL for the web server, executing whatever software Yahoo uses. Then, the application executes your SQL on the database. The "application" here could be either Yahoo web pages, it's APIs or anything else that is reacheable by the web.
- I don't get where you want to go with "evaluating a string for potential danger". As a matter of policy, you just don't create situations where a user entered string can be dangerous. That means that if the user enters "'; DROP TABLE students;--" in a text field, you just don't evaluate it, you put exactly "'; DROP TABLE students;--" into your database. That may require that you analize the string and escape the right parts, but it is not exactly "evaluating it for danger".
For example if you passed the output of bcrypt through SHA512 together with the password, you could probably produce an actual security proof based on an accepted property of SHA512.
Sorry, but you don't seem to understand it. If you pass the output of bcrypt through SHA512 you'll have a hash that is weaker than either bcrypt or SHA512 alone.
Please, just use a hashing function that is suitable for passwords. Better yet if you get it in a library that takes care of encoding, algorithm updating and salting for you.
I'd much rather use a fast hash, which has been reviewed by many cryptographers than a slow one, which has not had as much review.
That's why you should use a slow hash that has been reviewed by many people. More often than not, it consists of just a fast hash repeated several times intercalated with salting.
We've reached a point where passwords that you can keep on memory are clearly not strong enough, by a huge margin. The best solution would be to use tokens that you carry everywhere... But that ain't gonna happen, so just write your passwords down.
Slashdot Mirror
Not relational databases are the only possible tool for companies that have a usage pattern similiar to Google's. In the real life, that set includes Google, and nobody else.
As aways, everybody just don't add connectors for the GPIO pins.
That Goosebery board is only usefull for testing your software. It is simply not usefull for hardware projects.
Do you know where one can buy an A10 board? There are plenty of devices using it, but is there a board (it's ok to include case) available?
That algorithm is good in that you won't get any false positives, but you'll still get many false negatives.
Even smart people aren't rational all the time.
They've already spent 5mil on that deal, it is easy for somebody to push a time consrained decision into them, claiming that it will be good and pointing all the things they'll lose if they don't sign.
Yes, that's an astonishing negotiation.
Was the Goldman Sanchs representative a little white dog using glasses and wagging his tail?
Not only the nuclear winter. At around the same time, astronomers started* to study the climate of the other planets of the Solar System, palenontologues started* to study the ancient climate changes that happened on Earth, and the people thinking about nuclear warfare started* to study man-made climate change.
* Yeah, I know, there were older studies. But not with as strong conclusions.
The Earth was hit by a whole heck of a lot of spacerocks. That's settled knowledge.
What isn't settled is if the internal rocks were carrying enough water, or if nearly all of it came from the outer parts of the Solar System.
Do Micorsoft still have a Borg icon? I remember it was replaced, but I can't remember what it is now.
I was under the impression that the possibility of creating new viroses by the combination of vaccines were already well known. I have no quotation, but I always tought that was the reason people with the flu are advided to not take anti-flu vaccines.
You know that no vaccine is 100% efficient, right?
What day? The day the Chinese army will be so busy fighting their own people that they'll have to stop spying overseas? Because that's the war they are currently fighting.
Those grannies are paying your salary (well, paying the typical web developer's salary, may not apply personaly to you), are you sure you want them to go away?
They are good for vieweing. It is for storing that their limitations show.
On Linux you just connect your hard disk, and, if you have more than 1 network interface, change the MACs that are hardcoded at the udev rules (they couldn't keep it simple, could they?).
Current portables aren't good enough for "store & view personal photo collections", and after you include all the functionality that is missing for that use case you'll get a PC in a new form factor.
You are assuming that they have a LAN, that they have physical space at the same place they have their servers, and that they have separated application and DB servers. If you own a datacenter and have specialized servers, putting the DB ou of the DMZ is a no brainer. Most small business aren't in that situation.
Now, if that is what you meant, ok. The way you phrased it didn't make it clear.
Yeah, Yahoo is an OpenID provider. You're welcome.
Ok, several questions...
- Many small companies have their DB at the DMZ because they only have a DMZ. Most of the time, they also only have one server at the DMZ... It is a significant saving for them. Also, as a rule, putting your DB inside a firewall doesn't protect against SQL injection.
- In a SQL injection attack, you inject the SQL by the application. In this case, that means they send the SQL for the web server, executing whatever software Yahoo uses. Then, the application executes your SQL on the database. The "application" here could be either Yahoo web pages, it's APIs or anything else that is reacheable by the web.
- I don't get where you want to go with "evaluating a string for potential danger". As a matter of policy, you just don't create situations where a user entered string can be dangerous. That means that if the user enters "'; DROP TABLE students;--" in a text field, you just don't evaluate it, you put exactly "'; DROP TABLE students;--" into your database. That may require that you analize the string and escape the right parts, but it is not exactly "evaluating it for danger".
Who has time to spend putting SQL queries by hand at their software nowadays? Really, who at 2012 isn't using a database abstraction library?
Well, ok. I know, TFA answers that. It was kind of a rethorical question... (Me? I prefer to lose my time reading /.)
Sorry, but you don't seem to understand it. If you pass the output of bcrypt through SHA512 you'll have a hash that is weaker than either bcrypt or SHA512 alone.
Please, just use a hashing function that is suitable for passwords. Better yet if you get it in a library that takes care of encoding, algorithm updating and salting for you.
That's why you should use a slow hash that has been reviewed by many people. More often than not, it consists of just a fast hash repeated several times intercalated with salting.
That's an email password. There are two kinds of accounts people must care about, banks and emails.
Now, about they leaking anyway... Yeah, it is already time to get out of Yahoo.
The solution is writting your passwords down.
We've reached a point where passwords that you can keep on memory are clearly not strong enough, by a huge margin. The best solution would be to use tokens that you carry everywhere... But that ain't gonna happen, so just write your passwords down.
Often you get 70% difference is between 1 and 500 components.
Semicondutor manufacturing is characterized by huge fixed costs and lauguably small unit costs.