In allowing this, they *ARE* allowing arbitrary headgear to be permitted, since pastafanarianism is not an actual religion...
If that's true, then why require people to claim a religion as a reason for their headgear, no matter how obviously ridiculous that religion is, or how few of its adherents (or even founders) actually believe its claims?
And again, if there's some problem with this, maybe the rule should be changed to either allow no headgear at all, or discriminate which headgear is allowed via secular criteria, rather than by whether the headgear is associated with a religion?
The argument is simple: Yes, it is less traumatic as a child, but the child also cannot give consent. Maybe the child will grow up to think it's normal. Maybe they'll grow up to think they've been mutilated.
In either case, it seems important to me that before removing a part of your body, you should have some say.
I don't feel particularly mutilated or inadequate. I don't hate my parents for it. I don't have issues because of it, and I've certainly had no complaints from my partner about it.
Still, I would never do that to a child, and I would support banning the practice. It is not OK to remove a piece of someone's body before they are physically capable of giving consent.
It's a little more complicated than that -- it's much safer to circumcise a newborn than an adult. If that adult then decided they wanted to be circumcised, for medical, religious, or sexual reasons, they might wish it had been done as a child. I still can't see this as sufficient reason to make that choice for them before they've learned the word 'no'.
If you'd slice off your daughter's clitoris, I don't give a fuck about your opinion, you do not get to "mind your own business," you get stopped. And yes, people do this -- look up female circumcision.
Male circumcision is not as severe, but it is mutilation. If we're "imposing" for telling you off about it, how much more "imposing" are you for cutting off a body part of your child?
What makes our way right? Well, in this case, we at least offer the child a choice. When they are of age, if they still want to slice off a piece of their dick, they're free to do so. You should not be allowed to make that choice when they are eight days old.
To put it another way: If you're beating someone with a stick, and I take away the stick, am I a "busy body" for doing so? Am I imposing my morality on you, and taking away your rights? Or should you maybe stop beating people with sticks?
Hair and fingernails grow back, and removing the placenta is only accelerating a natural process of childbirth.
But hey, if you really want to go this route, maybe you think your child doesn't need his left arm. Who are we to stop you, if you're the one who gets to decide what's best for him?
So, first, I don't see anything in that post which says anything about belief in God. Maybe you read something else by the same person, so I'll give you the benefit of the doubt, since I really can't see how you get from "Don't cut up babies" to "There is no God."
But since I don't believe in a God, maybe I can help you out here...
what gives you the right to judge these parents?
I have the right to judge anyone and anything. My judgment doesn't necessarily carry any weight, but this is pretty well identical to the freedom of speech thing.
What's more, it's imperative that we do make these sorts of judgments, whether or not there is a god. For instance, if you believe a god exists, that doesn't automatically mean you should worship that god -- if it's an evil god, perhaps you should rebel. So you either have blind faith that god is good, or an extremely unsatisfying ontological argument ("good" is defined as "what God wants"?), or you have to judge God to be good.
In this case, we are talking about the genital mutilation of a child. What right do you have to not condemn that? How can you be silent about that?
Where do you get the idea of human rights from?
From the same place you do -- the culture I grew up in, from my own capacity for empathy and from what we as a society have decided is humane, and from my own reasoning using that as a starting point.
I'm again tempted to ask, what's the alternative? God certainly doesn't seem to respect human rights in the Bible -- read Judges, for example.
What about the dictator who enslaves and kills his people? What if he told you, "I'm just exercising my human rights to be a dictator"?
Then clearly we have a difference of opinion as to what human rights are. Moreover, his idea of human rights severely infringes on the rights of others -- everyone can't be a dictator. However, it's not hard to imagine a world where every child has the right not to be mutilated by the barbaric traditions of their parents.
If you say, "Well, we have a concept of human rights because that's what the majority of humans believe."
Nope, I don't believe what is right is what is endorsed by the majority, nor do I believe it's relative to culture.
There's a fundamental distinction here between the cause of my ethics and the justification for those ethics. It's true that if I were born in a different culture, I might have different ideas about human rights. That doesn't make my current ideas less valid, or remove my ability to condemn that other culture.
"Well, I have more tanks and guns than you do, so my idea of human rights (that is, my right to be a dictator) is going to win."
And that's "might makes right." Sure, he'd win in that sense, and he might even get me to (under duress) affirm his idea of human rights.
It clearly costs something, otherwise arbitrary headgear would be permitted. Why can't I wear a hat anyway? Maybe I'm bald and sensitive about it. Maybe I just think hats are awesome. Why should those reasons not be respected, but a "belief" or "faith" should?
We can play yes they are / no they're not all day, if you like, but I'm curious -- how are they pointers when pointer arithmetic doesn't work on them? We've also seen languages that have both a "pointer" and a "reference" concept, and the reference is again different -- C++ references are implemented using pointers, but are semantically different than an actual pointer.
I suppose you could argue that they are castrated pointers with a lot of syntactic sugar for dereferencing. That would be fair, but then, Unix is castrated Multics -- there are fundamental differences.
I could also refer you to Wikipedia, which actually has this the other way around -- pointers are references, but not all references are pointers. Tell me, is this description inadequate?
a pointer is a programming language data type whose value refers directly to (or "points to") another value stored elsewhere in the computer memory using its address.
If that's an adequate description, then I'm done -- not all references, perhaps not even all in Java, are implemented using pointers. The more general description of a reference is given as:
In computer science, a reference is a value that enables a program to indirectly access a particular data item, such as a variable or a record, in the computer's memory or in some other storage device.
"A value" may or may not be the actual address, and Java makes the address itself inaccessible, other than (perhaps) via the == operator. It clarifies:
File handles, or handles, are a type of reference used to abstract file content. It usually represents both the file itself, as when requesting a lock on the file, and a specific position within the file's content, as when reading a file.
If that is what you meant by "handles", then you are mostly correct, you're just confusing the words "pointer" and "reference".
FTFY. They are actually closer to C++ smart pointers in that you can't do crazy pointer arithmetic with them, but they will do garbage collection.
This means that while you certainly could implement Java references using pointers (and other stuff like GC), and I doubt there are any serious implementations using anything else, you can't reasonably implement pointers using Java references.
Even if you do not believe in a god or gods, the supernatural, any faith (organized or not) or anything related to religion, the existence of a belief in such things has existed since the beginning of civilization and this is undebatable.
Yes. How is this different than Santa Claus or the FSM? They may be more recent inventions, but they are also supernatural, require faith, have little evidence to support them (though Santa arguably has more than God)... There are certainly entire religions, let alone new sects and interpretations, newer than Santa.
I agree with you here:
You can debate the truth of the beliefs but not the existence of the beliefs themselves. This alone makes them relevant for study from so many angles; anthropological, neurological, ethical, cultural, etc.
I don't see the relevance to ethics, but certainly, studying why people have believed these things, and considering how that belief affects them and their culture, is a worthwhile endeavor.
But what does this have to do with whether the belief itself is valid? It certainly tells us a lot to study how cargo cults form, but I see no reason that study would suggest that any of us should adopt a belief in John Frum.
Santa Claus was made up by adults as a fairy tale to entertain kids. There is no debate here that runs deeper than that outside of the 3rd grade between kids in the know and kids who still think a bearded fat guy gives them presents.
The key difference is that while we see even more evidence for the existence of Santa Claus (the cookies and milk were consumed, presents were left out, stockings were filled, never mind people who pretend to be him at the mall), it is Santa who we would be ridiculed for believing beyond the third grade, and God who we would be ridiculed for not believing even in adulthood.
You are right that there are historical reasons for this, but I don't see an epistemic difference here, unless we are going to say that the popularity of an idea is what makes it legitimate. Even the age is less relevant, as there are religions younger than Santa.
The flying spaghetti monster is the monkey cheese random 8th grade girl bullshit unfunny stupid embarrassing infuriating argument that people with no actual input like to say so they can laugh and their stupid peers can laugh...
For someone claiming to be in any way educated on the subject of religion, you are pretty fantastically ignorant about the FSM.
The origin of the FSM was a letter to the Kansas School Board regarding Intelligent Design. The school board was about to vote that ID should have "equal time" in a science classroom -- yes, a science classroom -- with evolutionary theory. This letter was an ad-absurdum arguing, essentially, that the "theory" of Intelligent Design is no more scientific than a "theory" of intelligent design by a giant flying spaghetti monster, and demanding equal time for that.
It was well thought out, humorous, and had an actual purpose -- keep religion out of the science classroom.
And you again offer little argument here, kind of like your first two paragraphs -- your signal-to-noise ratio is getting a little low. The first hint of an actual point is returning to this:
Meanwhile, a belief in the supernatural tells us a lot about humanity...
No argument here, and if you want to study it in that context, fine. I have no objection to teaching about the influence of religion in an anthropology class, or even teaching an actual comparative religion class. The FSM was an objection to injecting a religious explanation into a science class, requiring teachers to effectively say, "It could have happened like this, through this series of entirely natural events which we are finally starting to understand... Or maybe God did it. Oh, I'm sorry... maybe a designer did it."
Argument from authority is only a fallacy if all parties to the discussion are equally educated and equally committed to the pursuit of philosophy.
Sorry, what? Really? I mean...
It's reasonable to expect laymen to accept the consensus of the academy that philosophy of religion is a worthwhile endeavour.
That's got nothing to do with whether it's fallacious or not. Just because an argument seems "reasonable" does not in any way mean it is sound.
You evidently haven't read much about the philosophy of religion.
I'm not sure what that has to do with my claim. By "most common arguments" I mean the arguments I hear every day from theists of all sorts, including noted academics (like, say, William Lane Craig). But when I say "most common" here, I'm not talking about common in the philosophy of religion.
I'm also much more interested in having an actual discussion with actual arguments than in trading citations.
Right, it's a big conspiracy and only Slashdotters can see the truth,
Was it a conspiracy when it was impossible for a black man to be president? Was it a secret that a black man couldn't effectively be president in the year 1900?
It's certainly not a secret now that this part is true:
It's kind of like trying to be President of the USA and be an atheist. It's not that it can't happen, it's that the majority of people wont allow it to happen (or at least hasn't).
There are statistics to back this up -- atheists are the least trusted group, well behind, say, homosexuals. A majority of people would not vote for an atheist regardless of whether they are otherwise qualified for the job. Google it -- "Would you vote for an atheist?"
nevermind that most researchers are not religious and have no especial interest in religion.
More like half. It's actually a shockingly high number compared to the general public.
Even if atheist philosophers feel there are weaknesses in certain claims by their theist colleagues, they don't make accusations of mental illness and draw risible comparisons to belief in Santa,
Most don't do this, but I suspect that's only because they want to keep the discussion going.
It's also interesting that you're basically making an argument from authority here -- "Philosophy of religion is a well-established field..." So was alchemy, at one point. Still, you're not offering an argument of your own -- you seem to be saying "A bunch of really smart people think belief in God is different than belief in Santa," but you're not telling us why.
Since you haven't made an argument, I don't feel obligated to make one, but I will point out that it seems very telling that the most common arguments for the existence of anything like God are also the arguments which tell us the least about the potential nature of God -- they claim to establish a being, and then define that being as God, but they remain so very far away from establishing that this God they've defined is anything like the God people worship. Even TAG just says "A transcendent mind." Even if it's a coherent concept, it doesn't tell us things like whether that mind is good or evil, and certainly not whether that mind cares about your sex life.
And here you just repeat yourself, clearly ignoring my actual response and the definition of ad-hominem, something you've done before, I might add. Did you even read my comment?
I certainly feel no need to read the rest of yours.
You keep using that word. I don't think it means what you think it means. From Wikipedia:
An ad hominem (Latin: "to the man"), short for argumentum ad hominem, is an attempt to link the truth of a claim to a negative characteristic or belief of the person advocating it.
I haven't done that. That you are a known troll and a waste of time has nothing to do with whether your arguments are valid, it's whether it's worth my time to find out. It really isn't, especially given how little respect you have for the time of others. For example:
YOU AVOIDED MY QUESTION ON CHROME COMPLETELY!
You've now written at least two posts to me stressing this point and asking this question, yet you can't be bothered to download it and find out for yourself? Why should I do your homework for you?
Then there's this:
have you even taken logic formally? I asked you that before, & You did not answer...
I did answer. I pointed out that what you're doing now is an argument from authority. You don't know that I've taken logic formally. What does that have to do with whether my argument is valid? If it doesn't have anything to do with that, it's a red herring. If you're trying to say it does, it's an argument from authority of the formally fallacious kind.
Oh, and it looks like you like YouTube videos? Have fun.
See, when you make a valid point, I "concede". What's weird is that we start out agreeing on some things, and disagreeing on others. Then we spent days arguing over semantic bullshit like whether an attack is local or remote, because you want to point to some local escalation vulnerability as evidence of how bad Linux security is when Windows security has an actual remote exploit. If you can say they're both "remote" in some sense, that puts them on the same level, when we both know they're not.
So we actually agree on the fundamentals, I'm just pre-empting that trick.
I also don't have much patience for the Windows vs Linux thing right now.
They don't HAVE to exploit the kernel... they're exploiting JAVA mainly,
Since when is the actual Java language on Android? Wouldn't it more technically be a Dalvik exploit?
I'm not sure how this can end well for you. If you want to say that it's Java they're exploiting, then those exploits would work equally well anywhere Java has been ported to, and can trivially be avoided by not using Java. If it's the Dalvik VM, that's something which no one has ever suggested using in desktop Linux, which makes Android even farther removed from desktop Linux.
If you want to say that Android exploits prove something about Linux, you're going to have to show that they're exploiting the kernel, since that's about the only thing Android shares with the Linux running in my laptop right now. And you've just admitted (assuming you're correct) that they exploit the GUI shell and not the kernel.
So no, Android exploits prove nothing about "Linux" the operating system. Absolutely best case for you, they prove you can build an insecure system on top of the Linux kernel. I've never disputed that -- any kernel you can't build an insecure system on top of is likely useless.
But, really? Is that really happening? It seems like it's more this part:
Mostly "PEBKAC" type, users either unaware of what they're hauling in being bogus, I won't argue that much... but, that is the MAIN PROBLEM on WINDOWS TOO!
And what does this have to do with what we're discussing?
I'm really done reading or replying to your posts which seem so intent on picking up the argument we had before. It is true that users are the biggest security issue. It is not true that Linux vs Windows is interesting here, or relevant.
Ordinarily, I'll happily follow a digression, but you'd happily take days of my time, and it's hard to think of a less useful way to spend those days.
Especially since you're still doing this:
if it's ancestor could be taken advantage of? Don't think LINUX can't be...
That is at least two fallacies, one of them likely personal:
Non-sequitur. It's trivial to show a program (sufficiently simple) which once had a vulnerability and now has none. I am not claiming Linux is flawless, only that the origin of rootkits has zero to do with whether Linux has flaws or not.
Red herring. WTF does this have to do with anything any of us are talking about? I was talking about security, and why I think end-users should bear a bit of the responsibility. Now we're (unfortunately) discussing Linux security, and occasionally hinting at how it might compare to Windows security. Unless you mean to imply that I think Linux can't be taken advantage of, or was ever stating or implying anything of the sort, in which case, you're left with...
Strawman. When did I ever say Linux cannot ever be taken advantage of? Of course it can. I "concede" that. Go have your victory dance or whatever, but next time, deal with what I actually said, not what you wish I said so you can prove me wrong.
Otherwise, you're just playing with yourself, and I'm sorry, that's not my scene.
The DB access library defines the "safe constructors", not you, nor should there be any way to "convert" a String to a SanitizedSQLString without going through one of the "safe constructors" (which properly escapes or throws exceptions on "invalid" input).
In other words, there is no way to execute an arbitrary SQL statement, and we end up with two options: Either you can patch the library and add the feature you need (so you again have very localized places you could potentially introduce this vulnerability), or you can't patch the library or cut around it to the raw layer, meaning certain queries will be insanely less efficient because the library isn't expressive enough to represent them.
Option #2 seems impractical, and option #1 is pretty much where we are with Rails again -- very localized, easy to recognize potential vulnerabilities.
Hey - Sandboxes CAN and HAVE BEEN BROKEN (you even alluded to that much)!
Thus, layered security.
But then, what kind of breaks have we seen? Plugin exploits.
You're also NOT accounting for the other parts of Linux that come in the distro itself that have bugs that are NOT SANDBOXED!... All those things that come in a Linux distro, that YES, have security bugs/issues themselves that CAN be taken advantage of (remote AND LOCAL ones).
Be specific. Which of these actually have legitimate remote exploits? I mean, you mentioned Unity, which is laughable. What is Unity doing accessing the network in the first place?
And please try not to confuse local exploits with remote ones, or be specific about why this local exploit is a problem. Which can a sandboxed Chrome tab touch?
Let's compare HOW MANY security issues remain unpatched on Windows
Let's not.
Goodbye, troll. It's been fun, but this is entirely offtopic at this point, and not a discussion I'm interested in having right now. I have so many better things to spend my time on than dealing with you -- even responding to trolls with better manners than you. (I think your capslock key is broken, and I never once used M$ or any other pejorative, while you continue to use "open sores" at every opportunity.)
If I believe the has already been crossed, it's not a slipper slope argument then.
Logical fallacies have nothing to do with what you believe, and everything to do with what you say. Here is what you said:
Why not go for full necrophilia?... Let's get people excited about public hangings since it's people that cause all these emissions, right?
That is exactly a slippery-slope fallacy, unless you are claiming that these things have actually happened. If they haven't, then this isn't a line which has been crossed. Suggesting that crossing some other line (one you nevermentioned) will lead to this is pretty much a textbook slippery slope.
Now we are just arguing semantics. You want to call ecofascism "fluffy bunnies."
As far as I can tell, I'm actually putting forth arguments, and you're putting forth fallacies. This one is called a strawman. I've never used the words "fluffy bunnies", nor have I accepted your "ecofacism" term as describing any actual people. I'm not trying to make it "cool", or cuddly, or anything else. My only stake here is that I'd like my species to survive the next hundred years or so, let alone the next thousand, and it'd also be cool if civilization survived in a form at least as advanced as we are now.
I don't see how you can call that anything but pro-human, and I don't see how you can do those things without doing something about the environment.
I'm not sure why you're complaining. You're the one who went into this "arguing semantics":
At which point do we get to call ecofascism by its proper name?
If that's not just a semantic argument, then back it up. Tell me why environmentalism is bad, or be more specific about which environmentalists are bad, otherwise I can only assume these "ecofacists" are figments of your imagination.
Your proposal would, for all intents and purposes, shut everyone who isn't a computer expert outside of information society.
I really don't see how. It doesn't take much to make yourself a hard enough target that it's no longer financially tenable to use you as a bot.
I've made this point again, but you continue to say things like this:
So what's the benefit that justifies making grandma a second-class citizen?
Either this is a strawman, or I've missed the part where you explain how botnets would continue to survive if people had at least the equivalent of driver's education for the Internet.
So, you either inspect every piece of code before running it - which is impossible in practice, especially for grandma - or only run programs inspected by some authority...
Not impossible; why does grandma need to run code other than what her grandkids installed for her? Why should she ever need to download a program from the Internet?
But, accepting this premise for the sake of argument...
Do neither, and you'll get an occasional malware infestation.
Which sounds like you are suggesting, again, that if I trust an authority, I'll be safe -- which not two posts ago was a point you were arguing against, that even if I only install software from my Linux distro's repository, I'm not safe. Which is it?
Keyloggers don't require botnets to work.
They do require a means of distribution and a means of phoning home. Botnets make both of these easier to do and harder to stop...
But that's beside the point. The exact same steps which will protect you from becoming a bot will also protect you from keyloggers. And having your machine flagged in a big way as "infected" is still useful if you want to get rid of both.
And extortion means money trail, which can be followed.
Maybe. Sometimes. And even if so, how likely is that to get the guy his money back? How is this better than actually eliminating this as a threat?
We don't require everyone to go around armed just because there's real-life pickpockets and mafiosos. We certainly wouldn't dream of installing metal detectors to their front doors and refusing to let them through if they're not packing heat. Why should such demands become acceptable in the Internet?
I haven't made that demand. I've instead suggested that people should lock their front door, at the very least. I'm a bit confused as to how "Keep yourself patched, run a decent and up-to-date browser and OS, and don't download random crap" turned into "OMG grandma has to know EVERYTHING!!!"
That article? Joel has some good things to say sometimes, and there are aspects of this article that make sense, but really...
I think the plan will be to lull you almost completely to sleep and then to sneak the Hungarian=good, Exceptions=bad thing on you when you’re sleepy and not really putting up much of a fight.
...really?
This article in particular falls down here:
What if we made a coding convention that said that when you write out any string you have to encode it?... Well, that doesn’t quite work sometimes you have little bits of HTML around in your code and you can’t encode them.
Sorry, no. I have absolutely no HTML in my code outside the actual templates. The templates have easy and safe ways to output sanitized strings, and more verbose and uglier ways to output unsanitized strings in the rare occasion I need one (likely the result of calling another template), but it's still something which is visible right there, on the output page. Whenever I see unsanitized output, it should be obvious right there, from the method name I'm calling, whether I'm expecting it to spit out HTML or not -- and if not, it's a mistake.
But if you see that same snippet of code in C++, you don’t know anything. Nothing. The only way to know what’s really happening in C++ is to find out what types i and j are, something which might be declared somewhere altogether else.
In C++, at least, a decent IDE will tell you. But he's talking about:
i = j * 5;
You would hope there would be enough context so that you have some idea of what i and j actually are. This doesn't mean adding an arbitrary prefix to every variable. It means you're only allowed to use names like i and j for insanely brief periods of time, where it's obvious what they are, and everything else should have a descriptive name.
While I'm at it...
I wrote that I don’t like exceptions because they are, effectively, an invisible goto, which, I reasoned, is even worse than a goto you can see...
Except they're not. They go one place, up the stack. And...
When you have code that says
dosomething(); cleanup();
your eyes tell you, what’s wrong with that? We always clean up!
Actually, I immediately want to know what cleanup() does, and why it's important, and why dosomething() didn't cleanup() after itself. And...
But the possibility that dosomething might throw an exception means that cleanupmight not get called.
It also generally makes sense for it not to be called unless we actually know what to do with the exception at this point. If we don't, we probably want our program to crash loudly and noisily -- it makes sense for cleanup() not to be called at that point. We also need to think about what cleanup() does, and whether it's safe to call if dosomething() failed.
It's also funny how he talks about locality of information, and then goes and bashes exceptions in favor of, what, error codes in return values? Actually, yes, that is exactly what he suggests, which means that what would be five lines of code with exceptions now becomes fifty lines of code without exceptions, with all the error-handling stuff mixed in with actual program logic -- all of which means it's become ten times harder to figure out what the actual program logic is supposed to be when things go right.
Point is: If you stick to using the provided SQL library then it's impossible to pass unsanitized strings to it, the program won't even compile.
I'm not sure what this buys you -- is your SanitizedString then going to be concatenated with other non-sanitized strings inside that SQLfunc? If so, you're relying on each SQLfunc to only accept SanitizedStrings instead of ordinary Strings, which seems no less risky than relying on each SQLfunc to sanitize the strings themselves. Or is the idea that you build other SanitizedStrings inside your SQLfunc through some unsafe constructor, so that you can concatenate only SanitizedStrings together? IF so, you're now relying on the user not constructing their own unsafe "sanitized" strings.
You're also going to need to go around it anytime you need to build a complex query by hand, which means you're going to need some sort of way to send a raw SQL string to the database and have your program still compile.
All of this means we're back where we started -- all we're doing is making the bad code look bad, so we can (hopefully) police it with grep. I can do that just as well with DataMapper:
User.first:login => username
That username will be sanitized for you later on, and as a bonus, this syntax isn't SQL-specific; DataMapper has a number of backends, and not all of them are relational. You could do this:
User.first:conditions => ["login=#{username}"]
But this makes SQL injection both harder to do than the correct way (since the correct way doesn't even involve learning SQL), and easy to track down with grep (just look for:conditions).
In practice, on a large Rails project, I can count on one hand the number of query conditions we wrote by hand. Almost all of them were in plugins, so it's reasonable to think of them as becoming part of the SQL library.
This sort of thing should really be the default by now except language designers are too busy figuring out ways to let programming noobs multiply strings by fractions.
Why would even a programming noob want that? Yes, Ruby lets me evaluate "'1.5' * 0.5", and it evaluates to an empty string. C++ would let me do the same thing -- this has nothing to do with noobs or dynamic typing and everything to do with operator overloading and convenience.
It's also clear from your use of "strong typing" earlier that you don't understand the distinction. Ruby is strongly typed:
ruby-1.9.2-p180:001 > 'foo' / 5 NoMethodError: undefined method `/' for "foo":String
from (irb):1
from/home/dave/.rvm/rubies/ruby-1.9.2-p180/bin/irb:16:in `<main>'
It is also dynamically typed. JavaScript is (unfortunately) weakly typed, and so is Perl. But there's nothing preventing any of them from doing the same thing -- in fact, JavaScript and Perl both have a hash syntax, so you could even get a very similar syntactic sugar.
Slashdot Mirror
In allowing this, they *ARE* allowing arbitrary headgear to be permitted, since pastafanarianism is not an actual religion...
If that's true, then why require people to claim a religion as a reason for their headgear, no matter how obviously ridiculous that religion is, or how few of its adherents (or even founders) actually believe its claims?
And again, if there's some problem with this, maybe the rule should be changed to either allow no headgear at all, or discriminate which headgear is allowed via secular criteria, rather than by whether the headgear is associated with a religion?
Because they vote, with dollars and with actual votes.
And because it's more like 40-45% who believe the creation myth.
The argument is simple: Yes, it is less traumatic as a child, but the child also cannot give consent. Maybe the child will grow up to think it's normal. Maybe they'll grow up to think they've been mutilated.
In either case, it seems important to me that before removing a part of your body, you should have some say.
For what it's worth, I was circumcised.
I don't feel particularly mutilated or inadequate. I don't hate my parents for it. I don't have issues because of it, and I've certainly had no complaints from my partner about it.
Still, I would never do that to a child, and I would support banning the practice. It is not OK to remove a piece of someone's body before they are physically capable of giving consent.
It's a little more complicated than that -- it's much safer to circumcise a newborn than an adult. If that adult then decided they wanted to be circumcised, for medical, religious, or sexual reasons, they might wish it had been done as a child. I still can't see this as sufficient reason to make that choice for them before they've learned the word 'no'.
If you'd slice off your daughter's clitoris, I don't give a fuck about your opinion, you do not get to "mind your own business," you get stopped. And yes, people do this -- look up female circumcision.
Male circumcision is not as severe, but it is mutilation. If we're "imposing" for telling you off about it, how much more "imposing" are you for cutting off a body part of your child?
What makes our way right? Well, in this case, we at least offer the child a choice. When they are of age, if they still want to slice off a piece of their dick, they're free to do so. You should not be allowed to make that choice when they are eight days old.
To put it another way: If you're beating someone with a stick, and I take away the stick, am I a "busy body" for doing so? Am I imposing my morality on you, and taking away your rights? Or should you maybe stop beating people with sticks?
Hair and fingernails grow back, and removing the placenta is only accelerating a natural process of childbirth.
But hey, if you really want to go this route, maybe you think your child doesn't need his left arm. Who are we to stop you, if you're the one who gets to decide what's best for him?
So, first, I don't see anything in that post which says anything about belief in God. Maybe you read something else by the same person, so I'll give you the benefit of the doubt, since I really can't see how you get from "Don't cut up babies" to "There is no God."
But since I don't believe in a God, maybe I can help you out here...
what gives you the right to judge these parents?
I have the right to judge anyone and anything. My judgment doesn't necessarily carry any weight, but this is pretty well identical to the freedom of speech thing.
What's more, it's imperative that we do make these sorts of judgments, whether or not there is a god. For instance, if you believe a god exists, that doesn't automatically mean you should worship that god -- if it's an evil god, perhaps you should rebel. So you either have blind faith that god is good, or an extremely unsatisfying ontological argument ("good" is defined as "what God wants"?), or you have to judge God to be good.
In this case, we are talking about the genital mutilation of a child. What right do you have to not condemn that? How can you be silent about that?
Where do you get the idea of human rights from?
From the same place you do -- the culture I grew up in, from my own capacity for empathy and from what we as a society have decided is humane, and from my own reasoning using that as a starting point.
I'm again tempted to ask, what's the alternative? God certainly doesn't seem to respect human rights in the Bible -- read Judges, for example.
What about the dictator who enslaves and kills his people? What if he told you, "I'm just exercising my human rights to be a dictator"?
Then clearly we have a difference of opinion as to what human rights are. Moreover, his idea of human rights severely infringes on the rights of others -- everyone can't be a dictator. However, it's not hard to imagine a world where every child has the right not to be mutilated by the barbaric traditions of their parents.
If you say, "Well, we have a concept of human rights because that's what the majority of humans believe."
Nope, I don't believe what is right is what is endorsed by the majority, nor do I believe it's relative to culture.
There's a fundamental distinction here between the cause of my ethics and the justification for those ethics. It's true that if I were born in a different culture, I might have different ideas about human rights. That doesn't make my current ideas less valid, or remove my ability to condemn that other culture.
"Well, I have more tanks and guns than you do, so my idea of human rights (that is, my right to be a dictator) is going to win."
And that's "might makes right." Sure, he'd win in that sense, and he might even get me to (under duress) affirm his idea of human rights.
But that doesn't make him right.
It clearly costs something, otherwise arbitrary headgear would be permitted. Why can't I wear a hat anyway? Maybe I'm bald and sensitive about it. Maybe I just think hats are awesome. Why should those reasons not be respected, but a "belief" or "faith" should?
No, the are pointers.
No, they're not.
We can play yes they are / no they're not all day, if you like, but I'm curious -- how are they pointers when pointer arithmetic doesn't work on them? We've also seen languages that have both a "pointer" and a "reference" concept, and the reference is again different -- C++ references are implemented using pointers, but are semantically different than an actual pointer.
I suppose you could argue that they are castrated pointers with a lot of syntactic sugar for dereferencing. That would be fair, but then, Unix is castrated Multics -- there are fundamental differences.
I could also refer you to Wikipedia, which actually has this the other way around -- pointers are references, but not all references are pointers. Tell me, is this description inadequate?
a pointer is a programming language data type whose value refers directly to (or "points to") another value stored elsewhere in the computer memory using its address.
If that's an adequate description, then I'm done -- not all references, perhaps not even all in Java, are implemented using pointers. The more general description of a reference is given as:
In computer science, a reference is a value that enables a program to indirectly access a particular data item, such as a variable or a record, in the computer's memory or in some other storage device.
"A value" may or may not be the actual address, and Java makes the address itself inaccessible, other than (perhaps) via the == operator. It clarifies:
File handles, or handles, are a type of reference used to abstract file content. It usually represents both the file itself, as when requesting a lock on the file, and a specific position within the file's content, as when reading a file.
If that is what you meant by "handles", then you are mostly correct, you're just confusing the words "pointer" and "reference".
Java references are implemented with pointers.
FTFY. They are actually closer to C++ smart pointers in that you can't do crazy pointer arithmetic with them, but they will do garbage collection.
This means that while you certainly could implement Java references using pointers (and other stuff like GC), and I doubt there are any serious implementations using anything else, you can't reasonably implement pointers using Java references.
Even if you do not believe in a god or gods, the supernatural, any faith (organized or not) or anything related to religion, the existence of a belief in such things has existed since the beginning of civilization and this is undebatable.
Yes. How is this different than Santa Claus or the FSM? They may be more recent inventions, but they are also supernatural, require faith, have little evidence to support them (though Santa arguably has more than God)... There are certainly entire religions, let alone new sects and interpretations, newer than Santa.
I agree with you here:
You can debate the truth of the beliefs but not the existence of the beliefs themselves. This alone makes them relevant for study from so many angles; anthropological, neurological, ethical, cultural, etc.
I don't see the relevance to ethics, but certainly, studying why people have believed these things, and considering how that belief affects them and their culture, is a worthwhile endeavor.
But what does this have to do with whether the belief itself is valid? It certainly tells us a lot to study how cargo cults form, but I see no reason that study would suggest that any of us should adopt a belief in John Frum.
Santa Claus was made up by adults as a fairy tale to entertain kids. There is no debate here that runs deeper than that outside of the 3rd grade between kids in the know and kids who still think a bearded fat guy gives them presents.
The key difference is that while we see even more evidence for the existence of Santa Claus (the cookies and milk were consumed, presents were left out, stockings were filled, never mind people who pretend to be him at the mall), it is Santa who we would be ridiculed for believing beyond the third grade, and God who we would be ridiculed for not believing even in adulthood.
You are right that there are historical reasons for this, but I don't see an epistemic difference here, unless we are going to say that the popularity of an idea is what makes it legitimate. Even the age is less relevant, as there are religions younger than Santa.
The flying spaghetti monster is the monkey cheese random 8th grade girl bullshit unfunny stupid embarrassing infuriating argument that people with no actual input like to say so they can laugh and their stupid peers can laugh...
For someone claiming to be in any way educated on the subject of religion, you are pretty fantastically ignorant about the FSM.
The origin of the FSM was a letter to the Kansas School Board regarding Intelligent Design. The school board was about to vote that ID should have "equal time" in a science classroom -- yes, a science classroom -- with evolutionary theory. This letter was an ad-absurdum arguing, essentially, that the "theory" of Intelligent Design is no more scientific than a "theory" of intelligent design by a giant flying spaghetti monster, and demanding equal time for that.
It was well thought out, humorous, and had an actual purpose -- keep religion out of the science classroom.
And you again offer little argument here, kind of like your first two paragraphs -- your signal-to-noise ratio is getting a little low. The first hint of an actual point is returning to this:
Meanwhile, a belief in the supernatural tells us a lot about humanity...
No argument here, and if you want to study it in that context, fine. I have no objection to teaching about the influence of religion in an anthropology class, or even teaching an actual comparative religion class. The FSM was an objection to injecting a religious explanation into a science class, requiring teachers to effectively say, "It could have happened like this, through this series of entirely natural events which we are finally starting to understand... Or maybe God did it. Oh, I'm sorry... maybe a designer did it."
Argument from authority is only a fallacy if all parties to the discussion are equally educated and equally committed to the pursuit of philosophy.
Sorry, what? Really? I mean...
It's reasonable to expect laymen to accept the consensus of the academy that philosophy of religion is a worthwhile endeavour.
That's got nothing to do with whether it's fallacious or not. Just because an argument seems "reasonable" does not in any way mean it is sound.
You evidently haven't read much about the philosophy of religion.
I'm not sure what that has to do with my claim. By "most common arguments" I mean the arguments I hear every day from theists of all sorts, including noted academics (like, say, William Lane Craig). But when I say "most common" here, I'm not talking about common in the philosophy of religion.
I'm also much more interested in having an actual discussion with actual arguments than in trading citations.
Right, it's a big conspiracy and only Slashdotters can see the truth,
Was it a conspiracy when it was impossible for a black man to be president? Was it a secret that a black man couldn't effectively be president in the year 1900?
It's certainly not a secret now that this part is true:
It's kind of like trying to be President of the USA and be an atheist. It's not that it can't happen, it's that the majority of people wont allow it to happen (or at least hasn't).
There are statistics to back this up -- atheists are the least trusted group, well behind, say, homosexuals. A majority of people would not vote for an atheist regardless of whether they are otherwise qualified for the job. Google it -- "Would you vote for an atheist?"
nevermind that most researchers are not religious and have no especial interest in religion.
More like half. It's actually a shockingly high number compared to the general public.
Even if atheist philosophers feel there are weaknesses in certain claims by their theist colleagues, they don't make accusations of mental illness and draw risible comparisons to belief in Santa,
Most don't do this, but I suspect that's only because they want to keep the discussion going.
It's also interesting that you're basically making an argument from authority here -- "Philosophy of religion is a well-established field..." So was alchemy, at one point. Still, you're not offering an argument of your own -- you seem to be saying "A bunch of really smart people think belief in God is different than belief in Santa," but you're not telling us why.
Since you haven't made an argument, I don't feel obligated to make one, but I will point out that it seems very telling that the most common arguments for the existence of anything like God are also the arguments which tell us the least about the potential nature of God -- they claim to establish a being, and then define that being as God, but they remain so very far away from establishing that this God they've defined is anything like the God people worship. Even TAG just says "A transcendent mind." Even if it's a coherent concept, it doesn't tell us things like whether that mind is good or evil, and certainly not whether that mind cares about your sex life.
Ahem: *cough* (bullshit), **COUGH** (BULLSHIT):
And here you just repeat yourself, clearly ignoring my actual response and the definition of ad-hominem, something you've done before, I might add. Did you even read my comment?
I certainly feel no need to read the rest of yours.
See this "adhominem attack adios" from you...
You keep using that word. I don't think it means what you think it means. From Wikipedia:
An ad hominem (Latin: "to the man"), short for argumentum ad hominem, is an attempt to link the truth of a claim to a negative characteristic or belief of the person advocating it.
I haven't done that. That you are a known troll and a waste of time has nothing to do with whether your arguments are valid, it's whether it's worth my time to find out. It really isn't, especially given how little respect you have for the time of others. For example:
YOU AVOIDED MY QUESTION ON CHROME COMPLETELY!
You've now written at least two posts to me stressing this point and asking this question, yet you can't be bothered to download it and find out for yourself? Why should I do your homework for you?
Then there's this:
have you even taken logic formally? I asked you that before, & You did not answer...
I did answer. I pointed out that what you're doing now is an argument from authority. You don't know that I've taken logic formally. What does that have to do with whether my argument is valid? If it doesn't have anything to do with that, it's a red herring. If you're trying to say it does, it's an argument from authority of the formally fallacious kind.
Oh, and it looks like you like YouTube videos? Have fun.
You seem to be conceding my point!
Ok. You win. Happy?
No, of course not.
See, when you make a valid point, I "concede". What's weird is that we start out agreeing on some things, and disagreeing on others. Then we spent days arguing over semantic bullshit like whether an attack is local or remote, because you want to point to some local escalation vulnerability as evidence of how bad Linux security is when Windows security has an actual remote exploit. If you can say they're both "remote" in some sense, that puts them on the same level, when we both know they're not.
So we actually agree on the fundamentals, I'm just pre-empting that trick.
I also don't have much patience for the Windows vs Linux thing right now.
They don't HAVE to exploit the kernel... they're exploiting JAVA mainly,
Since when is the actual Java language on Android? Wouldn't it more technically be a Dalvik exploit?
I'm not sure how this can end well for you. If you want to say that it's Java they're exploiting, then those exploits would work equally well anywhere Java has been ported to, and can trivially be avoided by not using Java. If it's the Dalvik VM, that's something which no one has ever suggested using in desktop Linux, which makes Android even farther removed from desktop Linux.
If you want to say that Android exploits prove something about Linux, you're going to have to show that they're exploiting the kernel, since that's about the only thing Android shares with the Linux running in my laptop right now. And you've just admitted (assuming you're correct) that they exploit the GUI shell and not the kernel.
So no, Android exploits prove nothing about "Linux" the operating system. Absolutely best case for you, they prove you can build an insecure system on top of the Linux kernel. I've never disputed that -- any kernel you can't build an insecure system on top of is likely useless.
But, really? Is that really happening? It seems like it's more this part:
Mostly "PEBKAC" type, users either unaware of what they're hauling in being bogus, I won't argue that much... but, that is the MAIN PROBLEM on WINDOWS TOO!
And what does this have to do with what we're discussing?
I'm really done reading or replying to your posts which seem so intent on picking up the argument we had before. It is true that users are the biggest security issue. It is not true that Linux vs Windows is interesting here, or relevant.
Ordinarily, I'll happily follow a digression, but you'd happily take days of my time, and it's hard to think of a less useful way to spend those days.
Especially since you're still doing this:
if it's ancestor could be taken advantage of? Don't think LINUX can't be...
That is at least two fallacies, one of them likely personal:
Non-sequitur. It's trivial to show a program (sufficiently simple) which once had a vulnerability and now has none. I am not claiming Linux is flawless, only that the origin of rootkits has zero to do with whether Linux has flaws or not.
Red herring. WTF does this have to do with anything any of us are talking about? I was talking about security, and why I think end-users should bear a bit of the responsibility. Now we're (unfortunately) discussing Linux security, and occasionally hinting at how it might compare to Windows security. Unless you mean to imply that I think Linux can't be taken advantage of, or was ever stating or implying anything of the sort, in which case, you're left with...
Strawman. When did I ever say Linux cannot ever be taken advantage of? Of course it can. I "concede" that. Go have your victory dance or whatever, but next time, deal with what I actually said, not what you wish I said so you can prove me wrong.
Otherwise, you're just playing with yourself, and I'm sorry, that's not my scene.
I'm done with you. Grow up, or don't write back.
Better yet, do both.
The DB access library defines the "safe constructors", not you, nor should there be any way to "convert" a String to a SanitizedSQLString without going through one of the "safe constructors" (which properly escapes or throws exceptions on "invalid" input).
In other words, there is no way to execute an arbitrary SQL statement, and we end up with two options: Either you can patch the library and add the feature you need (so you again have very localized places you could potentially introduce this vulnerability), or you can't patch the library or cut around it to the raw layer, meaning certain queries will be insanely less efficient because the library isn't expressive enough to represent them.
Option #2 seems impractical, and option #1 is pretty much where we are with Rails again -- very localized, easy to recognize potential vulnerabilities.
You put a LOT OF FAITH in Chrome's sandbox?
I don't put faith in anything.
Hey - Sandboxes CAN and HAVE BEEN BROKEN (you even alluded to that much)!
Thus, layered security.
But then, what kind of breaks have we seen? Plugin exploits.
You're also NOT accounting for the other parts of Linux that come in the distro itself that have bugs that are NOT SANDBOXED!... All those things that come in a Linux distro, that YES, have security bugs/issues themselves that CAN be taken advantage of (remote AND LOCAL ones).
Be specific. Which of these actually have legitimate remote exploits? I mean, you mentioned Unity, which is laughable. What is Unity doing accessing the network in the first place?
And please try not to confuse local exploits with remote ones, or be specific about why this local exploit is a problem. Which can a sandboxed Chrome tab touch?
Let's compare HOW MANY security issues remain unpatched on Windows
Let's not.
Goodbye, troll. It's been fun, but this is entirely offtopic at this point, and not a discussion I'm interested in having right now. I have so many better things to spend my time on than dealing with you -- even responding to trolls with better manners than you. (I think your capslock key is broken, and I never once used M$ or any other pejorative, while you continue to use "open sores" at every opportunity.)
Since this thing hauls in other malware to attack you with? It's "INSIDE" Troy, so-to-speak... & any LOCAL EXPLOITS, become ESSENTIALLY, remote ones
Nope, they don't magically become remote because you say so. They're still local, and they're still being exploited locally.
You still need to get inside troy first.
Plus - Rootkits ORIGINATED in UNIX, and they do exist for Linux...
Your point?
plus, ANDROID shows you all that Linux can be exploited as well
Android's a lot different than desktop Linux. Unless they're exploiting the kernel, I'm not sure I see your point here.
And how many Android exploits are actual drive-bys? How many could've been avoided simply by not installing something?
If I believe the has already been crossed, it's not a slipper slope argument then.
Logical fallacies have nothing to do with what you believe, and everything to do with what you say. Here is what you said:
Why not go for full necrophilia?... Let's get people excited about public hangings since it's people that cause all these emissions, right?
That is exactly a slippery-slope fallacy, unless you are claiming that these things have actually happened. If they haven't, then this isn't a line which has been crossed. Suggesting that crossing some other line (one you nevermentioned) will lead to this is pretty much a textbook slippery slope.
Now we are just arguing semantics. You want to call ecofascism "fluffy bunnies."
As far as I can tell, I'm actually putting forth arguments, and you're putting forth fallacies. This one is called a strawman. I've never used the words "fluffy bunnies", nor have I accepted your "ecofacism" term as describing any actual people. I'm not trying to make it "cool", or cuddly, or anything else. My only stake here is that I'd like my species to survive the next hundred years or so, let alone the next thousand, and it'd also be cool if civilization survived in a form at least as advanced as we are now.
I don't see how you can call that anything but pro-human, and I don't see how you can do those things without doing something about the environment.
I'm not sure why you're complaining. You're the one who went into this "arguing semantics":
At which point do we get to call ecofascism by its proper name?
If that's not just a semantic argument, then back it up. Tell me why environmentalism is bad, or be more specific about which environmentalists are bad, otherwise I can only assume these "ecofacists" are figments of your imagination.
His job requires a computer. He should thus know something about computers.
The article also appears to have audio ads which automatically play and have no obvious way to kill other than adblock or closing the page.
Your proposal would, for all intents and purposes, shut everyone who isn't a computer expert outside of information society.
I really don't see how. It doesn't take much to make yourself a hard enough target that it's no longer financially tenable to use you as a bot.
I've made this point again, but you continue to say things like this:
So what's the benefit that justifies making grandma a second-class citizen?
Either this is a strawman, or I've missed the part where you explain how botnets would continue to survive if people had at least the equivalent of driver's education for the Internet.
So, you either inspect every piece of code before running it - which is impossible in practice, especially for grandma - or only run programs inspected by some authority...
Not impossible; why does grandma need to run code other than what her grandkids installed for her? Why should she ever need to download a program from the Internet?
But, accepting this premise for the sake of argument...
Do neither, and you'll get an occasional malware infestation.
Which sounds like you are suggesting, again, that if I trust an authority, I'll be safe -- which not two posts ago was a point you were arguing against, that even if I only install software from my Linux distro's repository, I'm not safe. Which is it?
Keyloggers don't require botnets to work.
They do require a means of distribution and a means of phoning home. Botnets make both of these easier to do and harder to stop...
But that's beside the point. The exact same steps which will protect you from becoming a bot will also protect you from keyloggers. And having your machine flagged in a big way as "infected" is still useful if you want to get rid of both.
And extortion means money trail, which can be followed.
Maybe. Sometimes. And even if so, how likely is that to get the guy his money back? How is this better than actually eliminating this as a threat?
We don't require everyone to go around armed just because there's real-life pickpockets and mafiosos. We certainly wouldn't dream of installing metal detectors to their front doors and refusing to let them through if they're not packing heat. Why should such demands become acceptable in the Internet?
I haven't made that demand. I've instead suggested that people should lock their front door, at the very least. I'm a bit confused as to how "Keep yourself patched, run a decent and up-to-date browser and OS, and don't download random crap" turned into "OMG grandma has to know EVERYTHING!!!"
That article? Joel has some good things to say sometimes, and there are aspects of this article that make sense, but really...
I think the plan will be to lull you almost completely to sleep and then to sneak the Hungarian=good, Exceptions=bad thing on you when you’re sleepy and not really putting up much of a fight.
...really?
This article in particular falls down here:
What if we made a coding convention that said that when you write out any string you have to encode it?... Well, that doesn’t quite work sometimes you have little bits of HTML around in your code and you can’t encode them.
Sorry, no. I have absolutely no HTML in my code outside the actual templates. The templates have easy and safe ways to output sanitized strings, and more verbose and uglier ways to output unsanitized strings in the rare occasion I need one (likely the result of calling another template), but it's still something which is visible right there, on the output page. Whenever I see unsanitized output, it should be obvious right there, from the method name I'm calling, whether I'm expecting it to spit out HTML or not -- and if not, it's a mistake.
But if you see that same snippet of code in C++, you don’t know anything. Nothing. The only way to know what’s really happening in C++ is to find out what types i and j are, something which might be declared somewhere altogether else.
In C++, at least, a decent IDE will tell you. But he's talking about:
You would hope there would be enough context so that you have some idea of what i and j actually are. This doesn't mean adding an arbitrary prefix to every variable. It means you're only allowed to use names like i and j for insanely brief periods of time, where it's obvious what they are, and everything else should have a descriptive name.
While I'm at it...
I wrote that I don’t like exceptions because they are, effectively, an invisible goto, which, I reasoned, is even worse than a goto you can see...
Except they're not. They go one place, up the stack. And...
When you have code that says
dosomething();
cleanup();
your eyes tell you, what’s wrong with that? We always clean up!
Actually, I immediately want to know what cleanup() does, and why it's important, and why dosomething() didn't cleanup() after itself. And...
But the possibility that dosomething might throw an exception means that cleanupmight not get called.
It also generally makes sense for it not to be called unless we actually know what to do with the exception at this point. If we don't, we probably want our program to crash loudly and noisily -- it makes sense for cleanup() not to be called at that point. We also need to think about what cleanup() does, and whether it's safe to call if dosomething() failed.
It's also funny how he talks about locality of information, and then goes and bashes exceptions in favor of, what, error codes in return values? Actually, yes, that is exactly what he suggests, which means that what would be five lines of code with exceptions now becomes fifty lines of code without exceptions, with all the error-handling stuff mixed in with actual program logic -- all of which means it's become ten times harder to figure out what the actual program logic is supposed to be when things go right.
Point is: If you stick to using the provided SQL library then it's impossible to pass unsanitized strings to it, the program won't even compile.
I'm not sure what this buys you -- is your SanitizedString then going to be concatenated with other non-sanitized strings inside that SQLfunc? If so, you're relying on each SQLfunc to only accept SanitizedStrings instead of ordinary Strings, which seems no less risky than relying on each SQLfunc to sanitize the strings themselves. Or is the idea that you build other SanitizedStrings inside your SQLfunc through some unsafe constructor, so that you can concatenate only SanitizedStrings together? IF so, you're now relying on the user not constructing their own unsafe "sanitized" strings.
You're also going to need to go around it anytime you need to build a complex query by hand, which means you're going to need some sort of way to send a raw SQL string to the database and have your program still compile.
All of this means we're back where we started -- all we're doing is making the bad code look bad, so we can (hopefully) police it with grep. I can do that just as well with DataMapper:
That username will be sanitized for you later on, and as a bonus, this syntax isn't SQL-specific; DataMapper has a number of backends, and not all of them are relational. You could do this:
But this makes SQL injection both harder to do than the correct way (since the correct way doesn't even involve learning SQL), and easy to track down with grep (just look for :conditions).
In practice, on a large Rails project, I can count on one hand the number of query conditions we wrote by hand. Almost all of them were in plugins, so it's reasonable to think of them as becoming part of the SQL library.
This sort of thing should really be the default by now except language designers are too busy figuring out ways to let programming noobs multiply strings by fractions.
Why would even a programming noob want that? Yes, Ruby lets me evaluate "'1.5' * 0.5", and it evaluates to an empty string. C++ would let me do the same thing -- this has nothing to do with noobs or dynamic typing and everything to do with operator overloading and convenience.
It's also clear from your use of "strong typing" earlier that you don't understand the distinction. Ruby is strongly typed:
It is also dynamically typed. JavaScript is (unfortunately) weakly typed, and so is Perl. But there's nothing preventing any of them from doing the same thing -- in fact, JavaScript and Perl both have a hash syntax, so you could even get a very similar syntactic sugar.