When I was an international student at a US university, we were given university-issued SSNs before we got official temporary ones from the government. The university did not map between the two and we only had the non-official one associated with our accounts, which was basically an institution ID number, a student ID number and a lot of 'X' characters. There must be a provision at most universities to allow this already, so it would hopefully not be a huge leap to adjust their systems accordingly? As a non-US outsider, I am unsure as to why exactly they need a tax ID number to associate with your education anyway if anyone would care to share reasons. Most reasons I can think of (loans, payments, credit) would perhaps be better handled by the individual/third party rather than the institution anyway (and generally is how it is done here in the UK where it is unheard of to have to give your national insurance number (SSN equiv) for these sorts of things). Perhaps it is just because the UK SSN equiv. has letters and numbers so does not fit as efficiently into a database.
If I remember correctly, the last challenge had random things placed on the roads and in the paths of the vehicles, including ditches, and the vehicles managed to detect and work around those. Although I completely agree with you, I think it is indeed working towards those goals. Urban driving with lots of tunnels will probably help with reducing the dependency on GPS an it will be interesting to see the system evolve.
Another vote here for the parent. MythGame is what I use in place of my NES/SNES/N64 along with 2 playstation joypads and a PS2->USB convertor. Works like a treat and in many cases actually looks better than the original console due to the software upscaling.
I agree with the parent post. The percentage of people who benefit from blu-ray or HD-DVD (users of HD TVs with decent home cinema setups and expendable money to buy everything they already bought on DVD) is considerably less than the percentage of people who benefitted from the upgrade to DVD from VHS (anyone who likes movies, hates rewinding and has some expendable money for entertainment). I would normally make some comment such as 'at least it can be used for backups or data' but it really is beaten by hard drives and simply installing from multiple DVDs right now. There is simply no killer app like there was for DVD.
Indeed, I would wager that $300Billion pumped directly into medical research would have given a hell of a lot more results than 'land warrior' trickle down.
Instead of IT firms, why not organisations dedicated to it? www.computeraid.org are the biggest so perhaps they would help out with equipment. Perhaps some of the other larger agencies like the UN development team, oxfam (less likely since they focus on more basic needs), your own government, your current country's government, and then there are many others that like to be seen to give. Failing that phone Bono.
Thankfully many of us have spent dozens of hours practising zombie destruction in computer games like dead rising and are well-versed in their destruction. I'll go after zombie Elvis if someone else wants to get zombie Freddy Mercury.
And dont forget the option that Richard Branson (head of Virgin) took when he was young and poor... get a houseboat. They are considerably cheaper than houses and more mobile than trailers. Plus if global warming makes sea-levels rise, you'll be laughing. A broadband Internet hookup might be a problem unless you park somewhere near a good wireless spot though!
A study has already been performed to examine basic computer-stock picking based on all available (standard) market data and patterns. I forget who did the original study and am too lazy to look it up but it was covered in 'investment management' by Prof. Stephen Lofthouse. Basically, the programs do not beat the market, but lower the standard deviation (risk) involved in trading. The book recommends the programs are used and refined but states that they are nowhere near being able to be anything more than another advisory tool in the belt of accomplished traders.
The only thing I truely keep windows around for is gaming, but recently I have been forced to (finally) upgrade to windows XP. A significant number of new games have required XP and a few other bits of software (drivers) that I am forced to use have recently stopped installing/working on older windows systems. Although I could always just avoid these products it is a case of (annoyance to me)+(hatred of new 'features' in this version of windows)-(desire to get that/those game(s)). If that is > 0 then it is time to upgrade. My hatred of new 'features' in vista is enough to stop me from wanting it regardless of coming games, but perhaps one day they will try to strongarm those of us who resist into upgrading anyway.
Unfortunately the parent (first post) is probably right. Cathalitic convertors (for instance) are still not required in China due to the slight increase in cost of a vehicle. When I was there our tour guide had never even heard of them and was amazed that something existed that could stop some of the thick black smoke coming out of the vehicles there, having no idea (aside from price) why they were not already mandatory.
For some reason this story just makes me think of a recent daily wtf. Thankfully aside from our core service providers the CTO I work with tries to keep almost everything within our relatively competent in-house operations and most of the applicable problems in the article have therefore been avoided.
I certainly doubt that unless someone does all the work for them, hands it to them on a plate and has a potential market share that can force them into it (like the itunes store back in the day) that the major record labels will continue to resist changes until they die out. Even in the early 90s bands were refering to the record companies as 'Dinosaurs on the way to extinction'. The extinction will be a long time coming but the companies are not known for their ability to adapt which will kill them in the end.
Though IE 3 was bundled, it was of such bad quality that the vast majority of people (70%+ IIRC) still used Netscape 3/4. Only when IE4 came out did they really start to make a dent (and overtake) netscape's userbase. There are lots of historical statistics out there to see this which are quite interesting.
I can already see people deleting their wikipedia content on their OLPC to make space for their 1st world outsourced coding/testing projects. Still, if people get to that point maybe it is not so bad and wikipedia has done its job to a point. So long as someone in the area still has all the information available for reference and copying?
I think we can probably start counting the days until HD MP3 is marketed (complete with over-the-top DRM), if it is not already out there. There are already hardware players out there that support FLAC and other lossless formats, the only problem is that you are right and there is no real consumer demand as it sounds good enough. I personally think the major shift to CD (and DVD) probably had more to do with track skipping, weight and reliability than audio quality (though audio quality was obviously better and something that many people appreciated once it was there, they would have still made the switch if the quality was the same or perhaps even slightly worse).
I agree. My laptop (and I think all laptops) should be thought of as temporary anyway. A laptop hard drive is not redundant and can die at any time, taking anything on the laptop with it. A USB key or CF card is a good way to offset any personal data (/home) and the laptop can just be used for general non-essential storage (music, some TV to watch when away on business, etc). If my laptop was confiscated, I would only need to find another computer with a bootable CD drive for knoppix and a USB socket and I could be up and running quickly. I moved to this setup after an annoying hard drive death on a laptop lost me 3 days of rebuilding and reinstalling (gentoo user to make things worse!) and would recommend it to anyone for flexibility. Putting VMware images on the USB stick is also rather useful if expensive.
Simple question, will we ever see a Necromunda MMORPG? Warhammer is fun but only half as popular as 40k, and the market for warhammer online seems fairly saturated already. Necromunda seems to lend itself almost perfectly to the MMORPG style. I heard that Warhammer 40k was rejected by GW as an option for you as it was being worked on by another company (and was cancelled by them well into your development process). Are there any plans to pick up the pieces? (Necromunda!!:))
To add to the 40k side of things, warhammer discussion groups quickly come up with the idea of Necromunda as a MMORPG. Necromunda is a small-scale game set in the primary hive of the manufacturing planet, Necromunda. You gang starts out weak and small in the underhive, fights for territory and eventually is either destroyed, crippled or ascends the hive until they get attention from the law and bigger fights. I do not think there is anything else in the 40k universe that would translate to the perfect MMORPG more perfectly. It is a shame that GW's management has no clue about computer IP licensing, it is a game I would love to play:(
Basically, your code will send an SQL query like this: SELECT * FROM USERS WHERE USER_ID=3;
This might be assembled like this: "SELECT * FROM USERS WHERE USER_ID=" + userID;
userID might be taken as a direct parameter from the front end and not sanitised. Even if user ID is a hidden form field, it would still be possible for someone to enter this (simplified for the sake of argument): someurl.jsp?userID=1; DROP DATABASE DBNAME;
which would go through to your DB as: SELECT * FROM USERS WHERE USER_ID=3; DROP DATABASE DBNAME;
This would have the effect (with poetic license) of performing the first query as expected and then deleting the database, destroying the website.
The way to get around this basic instance would be to convert the userID parameter to an integer, forcing a failure before the SQL is reached. This could be done in java with Integer.parseInt(userID). However, this does not protect against bad characters in Strings so is not a total solution.
The total solution is to use a parameterised statement (preparedstatements are very useful for other reasons and are one of the ways to get this advantage too). In a preparedstatement for instance, you would say: thisstatement = "SELECT * FROM USERS WHERE USER_ID=?"; thisstatement.setInt(1,userID)
which sanitises the query using setInt setString setDate or whatever. This will escape the invalid chararacters (such as ') so you can still have any character in a field, like O'Hare for a name, but it will not lead to an SQL injection.
On a related note, another vulnerability I see a lot is when people do updates or deletes using a table with multiple keys. If for instance you have multiple sites sharing a common database such as: SITE_ID, USER_ID, USERNAME with the 2 IDs as a PK, doing a simple update on USER_ID is not secure. Even if USER_ID comes from a hidden form field it is still easy for a malicious user to manipulate and change to something else. If you have a multiple PK, you must practically always use both fields when updating/editing/adding.
Note that I have over simplified things but this should give the general gist of the problems.
Slashdot Mirror
When I was an international student at a US university, we were given university-issued SSNs before we got official temporary ones from the government. The university did not map between the two and we only had the non-official one associated with our accounts, which was basically an institution ID number, a student ID number and a lot of 'X' characters. There must be a provision at most universities to allow this already, so it would hopefully not be a huge leap to adjust their systems accordingly? As a non-US outsider, I am unsure as to why exactly they need a tax ID number to associate with your education anyway if anyone would care to share reasons. Most reasons I can think of (loans, payments, credit) would perhaps be better handled by the individual/third party rather than the institution anyway (and generally is how it is done here in the UK where it is unheard of to have to give your national insurance number (SSN equiv) for these sorts of things). Perhaps it is just because the UK SSN equiv. has letters and numbers so does not fit as efficiently into a database.
If I remember correctly, the last challenge had random things placed on the roads and in the paths of the vehicles, including ditches, and the vehicles managed to detect and work around those. Although I completely agree with you, I think it is indeed working towards those goals. Urban driving with lots of tunnels will probably help with reducing the dependency on GPS an it will be interesting to see the system evolve.
Another vote here for the parent. MythGame is what I use in place of my NES/SNES/N64 along with 2 playstation joypads and a PS2->USB convertor. Works like a treat and in many cases actually looks better than the original console due to the software upscaling.
I agree with the parent post. The percentage of people who benefit from blu-ray or HD-DVD (users of HD TVs with decent home cinema setups and expendable money to buy everything they already bought on DVD) is considerably less than the percentage of people who benefitted from the upgrade to DVD from VHS (anyone who likes movies, hates rewinding and has some expendable money for entertainment). I would normally make some comment such as 'at least it can be used for backups or data' but it really is beaten by hard drives and simply installing from multiple DVDs right now. There is simply no killer app like there was for DVD.
nah, $300billion would buy a lot of "homeless shelters"
Indeed, I would wager that $300Billion pumped directly into medical research would have given a hell of a lot more results than 'land warrior' trickle down.
Instead of IT firms, why not organisations dedicated to it? www.computeraid.org are the biggest so perhaps they would help out with equipment. Perhaps some of the other larger agencies like the UN development team, oxfam (less likely since they focus on more basic needs), your own government, your current country's government, and then there are many others that like to be seen to give. Failing that phone Bono.
Thankfully many of us have spent dozens of hours practising zombie destruction in computer games like dead rising and are well-versed in their destruction. I'll go after zombie Elvis if someone else wants to get zombie Freddy Mercury.
You can already shoot a UMD at passers by (see rumour #2, video link). Wonder how long before the media decides to push them to be banned from flights? :)
And dont forget the option that Richard Branson (head of Virgin) took when he was young and poor... get a houseboat. They are considerably cheaper than houses and more mobile than trailers. Plus if global warming makes sea-levels rise, you'll be laughing. A broadband Internet hookup might be a problem unless you park somewhere near a good wireless spot though!
A study has already been performed to examine basic computer-stock picking based on all available (standard) market data and patterns. I forget who did the original study and am too lazy to look it up but it was covered in 'investment management' by Prof. Stephen Lofthouse. Basically, the programs do not beat the market, but lower the standard deviation (risk) involved in trading. The book recommends the programs are used and refined but states that they are nowhere near being able to be anything more than another advisory tool in the belt of accomplished traders.
The only thing I truely keep windows around for is gaming, but recently I have been forced to (finally) upgrade to windows XP. A significant number of new games have required XP and a few other bits of software (drivers) that I am forced to use have recently stopped installing/working on older windows systems. Although I could always just avoid these products it is a case of (annoyance to me)+(hatred of new 'features' in this version of windows)-(desire to get that/those game(s)). If that is > 0 then it is time to upgrade. My hatred of new 'features' in vista is enough to stop me from wanting it regardless of coming games, but perhaps one day they will try to strongarm those of us who resist into upgrading anyway.
aaahhh... that would be the reason they switched to chip-and-pin instead of the magnetic strip on European credit cards. Now it all makes sense!
Unfortunately the parent (first post) is probably right. Cathalitic convertors (for instance) are still not required in China due to the slight increase in cost of a vehicle. When I was there our tour guide had never even heard of them and was amazed that something existed that could stop some of the thick black smoke coming out of the vehicles there, having no idea (aside from price) why they were not already mandatory.
For some reason this story just makes me think of a recent daily wtf. Thankfully aside from our core service providers the CTO I work with tries to keep almost everything within our relatively competent in-house operations and most of the applicable problems in the article have therefore been avoided.
I'll try to resist the IBM nazi link. Ah crap I failed.
I certainly doubt that unless someone does all the work for them, hands it to them on a plate and has a potential market share that can force them into it (like the itunes store back in the day) that the major record labels will continue to resist changes until they die out. Even in the early 90s bands were refering to the record companies as 'Dinosaurs on the way to extinction'. The extinction will be a long time coming but the companies are not known for their ability to adapt which will kill them in the end.
Though IE 3 was bundled, it was of such bad quality that the vast majority of people (70%+ IIRC) still used Netscape 3/4. Only when IE4 came out did they really start to make a dent (and overtake) netscape's userbase. There are lots of historical statistics out there to see this which are quite interesting.
I can already see people deleting their wikipedia content on their OLPC to make space for their 1st world outsourced coding/testing projects. Still, if people get to that point maybe it is not so bad and wikipedia has done its job to a point. So long as someone in the area still has all the information available for reference and copying?
I think we can probably start counting the days until HD MP3 is marketed (complete with over-the-top DRM), if it is not already out there. There are already hardware players out there that support FLAC and other lossless formats, the only problem is that you are right and there is no real consumer demand as it sounds good enough. I personally think the major shift to CD (and DVD) probably had more to do with track skipping, weight and reliability than audio quality (though audio quality was obviously better and something that many people appreciated once it was there, they would have still made the switch if the quality was the same or perhaps even slightly worse).
I agree. My laptop (and I think all laptops) should be thought of as temporary anyway. A laptop hard drive is not redundant and can die at any time, taking anything on the laptop with it. A USB key or CF card is a good way to offset any personal data (/home) and the laptop can just be used for general non-essential storage (music, some TV to watch when away on business, etc). If my laptop was confiscated, I would only need to find another computer with a bootable CD drive for knoppix and a USB socket and I could be up and running quickly. I moved to this setup after an annoying hard drive death on a laptop lost me 3 days of rebuilding and reinstalling (gentoo user to make things worse!) and would recommend it to anyone for flexibility. Putting VMware images on the USB stick is also rather useful if expensive.
Simple question, will we ever see a Necromunda MMORPG? Warhammer is fun but only half as popular as 40k, and the market for warhammer online seems fairly saturated already. Necromunda seems to lend itself almost perfectly to the MMORPG style. I heard that Warhammer 40k was rejected by GW as an option for you as it was being worked on by another company (and was cancelled by them well into your development process). Are there any plans to pick up the pieces? (Necromunda!! :))
To add to the 40k side of things, warhammer discussion groups quickly come up with the idea of Necromunda as a MMORPG. Necromunda is a small-scale game set in the primary hive of the manufacturing planet, Necromunda. You gang starts out weak and small in the underhive, fights for territory and eventually is either destroyed, crippled or ascends the hive until they get attention from the law and bigger fights. I do not think there is anything else in the 40k universe that would translate to the perfect MMORPG more perfectly. It is a shame that GW's management has no clue about computer IP licensing, it is a game I would love to play :(
SELECT * FROM USERS WHERE USER_ID=1; DROP DATABASE DBNAME;
simple copy and paste error there oops
Basically, your code will send an SQL query like this:
SELECT * FROM USERS WHERE USER_ID=3;
This might be assembled like this:
"SELECT * FROM USERS WHERE USER_ID=" + userID;
userID might be taken as a direct parameter from the front end and not sanitised. Even if user ID is a hidden form field, it would still be possible for someone to enter this (simplified for the sake of argument):
someurl.jsp?userID=1; DROP DATABASE DBNAME;
which would go through to your DB as:
SELECT * FROM USERS WHERE USER_ID=3; DROP DATABASE DBNAME;
This would have the effect (with poetic license) of performing the first query as expected and then deleting the database, destroying the website.
The way to get around this basic instance would be to convert the userID parameter to an integer, forcing a failure before the SQL is reached. This could be done in java with Integer.parseInt(userID). However, this does not protect against bad characters in Strings so is not a total solution.
The total solution is to use a parameterised statement (preparedstatements are very useful for other reasons and are one of the ways to get this advantage too). In a preparedstatement for instance, you would say:
thisstatement = "SELECT * FROM USERS WHERE USER_ID=?";
thisstatement.setInt(1,userID)
which sanitises the query using setInt setString setDate or whatever. This will escape the invalid chararacters (such as ') so you can still have any character in a field, like O'Hare for a name, but it will not lead to an SQL injection.
On a related note, another vulnerability I see a lot is when people do updates or deletes using a table with multiple keys. If for instance you have multiple sites sharing a common database such as:
SITE_ID, USER_ID, USERNAME
with the 2 IDs as a PK, doing a simple update on USER_ID is not secure. Even if USER_ID comes from a hidden form field it is still easy for a malicious user to manipulate and change to something else. If you have a multiple PK, you must practically always use both fields when updating/editing/adding.
Note that I have over simplified things but this should give the general gist of the problems.