Notice, the second bit of code has the exact same vulnerability as the first. SPs do not cure SQL injection. Using parameters does cure SQL Injection. However, parameters can be used with or without stored procedures. Therefore, there is zero correlation between SPs and SQL Injection prevention, and perfect correlation between parameters and SQL Injection prevention. It annoys me to no end when people present a proper parameterized solution to SQL Injection which happens to use SPs and then claim that the use of SPs fixed the problem.
Summary: Poorly implemented stored procedures are just as bad as poorly implemented raw queries. Fix the implementation.
P.S. I am not in any way saying that SPs are bad or worthless. Every time I bring this up I get all sorts of arguments that don't address my point and bash me for not advocating SPs. SPs are good, but the lack of SPs is NOT the cause of the SQL Injection problem.
The general population usually has a good moral compass. Throughout history, if a large number of people were breaking the law, it meant that either the laws were bad or there was an oppressive government in place. The fact that regular people in the US can justify some form of copyright infringement means that the system is broken. The classic example is prohibition. Prohibition was created to get the country on the "right track" my "well meaning people", but all it really did was make criminals out of regular people and make organized crime a big business. Apparently, most of the world and much of the US feels the same way today about copyright. There is going to be a lot of proverbial breaking open beer kegs on the 6 o'clock news and a lot of public raids. Then, in 20 years, after causing a rediculous amount of pain and altering the economic lanscape of the world forever, most of the governments of the world are going to say "Oops, My bad" and enact reasonable copyright protections. I would really like to avoid those 20 years and get on with fixing the laws today.
The article doesn't mention much of anything else useful for that matter.
My favorite was the suggestion to disable DHCP. Anyone that you might be afraid of can use a sniffer and find the address range. If you've got an address and don't know the mask, the router will be more than happy to give it to you, either explicity through a routing protocol or you can just take a few stabs and see if the requests are reflected back to the subnet. Why do people insist on protecting their networks from newbies and the retarded? And for their hard work, now they get to fix everyone's IP addresses regularly. The workers that bring their laptops home will be the most fun.
My favorite solution is to put the wireless users outside the firewall and treat 'em like they're the Internet. Make them VPN in to get any work done (including web browsing). Then you can take a lame stab at wireless security because the only real threat is that someone will tie up your bandwidth or take a poke at the other wireless users. It's not likely they will be using your bandwidth if they can't get to the Internet, and the second problem is one you hopefully have already solved for mobile users.
At home, I like to have plausible deniability that anything my ISP saw going into my house "might" not have been me. Heck, if I were to consider downloading anything unsavory, I'd definately use of the the three unsecured networks in range of my house.
I just saw a DHTML ad for Xerox cover the article for about 30 seconds before moving out of the way. That's far more intrusive and annoying than popups. I'm outta here......
"If wireless Internet access was available almost everywhere".....
Don't hold your breath. The majority of the land mass of the US has no other Internet access than dialup. Only the population centers have broadband. Cable and DSL have a deployment range of a few miles. Wireless (using today's technology) has a range of a few hundred feet. Covering the entire country would take about 3.5 million access points assuming the technology progresses to the point where one access point can cover an entire square mile. We're looking at closer to 30 million access points with 802.11g. That's one access point for every 10 people. Every man, woman, and child would bear the tax burden of purchasing, installing, and maintaining 1/10th of an access point and the hardware necessary to connect them all together.
Today's municipal wireless Internet access is just experimentation. It won't be reliable enough or have enough coverage to treak like a utility for at least 20 years. By then it will be provided by a "utility company" with a government granted monopoly, like maybe Verizon or Time Warner. Wait..... that would be nothing other than privatized Internet access, except for the monopoly part. This is a slippery slope that we don't want to climb on.
Sorry, misread your post. I thought you said you believe in ID, but after re-reading I see that you made the point that you believe in God, but not ID.
Then you stand in direct contrast to the examples that IDers provide. The most famous is that the eye could never have evolved, it had to be designed. They say that the set of laws that currently exist could not have have generated an eye. So, if your creator set things in motions, whose creator designed the eye? Since you stand opposite every example IDers have and your arguments are the exact arguments that disprove ID (that these things can come from natural proceses), doesn't that means that you are an evolutionist (at least when speaking of the most recent 15 billion years)? BTW, evolution makes no claims about what happened before the big bang.
I hate these classes
on
Hacker Boot Camp
·
· Score: 2, Interesting
I worked at a training center through the whole dot-com bubble and up until recently. We had a ton of security classes, some of them excellent. However, anything with the term "hacker" was easier to sell. The students had a lot of fun, but they really didn't learn as much as with a more traditional approach. I the first generation of these clases they learned stuff like ping-of-death. For those who don't know, it's a tool that won't work on anything that's been invented after or patched since 1996. The students got to crash a horribly managed system, but gainde no useful skills doing so.
From the article -- in the first half day ($500 of his tuition), the reporter learned how to "hack" into a database that was completely unsecure. If the admin had even bothered to apply SQL Server service pack 3 (release two years ago), it would have warned him of the problem and forced him to fix it. The admin would also have to make a second horrible mistake of opening port 1433 to the Internet.
How would this lesson help the student secure his own network? If his SQL admin are leaving sa's password blank, they should be fired, not trained. As for the SQL injection stuff -- I teach every one of by web development students about it when we learn about connecting to databases. Teaching the security guy about it is STUPID. Do you teach your kids to lock the house, or do you hire a home security service to come and lock it every time you leave? SQL injection needs to be dealt with at the point of the problem -- so does database management and every other problem addressed in these courses.
Network security professionals should be learning about reducing attack surfaces and implementing security policies. They should learn how to defend against the problems of 2007, not 2005. All these "ethical hacker" classes do is scare the uninformed and provide a week long vacation for hard-core techies.
Another interesting side-effect of these classes is that students generally learn about technologies that have common problems. It's highly unlikely that a "certified ethical hacker" has experience with two-factor authentication, L2TP vpns, or Kerberos. But hey, they know how to crack an FTP server!!!! I'm going to hire one of these guys right now to fix my network.
Well, that's the theory. But for some reason, this software needs updated ActiveX controls to work with the IE patch. Maybe the controls generate HTML? Also, a lot of the workstations are locked down. So, we have to manually install the ActiveX controls on the client with an administrative logon. In some cases we can push them down, but in most we can't get enough control to do that.
Also, the servers themselves are spread all over the map.
I just got out of a meeting about this. One of the software packages we install and support at work will be heavily impacted. The web version of the application is composed of three ActiveX controls and tends to spawn a lot of new windows for search results. On April 11th, it will cease to work in anything resembling a useable manner. We now have to update about 700 installation seats spread over 500 miles in the next 13 days. Even worse, the vendor won't have a fix until Monday (with 8 days left) and the fix will only be for the newest version of the software. Our clients will need to "upgrade or die". Some have software that is three versions old and will need a lot of retraining on the new system.
I just ran reflector on some of the SQL Reporting Services assemblies. I saw a minimal level of obfuscation in there. Pretty lame stuff that the DotFuscator Community edition might do. No strange overloading of unrelated methods or other advanced techniques like false refactoring. They just removed the names of some private or internal properties/methods and anonymized them with a, b, c, and so on. It wasn't done to most assemblies. Most were just compiled and shipped. For example, all the code for the UI in Report Manager is there plain as day.
Dude, that's funny.
First of all, many of those development libraries add almost as much overhead as the.Net framework. To really get the advantage of C/C++, the critical sections of code have to be written by hand. Second,.Net and Java are not "slow as hell". Granted, I wouldn't write a password cracking routine in.Net, but that's an extreme case. 95% of what business programmers do is as fast in.Net as in C/C++. Third, you cannot decompile to "commented source code". If you do a debug build and distribute the.pdb file, you can get line numbers. If you do a standard release build with no extra effort, you get all the names of anything exposed outside the assembly (anything public), nothing else. Stuff like method scoped variables won't have a name in the compiled code. No way does it compile comments. You can even use tools like the DotNetFuscator to remove a lot more identifying information. BTW, if your C++ code is mostly a bunch of calls to common libraries then it can be decompiled to nearly the same level.
.Net apps also are somewhat portable. They run on Windows, OSX and Linux (with Mono), and handhelds using the compact framework.
What you don't get in.Net is the chance to write an application that leaks memory or exposes an inordinate number of buffer overrun vulnerabilities.
... Hell my 88' Fiero GT with a Chevy 350 conversion in it can beat the best tuned ricer car on the road. (1500 pound car with over 400HP under the hood turning enough foot pounds to break the tires loose to squak them in 3rd gear when doing 60mph.) and it cost much less than a WRX and has massively better handling than even the Viper.
Ohhhh..... My 2000 Suzuki Hayabusa has 199.1HP at the rear wheel and weighs around 450 pounds. Funny thing is that in custom bike circles my bike is considered "kinda fast". There's a ton of people out there with 1HP per pound bikes. But, I would like to run it on a controlled 3 mile airstrip. I might be able to hit 200mph and stop safely. However, at 3 miles any high performance vehicle will have to treat it as a drag race instead of Bonneville... not enough room to do anything except get up to the highest speed you can by mid-track and jam on the brakes.
NTFS has supported 16 exabytes since 1993. That's about 10,000 larger than this new system. I'm not saying that NTFS is great or that IBM's accomplishment is small. But the submitter really shouldn't have said that a 1.6 petabyte filesystem is anything to write home about. Most likely every modern filesystem is at least 64 bit(16 exabytes).
Then why is it that every flash drive I've owned is painfully slow writing small files? I've done this a hundred times -- I write 3MB of web code (1000 or so small files) and it takes over an hour. Zip those same files and it takes a few seconds to write to the flash drive. My new 2GB flash drive is pretty impressive and can write a 1GB file in about 6 minutes. A good hard drive can do it in 30 seconds.
I just ran HDTach on my hard drive and a flash drive and my laptop HD is 5 times faster than my brand new 2GB flash drive. I'm sure the flash is good for random reads, but random write speed seems to suck ass.
The cable companies have it easy. All of their subscribers are on their network. All they have to do is keep one copy of the on-demand programming on, or close to, each node. No on-demand traffic goes over the backbone. ABC would have it more difficult because their subscribers would be on everyone's network.
Mine won't let you do anything that requires concentration like typing an address unless you have the emergency brake on. You can set the destination to one of the six predefined memory points, change the zoom, and change the display (brightness, contrast, night mode) while driving. It's the OEM model for Toyota and Lexus although I have it in a Honda.
Ahhh yes, but this scanner is more expensive than most consumer scanners while managing to suck more than most. My point was that many companies are pushing the wrong boundaries... almost nobody needs a portable scanner that barely works. The worst thing about this scanner is that you can't see how bad the scans are until you plug it into a computer. It's like a digital camera that often gets the settings wrong and doesn't have an LCD.
Also, all of the examples they give on the website are for mission-critical business people. Those people really need a $1000 scanner.
I work with scanners regularly and all the destop scanners we recommend to our clients cost around $1000 or more. Dedicated 8hr-a-day scanners run close to $5000. We don't make a dime on hardware, so we're not trying to squeeze cash out of anyone. Just try a $1000 scanner like a Kodak i40 someday and you'll see why anyone who depends on a scanner for a business shouldn't consider anything inferior.
Now, if you show me a pen scanner that makes images good enough to ORC or recognize a bar code and I'll sell a million of them for you. But for now, I love to have an ultra-reliable, self-feeding, double-sided, 60+ ppm scanner whenever I need to scan anything worthwhile.
happened. An employee at the assessor's office used to smoke and get regular breaks. Then he quit and started playing solitaire for 30 minutes a day. The boss saw him and made him stop. Said employee became miserable and stressed and made an $8M mistake.
Not all voting machines work that way. Some of the new one are purely paperless. You vote on a touch screen and it counts your vote. The only place the vote is stored is on a flash card in the machine. See: http://www.ncvoter.net/Press.html.
It is an absolutely idiotic idea, but someone thought it was a good one. Actually, I'm flabberghasted that after the election controversies of 2000, someone decided to sell a voting machine with LESS accountability than the hanging chads of Florida AND someone bought them.
Just send someone an OTP DVD generated by hotbits and keep a copy for yourself. Use the DVD only for key exchange and use AES for the data stream. No one can crack a one-time pad unless you make a mistake. This won't work for e-commerce, but it works wonderfully for terrorist and spies. For the extra paranoid, use the OTP data for encryption, but you'll eventually need a new one (re-using OTP data renders it crackable).
I think you're out of the loop on this one. Sure Windows, IIS, and IE have a poor security history. But,.Net has an excellent security history. If you want to write secure apps, I'd highly recommend.Net, all the way back to the first version.
Security features:
Cryptography protocols such as AES, RSA, SHA1, MD512.
Decent, extensible Web-based authentication system.
Code sandboxing like Java.
Code Access Security that allows you to set boundaries on what your code can do. This is specifically designed to prevent injection attacks of all kinds and works very well.
Support for WS-Security in Web Services.
Support for OS-integrated Authentication.
A Web-based security system that is very simple to deploy and not likely to be screwed up by administrators that didn't read the installation notes.
That's all I can think of right now, but there's a lot more in there.
Re:Is programming getting much harder?
on
Build a Program Now
·
· Score: 3, Insightful
Writing code that works is only a small part of the battle. You have to write code that works, is readable, maintainable, reuseable, and extensible. By the time you describe (through the programming language) what the program should do, what interface it should expose to the outside world, what interface should be exposed only to the project, and what should be held internally, also deal with a robust error managent system that works for attended application as well as service programs, possibly deal with packaging issues, security, and information scope and lifetime -- you're so-called simple program isn't so simple any more. Any code that ignores a significant number of the issues listed above is toy code and not suitable for any production environment.
So, if you want to write crap, a 1970's language is just fine. Feel free to write hobby code in GWBASIC. We won't stop you. Heck, many of us will have a great time helping you. But, truely simple applications don't exist in the professional arena. Modern languages aren't designed to tackle issue that were solved 30 years ago.
My OO programming students usually gasp when I tell them that there is no application that can be written with an Object Oriented language that cannot be written with an old-fashioned language. The whole point of OO programming isn't to do better things, it's to do the same things we did 30 years ago, only do them better. It's all about the process.
BTW, line numbers weren't invented to make the program easier to read. They were invented because many systems didn't have a text editor. The best way to insert a line between 30 and 40 was simply to make a new line 35. Going up a few lines and inserting simply wasn't an option.
Speed enforcement needs to change. A few years ago, the speed limit on all major closed highways in New York was 55mph or less. The State Police would give you a ticket for going 64 and then give you a lecture that it was all for public safety, in other words, going faster was going to cause someone to die. Well, then they raised the cap to 65mph for highways without a lot of entrances and exits (usually about one every 3 miles or more). And guess what, the highway death rate has decreased!!!! I'm sure the death rate didn't decrease because of higher speeds, but it sure didn't go up because of the speed.
Speed enforcement is a money game here in the US. No one really cares if the roads are safer, they just want ticket money. I even heard of a recent case where a districy raised the budget for ticket collection by $1,000,000 without even consulting the Police Department. They simply told them to go out and get more money.
Here's where it gets good..... If cars were elecronically limited to never speed, then speed enforcement would become a dead industry. Fewer and fewer cars would speed as old cars are replaced by new. Then the police would go do something productive (like watch for people running stop signs, or suddenly changing lanes in front of a car, or something else that actually kills people). One good thing already. Now, someone has to provide the data that the in-vehicle speed limiters use. Some day they're going to screw up and label a section of a 55mph road 15mph or something similar. In the first day, they will cause thousands of traffic accidents and probably a few deaths. Imaging if half the cars on the 405 in LA suddenly slowed to less than a quarter of the speed limit and THEY were panicking because they are as confused as they guy coming up behind them. After that day (and the lawsuits) no company will want to control the system. There goes the speed limiters and the police have already taken up more fruitful pursuits. Yea!!!
With a country that loves cars and lawsuits as much as we do, it couldn't happen any other way.
Slashdot Mirror
"Use stored procedures" is not the answer. SPs do nothing to prevent SQL Injection. Example:
Before SPs:
mysql_query('SELECT value FROM REGISTRY WHERE name = "' . $name . '"');
After SPs:
mysql_query('EXEC GetValueFromRegistry "' . $name . '"');
Notice, the second bit of code has the exact same vulnerability as the first. SPs do not cure SQL injection. Using parameters does cure SQL Injection. However, parameters can be used with or without stored procedures. Therefore, there is zero correlation between SPs and SQL Injection prevention, and perfect correlation between parameters and SQL Injection prevention. It annoys me to no end when people present a proper parameterized solution to SQL Injection which happens to use SPs and then claim that the use of SPs fixed the problem.
Summary: Poorly implemented stored procedures are just as bad as poorly implemented raw queries. Fix the implementation.
P.S. I am not in any way saying that SPs are bad or worthless. Every time I bring this up I get all sorts of arguments that don't address my point and bash me for not advocating SPs. SPs are good, but the lack of SPs is NOT the cause of the SQL Injection problem.
The general population usually has a good moral compass. Throughout history, if a large number of people were breaking the law, it meant that either the laws were bad or there was an oppressive government in place.
The fact that regular people in the US can justify some form of copyright infringement means that the system is broken. The classic example is prohibition. Prohibition was created to get the country on the "right track" my "well meaning people", but all it really did was make criminals out of regular people and make organized crime a big business.
Apparently, most of the world and much of the US feels the same way today about copyright. There is going to be a lot of proverbial breaking open beer kegs on the 6 o'clock news and a lot of public raids. Then, in 20 years, after causing a rediculous amount of pain and altering the economic lanscape of the world forever, most of the governments of the world are going to say "Oops, My bad" and enact reasonable copyright protections.
I would really like to avoid those 20 years and get on with fixing the laws today.
The article doesn't mention much of anything else useful for that matter.
My favorite was the suggestion to disable DHCP. Anyone that you might be afraid of can use a sniffer and find the address range. If you've got an address and don't know the mask, the router will be more than happy to give it to you, either explicity through a routing protocol or you can just take a few stabs and see if the requests are reflected back to the subnet. Why do people insist on protecting their networks from newbies and the retarded? And for their hard work, now they get to fix everyone's IP addresses regularly. The workers that bring their laptops home will be the most fun.
My favorite solution is to put the wireless users outside the firewall and treat 'em like they're the Internet. Make them VPN in to get any work done (including web browsing). Then you can take a lame stab at wireless security because the only real threat is that someone will tie up your bandwidth or take a poke at the other wireless users. It's not likely they will be using your bandwidth if they can't get to the Internet, and the second problem is one you hopefully have already solved for mobile users.
At home, I like to have plausible deniability that anything my ISP saw going into my house "might" not have been me. Heck, if I were to consider downloading anything unsavory, I'd definately use of the the three unsecured networks in range of my house.
I just saw a DHTML ad for Xerox cover the article for about 30 seconds before moving out of the way. That's far more intrusive and annoying than popups. I'm outta here......
"If wireless Internet access was available almost everywhere".....
Don't hold your breath. The majority of the land mass of the US has no other Internet access than dialup. Only the population centers have broadband. Cable and DSL have a deployment range of a few miles. Wireless (using today's technology) has a range of a few hundred feet. Covering the entire country would take about 3.5 million access points assuming the technology progresses to the point where one access point can cover an entire square mile. We're looking at closer to 30 million access points with 802.11g. That's one access point for every 10 people. Every man, woman, and child would bear the tax burden of purchasing, installing, and maintaining 1/10th of an access point and the hardware necessary to connect them all together.
Today's municipal wireless Internet access is just experimentation. It won't be reliable enough or have enough coverage to treak like a utility for at least 20 years. By then it will be provided by a "utility company" with a government granted monopoly, like maybe Verizon or Time Warner. Wait..... that would be nothing other than privatized Internet access, except for the monopoly part. This is a slippery slope that we don't want to climb on.
Sorry, misread your post. I thought you said you believe in ID, but after re-reading I see that you made the point that you believe in God, but not ID.
Then you stand in direct contrast to the examples that IDers provide. The most famous is that the eye could never have evolved, it had to be designed. They say that the set of laws that currently exist could not have have generated an eye. So, if your creator set things in motions, whose creator designed the eye? Since you stand opposite every example IDers have and your arguments are the exact arguments that disprove ID (that these things can come from natural proceses), doesn't that means that you are an evolutionist (at least when speaking of the most recent 15 billion years)? BTW, evolution makes no claims about what happened before the big bang.
I worked at a training center through the whole dot-com bubble and up until recently. We had a ton of security classes, some of them excellent. However, anything with the term "hacker" was easier to sell. The students had a lot of fun, but they really didn't learn as much as with a more traditional approach. I the first generation of these clases they learned stuff like ping-of-death. For those who don't know, it's a tool that won't work on anything that's been invented after or patched since 1996. The students got to crash a horribly managed system, but gainde no useful skills doing so.
From the article -- in the first half day ($500 of his tuition), the reporter learned how to "hack" into a database that was completely unsecure. If the admin had even bothered to apply SQL Server service pack 3 (release two years ago), it would have warned him of the problem and forced him to fix it. The admin would also have to make a second horrible mistake of opening port 1433 to the Internet.
How would this lesson help the student secure his own network? If his SQL admin are leaving sa's password blank, they should be fired, not trained. As for the SQL injection stuff -- I teach every one of by web development students about it when we learn about connecting to databases. Teaching the security guy about it is STUPID. Do you teach your kids to lock the house, or do you hire a home security service to come and lock it every time you leave? SQL injection needs to be dealt with at the point of the problem -- so does database management and every other problem addressed in these courses.
Network security professionals should be learning about reducing attack surfaces and implementing security policies. They should learn how to defend against the problems of 2007, not 2005. All these "ethical hacker" classes do is scare the uninformed and provide a week long vacation for hard-core techies.
Another interesting side-effect of these classes is that students generally learn about technologies that have common problems. It's highly unlikely that a "certified ethical hacker" has experience with two-factor authentication, L2TP vpns, or Kerberos. But hey, they know how to crack an FTP server!!!! I'm going to hire one of these guys right now to fix my network.
Well, that's the theory. But for some reason, this software needs updated ActiveX controls to work with the IE patch. Maybe the controls generate HTML? Also, a lot of the workstations are locked down. So, we have to manually install the ActiveX controls on the client with an administrative logon. In some cases we can push them down, but in most we can't get enough control to do that.
Also, the servers themselves are spread all over the map.
I just got out of a meeting about this. One of the software packages we install and support at work will be heavily impacted. The web version of the application is composed of three ActiveX controls and tends to spawn a lot of new windows for search results. On April 11th, it will cease to work in anything resembling a useable manner. We now have to update about 700 installation seats spread over 500 miles in the next 13 days. Even worse, the vendor won't have a fix until Monday (with 8 days left) and the fix will only be for the newest version of the software. Our clients will need to "upgrade or die". Some have software that is three versions old and will need a lot of retraining on the new system.
I just ran reflector on some of the SQL Reporting Services assemblies. I saw a minimal level of obfuscation in there. Pretty lame stuff that the DotFuscator Community edition might do. No strange overloading of unrelated methods or other advanced techniques like false refactoring. They just removed the names of some private or internal properties/methods and anonymized them with a, b, c, and so on. It wasn't done to most assemblies. Most were just compiled and shipped. For example, all the code for the UI in Report Manager is there plain as day.
Dude, that's funny. .Net framework. To really get the advantage of C/C++, the critical sections of code have to be written by hand. Second, .Net and Java are not "slow as hell". Granted, I wouldn't write a password cracking routine in .Net, but that's an extreme case. 95% of what business programmers do is as fast in .Net as in C/C++. Third, you cannot decompile to "commented source code". If you do a debug build and distribute the .pdb file, you can get line numbers. If you do a standard release build with no extra effort, you get all the names of anything exposed outside the assembly (anything public), nothing else. Stuff like method scoped variables won't have a name in the compiled code. No way does it compile comments. You can even use tools like the DotNetFuscator to remove a lot more identifying information. BTW, if your C++ code is mostly a bunch of calls to common libraries then it can be decompiled to nearly the same level.
.Net apps also are somewhat portable. They run on Windows, OSX and Linux (with Mono), and handhelds using the compact framework.
.Net is the chance to write an application that leaks memory or exposes an inordinate number of buffer overrun vulnerabilities.
First of all, many of those development libraries add almost as much overhead as the
What you don't get in
... Hell my 88' Fiero GT with a Chevy 350 conversion in it can beat the best tuned ricer car on the road. (1500 pound car with over 400HP under the hood turning enough foot pounds to break the tires loose to squak them in 3rd gear when doing 60mph.) and it cost much less than a WRX and has massively better handling than even the Viper.
Ohhhh..... My 2000 Suzuki Hayabusa has 199.1HP at the rear wheel and weighs around 450 pounds. Funny thing is that in custom bike circles my bike is considered "kinda fast". There's a ton of people out there with 1HP per pound bikes. But, I would like to run it on a controlled 3 mile airstrip. I might be able to hit 200mph and stop safely. However, at 3 miles any high performance vehicle will have to treat it as a drag race instead of Bonneville... not enough room to do anything except get up to the highest speed you can by mid-track and jam on the brakes.
NTFS has supported 16 exabytes since 1993. That's about 10,000 larger than this new system. I'm not saying that NTFS is great or that IBM's accomplishment is small. But the submitter really shouldn't have said that a 1.6 petabyte filesystem is anything to write home about. Most likely every modern filesystem is at least 64 bit(16 exabytes).
Then why is it that every flash drive I've owned is painfully slow writing small files? I've done this a hundred times -- I write 3MB of web code (1000 or so small files) and it takes over an hour. Zip those same files and it takes a few seconds to write to the flash drive. My new 2GB flash drive is pretty impressive and can write a 1GB file in about 6 minutes. A good hard drive can do it in 30 seconds.
I just ran HDTach on my hard drive and a flash drive and my laptop HD is 5 times faster than my brand new 2GB flash drive. I'm sure the flash is good for random reads, but random write speed seems to suck ass.
The cable companies have it easy. All of their subscribers are on their network. All they have to do is keep one copy of the on-demand programming on, or close to, each node. No on-demand traffic goes over the backbone. ABC would have it more difficult because their subscribers would be on everyone's network.
Mine won't let you do anything that requires concentration like typing an address unless you have the emergency brake on. You can set the destination to one of the six predefined memory points, change the zoom, and change the display (brightness, contrast, night mode) while driving. It's the OEM model for Toyota and Lexus although I have it in a Honda.
Ahhh yes, but this scanner is more expensive than most consumer scanners while managing to suck more than most. My point was that many companies are pushing the wrong boundaries... almost nobody needs a portable scanner that barely works. The worst thing about this scanner is that you can't see how bad the scans are until you plug it into a computer. It's like a digital camera that often gets the settings wrong and doesn't have an LCD.
Also, all of the examples they give on the website are for mission-critical business people. Those people really need a $1000 scanner.
I work with scanners regularly and all the destop scanners we recommend to our clients cost around $1000 or more. Dedicated 8hr-a-day scanners run close to $5000. We don't make a dime on hardware, so we're not trying to squeeze cash out of anyone. Just try a $1000 scanner like a Kodak i40 someday and you'll see why anyone who depends on a scanner for a business shouldn't consider anything inferior.
Now, if you show me a pen scanner that makes images good enough to ORC or recognize a bar code and I'll sell a million of them for you. But for now, I love to have an ultra-reliable, self-feeding, double-sided, 60+ ppm scanner whenever I need to scan anything worthwhile.
happened. An employee at the assessor's office used to smoke and get regular breaks. Then he quit and started playing solitaire for 30 minutes a day. The boss saw him and made him stop. Said employee became miserable and stressed and made an $8M mistake.
0 1
If you don't know what I'm talking about see here: http://slashdot.org/article.pl?sid=06/02/11/14142
Not all voting machines work that way. Some of the new one are purely paperless. You vote on a touch screen and it counts your vote. The only place the vote is stored is on a flash card in the machine. See: http://www.ncvoter.net/Press.html.
It is an absolutely idiotic idea, but someone thought it was a good one. Actually, I'm flabberghasted that after the election controversies of 2000, someone decided to sell a voting machine with LESS accountability than the hanging chads of Florida AND someone bought them.
Just send someone an OTP DVD generated by hotbits and keep a copy for yourself. Use the DVD only for key exchange and use AES for the data stream. No one can crack a one-time pad unless you make a mistake. This won't work for e-commerce, but it works wonderfully for terrorist and spies. For the extra paranoid, use the OTP data for encryption, but you'll eventually need a new one (re-using OTP data renders it crackable).
I think you're out of the loop on this one. Sure Windows, IIS, and IE have a poor security history. But, .Net has an excellent security history. If you want to write secure apps, I'd highly recommend .Net, all the way back to the first version.
Security features:
Cryptography protocols such as AES, RSA, SHA1, MD512.
Decent, extensible Web-based authentication system.
Code sandboxing like Java.
Code Access Security that allows you to set boundaries on what your code can do. This is specifically designed to prevent injection attacks of all kinds and works very well.
Support for WS-Security in Web Services.
Support for OS-integrated Authentication.
A Web-based security system that is very simple to deploy and not likely to be screwed up by administrators that didn't read the installation notes.
That's all I can think of right now, but there's a lot more in there.
Writing code that works is only a small part of the battle. You have to write code that works, is readable, maintainable, reuseable, and extensible. By the time you describe (through the programming language) what the program should do, what interface it should expose to the outside world, what interface should be exposed only to the project, and what should be held internally, also deal with a robust error managent system that works for attended application as well as service programs, possibly deal with packaging issues, security, and information scope and lifetime -- you're so-called simple program isn't so simple any more. Any code that ignores a significant number of the issues listed above is toy code and not suitable for any production environment.
So, if you want to write crap, a 1970's language is just fine. Feel free to write hobby code in GWBASIC. We won't stop you. Heck, many of us will have a great time helping you. But, truely simple applications don't exist in the professional arena. Modern languages aren't designed to tackle issue that were solved 30 years ago.
My OO programming students usually gasp when I tell them that there is no application that can be written with an Object Oriented language that cannot be written with an old-fashioned language. The whole point of OO programming isn't to do better things, it's to do the same things we did 30 years ago, only do them better. It's all about the process.
BTW, line numbers weren't invented to make the program easier to read. They were invented because many systems didn't have a text editor. The best way to insert a line between 30 and 40 was simply to make a new line 35. Going up a few lines and inserting simply wasn't an option.
Speed enforcement needs to change. A few years ago, the speed limit on all major closed highways in New York was 55mph or less. The State Police would give you a ticket for going 64 and then give you a lecture that it was all for public safety, in other words, going faster was going to cause someone to die. Well, then they raised the cap to 65mph for highways without a lot of entrances and exits (usually about one every 3 miles or more). And guess what, the highway death rate has decreased!!!! I'm sure the death rate didn't decrease because of higher speeds, but it sure didn't go up because of the speed.
Speed enforcement is a money game here in the US. No one really cares if the roads are safer, they just want ticket money. I even heard of a recent case where a districy raised the budget for ticket collection by $1,000,000 without even consulting the Police Department. They simply told them to go out and get more money.
Here's where it gets good..... If cars were elecronically limited to never speed, then speed enforcement would become a dead industry. Fewer and fewer cars would speed as old cars are replaced by new. Then the police would go do something productive (like watch for people running stop signs, or suddenly changing lanes in front of a car, or something else that actually kills people). One good thing already. Now, someone has to provide the data that the in-vehicle speed limiters use. Some day they're going to screw up and label a section of a 55mph road 15mph or something similar. In the first day, they will cause thousands of traffic accidents and probably a few deaths. Imaging if half the cars on the 405 in LA suddenly slowed to less than a quarter of the speed limit and THEY were panicking because they are as confused as they guy coming up behind them. After that day (and the lawsuits) no company will want to control the system. There goes the speed limiters and the police have already taken up more fruitful pursuits. Yea!!!
With a country that loves cars and lawsuits as much as we do, it couldn't happen any other way.