You're missing the point. If your database interface doesn't suck completely, like PHP's default one, you don't need to manually screen for bad data in the first place.
"Numerous" database layers, meaning nobody knows about them or has them installed. As opposed to languages like Perl, which just has one, and it does the right thing from the start. Face it, SQL injection is mainly a problem because PHP gets it all wrong by default.
You're glad that you use pretty much the only langauge where this is not done automatically for you, but which instead forces you to use a function with a name like mysql_real_escape_string()? And that actually has a similarly-named function without the "_real_" that doesn't do the job right? Just kidding with that other one, here's the real one!
You have to be very careful about checking user input.
No, you don't, unless you are either using an utterly shitty language like PHP that doesn't have built-in protection from SQL injection, or you are going out of your way to make your program insecure by using string interpolation in your queries.
Yes, I have seen all three "adds". And you didn't come anywhere near addressing the issue I raised in my original post, you just repeated the childish apologist line that pretty much just sums up as "if I close my eyes really hard, all racism will go away!"
Word is the VB of publishing. It's used by semi-literate people to bash out some crud that nobody else with any sense would want to touch, even with gloves and tongs.
This is quite true. However, those who do know what they are doing are not using TeX, either. They use tools like FrameMaker and InDesign and Quark.
Not quite the same indeed. That doesn't let you actually run signed software. And it's got a security hole as big as your head waiting to happen. Leave just *one* directory outside of/var or/home writable...
Cartels exist because they have the legal monopoly to do so.
Or hey, maybe cartels exist because it makes sense business-wise, legal regulation or no. Except that in an unregulated market, there is nothing to limit cartelization, because companies can do whatever they want, and they want cartels!
Sure, you can do that with an SQL database. Or you could do it without one. The back-end storage has very little to do with that kind of system. A relational database is for data with relational structures. Where's the relations you're going to put into the database? If you just have a big list of mails and their metadata, you might as well stuff it into any old file and search that.
Yeah, fuck thirty years of HCI research. Who the fuck wants consistency? I want programs that look like pools of slime and oranges and have eyes everywhere!
And congratulations, you are wrong on both counts.
A PRNG is most definitely a viable cryptosystem, if it is strong enough. That's pretty much what a stream cipher is. And 256-bit symmetric crypto is most definitely uncrackable by brute force, by any sane definition of "uncrackable" - there are not enough atoms in the universe to perform enough calculations within the lifetime of the universe to try all keys. That's signigicantly different from your "512 or so years".
Please learn something about the subject before posting nonsense to Slashdot.
Why should I? You are free to live in your fantasy world all you want. If you can't see what's in front of your eyes, it's no skin off my back. I just prefer to shave myself with Occam's razor every morning.
You're missing the point. If your database interface doesn't suck completely, like PHP's default one, you don't need to manually screen for bad data in the first place.
"Numerous" database layers, meaning nobody knows about them or has them installed. As opposed to languages like Perl, which just has one, and it does the right thing from the start. Face it, SQL injection is mainly a problem because PHP gets it all wrong by default.
Furhtermore, note:
2 +vulnerability+perl
2 +vulnerability+php
http://www.google.com/search?q=sql+perl
"Results 1 - 10 of about 69,700,000 for sql perl"
http://www.google.com/search?q=sql+php
"Results 1 - 10 of about 151,000,000 for sql php"
http://www.google.com/search?q=%22sql+injection%2
"Results 1 - 10 of about 243,000 for "sql injection" vulnerability perl"
http://www.google.com/search?q=%22sql+injection%2
"Results 1 - 10 of about 2,170,000 for "sql injection" vulnerability php"
The ration of pages about SQL in general on PHP and Perl is about 1:2. The ration of pages on SQL injection is about 1:9.
SQL injection is mainly a problem with PHP, because of the useless design of the database interfaces.
You're glad that you use pretty much the only langauge where this is not done automatically for you, but which instead forces you to use a function with a name like mysql_real_escape_string()? And that actually has a similarly-named function without the "_real_" that doesn't do the job right? Just kidding with that other one, here's the real one!
Or, you could use a language that doesn't force you to do this by hand, which is pretty much every langauge except PHP.
You have to be very careful about checking user input.
No, you don't, unless you are either using an utterly shitty language like PHP that doesn't have built-in protection from SQL injection, or you are going out of your way to make your program insecure by using string interpolation in your queries.
Yes, I have seen all three "adds". And you didn't come anywhere near addressing the issue I raised in my original post, you just repeated the childish apologist line that pretty much just sums up as "if I close my eyes really hard, all racism will go away!"
Unlike me, what?
I am not.
Even when the people likely to be offended are in a minority?
Yes, instead of overreacting, let's close our eyes as hard as possible, and all racism everywhere will go away!
You can't be unintentionally racist.
Wow. This statement is mind-bendingly igorant.
Can you even explain what the difference is between "intentional" and "unintentional" racism?
Word is the VB of publishing. It's used by semi-literate people to bash out some crud that nobody else with any sense would want to touch, even with gloves and tongs.
This is quite true. However, those who do know what they are doing are not using TeX, either. They use tools like FrameMaker and InDesign and Quark.
Not quite the same indeed. That doesn't let you actually run signed software. And it's got a security hole as big as your head waiting to happen. Leave just *one* directory outside of /var or /home writable...
Well, I'm a computer scientist not a physicist but I thought these constants are present because all observations so far have verified that.
Well, if your train of thought seriously stopped at "oh, we measured their values", then it's no wonder you're not a physicist.
I agree, it can be locked down, as can most other modern OSes
Oh, so how exactly do you lock down Linux so that only signed software can be run?
Cartels exist because they have the legal monopoly to do so.
Or hey, maybe cartels exist because it makes sense business-wise, legal regulation or no. Except that in an unregulated market, there is nothing to limit cartelization, because companies can do whatever they want, and they want cartels!
Yeah, online anonymity totally doesn't work! That's why the largest web forum in the world would never be totally anonymous!
Sure, you can do that with an SQL database. Or you could do it without one. The back-end storage has very little to do with that kind of system. A relational database is for data with relational structures. Where's the relations you're going to put into the database? If you just have a big list of mails and their metadata, you might as well stuff it into any old file and search that.
Oh yes, let's throw in a database for no reason! That'll solve everything!
Seriously, what were you going to do with that database once you have it? Read mail by typing SELECT statements? What?
Yeah, fuck thirty years of HCI research. Who the fuck wants consistency? I want programs that look like pools of slime and oranges and have eyes everywhere!
And congratulations, you are wrong on both counts.
A PRNG is most definitely a viable cryptosystem, if it is strong enough. That's pretty much what a stream cipher is. And 256-bit symmetric crypto is most definitely uncrackable by brute force, by any sane definition of "uncrackable" - there are not enough atoms in the universe to perform enough calculations within the lifetime of the universe to try all keys. That's signigicantly different from your "512 or so years".
Please learn something about the subject before posting nonsense to Slashdot.
Except the PS3 is just as overpriced in Japan as it is in Europe, and Japanese gamers are mocking it just as hard as the western ones.
2 eng.html4 93740
http://www.geocities.jp/route_219a/flash/ps3_exp0
http://blog.wired.com/games/index.blog?entry_id=1
http://dokoaa.com/ps3wii.html#hikaku
Oh wow, they must not have thought of that! It's a good thing you set them straight, or they'd have launched the mission for nothing!
Why should I? You are free to live in your fantasy world all you want. If you can't see what's in front of your eyes, it's no skin off my back. I just prefer to shave myself with Occam's razor every morning.