Hit Parent a few times. My first post was on using Store Procedures. An Anon Coward responded. The post you replied to was in response to the AC, not the guy talking about binding which yes, is another way to limit injection. Note that neither of these techniques will get you 100% protection however.
The study found that almost $2 Billion a year in productivity was being lost to these 'excessive indulgences'.... Put another way, this would equal 50 full-time employees doing nothing but surfing online game and auction sites.
I didn't RTFA, but this would imply that those 50 full time employees have a bill + production rate of $40,000,000/year. Or roughly $20,000 dollars an hour. Unless the 50 employees they are talking about are lobbyist, I just don't see this as accurate.
Correct, SPs will not fix every possible exploit, but they will prevent someone from sticking a trunc command in to the middle of your dynamic select statement.
Why convert to an entirely different structure when just implimenting proper code standards will suffice? Using parameterized stored procedure calls instead of dynamic SQL will not only protect you from the vast majority of SQL Injection attacks, but will also improve the performance of your web page.
The guy is working the numbers in ways that no competent IT Manager would ever attempt.
Why $3,250-$5,000? Here's my calculation.
And here is why he is wrong:
New PCs will cost $1,500-$2,000.
A solid IT Manager will have a PC replacement plan. The organization will be buying new PCs anyways, this cost is not specifically for Vista
A New Dell workstation (high end, but not top end) with Windows XP and Office XP can be had for about $1000 at volume. Just PC with Windows XP for around $700.
Darn few existing corporate PCs will have the video horsepower needed to run Aero, Vista's primary upgrade inducement.
Actually Aero can be turned off and you can run Vista on any machine that will run XP. And 'graphical coolness' is hardly the primary reason to upgrade.
Depending on your volume purchasing agreements, new copies of Vista and Office will total between $750 and $1,000. After all, your company always buys the "professional" packages, right? And they have to be installed, right? If you're getting a much cheaper quote on both packages installed and tested, let me know.
As previously stated, both come pre-installed on new purchased machines. If you want to upgrade all of your users to the latest version of office standard you are looking at about $350/license at volume.
The real value of Vista and Office 2007 includes new collaboration services. This means new back end servers. Most estimates place the back end support cost at $2,000 per user, but I used a range of $1,000-$2,000 for my calculations. Why get Office 2007 if not new SharePoint and Exchange servers? Can you run both on one box? Didn't think so.
This statement completely ignores economies of scale. If you have 3 employees, sure, it might cost you $3k+/user for back end software, hardware, and support. But if you have 500 employees, it'll cost you more like $5/user.
The items the guy completely missed is training costs, deployment costs, and business process changes. Those will wind up costing the organization just as much, if not more than the licensing costs. The cost IS higher than licensing alone, but not to the extent that this guy claims, nor for the reasons he expects.
The search apparently lumps everything with the word "basic" in the title together. QBasic, Visual Basic, VB.Net, etc...
While the non-visual and Visual Basic merges aren't that bad, putting VB.Net into that category is a major headache. VB.Net is syntactically similar to VB6, but is fully object oriented and is coded in just like C#. So looking for VB.Net samples in the Basic category returns a lot of VB6 code solutions that may look syntactically correct, but are far from the best practices.
How can we as developers of OS Software improve our chances to get funding? What types of business plans options (support, shrink wrapped software, pay-pal donations, etc...) do you see as being potential profit turners that can result in a return on investment? IOW: What features/functionality should we add to our teams and products to make them more attractive to investors?
True, but I could see this as being useful in an electronic ink/tft solution. The ease of reading ink, the flexibility of a digital display, and the interactivity of a touch screen. It sounds almost (but not quite!) patently original.
Let the industry and market correct itself. The industry is demanding accurate game ratings. There is too much money at risk for producers and investors to allow another hot coffee.
The holy shrine of game sales is Walmart. If you can't get into Walmart, you're going to have a hell of a time making it big. (I'm purposefully excluding online content delivery systems for now!)
In order to get on the shelf at Walmart, you NEED to have an ESRB rating. Not only that, you need to have a M rating or below.
If your rating is changed after the release, and Walmart pulls every single copy of your game off their shelves and sends them all back to you (at your expense), your company (or the producers) will likely take a huge financial blow.
Investors see this. They know that the game has to meet the ESRB's bar for M rated and below games, and that any deviation from that bar will result in a loss of potential revenue. So the Investors are telling the producers that the game has to be spot on for the ESRB review. The Producers work hard on the developers making sure there is nothing questionable that is on the disk.
I recently got to sit in on a presentation by the project lead for the Human Head game 'Prey'. And he accounted how they presented to the ESRB, and the similar groups in other countries. They put all of the worst parts of the game in a demo. Blood, guts, egg crapping rectums and all. They had backup material ready to replace anything that the ESRB thought was out of line for their rating. They worked hard to make sure that they were in the clear.
There is really no incentive to poorly represent a game to the ESRB if the game is for mainstream sales. And the retailers are putting a lot of pressure on the ESRB to accurately rate those games. There is nothing in this process that requires government intervention.
The big issue on recording searches is that a third party is storing (and possibly selling/revealing) information on you. So what if the system were changed to store your searches locally, run the analysis locally, and report back only links between data, not the data, or personally identifiable information.
For example, you search for David Bowie, then you search for 'The Cure'. The analysis process determines that you have linked David Bowie and The Cure and reports that link back to the search engine. Even if the search engine's database is leaked, all the public would know is that some number of users have found a link between David Bowie and The Cure. The big question mark in such a system is how the analysis process could determine that link.
1) +Funny gains no karma 2) Gun control is a legitimate concern.
My point was not to be funny, so much as point out the apparent irony. We blame games for violence yet we allow children and unstable people have access to fire arms. Not necessarily tied to Terrorism, but I got kinda tweaked this morning when I heard about yet another school shooting where a high school kid with a troubled past took his father's gun and shot the principal. I can't say for sure, but I would be willing to guess that as a non-military American, you are significantly more likely to get shot by a disgruntled teenager with their parent's gun, than a terrorist who played CS.
But at the same time, the second amendment is there for a reason. That reason may not be Bush, but it will likely be some future dictator who uses Bush's laws to remove even more of our liberties.
Meetings CAN be streamlined. With lunch brought in, enough discussion will happen to cut back on some.
I've been in good meetings, and I've been in bad. One of the worst I've been in recently was for a project that had no project manager. At one point, I had to tell the Accounting Manager to put a magazine away and pay attention. One of the meetings in that series we decided to order lunch to cut some time. It took almost an hour to get everyone to agree on something. Then just when we were about to order, someone decided they were just going to drive to the salad bar anyways and pick up our order. So another hour later the food finally shows up. Another 30 minutes - hour later we're finally through lunch but completely distracted. Out of 8 hours spent in a board room, we accomplished maybe 2 hours of requirements documentation.
The thing that is most sorely needed where I work is a professional project manager. Someone with experience, know-how, and balls to demand these middle managers get off their asses.
That can be reading/., daydreaming, wandering about looking busy/important, or doing some other productive thing (except that the latter is too often forbidden). In final analysis, it's not the productive time that will be burned by side projects, it's unproductive time.
I completely agree. I read/. and post on http://www.tek-tips.com./ Looking at other peoples' coding questions helps keep my mind fresh when I stuck documenting, or running reports, or testing extended processes.
Ehh, a drive to the closest DVD vendor is about 22 miles. That means just over 2 gallons in my Fiero. I think I filled up at $2.62 this week. So that's about $5.24 in fuel costs to go get that $13 DVD. Tack 5.5% sales tax onto the $13 and you get another 75 cents or so. That's right about $19 all told. So, you are right, I was wrong. I can only rent 6 premiere movies from VoD for the price of 1 discount DVD.
??? As stated I have Charter Cable's Video on Demand package
I grab my TV remote, I hit 999. Then I select from free* movies showing on HBO/Cinemax/Showtime and the other premiere channels, or I select "Movies". The "Movies" section is a wide variety (on par with the closest BlockBuster) of releases that I can rent for $3.00 for 24 hours. No gas is used in the delivery of the movie to me, or me to the movie.
*Free movies on the premiere channels are the same movies that are in rotation of the premiere channels. I am already paying for that cable tier, but now I can watch any of those movies, when ever I want, with pause/rewind/fast forward abilities.
Agreed. In the last year I have bought 2 DVDs, as gifts for other people. I don't even buy my own DVDs anymore. If there is a movie that I think is worth owning a DVD of, I add it to my Amazon list and let someone else buy it for me. I have Charter Cable's Video on Demand package. So I can watch HBO/Max/Sho/etc.. movies when ever I want, and if I do want to rent something, it's a whopping $3.00. For the price of a new DVD and gas, I can rent 7 movies.
Slashdot Mirror
Hit Parent a few times. My first post was on using Store Procedures. An Anon Coward responded. The post you replied to was in response to the AC, not the guy talking about binding which yes, is another way to limit injection. Note that neither of these techniques will get you 100% protection however.
-Rick
The study found that almost $2 Billion a year in productivity was being lost to these 'excessive indulgences'.... Put another way, this would equal 50 full-time employees doing nothing but surfing online game and auction sites.
I didn't RTFA, but this would imply that those 50 full time employees have a bill + production rate of $40,000,000/year. Or roughly $20,000 dollars an hour. Unless the 50 employees they are talking about are lobbyist, I just don't see this as accurate.
-Rick
But man was populous a good game.
-Rick
Correct, SPs will not fix every possible exploit, but they will prevent someone from sticking a trunc command in to the middle of your dynamic select statement.
-Rick
There are numerous "I want this language" posts in the groups discussions, it sounds like the do have some plans for future modifications: http://groups.google.com/group/Google-Code-Search/ browse_frm/thread/a6755aa4f8d95ced/758fc4d324e98c3 9#758fc4d324e98c39
-Rick
Why convert to an entirely different structure when just implimenting proper code standards will suffice? Using parameterized stored procedure calls instead of dynamic SQL will not only protect you from the vast majority of SQL Injection attacks, but will also improve the performance of your web page.
-Rick
Why $3,250-$5,000? Here's my calculation.
And here is why he is wrong:
New PCs will cost $1,500-$2,000.
Darn few existing corporate PCs will have the video horsepower needed to run Aero, Vista's primary upgrade inducement.
Depending on your volume purchasing agreements, new copies of Vista and Office will total between $750 and $1,000. After all, your company always buys the "professional" packages, right? And they have to be installed, right? If you're getting a much cheaper quote on both packages installed and tested, let me know.
The real value of Vista and Office 2007 includes new collaboration services. This means new back end servers. Most estimates place the back end support cost at $2,000 per user, but I used a range of $1,000-$2,000 for my calculations. Why get Office 2007 if not new SharePoint and Exchange servers? Can you run both on one box? Didn't think so.
The items the guy completely missed is training costs, deployment costs, and business process changes. Those will wind up costing the organization just as much, if not more than the licensing costs. The cost IS higher than licensing alone, but not to the extent that this guy claims, nor for the reasons he expects.
-Rick
The search apparently lumps everything with the word "basic" in the title together. QBasic, Visual Basic, VB.Net, etc...
While the non-visual and Visual Basic merges aren't that bad, putting VB.Net into that category is a major headache. VB.Net is syntactically similar to VB6, but is fully object oriented and is coded in just like C#. So looking for VB.Net samples in the Basic category returns a lot of VB6 code solutions that may look syntactically correct, but are far from the best practices.
-Rick
Now is it "AL qaeda" or "AI qaeda"?
-Rick
How can we as developers of OS Software improve our chances to get funding? What types of business plans options (support, shrink wrapped software, pay-pal donations, etc...) do you see as being potential profit turners that can result in a return on investment? IOW: What features/functionality should we add to our teams and products to make them more attractive to investors?
-Rick
So when will someone make Sims With Guns: The 2nd Amendment or some other life similation with violence as an option?
-Rick
It's shared though, not dedicated (IIRC). So it's a 12MB cache, so one proc could in theory use 5 megs of it while another only used 1, could it not?
-Rick
True, but I could see this as being useful in an electronic ink/tft solution. The ease of reading ink, the flexibility of a digital display, and the interactivity of a touch screen. It sounds almost (but not quite!) patently original.
-Rick
Prey runs on Mac, and I think they have a patch for native Linux execution also.
-Rick
Let the industry and market correct itself. The industry is demanding accurate game ratings. There is too much money at risk for producers and investors to allow another hot coffee.
The holy shrine of game sales is Walmart. If you can't get into Walmart, you're going to have a hell of a time making it big. (I'm purposefully excluding online content delivery systems for now!)
In order to get on the shelf at Walmart, you NEED to have an ESRB rating. Not only that, you need to have a M rating or below.
If your rating is changed after the release, and Walmart pulls every single copy of your game off their shelves and sends them all back to you (at your expense), your company (or the producers) will likely take a huge financial blow.
Investors see this. They know that the game has to meet the ESRB's bar for M rated and below games, and that any deviation from that bar will result in a loss of potential revenue. So the Investors are telling the producers that the game has to be spot on for the ESRB review. The Producers work hard on the developers making sure there is nothing questionable that is on the disk.
I recently got to sit in on a presentation by the project lead for the Human Head game 'Prey'. And he accounted how they presented to the ESRB, and the similar groups in other countries. They put all of the worst parts of the game in a demo. Blood, guts, egg crapping rectums and all. They had backup material ready to replace anything that the ESRB thought was out of line for their rating. They worked hard to make sure that they were in the clear.
There is really no incentive to poorly represent a game to the ESRB if the game is for mainstream sales. And the retailers are putting a lot of pressure on the ESRB to accurately rate those games. There is nothing in this process that requires government intervention.
-Rick
Success and failure has a lot more to do with business sense than it does with the inginuity of the game play.
-Rick
The big issue on recording searches is that a third party is storing (and possibly selling/revealing) information on you. So what if the system were changed to store your searches locally, run the analysis locally, and report back only links between data, not the data, or personally identifiable information.
For example, you search for David Bowie, then you search for 'The Cure'. The analysis process determines that you have linked David Bowie and The Cure and reports that link back to the search engine. Even if the search engine's database is leaked, all the public would know is that some number of users have found a link between David Bowie and The Cure. The big question mark in such a system is how the analysis process could determine that link.
-Rick
1) +Funny gains no karma
2) Gun control is a legitimate concern.
My point was not to be funny, so much as point out the apparent irony. We blame games for violence yet we allow children and unstable people have access to fire arms. Not necessarily tied to Terrorism, but I got kinda tweaked this morning when I heard about yet another school shooting where a high school kid with a troubled past took his father's gun and shot the principal. I can't say for sure, but I would be willing to guess that as a non-military American, you are significantly more likely to get shot by a disgruntled teenager with their parent's gun, than a terrorist who played CS.
But at the same time, the second amendment is there for a reason. That reason may not be Bush, but it will likely be some future dictator who uses Bush's laws to remove even more of our liberties.
-Rick
So true, anyone who thinks that CS will prepare you for accurately shooting a weapon, or pressure under fire, is on crack.
You want to learn to shoot? Spend 8 hours a day in shooting positions snapping in for a week. You want pressure and anxiety? Get arrested in Tijuana.
-Rick
nothing to see here.
-Rick
And yet we focus on video games?
-Rick
Meetings CAN be streamlined. With lunch brought in, enough discussion will happen to cut back on some.
/., daydreaming, wandering about looking busy/important, or doing some other productive thing (except that the latter is too often forbidden). In final analysis, it's not the productive time that will be burned by side projects, it's unproductive time.
/. and post on http://www.tek-tips.com./ Looking at other peoples' coding questions helps keep my mind fresh when I stuck documenting, or running reports, or testing extended processes.
I've been in good meetings, and I've been in bad. One of the worst I've been in recently was for a project that had no project manager. At one point, I had to tell the Accounting Manager to put a magazine away and pay attention. One of the meetings in that series we decided to order lunch to cut some time. It took almost an hour to get everyone to agree on something. Then just when we were about to order, someone decided they were just going to drive to the salad bar anyways and pick up our order. So another hour later the food finally shows up. Another 30 minutes - hour later we're finally through lunch but completely distracted. Out of 8 hours spent in a board room, we accomplished maybe 2 hours of requirements documentation.
The thing that is most sorely needed where I work is a professional project manager. Someone with experience, know-how, and balls to demand these middle managers get off their asses.
That can be reading
I completely agree. I read
-Rick
Ehh, a drive to the closest DVD vendor is about 22 miles. That means just over 2 gallons in my Fiero. I think I filled up at $2.62 this week. So that's about $5.24 in fuel costs to go get that $13 DVD. Tack 5.5% sales tax onto the $13 and you get another 75 cents or so. That's right about $19 all told. So, you are right, I was wrong. I can only rent 6 premiere movies from VoD for the price of 1 discount DVD.
-Rick
??? As stated I have Charter Cable's Video on Demand package
I grab my TV remote, I hit 999. Then I select from free* movies showing on HBO/Cinemax/Showtime and the other premiere channels, or I select "Movies". The "Movies" section is a wide variety (on par with the closest BlockBuster) of releases that I can rent for $3.00 for 24 hours. No gas is used in the delivery of the movie to me, or me to the movie.
*Free movies on the premiere channels are the same movies that are in rotation of the premiere channels. I am already paying for that cable tier, but now I can watch any of those movies, when ever I want, with pause/rewind/fast forward abilities.
-Rick
Agreed. In the last year I have bought 2 DVDs, as gifts for other people. I don't even buy my own DVDs anymore. If there is a movie that I think is worth owning a DVD of, I add it to my Amazon list and let someone else buy it for me. I have Charter Cable's Video on Demand package. So I can watch HBO/Max/Sho/etc.. movies when ever I want, and if I do want to rent something, it's a whopping $3.00. For the price of a new DVD and gas, I can rent 7 movies.
-Rick