That is the thing, they worry about it even if the system has been designed to make iinjection practically impossible. They (management) worry because, no matter what guarantees are in place, they don't want to be known as the idiot manager that allowed a policy that somehow enabled someone to find a SQL injection hole and literally wipe out millions or billions in money.
Stupid policy? From our perspective, yes. The pain point is that such policy leaves our passwords weak. My bank passwords are typically some of my weakest passwords simply because I have no choice. What I don't understand is why some banks make you use short passwords. My strongest pssword is a correct-horse-battery-staple type of 30+ characters that uses only lowercase and spaces.
But until banks stop using SQL databases, this will continue. Two-factor authentication is the better alternative anyway, so that will be what gets implemented.
I think the reasoning is more precaution than anything. Direct SQL injection has for a long time been the default mode for working with databases. Just because developers know how to prevent it, and are preached it, doesn't mean someone won't flub it up at some time on accident and open a hole that brings their entire system down.
They aren't paper thin. We still have a long way to go. I wouldn't mind having a phone as thin and light as a credit card. Then it would feel like a... credit card, which you know, feels fine in my hand.
Oh, they have to? Really? So they already know they won't be successful, and are preemptively creating features to blame for their future lousy market share?
You are asserting that trying to distinguish themselves in a cutthroat market--that sees little success from newcomers--is considered a poor excuse. Yet somehow, creating features that (presumably will in retrospect) suck is a sign of genius to those they are trying to impress?
Sure, but my response was to Immerman's post asserting that the US was in part responsible for WWII. The US was not an Entente nation and did not ratify its entry into the Treaty of Versailles, but (led by Wilson) backed a more reasonable and peaceful policy that wouldn't have pissed Germany off so much.
You know, soldiers massacrating people (which is what war is, literally).
War is, ideally, about the goal of killing or otherwise defeating enemy combatants for a moral outcome (i.e. defense against terrorism or protecting our allies). This is not the same as shooting unarmed people simply because they exist in an area.
Collateral damage should not be ignored. If it is minimized in achieving war goals, I would consider my soldiers to be heroes. It not, I would be seriously questioning why and under whose authority. But at the end of the day, everyone weighs collateral damage against the achievement of war and makes their own decisions about whether the outcome is good.
If it was GPL you would have to include the source code for your changes
Not entirely. The GPL only requires you to provide the source code to people who use your software. If my software is only used internally within my company, then my company would be the only party who must be able to receive copies of the source code.
if everybody else felt they had to be compatible they could use this to duplicate the changes in their version.
But why would this matter? My application would have its own CLR, separate from anything else in the system. Another app could have its own CLR. There could be 50 apps on the system and they could all use their own custom CLR, if they so chose, and none of them have to be the slightest bit compatible with each other or with any CLR that is installed into Windows.
Even if those 50 custom CLRs are identical, I may want to use my own copy just because I don't want some other app installing an updated CLR that could break my app. And this isn't some theoretical problem either. I use an obfuscator that relies on internal, undocumented behaviors of the CLR to do its dirty work. My application broke on several computers that installed a.NET update because it changed some of this behavior. My app wouldn't have broken if it had its own CLR.
Now if I want to provide my custom CLR's source back to the community, I am completely free to do so. It doesn't matter if it's MIT vs. GPL vs. whatever open source license.
This is the basic reason behind the GPL.
No. The reason to use GPL is to allow you to provide your source code to your users, such that their use and/or derivation of that code must be provided to their users, and so on. It has nothing to do with compatibility (although increased compatibility is a side effect of most any open source license).
Copylefted would at least allow all the different bespoke language runtimes to remain compatiable with each other
Um, what?
Say I decide to update the CLR to add the ability to define parameters on the new() generic type constraint. That would fundamentally break compatibility of apps that rely on the new functionality.
Nothing about putting that out under MIT vs. GPL would make a difference in such compatibility. What makes a difference is placing a dependency on the change.
So you're going to call misrepresenting your product as a legitimate unregulated market?
By what standard does someone judge an unregulated concept to be legitimate? Assuming such judgment has teeth, doesn't that standard become a form of regulation?
I really can't think of much that I would want to amend the Constitution by.
I can. If Congress passes some unpopular law, and the Supreme Court asserts that the law is constitutional, then the states can pass an amendment nullifying the law as well as future variants. There isn't a thing Congress can do about it since they don't have the authority to subvert this process, meaning there would finally be a viable check from the states on Washington.
And if the convention passes an amendment requiring a convention of the states every 2 years (or on whatever time table is deemed best), such laws will be reviewed by the convention on a regular basis.
Even if Congress attempts to subvert this process as you suggest, that would give the states more ammunition to take back to the people and demand that those currently in power at the federal level be removed from office.
I would be perfectly fine with an ad blocker that only blocked those kind of ads.
Actually I would add this: a timeout on any legitimate ads that are loaded before the page finishes displaying, and a bandwidth cap on all ads.
Do these things, and we might have an advertising system that most people have little problem with while being valuable enough to promote a healthy internet market.
I don't disagree. If I had my way, we would be inching toward states' rights instead of away from it.
For instance, I'm a big supporter of the Article V amendment process; it circumvents Congress and they really can't do much about it. I feel that if a convention were to actually sit, the first and best amendment to be proposed would be regularly scheduled conventions for the purpose of providing a much-needed check on Washington.
We have the processes in place to help put us back on track, if only we would use them. Article V is a tough road, but lately it has been gaining momentum. We have options to break from our current path without armed revolution, and that's the point of democratic society.
Infrastructure is a property rights concern. Property rights is a government concern.
Justice system and property rights do not require centralised governments, each locality can deal with it however it wants
So property rights is a government concern, just not a centralized government concern? I can see that logic. But then how do we deal with a citizen of town A owning land and things in town B? And how does the justice system handle the case of someone in town C coming to town B to steal things from the citizen from town A?
We could set up treaties between the towns, and have a documentation system to provide proof of citizenship and other details that matter. As for me, I like being able to drive to the next town to shop or eat or whatever I do, without needing to go through border checks.
thus if you want to use a road or have protection against attacks by bandits, that's your responsibility to hire your protection and to pay your road tolls
Golly, that's just what I want! To pay a body guard to ride with me in my Hummer with machine guns. And to have to stop to pay at every - single - entrance into every road, and from every road.
Actually no, that's not at all what I want. I want my 10-mile commute to take 15 or 20 minutes, not 3 hours waiting in lines at toll booths. I want to pay a reasonable amount of money for my drive, without having to pay by-the-hour for some guy to protect me as I drive down the road.
I don't like everything about our society. I don't care for many things our government does. I would change a lot of things if I had my way. But at the end of the day, I feel that all of that is relatively minor compared to truly horrible dictatorships where the people have no rights, no freedoms, poor health and are daily in fear for their lives and for the lives of those they care about. We should fight to make sure our society doesn't degenerate in that direction, but its useless to throw it all away just because it's not perfect.
Stolen, huh? So I assume you would rather the government dissolve, leaving no infrastructure, no property rights, and no justice system? You'll have to staff your own protection, since you don't want police or military defense. I guess the biggest guy wins... hope you like that new dictator.
But then I suppose you wouldn't care for that so much. You might at least want to form an alliance with your family and neighbors. Perhaps you'll agree not to steal from each other, and have the toughest men keep watch over the town and keep the dictator's army out. But they need to eat and can't keep watch all day while also worrying about growing their own crop, so the town decides that everyone should give part of their goods in exchange for the protection.
Then your town and others nearby might decide, we are reasonable folk and aren't each other's enemies. So you form an alliance and pool your resources to focus protection on the outer borders. Oh and since one town has a great market for clothing, and another has a nice oil well, and yet another has fertile land, now you need roads to travel between the towns. You pool your resources to help built those roads.
This is a system of government, funded by taxes. It is the inevitable outcome of humanity, and will continue to grow bigger so long as the people are mostly satisfied with that government.
I'm not familiar with writing apps for X, but are you saying that every program that displays a window in X can log all keystrokes including in windows that are not associated with that program?
If so, I'm staying away from X for now on.
If not, I'm not sure what your point is. The malicious application would need to display a fake lock screen, convincing enough to fool the user, before the user would type in their credentials. Only then would that app be able to elevate.
Hmm. I think by this time your security is already out the window and a borked lock program is the least of your worries.
Just because an application is running on your system doesn't mean it has elevation. But if it pretends to be your lock screen and convinces you to put your password into it, it may be able to gain that elevation.
Slashdot Mirror
You tell me:
http://www.thestar.com/news/wo...
That is the thing, they worry about it even if the system has been designed to make iinjection practically impossible. They (management) worry because, no matter what guarantees are in place, they don't want to be known as the idiot manager that allowed a policy that somehow enabled someone to find a SQL injection hole and literally wipe out millions or billions in money.
Stupid policy? From our perspective, yes. The pain point is that such policy leaves our passwords weak. My bank passwords are typically some of my weakest passwords simply because I have no choice. What I don't understand is why some banks make you use short passwords. My strongest pssword is a correct-horse-battery-staple type of 30+ characters that uses only lowercase and spaces.
But until banks stop using SQL databases, this will continue. Two-factor authentication is the better alternative anyway, so that will be what gets implemented.
I think the reasoning is more precaution than anything. Direct SQL injection has for a long time been the default mode for working with databases. Just because developers know how to prevent it, and are preached it, doesn't mean someone won't flub it up at some time on accident and open a hole that brings their entire system down.
They aren't paper thin. We still have a long way to go. I wouldn't mind having a phone as thin and light as a credit card. Then it would feel like a... credit card, which you know, feels fine in my hand.
But they have to make some sort of excuse
Oh, they have to? Really? So they already know they won't be successful, and are preemptively creating features to blame for their future lousy market share?
You are asserting that trying to distinguish themselves in a cutthroat market--that sees little success from newcomers--is considered a poor excuse. Yet somehow, creating features that (presumably will in retrospect) suck is a sign of genius to those they are trying to impress?
Interesting logic there.
Sure, but my response was to Immerman's post asserting that the US was in part responsible for WWII. The US was not an Entente nation and did not ratify its entry into the Treaty of Versailles, but (led by Wilson) backed a more reasonable and peaceful policy that wouldn't have pissed Germany off so much.
the atrocious, unsustainable wealth and power grabs made after the Allies won - that all but guaranteed the outbreak of WWII
I'd like to think that the Nazis and Hitler's imperialistic and genocidal attitude had something to do with that too.
You know, soldiers massacrating people (which is what war is, literally).
War is, ideally, about the goal of killing or otherwise defeating enemy combatants for a moral outcome (i.e. defense against terrorism or protecting our allies). This is not the same as shooting unarmed people simply because they exist in an area.
Collateral damage should not be ignored. If it is minimized in achieving war goals, I would consider my soldiers to be heroes. It not, I would be seriously questioning why and under whose authority. But at the end of the day, everyone weighs collateral damage against the achievement of war and makes their own decisions about whether the outcome is good.
Banks often require weaker passwords because many are afraid of SQL injection attacks that could be opened up by allowing passwords with symbols.
If it was GPL you would have to include the source code for your changes
Not entirely. The GPL only requires you to provide the source code to people who use your software. If my software is only used internally within my company, then my company would be the only party who must be able to receive copies of the source code.
if everybody else felt they had to be compatible they could use this to duplicate the changes in their version.
But why would this matter? My application would have its own CLR, separate from anything else in the system. Another app could have its own CLR. There could be 50 apps on the system and they could all use their own custom CLR, if they so chose, and none of them have to be the slightest bit compatible with each other or with any CLR that is installed into Windows.
Even if those 50 custom CLRs are identical, I may want to use my own copy just because I don't want some other app installing an updated CLR that could break my app. And this isn't some theoretical problem either. I use an obfuscator that relies on internal, undocumented behaviors of the CLR to do its dirty work. My application broke on several computers that installed a .NET update because it changed some of this behavior. My app wouldn't have broken if it had its own CLR.
Now if I want to provide my custom CLR's source back to the community, I am completely free to do so. It doesn't matter if it's MIT vs. GPL vs. whatever open source license.
This is the basic reason behind the GPL.
No. The reason to use GPL is to allow you to provide your source code to your users, such that their use and/or derivation of that code must be provided to their users, and so on. It has nothing to do with compatibility (although increased compatibility is a side effect of most any open source license).
Copylefted would at least allow all the different bespoke language runtimes to remain compatiable with each other
Um, what?
Say I decide to update the CLR to add the ability to define parameters on the new() generic type constraint. That would fundamentally break compatibility of apps that rely on the new functionality.
Nothing about putting that out under MIT vs. GPL would make a difference in such compatibility. What makes a difference is placing a dependency on the change.
So getting what you pay for is now a regulation?
Yes, this is called an implied warranty.
So you're going to call misrepresenting your product as a legitimate unregulated market?
By what standard does someone judge an unregulated concept to be legitimate? Assuming such judgment has teeth, doesn't that standard become a form of regulation?
I really can't think of much that I would want to amend the Constitution by.
I can. If Congress passes some unpopular law, and the Supreme Court asserts that the law is constitutional, then the states can pass an amendment nullifying the law as well as future variants. There isn't a thing Congress can do about it since they don't have the authority to subvert this process, meaning there would finally be a viable check from the states on Washington.
And if the convention passes an amendment requiring a convention of the states every 2 years (or on whatever time table is deemed best), such laws will be reviewed by the convention on a regular basis.
Even if Congress attempts to subvert this process as you suggest, that would give the states more ammunition to take back to the people and demand that those currently in power at the federal level be removed from office.
I would be perfectly fine with an ad blocker that only blocked those kind of ads.
Actually I would add this: a timeout on any legitimate ads that are loaded before the page finishes displaying, and a bandwidth cap on all ads.
Do these things, and we might have an advertising system that most people have little problem with while being valuable enough to promote a healthy internet market.
I think you put a "t" where the "p" is supposed to go!
He's rating your poo?
I don't disagree. If I had my way, we would be inching toward states' rights instead of away from it.
For instance, I'm a big supporter of the Article V amendment process; it circumvents Congress and they really can't do much about it. I feel that if a convention were to actually sit, the first and best amendment to be proposed would be regularly scheduled conventions for the purpose of providing a much-needed check on Washington.
We have the processes in place to help put us back on track, if only we would use them. Article V is a tough road, but lately it has been gaining momentum. We have options to break from our current path without armed revolution, and that's the point of democratic society.
Infrastructure is not a government concern
Infrastructure is a property rights concern. Property rights is a government concern.
Justice system and property rights do not require centralised governments, each locality can deal with it however it wants
So property rights is a government concern, just not a centralized government concern? I can see that logic. But then how do we deal with a citizen of town A owning land and things in town B? And how does the justice system handle the case of someone in town C coming to town B to steal things from the citizen from town A?
We could set up treaties between the towns, and have a documentation system to provide proof of citizenship and other details that matter. As for me, I like being able to drive to the next town to shop or eat or whatever I do, without needing to go through border checks.
thus if you want to use a road or have protection against attacks by bandits, that's your responsibility to hire your protection and to pay your road tolls
Golly, that's just what I want! To pay a body guard to ride with me in my Hummer with machine guns. And to have to stop to pay at every - single - entrance into every road, and from every road.
Actually no, that's not at all what I want. I want my 10-mile commute to take 15 or 20 minutes, not 3 hours waiting in lines at toll booths. I want to pay a reasonable amount of money for my drive, without having to pay by-the-hour for some guy to protect me as I drive down the road.
I don't like everything about our society. I don't care for many things our government does. I would change a lot of things if I had my way. But at the end of the day, I feel that all of that is relatively minor compared to truly horrible dictatorships where the people have no rights, no freedoms, poor health and are daily in fear for their lives and for the lives of those they care about. We should fight to make sure our society doesn't degenerate in that direction, but its useless to throw it all away just because it's not perfect.
Stolen, huh? So I assume you would rather the government dissolve, leaving no infrastructure, no property rights, and no justice system? You'll have to staff your own protection, since you don't want police or military defense. I guess the biggest guy wins... hope you like that new dictator.
But then I suppose you wouldn't care for that so much. You might at least want to form an alliance with your family and neighbors. Perhaps you'll agree not to steal from each other, and have the toughest men keep watch over the town and keep the dictator's army out. But they need to eat and can't keep watch all day while also worrying about growing their own crop, so the town decides that everyone should give part of their goods in exchange for the protection.
Then your town and others nearby might decide, we are reasonable folk and aren't each other's enemies. So you form an alliance and pool your resources to focus protection on the outer borders. Oh and since one town has a great market for clothing, and another has a nice oil well, and yet another has fertile land, now you need roads to travel between the towns. You pool your resources to help built those roads.
This is a system of government, funded by taxes. It is the inevitable outcome of humanity, and will continue to grow bigger so long as the people are mostly satisfied with that government.
But my assumption was that some control in the other window already has keyboard focus.
I'm not familiar with writing apps for X, but are you saying that every program that displays a window in X can log all keystrokes including in windows that are not associated with that program?
If so, I'm staying away from X for now on.
If not, I'm not sure what your point is. The malicious application would need to display a fake lock screen, convincing enough to fool the user, before the user would type in their credentials. Only then would that app be able to elevate.
It is. They just failed to mention that it was is a year on Pluto.
Hmm. I think by this time your security is already out the window and a borked lock program is the least of your worries.
Just because an application is running on your system doesn't mean it has elevation. But if it pretends to be your lock screen and convinces you to put your password into it, it may be able to gain that elevation.
buttons that can't be distinguished from other UI elements
In the X11 graphic, I see at least 4 different button visuals:
- thin border with shadow
- bold border with no shadow
- 3D-style border
- buttons without any border (menu buttons)
And text entry uses a 3D-style border just like some of the buttons.
How exactly is this better?
Wait, you said they look alike. Now you are touting the differences. Which is it?