Admittedly, I haven't read the actual legislation, just news reports' summary of it, so I am likely misinformed, but frankly, I don't get it either.
Several justifications were presented, but none sound plausible to me. Supposedly, Concerned Citizens think that underage people are going to nick drinks from the bar (has that ever happened in the history of bars?) When I was underage, I just had a friend buy the drink for me and bring it to the table, or better yet, get a bottle from the liquor store and mix it at home.
I heard that one supporter of the bill said something to the effect of "when I go out to eat, I don't want to see people drinking". I think these people should stick to fast food.
There is also the classic "if kids see people drinking, they'll want to drink," which I'd respond to with "so fucking what?"
I don't think the legislation applies to bars, as it is theoretically all people of legal drinking age there anyways. I also think that existing restaraunts all get grandfathered in, so they don't have to renovate to add a mixing back room.
At any rate, it's Utah, and yes, there is definitely a weird culture here. I still like it here, but I wouldn't mind a few changes either.
Yeah, while I love living in Utah, the lawmakers seem to fall too easily to the "think of the children" argument.
On a side note, the recently discussed bill involving bars keeping records of patrons' drivers licenses passed, along with one stating that restaurants can no longer mix drinks in sight of the patrons.
Sure there is- in the past, there have been plenty of exploits that tap into Firefox caches, saved passwords, history, and system settings (where all your personal information is really kept these days)
Then there's all the XSS, CSRF, and clickjacking exploits that can compromise websites and services
Let's not forget the fact that Javascript can just be annoying- preventing loops of popup windows and alert boxes is reason enough to disable javascript
"No company can say "no" to a *reasonable* request of police"
Bullshit. Search and seizure laws apply on company property as well as personal. Nobody, cop or not, is going to search my office without a warrant and our lawyers on site.
"Drug use is among top culprits, because users need money for drugs and may steal big"
We're talking about pot here, not crack cocaine. I know a lot of professional people who use it, and none of them steal money for drugs. It's like alcohol- if you can't afford it, you find a friend who can, or go without.
Any non-trivial project with only one person working on it is going to have security holes. Without another person checking your work, you're bound to make mistakes.
So why not have the guy checking your work be a "specialist" who knows what he's doing?
It's always best to write your own sanitizers than to rely on what PHP provides (If you know what you're doing)
There are a lot of issues that people overlook with character encodings and input mangling. I can't tell you how many PHP apps I've audited that had some guy's custom weak filter functions.
Depending on your needs, there are a handful of really good sanitation libraries out there, but you're correct that they're not provided with PHP.
As somebody who performs security audits on PHP apps for a living, you sir, don't have a clue. There are so many subtle issues with session manipulation, local system configuration, complex program logic, SSL implementation... The list is awfully long, and you couldn't put it all into a shelf of books.
Though to be fair, if everybody did the stuff you mentioned, it would be a much better internet.
I believe that Sikhs have a religious mandate to carry a sword with them at all times- something about always being ready to fight for God. In India they even allow them to carry the swords onto airplanes.
Probably wouldn't go over so well here in the good old USA though... too many paranoid morons.
They're definitely worth a read, but the tech kind of takes over the story, and they're not well written.
Still entertaining though.
Re:To Answer The Question: +1, Informative
on
Daemon
·
· Score: 1
You're totally right. I was out in the bad part of town the other day and every street corner had pushers peddling plasma screens and 14 year old girls turning tricks for cable.
And have you seen the birth defects that TV causes? It's amazing that this stuff is legal.
I didn't watch the show either, but I get the impression it wasn't so much a developer saying "here's a tool you can use next time you need to track IPs" as the resident techie saying "Sure, I can hack together a tool to track IPs, let me fire up my GUI editor"
Slashdot Mirror
Admittedly, I haven't read the actual legislation, just news reports' summary of it, so I am likely misinformed, but frankly, I don't get it either.
Several justifications were presented, but none sound plausible to me. Supposedly, Concerned Citizens think that underage people are going to nick drinks from the bar (has that ever happened in the history of bars?) When I was underage, I just had a friend buy the drink for me and bring it to the table, or better yet, get a bottle from the liquor store and mix it at home.
I heard that one supporter of the bill said something to the effect of "when I go out to eat, I don't want to see people drinking". I think these people should stick to fast food.
There is also the classic "if kids see people drinking, they'll want to drink," which I'd respond to with "so fucking what?"
I don't think the legislation applies to bars, as it is theoretically all people of legal drinking age there anyways. I also think that existing restaraunts all get grandfathered in, so they don't have to renovate to add a mixing back room.
At any rate, it's Utah, and yes, there is definitely a weird culture here. I still like it here, but I wouldn't mind a few changes either.
Yeah, while I love living in Utah, the lawmakers seem to fall too easily to the "think of the children" argument.
On a side note, the recently discussed bill involving bars keeping records of patrons' drivers licenses passed, along with one stating that restaurants can no longer mix drinks in sight of the patrons.
Sure there is- in the past, there have been plenty of exploits that tap into Firefox caches, saved passwords, history, and system settings (where all your personal information is really kept these days)
Then there's all the XSS, CSRF, and clickjacking exploits that can compromise websites and services
Let's not forget the fact that Javascript can just be annoying- preventing loops of popup windows and alert boxes is reason enough to disable javascript
"No company can say "no" to a *reasonable* request of police"
Bullshit. Search and seizure laws apply on company property as well as personal. Nobody, cop or not, is going to search my office without a warrant and our lawyers on site.
"Drug use is among top culprits, because users need money for drugs and may steal big"
We're talking about pot here, not crack cocaine. I know a lot of professional people who use it, and none of them steal money for drugs. It's like alcohol- if you can't afford it, you find a friend who can, or go without.
Here's another security tip- Don't ever listen to a person who obviously doesn't know what he's talking about.
The amount of bad advice on this thread is astounding.
1. Write bad advice ...
2. People follow advice
3.
4. Profit!
...And I haven't seen a human that could read that sentence.
Ajax doesn't cause the sever-side security holes, it's the PHP scripts that handle it, and the same rules as always apply then.
Ajax does have its own set of issues, but they're not PHP's problem, and thus, don't belong in a PHP book.
Really?
I've done forensics on a LOT of compromised sites, and the fact is that in 99.99% of cases, the cops don't care in any country.
Unless there's major losses, particularly monetary, or it ties in with another investigation, nobody is even going to call you back.
Sure, a major, targeted attack will get their attention, but you can bet they're using a small stack of proxies in that case.
...Because Drupal is bulletproof
Any non-trivial project with only one person working on it is going to have security holes. Without another person checking your work, you're bound to make mistakes.
So why not have the guy checking your work be a "specialist" who knows what he's doing?
"WPA2 is unproven while IPSEC, tls, ssl, and ssh all use proven encryption."
Picking nits, I know, but I'm pretty sure Scheier would tell you that the only way you can prove an encryption is to prove it's weak.
Small correction:
It's always best to write your own sanitizers than to rely on what PHP provides (If you know what you're doing)
There are a lot of issues that people overlook with character encodings and input mangling. I can't tell you how many PHP apps I've audited that had some guy's custom weak filter functions.
Depending on your needs, there are a handful of really good sanitation libraries out there, but you're correct that they're not provided with PHP.
Normally, yes. But Here's a guy who used CSRF to root a server.
Exception, maybe, but I think it's about time people start taking those little client-side exploits seriously.
As somebody who performs security audits on PHP apps for a living, you sir, don't have a clue. There are so many subtle issues with session manipulation, local system configuration, complex program logic, SSL implementation... The list is awfully long, and you couldn't put it all into a shelf of books.
Though to be fair, if everybody did the stuff you mentioned, it would be a much better internet.
I believe that Sikhs have a religious mandate to carry a sword with them at all times- something about always being ready to fight for God. In India they even allow them to carry the swords onto airplanes.
Probably wouldn't go over so well here in the good old USA though... too many paranoid morons.
Nah, nothing says buggy like a windows-based file manager.
They're definitely worth a read, but the tech kind of takes over the story, and they're not well written.
Still entertaining though.
You're totally right. I was out in the bad part of town the other day and every street corner had pushers peddling plasma screens and 14 year old girls turning tricks for cable.
And have you seen the birth defects that TV causes? It's amazing that this stuff is legal.
I didn't watch the show either, but I get the impression it wasn't so much a developer saying "here's a tool you can use next time you need to track IPs" as the resident techie saying "Sure, I can hack together a tool to track IPs, let me fire up my GUI editor"
I maintain, that without the death camps, a very important piece is missing
*sigh*.. fine, I'll set up a death camp. Will that make you happy?
...And yet the law of Fives is in fact 3 laws...
Johnathan, is that you?
Shut the fuck up.
We have now created symbols that can represent simple meanings cross-culturally and cross-linguistically
We had these thousands of years ago, on the walls of caves.