most of whom are not doing any harm, and just want to hang around with mates.
As far as I understand, a bunch of kids hanging around the store is the problem. I'm not defending the noise, but I'm not defending the kids either. I don't believe they have any right to hang out at the store.
Around here blackboards are usually green. I almost bought a black whiteboard untill I saw they don't sell white whiteboard-markers seperate.
"Blackboard" and "whiteboard" are nearly meaningless terms. I like "chalkboard" (as a term, I hate the boards), but I have no idea what to call "whiteboards".
That one is hard to mod. I thought it was funny because of the irony. But it's really quite informative. But mod it informative, and people will just read the words and not get the irony.
But just in case: Magic quotes does the right thing at the wrong time. This means that strins is sometimes escaped when they shouldn't be, and sometimes not escaped when they should be. So really it's just false security, the only security worse than nothing. The official advice is to disable magic quotes. It doesn't work and it was never a good idea.
The best solution is still parameterized queries or other abstractions that removes any chance of getting this wrong.
It would not surprise me at all if my understanding of SQL injection vulnerabilities is less than yours.
It seemes that you understand the basics, but not the implications.
Instead of saying I'm ignant, edumacate me!
Here's some education: Don't get your education from slashdot!;-) But if you want to make sure you understand the basics of SQL Injection: http://en.wikipedia.org/wiki/Sql_injection
The solution is a combination of several good practices in software development. First of all: Make sure you know which data you can trust. Everything that comes from the user: Don't trust! Allow anything coming thru the front door, because you can't prevent it anyway, First you validate the data. Let's assume worst case: You allow anything, there's nothing to validate. Next: Insert it into the SQL in a way that can't hurt. (Escape it correctly...)
An extra way to take care of this: Separate your software in layers. Have all database/SQL-stuff in it's own layer. Study "Layers pattern", sorry no links.:) Then you can define exactly how data should look with traversing thru the layers, and it's a lot easier to make sure that everything is validated, transformed, converted etc. at the right time.
If its easy to steal, you have no personal connection to the seller, and there is no chance of getting caught, people will steal.
I don't like that you are comparing stealing and pirating, so many people already confuse them. but I get your point.
There is a hell of a lot of pirating going on right now, and you can't stop it completely. That is not the goal. Therefore it is completely acceptable to have a solution that doesn't make it impossible to copy illegally.
It's no problem that it is easy to do crime, if it's easier not to. I could easily kill my entire family, but there's no point, so they don't care.
If the server, by default, doesn't accept special characters in a password field, then that fixes most of these problems.
But then you couldn't make good passwords. Also, the password field isn't the only... oh wait, you said that:
Obviously, the password field isn't the only place where you can muck with the SQL
Exactly. So maybe you can't write "O'Hare" as a password, but with your method you couldn't enter it as your name. You just can't disallow special characters as a generic solution.
but if you're getting malformed fields from a valid userid and password, then you are much further along the path to shutting out the problem user who misused or had his access compromised.
I don't think you understand SQL Injection at all.
If the obvious fix is to exclude special characters from password fields
It's not. First of all, it wouldn't work. Second, it makes to sense at all at any level. Sorry if I seem rude.:)
There are a lot of new programmers (or whatever we're calling people who make websites these days), who are not naturally paranoid and sensitive to the exploitation of their code. They shouldn't need to be.
I agree, but it's a dreamworld. I shouldn't need to fiddle with keys or whatever every time I use my car or get home. But I do.
Luckily you can create pretty safe code by making nice code. It's amazing how many side-effects "nice" has. But yes, you'd need to be a good programmer to make nice code.
This is exactly why they want and need DRM technologies. Or they could just make it easy and cheap. Then I would have no reason at all to pirate it. I would even pay before knowing if I like it (before seing it), just like they want me to. The real problem is that people are so used to movies being expensive and inconvenient that they just pirate them out of habbit.
I remember reading about a conference on communication with ET's If we actually did get a signal from outer space, I'm sure we would spend more than a conference trying to decode it.:)
This is all very fancy, but wont viewing from sides reduce the surface amount you are watching?
You can easily have 5 people watching the same screen without worrying about perspective. I'm more worried about the amount of pixels. To make 3 pictures, only 1/3 of the pixels will be used in each picture. You'll need a killer resolution to make 3 nice pictures this way.
Most of those computers are probably used for almost exactly the same. The first 200 computers are probably representative for the 80%. So they use the first 100-200 to learn and to develop deployment procedures etc. When that works, they roll it out to all the similar computers. Just like in some smaller places, they use days to test something on one or two computers. When it works they spend an hour putting it on all 500 company desktops, most of the time just waiting for network transfers and rebooting.
Now, if i take a 1 MP picture with both of the same scene, the one i took with my camera looks exactly like the one i took with my phone, but without the snowstorm that seems to be raging on in the phone version.
How can that possibly be a surprice? Of course 5 megapixels doesn't add much compared to 1, if you scale it down to 1. Try taking a picture at 5 megapixels. If the rest of the camera is similarly improved too, you should get a much better picture.
This is what more pixels really means: It raises the potential for detail. This is great, if the rest of the camera can use it. Actually, the camera, the photographer, the graphics software (if used) and the display media (problably screen or paper).
I have a 1.3 megapixel cameraphone and a 6 megapixel DSLR. Would a comparison in amount of detail interest you?
My dream is to have a fisheye-lens and a wicked amount of detail. That way I can take a picture without knowing exactly what I'm photographing. When I get home I can find many interesting high resolution photos of stuff I didn't even see when I was there.
That would open up for a completely different kind of photography. Put this in a mobile phone, and take one of those boring pictures of your friend looking very uninteresting on the bus, but now in the same picture you may find an interesting scene happening on the side walk.
Yeah yeah, it might not be worth the time once you get used to it, but I'd sure like to try.
I don't think legal use of bittorrent need index-sites.
If I want to download the latest greatest version of Eclipse or Knoppix, I go to the Eclipse website. There I will find torrents among the other ways to get it.
If I go to the Stargate website, there's no torrents, ed2k-urls or even FTP/HTTP-urls to the episodes. THEN I must turn to the index sites.
It's something we don't want to be there, it lowers the value of the files, and sometimes makes the files useless. It sounds like me when I get a disease, so I don't see the problem with "infected". But how about "contaminated" then?
I think it's easier than that: An email without any real text, and not from someone I often get mail from, is spam. Why would a stranger send me a mail with no text? If it's not spam, he's an idiot. My spamfilter does not need to know the difference.
Slashdot Mirror
I think it was a joke, but actually the swedish word "snälla" reminds very much of "schnell", and that does mean "please".
It looks like a meeting. People rarely seem professional at meetings.
The efficiency of a group of people is not the sum of intelligence, it's the sum of stupidity.
most of whom are not doing any harm, and just want to hang around with mates.
As far as I understand, a bunch of kids hanging around the store is the problem. I'm not defending the noise, but I'm not defending the kids either. I don't believe they have any right to hang out at the store.
Around here blackboards are usually green. I almost bought a black whiteboard untill I saw they don't sell white whiteboard-markers seperate.
"Blackboard" and "whiteboard" are nearly meaningless terms. I like "chalkboard" (as a term, I hate the boards), but I have no idea what to call "whiteboards".
That one is hard to mod. I thought it was funny because of the irony. But it's really quite informative. But mod it informative, and people will just read the words and not get the irony.
But just in case: Magic quotes does the right thing at the wrong time. This means that strins is sometimes escaped when they shouldn't be, and sometimes not escaped when they should be. So really it's just false security, the only security worse than nothing.
The official advice is to disable magic quotes. It doesn't work and it was never a good idea.
The best solution is still parameterized queries or other abstractions that removes any chance of getting this wrong.
It would not surprise me at all if my understanding of SQL injection vulnerabilities is less than yours.
;-)
:)
It seemes that you understand the basics, but not the implications.
Instead of saying I'm ignant, edumacate me!
Here's some education: Don't get your education from slashdot!
But if you want to make sure you understand the basics of SQL Injection: http://en.wikipedia.org/wiki/Sql_injection
The solution is a combination of several good practices in software development. First of all: Make sure you know which data you can trust. Everything that comes from the user: Don't trust! Allow anything coming thru the front door, because you can't prevent it anyway,
First you validate the data. Let's assume worst case: You allow anything, there's nothing to validate.
Next: Insert it into the SQL in a way that can't hurt. (Escape it correctly...)
An extra way to take care of this: Separate your software in layers. Have all database/SQL-stuff in it's own layer. Study "Layers pattern", sorry no links.
Then you can define exactly how data should look with traversing thru the layers, and it's a lot easier to make sure that everything is validated, transformed, converted etc. at the right time.
If its easy to steal, you have no personal connection to the seller, and there is no chance of getting caught, people will steal.
I don't like that you are comparing stealing and pirating, so many people already confuse them. but I get your point.
There is a hell of a lot of pirating going on right now, and you can't stop it completely. That is not the goal. Therefore it is completely acceptable to have a solution that doesn't make it impossible to copy illegally.
It's no problem that it is easy to do crime, if it's easier not to. I could easily kill my entire family, but there's no point, so they don't care.
If the server, by default, doesn't accept special characters in a password field, then that fixes most of these problems.
But then you couldn't make good passwords. Also, the password field isn't the only... oh wait, you said that:
Obviously, the password field isn't the only place where you can muck with the SQL
Exactly. So maybe you can't write "O'Hare" as a password, but with your method you couldn't enter it as your name. You just can't disallow special characters as a generic solution.
but if you're getting malformed fields from a valid userid and password, then you are much further along the path to shutting out the problem user who misused or had his access compromised.
You can hit SQL Injection problems by using the system exactly as you are ment to, for example if your name is O'Reily.
I don't think you understand SQL Injection at all.
:)
If the obvious fix is to exclude special characters from password fields
It's not. First of all, it wouldn't work. Second, it makes to sense at all at any level. Sorry if I seem rude.
There are a lot of new programmers (or whatever we're calling people who make websites these days), who are not naturally paranoid and sensitive to the exploitation of their code. They shouldn't need to be.
I agree, but it's a dreamworld. I shouldn't need to fiddle with keys or whatever every time I use my car or get home. But I do.
Luckily you can create pretty safe code by making nice code. It's amazing how many side-effects "nice" has. But yes, you'd need to be a good programmer to make nice code.
This is exactly why they want and need DRM technologies.
Or they could just make it easy and cheap. Then I would have no reason at all to pirate it. I would even pay before knowing if I like it (before seing it), just like they want me to.
The real problem is that people are so used to movies being expensive and inconvenient that they just pirate them out of habbit.
Soemthing that typically reads 128kbps doesn't exactly require heaps of bandwidth.
It does when I update it, or just use it for generic data-transfer.
I remember reading about a conference on communication with ET's :)
If we actually did get a signal from outer space, I'm sure we would spend more than a conference trying to decode it.
Most of those computers are probably used for almost exactly the same. The first 200 computers are probably representative for the 80%.
So they use the first 100-200 to learn and to develop deployment procedures etc. When that works, they roll it out to all the similar computers.
Just like in some smaller places, they use days to test something on one or two computers. When it works they spend an hour putting it on all 500 company desktops, most of the time just waiting for network transfers and rebooting.
I wonder what it would cost to upgrade to Windows Vista, and the next Windows after that.
How can that possibly be a surprice? Of course 5 megapixels doesn't add much compared to 1, if you scale it down to 1. Try taking a picture at 5 megapixels. If the rest of the camera is similarly improved too, you should get a much better picture.
This is what more pixels really means: It raises the potential for detail. This is great, if the rest of the camera can use it. Actually, the camera, the photographer, the graphics software (if used) and the display media (problably screen or paper).
I have a 1.3 megapixel cameraphone and a 6 megapixel DSLR. Would a comparison in amount of detail interest you?
My dream is to have a fisheye-lens and a wicked amount of detail. That way I can take a picture without knowing exactly what I'm photographing. When I get home I can find many interesting high resolution photos of stuff I didn't even see when I was there.
That would open up for a completely different kind of photography. Put this in a mobile phone, and take one of those boring pictures of your friend looking very uninteresting on the bus, but now in the same picture you may find an interesting scene happening on the side walk.
Yeah yeah, it might not be worth the time once you get used to it, but I'd sure like to try.
I don't think legal use of bittorrent need index-sites.
If I want to download the latest greatest version of Eclipse or Knoppix, I go to the Eclipse website. There I will find torrents among the other ways to get it.
If I go to the Stargate website, there's no torrents, ed2k-urls or even FTP/HTTP-urls to the episodes. THEN I must turn to the index sites.
Maybe the store had enough cameras to cover that spot from several angles?
It's something we don't want to be there, it lowers the value of the files, and sometimes makes the files useless. It sounds like me when I get a disease, so I don't see the problem with "infected". But how about "contaminated" then?
How about a 24" Video iPod? That would be mad...
In Sovjet Russia, the textbooks learns from YOU!
You spelled "wikied" wrong.
I think it's easier than that: An email without any real text, and not from someone I often get mail from, is spam. Why would a stranger send me a mail with no text? If it's not spam, he's an idiot. My spamfilter does not need to know the difference.