|
Some Windows 7 and Windows Server 2008 users are reporting they can't check for updates using Windows Update and Microsoft Update. No word yet on a Microsoft fix. That's odd - it seems to be working for Windows 10. What are the odds?
|
|
|
|
|
The phenomenon may be more common than we think The brain is a weird thing, I think
|
|
|
|
|
I didn't hear thudding. I heard the twanging and snapping of the wires. 
|
|
|
|
|
I heard Godzilla.
(Actually, I did experience a faint thudding [it was more like the compression sound the thud would make as though my ear drums were preparing for a loud sound], even when I told myself not too. Damn brain.)
|
|
|
|
|
|
I want you to think about just what a supremely bad idea it is to use a textual data access language. Such a language can pass through the user interface of a system and provide unauthorized access to all the data contained within. When in doubt, throw the baby out with the bath water
I can't imagine why he doesn't have comments enabled on that one.
|
|
|
|
|
Robert Martin wrote: supremely bad idea it is to use a textual data access language
As soon as I read that I thought, "SQL?"
Then I clicked the link and read that quote:
Robert Martin said: SQL is demon spawn, and no self-respecting software developer should ever use it.
It is crazy, but you could solve most of this by requiring all SQL to be run only via Stored Procs too.
Never let dynamic SQL be passed in. Ugh!!!
|
|
|
|
|
raddevus wrote: you could solve most of this by requiring all SQL to be run only via Stored Procs too.
Stored procedures aren't a magical defence against SQLi. If you're not using a properly parameterized query, they're just as vulnerable to SQLi as any other query.
And if you've spent any time in QA, you'll know that it's perfectly possible to write a stored procedure that contains its own SQLi vulnerability. 
The only defence is to parameterize everything. And if you find yourself hitting one of the few things that can't be parameterized (table and column names, for example), and you can't find a way to avoid it, then use the system views to validate the crap out of the user input, preferably ditching the user input in favour of the values returns from the views.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
We never run raw SQL from our applications.....ever! And this is one of the reasons why. We execute stored procedures against the data. This is far more secure.
"There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult." - C.A.R. Hoare
Home | LinkedIn | Google+ | Twitter
|
|
|
|
|
Kent Sharkey wrote: I want you to think about just what a supremely bad idea it is to use a textual data access language.
You mean like JSON in client-side POST/GET commands? 
|
|
|
|
|
So, you create an API and access the data... but there is no data since we chucked the database.
The far better solution is to have no data. This has the additional advantages of not having to write any code at all, nor having to design a UI. Heck, we can then get rid of project managers and executives will stop complaining about the annoying nerds, er, engineers. The amount of money saved is in the trillions world-wide.
|
|
|
|
|
In a recent survey conducted by Gartner, the organization found that the highest-ranked strategy for a successful DevOps approach was collaboration with information security. Step 0: don't
|
|
|
|
|
A Nobel Prize-winning economist says that Bitcoin should be outlawed. He states that the currency holds no real function and can easily be brought down by regulation. If you outlaw bitcoin, only outlaws will use bitcoin?
Yeah, I know - "Nobel prize-winning Economist" is just this side of, "some guy".
Also, gotta love that rouge currency. Rubles?
|
|
|
|
|
economist said: [bitcoin] can easily be brought down by regulation.
Well...what can't be?
|
|
|
|
|
Gold
Peter Wasser
"The whole problem with the world is that fools and fanatics are always so certain of themselves, and wiser people so full of doubts." - Bertrand Russell
|
|
|
|
|
Don't worry, it will crash on its own. (When is the million bitcoin question.)
|
|
|
|
|
Really? Gold has value because it's shiny and used in jewelry?
Please tell me how a piece of paper has value because... It's a tree?
Not really a satisfying answer either!
|
|
|
|
|
In May 2017, researchers at Google Brain announced the creation of AutoML, an artificial intelligence (AI) that's capable of generating its own AIs. "Skynet begins to learn at a geometric rate."
You know I had to use something like that.
|
|
|
|
|
A lot has changed in a quarter century. OMG - in case you needed to feel old
|
|
|
|
|
Lenovo also said that it wasn't aware of any third parties exploiting the app to gain access. They were shocked beyond belief when they found out.
Bastard Programmer from Hell 
If you can't read my code, try converting it here[^]
|
|
|
|
|
A new report tries to bring order to the messy business of measuring AI progress "Any A.I. smart enough to pass a Turing test is smart enough to know to fail it."
|
|
|
|
|
Have you ever mentioned something that seems totally normal to you only to be greeted by surprise? What's wrong with sigma?
|
|
|
|
|
One word:
Apply random goals
Gloss over the details
Incentivize "just get it done, we can refactor later"
Lack of documentation
Entertainment over formal processes
modified 5-Dec-17 7:52am.
|
|
|
|
|
Marc Clifton wrote: One word:
routine?
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
The Wall Street Journal published a brief article last week where it posited that Microsoft’s Excel software has not kept up with contemporary needs the finance sector requires and subsequently resulted in financial chiefs asking their staffers to part ways with the aging piece of software. =IF(ISERROR("WSJ", "Fake news", NA()))
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
