Re: If you do not sanitize CGI input @DainB
Thanks for the sane explanation and example.
2016 posts • joined 10 Apr 2007
Thanks for the sane explanation and example.
You have the idea on it's head: The tablet does not control the boat - the boat's systems control the boat. The tablet is nothing more than an interface into the boat's systems. Of course, this doesn't justify a patent but this is the US PTO...
They are so screwed it's almost a joke. Yes, the price is good but that's their only positive factor.
16 or 32GB of storage? That has crippled them down to useless - want to install Office and maybe a windows update or two? Forget it, you'll have to uninstall everything else just to perform an OS update.
1GB of RAM? Win 8 is somewhat more efficient that its predecessors, but it's nowhere near that efficient. This is almost as useless as Microsoft's initial "minimum" requirements for Windows XP, except the truth was that if you want the OS (sans years of bloat updates) to load within the same hour and to load up another application you were fresh out of luck. These days a single application will lay claim to much of that RAM, which is a testament to how resource hungry modern applications are rather than any enhanced capabilities.
As for the display, x768 16:9 laptop displays are useless enough with many applications assuming x800 at the minimum.
Without experiencing them first hand, they sound like instant land fill.
We, as in most of the readers of el'Reg, probably won't however PHBs have a nasty habit of believing them.
Another top show from the resident LOHAN boffinette, sporting her pipe as she rightly should. Puts the rest of them to shame she does. Slackers.
or just the most common phone in current use among those who are more likely to be in thief-friendly locations.
Which means that the BLOODY BIG BUTTON phone that is used by the elderly who don't tend to go out on Friday nights or stumble around drunk on the streets will be the least likely phone to be stolen.
Seriously, an ex-colleague was mugged for her phone and the buggers handed it back and sent her on her way. Almost sporting if it wasn't for the rather unpleasant intent in the first place.
Nothing magical, just (ab)use of UTF-8 text. This page http://stackoverflow.com/questions/2995340/how-does-u%CA%8Dop-%C7%9Dp%E1%B4%89sdn-text-work explains it in a bit more detail. The encoding of the above URL gives a hint as to how this works.
Edit: Looks like you found an automatic online tool to do it for you...
Start with a password and as long as the user chooses an appropriate password this is relatively secure. Automated checks and constraints can be put in on this to help and rate-limiting for unsuccessful password attempts is a trivial implementation task.
Now add "security questions" from a narrow predefined list implying answers that are usually easily guessable or readily available elsewhere. Security? Fuckwits. Essentially there is no security left now. And still we have these dumb "security" questions on all these so-called secure services.
Try using many apps when you've spent years as a UI (UX) specialist... it's hard to not apply work to usage.
Very similar to how after a few years of assessing lip-sync in video playback on custom hardware and encoding schemes has left me unable to cringe when I spot lip-sync issues in broadcast media. Gits.
Can't agree more - I'd love to be able to filter and search, intentionally excluding particular criteria or "required" permissions.
Pretty ridiculous when the vendor is the leading search engine, but even with that, excluding matching entries isn't always easy.
It's definitely not an insurmountable problem. When it comes to spotting overhead wires a human helicopter pilot, with good eyesight, is likely to have a lot of other things to be looking at instead such as instrumentation, distance, other craft and so on that spotting something thin and very close to their flight path isn't likely to be easy and human eyesight really isn't really suited for flight at even 50mph. However for a drone system a near space high resolution sensor of some form (optical, radar, etc) shouldn't have a problem spotting them and it then becomes a task of whether or not the drone is able to avoid them.
I wouldn't really consider that such drone delivery systems are useful for urban environments, but where there is a lot of unpopulated space with sparse settlements, a drone delivery system could be useful.
I would have had to google most of them on the list as similarly I had never heard of most of them.
Topically I had heard of Jennifer Lawrence but would never have been able to state what work she hard done, Kate Upton seems to be yet another model where her most notable assets are cleavage (so complaining about flesh shots seems to be pushing it a bit, but there are expectations of some privacy) and while Ariana Grande initially looked like yet another dead eyed model it turns out that she has starred in some kids program for a bit and, err, that seems to be it.
What they old saying about publicity? :) These "stars" and their websites are probably getting more attention than they ever have had before.
It does. However what the hell MS think they are doing by once again putting in vendor specific application (filetype) hacks into their remote file synchronisation service, who knows? However this is Microsoft and they have form for putting in place incredibly stupid and narrow hacks for their own applications rather than actually fixing anything or doing anything sensibly in the first place.
My guess is that it's most likely to do with ghastly hack workarounds on excel partial file locks that don't play nicely with the synchronisation code that went into W8 to underpin encrypted transmission of data to Microsoft's cloud servers. AFAIK Windows 8 has this feature built in at a lower level and Windows 7 doesn't - or at the very least, it is implemented at a non-cloud specific file system level on Win 7.
Lens tech can do that but it's far from simple. While the basic trapezoid mathematics are relatively easy to grasp the practicalities of projection onto a surface for reflective viewing at vastly different angles and maintaining similar brightness throughout start adding to the chore, and then you have to take into account multiple colours and even pixel shaping. Short throw projectors typically work better with very specific surface types therefore projecting onto your own wall with your own choice of paint tends to complicate things further.
Casa de los Tarantulas e Crocodylos
I think I've just found a name for my holiday home. Now to deal with the small matter of not owning a holiday home...
Sorry, but singling out "C" as the "biggest mistake in the history of computers" comes across as nothing more than fanatacism. Dumb, dangerous code can be written in all usable computer languages. Newer languages may have more built in range checks at the language level but these most definitely do not prevent stupid and there is no single programming paradigm that is more correct or more universal than others. "C", being a defined standard, was probably the best thing that happened to computers as it facilitated code and skill re-use rather than the previous situation of vendor and system specific languages and code. Copying code has its drawbacks of course, but it is generally considered better to re-use code than rely on individuals recreating the same things time and time again.
Most dumb code is produced either by poor quality or inexperienced developers (usually operating in a poor or non-existent review framework), developers who do not use how to use profiling and checking tools or chose not to use them, or developers working in a financially constrained environment where there is pressure to release code whatever the state in as short a time period as possible. On a lesser pool, the "I'm really clever I write minimalistic code" developers cause a lot of issues as well, but these are usually swamped by the quantity of code produced by others.
I've had to beat so many developers who turn off compiler warnings and hints because "there are so many"... FFS... they are there for a reason. Look at them, learn from them, fix them. There are (rare) occasions when compiler warnings and hints are genuinely false, but on these rare occasions such checks can be turned off and re-enabled and clearly documented as to why this is happening.
In the past I've also had the joyless task of having to to unpick "exceedingly clever" code that featured convoluted 40 operator logic statements and to instead separate them into useful code blocks that was both maintainable and allowed problems to be accurately logged with appropriate error handling rather than anonymous failures.
As previously noted here... Input validation: it's not optional. Validate for expected, unexpected and total nonsense values and handle them appropriately. Trust nothing, especially when it has an external origin and write code that propagates failure cleanly.
Wow, talk about a relatively simple external bit of kit (that needs to be exactly the right size and tension) drastically improving a child's quality of life!
You have missed the point of Pi.
It's an educational device, not a device that allows you to pirate movies and stream them around your home.
Aha! So that is why my encoding of bluray discs to MP4 was taking so long - I was using my Pi.
Military-ish tech research tends to pay off in the long term, and the long term is something the Chinese (government) tends to look at rather than four year cyclic self-destructive short term goals. It'a also important that the Chinese maintain enough military capability to ensure that they have an adequate military presence, but as noted about their main advantages are financial and production capabilities.
While this application has obvious potential for warhead delivery the spin offs are likely to benefit all manner of technology fields where fluids are involved - including pipes, gas/liquid delivery systems, more efficient boats and so on.
I love the entire concept of Cohen, being that his, and his silver horde's, most notable skill is staying alive. The description of the fight and aftermath between them and ninjas was a very memorable read.
... out of Ninjas, Pirates, Jedi, Robots, Vampires, Elves, Dwarves, Dragons, Toadstools, Godzilla, Zombies, Englishmen wielding branches at cars, Aliens, Predators, Robots and so on...
Nice article(s) - always interesting to learn about the backend and everything that goes into these services. Does explain some of the directions that VM are taking and how the industry is moving.
Now if they could just provide a tivo box that wasn't a piece of shite I'd greatly appreciate it... a user interface that feels carefully designed to be as unintuitive as possible that is randomly unresponsive or fast so double button presses followed by loading up of an idiotic amount of resources for a service that you didn't mean to enter. To cap it all, no effing RGB / Component video output. I don't watch (broadcast) TV very often at all and tivo is putting me off watching even the little amount that I do watch. I really don't know how I haven't ripped the thing out and thrown it out of a window yet. Some people love it of course, but not me or my family.
Completely agree. However the software industry has grown up with a licence that effectively reads "We, the company providing this software, generously, out of the bottom of our bank account, are lending you a copy of this software exclusively on our terms. It may not do what you want it to do, it may not do what we say it does, it may not work very well at all, in fact it probably doesn't work at all but this is your problem and not ours. Now pay up bitches.".
Ah, but did he pay peanuts? In which case a contract could have been said to have been established.
Nothing created by animals? That's humans out then
This is the US Copyright Office - of course they deny that humans are animals. Excluding religious influences, in their defence it may be that as many of the members of the US Copyright Office (and US Patent Office) tend more towards plant or mineral state this is a reasonable assumption to make.
So if an infinite number of monkeys did manage to type out a brand new Shakespeare play, Shakespeare would lose out on all the royalties? How fair is that?
That is perfectly fair, particularly if you are the agent representing said infinite number of monkeys. Any royalty fee divided by infinity would result in a payout of zero to each monkey with the remainder being retained by the agent naturally. Not sure how music publishers or royalty collection and distribution agencies equate their number of represented artists to infinity but it seems that some clever accountants have worked out how to do it.
I guess you don't play any games that use Google play games services then? All of them require it.
Quite possibly. Is there a way to tell if an application is using these permissions as part of the google play games services or not? No... therefore no install.
There are a lot of apps I don't install... :)
Nice. It looks an interesting enough game but as it requires Identity and Account use permissions it ain't getting installed.
Too right! The terrorists could use that in some double dastardly attack on neighbourhood recycling centres. One cannot be too careful. Please think of the children.
"I can only assume that you have never used Outlook / Lync / Unified Messaging - together with Office / Sharepoint / Yammer, etc?"
Outlook is an appalling, bug ridden product with some serious usability issues and total disregard for any established standards. I'd more than happily shoot, multiple times to be sure, the developers of Outlook's HTML renderer, quite apart from the intentionally broken IMAP support, or as noted elsewhere broken anything non-Exchange. However the worst thing Outlook... is that it is better than anything else equivalent. I may be wrong on this, but so far I haven't come across anything close and I've tried a lot of alternatives - only Thunderbird came close and the UI of that was designed by idiots.
Lync may appear to have a clean interface, but it's amazingly bug ridden, bloated beyond belief and just performing simple tasks is an exercise in frustration. Once it's finally started which tends to take a long time.... and yet somehow after all this it is better than Communicator, but that isn't because it's good, just that Communicator was so bad. However to be fair, IM clients don't have a good usability pedigree and bolting extra functionality on top of very poorly designed, or intentionally limited interfaces, is not always an easy task.
Sharepoint is the devil's work. For good (sanity) reasons, I avoid this bloated, unwieldy monstrosity whenever I can. The security scheme alone makes the hatchet job of normal windows file/print security look well designed. As for all the ridiculous bugs that relate to data that are still in place... arrrgggh. On the other hand, if you want a quick alternative to shared spreadsheets that are used to do little more than record data, it does quite a good job and while the document management feels entirely cumbersome and has been implemented in a ridiculously inefficient manner, it does sort of work.
“... applications or workloads that Microsoft IT considered high business impact, such as financial information, protected corporate information, or personal information, should be among the last to be migrated. This would allow Microsoft Azure to be effectively assessed and prepared to host this highly sensitive information.”
If Microsoft aren't in the position to trust their own cloud services with their own information this is a telling indicator that neither should anybody else. So every cloud sales-rat attempting to foist cloud services for such information and services has now been demonstrated to be lying through their shiny white-than-white teeth? Again. Maybe their previous careers in selling glazing or used cars didn't work out for some reason...
Eeek - I had forgotten many of those old battery types (on the wikipedia page). I remember playing with many of the larger everready snap on connector type batteries, but oddly can't remember what they were used for.
Read a website somewhere where they listed the most amusing, shocking or clever twists delivered in place of standard banners. Can't find it now, but there some real gems on there...
Agreed. I expect it brings out the (not so closet) geek in many of us. As much as we might enjoy whinging and bitching about VM and laughing about their failures, it's still impressive and eye-opening to see what they do achieve and how they do it.
The work has been made available to the public.
This is the sticking point - the official match footage is not by default made available to the public - it is paid for content.
The earlier point about using your own camera at a football match, that is not copyright violation. However it is often against the T's & C's that you implicitly agreed to with your purchase and use of the ticket.
Even with a common wireless interface, successfully updating all of them and verifying that the updates have all been applied to each of them isn't going to be a fun task. Having worked with mass update devices (admittedly the last production devices was a rather badly designed IR update process, the next gen were wireless or wired), there are always some devices that just fail to update and identifying and tracking down these devices makes for a tedious day.
While you are essentially correct in that these could have been modelled in software, and doubtless the initial basic programming was, it is only through creating the physical devices and letting them roam that all of the foibles, annoyances and damn stupid gotchas really come out. This real learning is then fed back into the software model which can be refined and then (typically) pushed out to the physical devices for the next tests. Upgrading the software on a few devices is usually annoying, 1k of them very much so.
I don't know why anyone even bothers selling devices with reflective screens in Aus. They ain't going to beat the sun.
By reflective I presume you mean shiny screens? These are brighter than matt screens - just the fact that a screen is matt blocks out some of the light.
Far better for daylight is to have a genuinely reflective display such as e-ink rather than a transmissive (light emitting) display such as the usual OLED / LED displays. However reflective displays are not so useful in the dark and colour accuracy depends entirely on the light source you are lighting it with. Now if somebody could create a display that could switch from transmissive to reflective as required...
Hell yeah. What short story is this from? Where the spectators* were given mirrored match day programs.
* I vaguely remember that the spectators were generally all police / military as well.
One of the great things about this thread is that here, on El Reg, various commentards, many long established, are (relatively) publicly revealing the pain they have been through with depression, either with themselves or somebody close to them.
If just one person reads these posts and takes positive action to turn their life around then that's an amazing, positive thing. Even more so on a sarcastic, often blunt, forum on an technical Internet news site.
Not sure where that line comes from, but here's an analysis of the phrase and a shameless plug for an organisation that can help: http://www.suicide.org/permanent-solution-to-a-temporary-problem.html.
"Sad news. When will we take mental health seriously?"
Where shall we begin? Help begins with family, friends and professional counsellors who are trained how to help people get out of their mental ruts / holes / whatever... the sufferer is the only one that can stop the depression but they often need the help of others and may often be unwilling to ask for help or even to accept the problem, particularly men. Except in rather rare cases, prescribing drugs for depression is not the way forward, however it is the way that far too many (substandard) GPs treat it. Along with antibiotics for colds.
The really sad part is the statement "Williams' publicist Mara Buxbaum said the actor had battled severe depression in recent months". Where was the help?
It's worse than just that, it's the way many people (mainly women) have open bags with such multi-hundred pound devices lying around on top, along with purse, keys, travel cards and anything else they may need at a moment's notice. For pickpockets (more "pick-bags"?) it's probably like shooting fish in a barrel, one quick brush past and a palm off to an accomplice (who also masks the act from sight of others) and they're done.
I was keeping with the terminology in use in other posts (which wasn't especially a good idea), but you are correct - there are many senders. There is only one active "master" allowed though.
The communication system sounds similar to CAN-BUS - a relatively sane system designed to operate in (signal) noisy environments, originally automotive but now a lot of industrial. Similarly you have only have one active "sender" on the network, devices are communicated with using a time-sliced / QoS communications scheme and much of the communications is uni-directional, including asynchronous, synchronous or watchdog communications. Devices (nodes) can be configured to communicate with each other automatically and nodes can be configured to only publish the very limited interfaces that you want or need to publish. Restricting such communications to very clearly defined, tight interfaces makes the things very hard to hack and this is true of any communications system between devices or systems.
(I spent a few years working with CAN-Open, which is effectively the same as CAN and very similar to many other industrial or signal-noisy control systems.)
To be fair, there are and have been a lot of genuine security concerns regarding OpenGL generally because of the programmability extensions and how these interact rather too directly with the hardware from the security point of view. 3D graphics programmability was never built with security in mind, doubtless because being a local task running on a local machine the system's security was in trouble anyway and adding security checks does slow things down a lot which is generally the exact opposite of 3D graphics programming aims.
Before we know it... Microsoft will release Internet Explorer for Android...
To add a few quick points that are almost always neglected regarding slavery, most important of which was that slavery was not a racial based process of the "evil white men" enslaving all the "poor black men".
Not to condone slavery at all, but so much seems to be commonly omitted. Not least, that there are more slaves in the world now than there ever have been at any other time in history.
Sorry but total fail to any IT professional recommending Chrome.
I know. They should be using Lynx instead.
Biting the hand that feeds IT © 1998–2017