Posts by Doctor Syntax

Re: Those damned reboots

Ah, yes, but remember that Linux still has to restart updated services so they'll be out of action for as long as a fraction of a second.

Re: SQL is the problem

"One that looked like code and did enforce them could end up fixing the injection risk in such an ugly way that nobody used it."

And would be more prone to bugs.

Re: more likely that "input sanitization techniques" was meant

My GP's online system appears to be applying string sanitisation to passwords. That worries me they're storing the passwords online in clear.

Re: SQL is the problem

A good programming language is one which allows the developer to express the requirement clearly and should be equally clear to read for anyone who has to maintain the code afterwards. For its given domain SQL does just that and it's a good deal less verbose than what I understand COBOL to be.

I'm not sure of your preferred programming language but whatever it is could you give an example of how you think it should be done to extract data joining, say four tables, with selection criteria spanning at least five columns in at least three of the tables. At least one of the criteria should be a range of values and at least one other should provide the equivalent of a SQL OR clause to filter on multiple values for that column.

Then explain how the resulting code meets the clarity of expression and reading criteria better than the equivalent SQL.

The problem in TFA is not SQL It's in constructing the SQL on the fly as opposed to parametrising a pre-written statement. About the only benefit of your "real" programming language is that parametrising would be unavoidable. The downside is that you'd have to produce a complex set of statements for each individual SQL statement you replace.

I'm trying to cast my mind back 40 years to the time before Informix adopted SQL and we had to use a C library instead. Fortunately time is shielding me from that.

Re: “parameterized queries with prepared statements” are “brittle”

You're excused. The paragraph you're looking at uses "These" and "they're" ambiguously because it's not specified to what they refer.. You parsed them, quite reasonably, as referring to "parameterized queries with prepared statements" in the previous paragraph.. It seems more likely that "input sanitization techniques" was meant. If you read it like that it's consistent with your getting yelled at.

Re: Northern Ireland's retained EU personal data protection rights

Still no mention of how the Bill will "handle" Northern Ireland's post-Brexit protections

We can work out the answer to that one easily enough: as badly as it has handled every other aspect of the Good Friday agreement because that assumed that NI and the rest of the UK and Ireland would all be in the EU. The only way they could have kept the process on the rails would have been for the Republic to leave the EU at the same time. I doubt they expected that to happen because I doubt they thought anything through to that extent.

Re: A gift?

AFAICS it had two objectives.

1. Get themselves elected

2. Escape from adult supervision once in power.

This is part of step 2.

After some thrashing about in the ball-pit they'll have gone and leave somebody else to tidy up what's left.

AFAICT the report mentions no changes in personnel management, yet it's the personnel management who orchestrated this disaster.

Re: "Too old to be safe, too expensive in time and money to replace"

Once a piece of software is built it should essentially work, as in keep doing the same thing (functional defects may mean this isn't the "right" thing), for all eternity. We need to rethink how we deliver applications.

Two things there. 1. It may have as yet undiscovered vulnerabilities built in. 2. What it does when delivered isn't necessarily what it will need to do in the future.

Development is the process of launching a software product into the maintenance cycle. Eventually most of the work that has been done on it may well have been done by maintainers. They need to be at least as good as the original developers.

Re: What's the odds

One bullet point from the PDF dealing with improvements for the future:

"a holistic, integrated security suite that covers the whole organisation, backed by managed security partners for improved incident response, detection, and remediation"

I read that as "Single point of failure exposed to supply chain attack."

Re: The 21/22 annual report is instructive

They were getting round to it.

From the incident review document: in late 2022 the increasing use of 3rd party providers in the network was glagged as a risk. A review of security provision relating to is was planned for 2024.

Re: Reason #854637

"because I didn't manage staff and that's how the wagers were calculated."

And that goes right through the thinking and also a long way back. Investigating crime and giving evidence that could clear or convict someone on charges that could result in life imprisonment but don't manage staff? you don't have the responsibilities needed for promotion. (At least not until you hand in your notice at which time it's magically offered without any of the usual procedures.)

Re: Reason #854637

IT contracting is most definitely *not* the pot of gold it used to be.

It was only considered such by those permies who, for one reason or another, didn't want to partake of the fabled pot.

Re: Reason #854637

The is Britain, and the only "valued and rewarded" jobs are crap like sales or financial services.

And the only valued and rewarded qualifications are in the Humanities.

Re: Whether they will look outside the company

"Ryanair ... already have their own QA inspectors embedded at Boeing factories."

QU inspection of aircraft is probably a chargeable extra on the ticket.

Re: This is why we ALWAYS test new procedures on a COPY of the production database

Not even it but because. We also COUNT the number of rows that will be affected. But is Oracle so slow that two month's worth of rows couldn't be SELECTed?

Re: "Those would be big no-nos under US law"

Over-powerful unions are not an improvement on over-powerful corporations (not on an over-powerful anything else, including politicians).

Re: "Those would be big no-nos under US law"

Didn't the union bosses manage to acquire some of that sparkle for themselves?

Re: Off topic

The thick "sticky brown" coating of nicotine

Did anyone not expect that to be the case in TFA when they read the article? Nice piece of redirection there, ed.

Re: Oh yeah !

On't work. You'll just get another board indistinguishable from the first. Oops, sorry, previous board. It can't be the first because we recently lost a board in that unfortunate accident at bonus time. In fact, with the BOFH about there must have been quite a few boards and accidents over the years.

Obviously ideas from the op are worth more than those at the coal face. Those at the top are paid more so their ideas are worth more. Stands to reason & all that.