Forgot your password?
typodupeerror

Comment: Re:I call BS... (Score 1) 186

by ArwynH (#38926979) Attached to: Canada's Internet Among Best, Report Says

Things are pretty bad in Ontario, and Bell and Rogers are completely to blame. But get outside Ontario, and things are significantly better in many places.

Here in Victoria, BC, I'm running 100/30Mb through Shaw for fairly reasonable rates (on its own it's about $85/mo, but as we're on a bundle with digital HDTV service we pay less than that -- unfortunately, they don't break it out for the sake of comparison...

I think the fact that you consider $85/month for 100/30 a reasonable rate goes to show how big a piece of BS that report is. Here's a counter example: I pay ~$10/month for 100/100, no caps.

To be honest that is actually below average, fiber goes for ~$30 before discounts are added here in Tokyo. And while I have no personal experience outside of the city limits, my in-laws, who live on the outskirts of a town of ~20k far removed from the industrial centers, recently installed fiber because "it's only a little extra on the phone bill and came with a free tablet".

Comment: Re:Wrong Question (Score 2) 583

by ArwynH (#38875125) Attached to: When it comes to U.S. colonies on the moon ...

You did not answer your own question. You answered whether you though it was "likely", not whether you though it was "feasible".

While, unfortunately, I cannot disagree with you on the likelihood of there being such an attempt, I do believe that establishing a permanent moon base within a decade is both feasible and a good course of action.

The arguments I'd give for it are the same that were given for putting a man on moon. While we may no longer have the soviets to worry about, the rest of the arguments given are just as valid today as they were back then.

http://www.jfklibrary.org/Research/Ready-Reference/JFK-Speeches/Address-at-Rice-University-on-the-Nations-Space-Effort-September-12-1962.aspx

Comment: Misleading article & summary (Score 1) 45

by ArwynH (#36057046) Attached to: OpenID Warns of Serious Remote Bug, Urges Upgrade
I just RTFA and it is just as confusing as the summary. I wish blog authors would at least try and understand the subject before writing about it.. OpenID is a specification. As far as I can tell the specification is safe, so implementations that follow the specification correctly are safe. However it seems that there are a few implementations that skip an important part of the process, namely input verification. Basically saying OpenID is broken because of this is like saying SQL is broken because some sites are vulnerable to SQL injection attacks.

Comment: Re:Wait what...Oracle isn't being evil...? (Score 3, Informative) 337

by ArwynH (#33389248) Attached to: Glibc Is Finally Free Software

RTFA. The code was used within the permissions granted, so there was no copyright infringement. The problem was that the license, while permissive for 1984 was not up to modern FSF standards and was not GPL compatible (falling foul of the "no other restrictions" clause).

There was no financial or legal reason for Oracle not to release the code and bad PR if the didn't. It is nice that they did release it of course, because, as I understand it, rewriting it would of been a nightmare.

Comment: Re:Eventually they will be in dictionaries. (Score 1) 563

by ArwynH (#32972958) Attached to: Passwords That Are Simple — and Safe(?)

Just use an easily remembered phrase to generate the password.

"To Be or not to Be, that is the question" -> "2Bon2B,titq"

Quite simple. After typing it in a few dozen times, your fingers find the keys without having to think about it.

You are right of course, that dictionary attacks and rainbow tables aren't much use against a decent configuration, but once a site has been broken into and the password store obtained, then they are still quite effective.

Comment: Re:TFA is wrong (Score 2, Informative) 568

by ArwynH (#32150810) Attached to: UK Election Arcana, Explained By Software

That is not the only place the TFA is wrong. Here are just a few of the other places that were incorrect:

1) Labour are not socialists.
2) There is nothing indefinite about it. The Queen makes a speech at the end of May, which is then voted on in parliament. If the vote fails, it's game-over for the proposed government.
3) You don't need a majority to form a government, you just need to survive votes of no-confidence.

In other words, the most likely outcome is a Lib-Lab minority government, with the Greens, SDLP, Alliance, SNP & PC supporting them on votes of no confidence and on a per-issue basis. BTW said 'minority' government will have over 50% of the popular vote.

Comment: Re:Non-American Tax Days? (Score 1) 432

by ArwynH (#31880134) Attached to: I mailed / filed my tax return form ...
Japan here. I pay around 17.5%, but it comes out of my salary, so no forms. That sum includes local tax, federal tax, pension and health insurance (OMG we are socialists! O_O). Overall I think it is worth it. My wife and son's Insurance is covered, I get ~$400 per month towards nursery. The only thing I don't like is that 50% of what I pay is towards a pension that I will not get. I'd much prefer that sum to be paid as local tax, so more community services could be funded.

Comment: Re:PHP security object (Score 2, Insightful) 267

by ArwynH (#31283982) Attached to: Anatomy of a SQL Injection Attack

Quick answer: A lot.

Long answer:

You are mistaking escaping with sanitising. These are two very different things.

Sanitising should occur as soon as possible, before the values are used. It involves validating and optionally filtering _each_ field, so that you know the data you are getting is exactly what you are expecting it to be. This is a lot of work, which is why a lot of people skip it, hence the large number of vulnerabilities in the wild. I suggest looking into libraries like Zend_Form to help with this.

Escaping on the other hand, is done just before the variable is used. This is because different output formats have different escape sequences. E.G for SQL you would use named variables and let the engine handle the escaping for you, but for HTML you would use something like htmlspecialchars().

Both sanitising and escaping are required for a secure application.

Comment: Re:Hmmm (Score 4, Informative) 99

by ArwynH (#31218572) Attached to: Is OLED TV Technology In Jeopardy?

It was state of the art when it was announced, but the state of the art is always on the move. The reason XEV got pulled is that Sony has decided to spend it's money on RnD instead of fighting over razor thin margins in OLED production. Smart move considering the market conditions.

Make no mistake however, SONY is not surrendering the market, just making a tactical withdrawal. They will be back in a few years time with some new state of the art technology.

Comment: Re:Charge a monster price (Score 3, Interesting) 245

by ArwynH (#30795728) Attached to: Providing a Closed Source License Upon Request?

You phrased it as a joke, but that is exactly what the poster should do.

Take the BSD 3-clause license and change the name to something like " developer license", then agree to license your code under said license for $x, where x is a reasonable amount. Basically they are paying for your written acknowledgement that the code is yours to give away and that if there are any copyright problems they know who to blame.

This place just isn't big enough for all of us. We've got to find a way off this planet.

Working...