Forgot your password?

Comment: Re:Heh (Score 1) 54

by dotancohen (#48204359) Attached to: Drupal Fixes Highly Critical SQL Injection Flaw

If this were a map, say in Python, then the programmer would have to supply the value $i (or in Python, just i) with an ++$i (or in Python i+=1). This can be done in PHP too, so there is no disadvantage to what PHP supports. The problem here is that the programmer is putting dynamic code in the SQL query without sanitizing it first. So what if it is supposed to be variables that are not supposed to be affected by the user? The first rule of preventing SQL injection is to use ZERO outside string variables, even those ostensibly created by your own code. If the data _or metadata_ (i.e. array keys) came in through a function argument, then it is NOT CLEAN.

Of course, the "natural way" to write code is often riddled with buffer overflows, SQL injection, and other naive security issues. This is why you hire a programmer with experience, just as with any other profession. There is no end to the problems with PHP, but this particular bug is not one of them.

Comment: Re:Who cares about performance? (Score 1) 104

by dotancohen (#48195645) Attached to: Which Android Devices Sacrifice Battery-Life For Performance?

Besides gamers, who cares if it takes a few more milliseconds to launch a web browser or process an image?

My Note 3 cat get _three days_ out of a single charge because I don't leave the internet connected and I don't have faceschmuk / viber / fartsapp pinging home every N seconds. I charge it every night anyway.

Don't make me wait to open the camera, give me the best performance and don't spare the battery just because _other users_ can't disconnect from the internet ever.

Comment: Re:Headline Is Missing The Word "Highly" (Score 1) 89

by dotancohen (#48175181) Attached to: How Curved Spacetime Can Be Created In a Quantum Optics Lab

A distinction that makes no difference. It's also always locally curved, for other definitions of "locally".

How should I mod this? It deserves a downvote, but it is not overrated (rated 0), not flamebait, nor a troll. It's not even redundant.

It's just plain wrong.

Comment: Re:HTTPS is not flawed (Score 1) 185

by dotancohen (#48017409) Attached to: Security Collapse In the HTTPS Market

Thanks. I did untrust the obvious ones, such as the Turkish and Chinese certs, however the list is long and I'd like to tighten the security a bit. Is there any way to see which certs I've actually _used_ so that I could start making informed decisions? Take for example "Trustis Limited". On what basis would I decide to keep or leave it.

I don't mean to be a pain, but you seem to be the only person who understands this subject. Even googling the subject does not return many useful links. Thanks.

I am the wandering glitch -- catch me if you can.