Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment: Works in MySQL and MS SQL (Score 1) 169

> Apart from the fact that you're mixing UPDATE syntax with INSERT syntax

Works in MySQL and MS SQL, ymmv for any other RDMS.

In regards to both escape_string() and htmlspecialchars(), two words: character sets.

They are not fundamentally any better than addslashes(). They just have a bit more duct tape.

Comment: Definition: Secure systems keep working, no matter (Score 1) 169

One way to increase that "expected gain" is to take a slightly wider view of what security is. Security is more than just locks and passwords - it includes defense against denial of service attacks, for example. A useful definition of system security is:

A secure system is one that continues to work properly, even in the face of attack.

An example is one of the most common security issues, SQL injection. My work place had a typical example:
INSERT INTO users SET fname='$fname', lname='$lname';

From a traditional security perspective, we worry about an attacker entering a "name" that includes quotes marks and such. However, the same issue also meant that things broke nicely when Tom O'Reilly tried to register, using his real name.

Fixing that issue meant that attackers couldn't mess up the system - and the "random" errors in the system stopped.

As another example, we provide a service called Clonebox. With Clonebox, if a customer's web server is hacked or otherwise damaged, we can switch it over to a ~read-only mirror. Sure that protects against hackers, and some customers have been hacked and used the protection. More often, customers simply screw up and delete important files or databases. Either way, they are protected - our customers' web sites keep working, even when they screw up, even when hardware fails, and even when they are hacked.

So the pitch, and the cost/benefit calculation is this:
How much is it worth to have systems that just keep working, that don't screw up, that handle any input gracefully?

It can be good to ask that question right around the time some executives are cursing the current system.

Comment: CAN A DA (Score 1) 489

by raymorris (#48636407) Attached to: Skeptics Would Like Media To Stop Calling Science Deniers 'Skeptics'

He said that they'll have to migrate further and further north each year, so that those in the bay area in 1997 would have to be all the way in CANADA within 100 years. So roughly 20 miles per year, or 340 miles in 17 years since he made rhat statement. Has anyone or anything moved an inch, much less 340 miles?

Your next step is to say he's a fringe kook, not representative of what people have been saying. Well, he's a tenured professor of climate science at Berkeley, a position as well respected (by the left) as a constitutional law professor / community organizer.

Comment: Same as earth, for intelligent life (Score 4, Funny) 261

For intelligent forms, that seems to be the case here on earth.

There are about 1.5 billion smartphones on the planet. If you ask a smartphone "who is the vice president of the united states", approximately all of them will say (speak) "Joe Biden is the vice president".

Based on surveys I've seen, only a couple million people reach the same level of intelligence, knowing who the vice president is. Therefore, silicon can be considered to be the most common form of intelligence on earth.

Even more so on the coasts of the US, of course, as humans are becoming more silicone, leaving all intelligence to the silicon.

Comment: Thanks, next stop - single particles don't interfe (Score 1) 144

by raymorris (#48635683) Attached to: Quantum Physics Just Got Less Complicated

Thanks for taking the time to type that out. It gave me a starting point to learn more, and I learned that if you release particles one a time, each particle makes one mark, one dot. One particle doesn't interfere with itself, and can't because the interference pattern is seen in the density of collisions over an area.

As many of these single dots build up, they tend to cluster around an interference pattern - as if some particles went through one slit, and some particles went through the other slit. Well yeah, if I turn on the light in my living room, some photons go out through one window, some photons go through the other. Each goes through one or the other.

So I do very much appreciate it, yet I'm as yet unsure where to go to "get it", to have the ahah moment of "this is what it's all about!"

> you'd expect is to get a pattern that's the SUM of the pattern you get through each slit. ... But instead what you get is an INTERFERENCE pattern

I thought the definition of the word "interference pattern" is "the SUM of two waves". So you'd expect a sum, and you get a sum, which is called an interference pattern.

Again, thanks.

Comment: California Energy Commission still saying it (Score 1) 489

by raymorris (#48635489) Attached to: Skeptics Would Like Media To Stop Calling Science Deniers 'Skeptics'

Here's the California Energy Commission STILL saying it. SInce 2010 has passed, as of 2012 they pushed the "underwater by" date to 2050:

Here's an "underwater San Francisco" map that GW alarmists were circulating in 1997:

Asked about the effect on California, professor of climatology at the University of California at Berkeley Orman Granger said in 1997:

      "Climatologic records over the last 10,000 years show that species move north (in the Northern hemisphere) roughly 500km for every degree C temperature increase ... in order to survive they have 100 years to move to Canada".

Comment: more simplifications and fewer cats, please (Score -1, Troll) 144

by raymorris (#48635019) Attached to: Quantum Physics Just Got Less Complicated

With a few more simplifications maybe I can "get it". So far, much of quantum physics sounds like goobly-gook to me, and I had no trouble with relativity in 6th grade. I had to learn a little calculus to read Einstein, bit that wasn't a big deal.

If you understand quantum physics, or think you do, explain this. There is a cat, in a box. You can't see the cat. Is the cat alive or dead?

  Wrong, asshole. YOU can't see the cat, but I can see the cat shitting in his litter box right now. I can assure you he's very much alive. So SchrÃdinger was full of shit.

Unless by "both alive and dead " what you actually mean is "the cat is either alive or dead, I just don't happen to know which", in which case - no shit, Sherlock. You don't know everything. Is that supposed to be a revolutionary new discovery?

Comment: I deny that San Francisco underwater by 2010 (Score 3, Insightful) 489

by raymorris (#48634095) Attached to: Skeptics Would Like Media To Stop Calling Science Deniers 'Skeptics'

I suppose I'm a global warming denier, by the common standard here on Slashdot. The global warming alarmists and pitchmen said "San Francisco will be underwater by 2010". Unfortunately, it's still there.

That's one of two big problems for the global warming camp. Well-known leaders of that movement have publicly admitted to organized, widespread lying and intentional exaggeration in order to "spur the public to action". I deny that they've been telling the truth, and they agree! Has the "science" gotten any better? Well, we know that a typical volcano releases a couple tons of CO2 each day. A few months ago, there was an "OMG Global Warming!" story here on Slashdot that reported atmospheric CO2 levels rising more than expected - based on measuring CO2 on a friggin a volcano! Which is kind of like reporting global average humidity based on moisture measurements taken below Niagra Falls.

There IS some good science supporting global warming, but the alarmist stuff makes better headlines, so 90% of the "science" reported is complete junk, obviously so. I reject all claims based on this utter junk pseudo-science.

The second problem is more recent. Every president has their slush fund, a federal program or two which they use to send tax money to their donors, who send some back as campaign donations. It just so happens that THIS president's slush funds are included in the $100 billion we're spending on "green". For example, the tax payers loaned over a half a billion dollars to Fisker to develop their electric car. Fisker turned right around and handed millions of it to Obama and other Democrats. There's nothing new about that, of course, other than the exchange of greenbacks is normally labeled "green energy" right now. That makes anything labeled "green energy" or "save the planet" inherently suspicious, just like Haliburton contracts were suspicious when Cheney was in the White House. We know that any proposal to spend "half a billion for green energy" means $10 million for the DNC, $10 million for Hillary's campaign, $10 million split between a few congress-critters, $50 million for their CEO friend's golden parachute, and $420 million to who-knows-where. Again, not new - Haliburton was the same. "Green" is the new "Haliburton".

Comment: If the wacko conspiracy theorists hadn't been so r (Score 0) 489

by raymorris (#48633737) Attached to: Skeptics Would Like Media To Stop Calling Science Deniers 'Skeptics'

Two years ago, the intelligent, thinking people realized that the most powerful person in the US government, the president, can't even get a blow job without the whole country hearing about it. When the government a couple of guns for a hostage or two and everybody finds out about it - the US government just completely sucks at keeping secrets.

Therefore, when people claimed that there was a massive conspiracy involving thousands of people throughout the NSA, FBI, and other agencies, covering up wholesale spying on the entire US population, they were obviously nut jobs. That was a ridiculous idea.

Then Snowden. The nut jobs were _right_. After Snowden, I'm much less dismissive of nut jobs of all types. They just might be right.

Comment: yes, it took about 48 hours (Score 2) 114

by raymorris (#48629089) Attached to: Grinch Vulnerability Could Put a Hole In Your Linux Stocking

Yes, in the first hours there were various workarounds and fixes suggested, and people came up with ways to get around those first workarounds. About 48 hours after the release, consensus congealed around using Red Hat's fix.

There is a very limited set of cases where it could be a compatibility issue if you had custom scripts relying on the old behavior, but that was judged to be fairly insignificant.

Comment: yeah. 18,000? One pipe bomb is enough (Score 3, Insightful) 554

by raymorris (#48626399) Attached to: Reaction To the Sony Hack Is 'Beyond the Realm of Stupid'

That's just silly to act like someone would need to attack 18,000 theatres simultaneously for it to be bad. ONE pipe bomb in ONE theater would be a problem. The capability to do so? I made pyrotechnic devices in 6th grade. I knew, in 6th grade, that if I used a metal pipe as the casing instead of a cardboard tube I'd have a bomb. This guy is pretending bad guys don't or can't do what many of us could do in elementary school.

If I see this guy at a cybersecurity conference I may have to call him out on his BS.

Comment: fugitives would go back to prison (Score 4, Insightful) 87

by raymorris (#48626221) Attached to: Did Alcatraz Escapees Survive? Computer Program Says They Might Have

> Why didn't we ever hear anything from them after the escape?

Because they'd be sent back to prison if they revealed themselves. They had also embarrassed the warden of the "escape proof" Alcatraz in a very public way. Their first week back likely would have been rather unpleasant.

It was kinda like stuffing the wrong card in a computer, when you're stickin' those artificial stimulants in your arm. -- Dion, noted computer scientist