How is the record number a credential? The record number refers to the item to be retrieved. Using the record number as a credential (sent with the request or not) is terrible design -- you're literally saying that the credential to retrieve the record is the same as the identifier of the record, which reduces to an unauthenticated GET request. This isn't even one-factor authentication, it's no-factor authentication.

By this logic, the developers of pleaserobme.com, which (before they decided they'd made their point and went to an informational site) mashed up Foursquare and Twitter data to determine when people had themselves voluntarily disclosed that they were out of their homes, should also be in prison. In other words, your analogy, along with AC's in reply to you, commit the logical fallacy of proving too much.

The GPL variants and the BSD licenses all contain a disclaimer of warranty (the part that reads "THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE" or similar), which addresses the county's concerns. By releasing code under a license with such a disclaimer, you are asserting that no one can sue you if the code breaks, even if your code breaking caused them some kind of loss.

Okay, fair enough - but the statement still holds. If the language you are trying to validate is context-free or stronger, do not use a regex to try to validate it.

No, no, no, no, NO. DO NOT use regular expressions to validate context-free languages. The only way to validate SQL using regular expressions is to use Perl-style regular expressions with backreferences, and those are actually pushdown automata. They're also next to impossible to read.

I'll toot my own horn and point out that context-free validation can be done sanely ... though it would be easier for everyone else if I actually had the time to keep up with releases. Dan's asked me to port that project to MySQL, which I'm actually working on right now along with cleaning up some of the dumber design decisions I made five years ago.

Ada, but it's unlikely you'll be using Ada unless you're working for DoD or something.

Strong typing across languages is the difficult part, particularly with string interpolation. Interpolique is aiming to preserve a form of strong typing (where there are two types, "safe" and "unsafe") across the inter-language boundary.

Yep, that would be me. It's been a long strange trip, but eventually I ended up in the CS department at the University of Iowa.

My Query By Example project uses a support vector machine (a type of machine learning algorithm) to learn classification rules based on the set of examples you specify. Those rules then get applied to the rest of the data points in whatever table you're looking at. So, yes, there's a lot of big nasty math -- at its core it's a quadratic programming problem. I didn't want to get into that in the interview because I figured nobody would get it. :P

How would it work for a site like OKCupid? Their matching algorithm is based on users' responses to multiple-choice questions -- assume each response has some numeric (enumerated) value. Throw all those values into a table, probably via a join, such that each row is a user and each field corresponds to a question. (Let NULL values correspond to questions a user hasn't answered.) You in front of your computer will be looking at people's profiles, but the system operates under the assumption that the person will answer questions in a manner consistent with their profile, so if you mark several people that you're interested in and several that you're not interested in, based on their profiles, the system can train a classifier based on their answers to questions and find people whose responses are similar.

I don't think OKCupid is using the same math I'm using, but their approach is probably pretty similar.