|
BYTE was a great magazine, with the Circuit Cellar my favourite part. That part lives on in a magazine called Circuit Cellar Ink, although the original author Steve Ciarcia has since retired.
Ken
|
|
|
|
|
RTek23 wrote: That part lives on in a magazine called Circuit Cellar Ink
Forgot about that. Seems their site is down:
Error establishing a database connection
|
|
|
|
|
Visual Studio 2017 15.4 introduced the new Windows Application Packaging project to help you modernizing your application by using the new Windows 10 App Deployment Stack. Your users will be so happy you don't support their version of Windows any more
|
|
|
|
|
This update contains major performance improvements, new features, as well as fixes for bugs reported by you. I still think they need a longer version name
Maybe throw a build number or adjectivey South African animal or something into it?
|
|
|
|
|
Don't forget: 'Uranus' needs to be in any truly professional product!
|
|
|
|
|
Some Windows 7 and Windows Server 2008 users are reporting they can't check for updates using Windows Update and Microsoft Update. No word yet on a Microsoft fix. That's odd - it seems to be working for Windows 10. What are the odds?
|
|
|
|
|
The phenomenon may be more common than we think The brain is a weird thing, I think
|
|
|
|
|
I didn't hear thudding. I heard the twanging and snapping of the wires.
|
|
|
|
|
I heard Godzilla.
(Actually, I did experience a faint thudding [it was more like the compression sound the thud would make as though my ear drums were preparing for a loud sound], even when I told myself not too. Damn brain.)
|
|
|
|
|
|
I want you to think about just what a supremely bad idea it is to use a textual data access language. Such a language can pass through the user interface of a system and provide unauthorized access to all the data contained within. When in doubt, throw the baby out with the bath water
I can't imagine why he doesn't have comments enabled on that one.
|
|
|
|
|
Robert Martin wrote: supremely bad idea it is to use a textual data access language
As soon as I read that I thought, "SQL?"
Then I clicked the link and read that quote:
Robert Martin said: SQL is demon spawn, and no self-respecting software developer should ever use it.
It is crazy, but you could solve most of this by requiring all SQL to be run only via Stored Procs too.
Never let dynamic SQL be passed in. Ugh!!!
|
|
|
|
|
raddevus wrote: you could solve most of this by requiring all SQL to be run only via Stored Procs too.
Stored procedures aren't a magical defence against SQLi. If you're not using a properly parameterized query, they're just as vulnerable to SQLi as any other query.
And if you've spent any time in QA, you'll know that it's perfectly possible to write a stored procedure that contains its own SQLi vulnerability.
The only defence is to parameterize everything. And if you find yourself hitting one of the few things that can't be parameterized (table and column names, for example), and you can't find a way to avoid it, then use the system views to validate the crap out of the user input, preferably ditching the user input in favour of the values returns from the views.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
We never run raw SQL from our applications.....ever! And this is one of the reasons why. We execute stored procedures against the data. This is far more secure.
"There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult." - C.A.R. Hoare
Home | LinkedIn | Google+ | Twitter
|
|
|
|
|
Kent Sharkey wrote: I want you to think about just what a supremely bad idea it is to use a textual data access language.
You mean like JSON in client-side POST/GET commands?
|
|
|
|
|
So, you create an API and access the data... but there is no data since we chucked the database.
The far better solution is to have no data. This has the additional advantages of not having to write any code at all, nor having to design a UI. Heck, we can then get rid of project managers and executives will stop complaining about the annoying nerds, er, engineers. The amount of money saved is in the trillions world-wide.
|
|
|
|
|
In a recent survey conducted by Gartner, the organization found that the highest-ranked strategy for a successful DevOps approach was collaboration with information security. Step 0: don't
|
|
|
|
|
A Nobel Prize-winning economist says that Bitcoin should be outlawed. He states that the currency holds no real function and can easily be brought down by regulation. If you outlaw bitcoin, only outlaws will use bitcoin?
Yeah, I know - "Nobel prize-winning Economist" is just this side of, "some guy".
Also, gotta love that rouge currency. Rubles?
|
|
|
|
|
economist said: [bitcoin] can easily be brought down by regulation.
Well...what can't be?
|
|
|
|
|
Gold
Peter Wasser
"The whole problem with the world is that fools and fanatics are always so certain of themselves, and wiser people so full of doubts." - Bertrand Russell
|
|
|
|
|
Don't worry, it will crash on its own. (When is the million bitcoin question.)
|
|
|
|
|
Really? Gold has value because it's shiny and used in jewelry?
Please tell me how a piece of paper has value because... It's a tree?
Not really a satisfying answer either!
|
|
|
|
|
In May 2017, researchers at Google Brain announced the creation of AutoML, an artificial intelligence (AI) that's capable of generating its own AIs. "Skynet begins to learn at a geometric rate."
You know I had to use something like that.
|
|
|
|
|
A lot has changed in a quarter century. OMG - in case you needed to feel old
|
|
|
|
|
Lenovo also said that it wasn't aware of any third parties exploiting the app to gain access. They were shocked beyond belief when they found out.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|