|
Reading the Universe using the Cosmic Microwave Background. "Who put the ram in the rama lama ding dong?"
|
|
|
|
|
Collectors of the digital tchotchkes are clogging up the ethereum network, delaying transactions, and causing a pile-up of unprocessed transactions. More proof the internet is a feline conspiracy
|
|
|
|
|
Modernize a .NET App with Docker and Windows Server Containers, A Developer’s Guide to the New Hamburger Menu in Windows 10, Visual C++ Support for Stack-Based Buffer Protection, etc. Windows Containers, protecting your stack, AI, and (as always) so much more
Sorry, that Stephen Toub article on C# 7.2 coming in the "special issue" on Dec 15.
|
|
|
|
|
MSDN Magazine still exists?
Jeremy Falcon
|
|
|
|
|
Jeremy Falcon wrote: MSDN Magazine still exists?
Yesterday a coworker has a subscription (printed version) that he never reads and asked if I was interested in them. I said "sure!" Sigh. The ads were more interesting than the articles, but only for a few seconds. I miss the days of Byte magazine, when it was a 500 page tome filled with cool software tricks and cooler DIY hardware stuff. But times change, and for that I now look at the IoT online mags, where some of the hobbyist aura I so loved about this field when I was a kid is happily having a reincarnation. And they say you can't relive your childhood.
|
|
|
|
|
Marc Clifton wrote: where some of the hobbyist aura I so loved about this field when I was a kid is happily having a reincarnation Yeah man... paper is out. Apparently this digital stuff is catching on.
Marc Clifton wrote: And they say you can't relive your childhood. As they say, growing old is mandatory but growing up is optional.
Jeremy Falcon
|
|
|
|
|
BYTE was a great magazine, with the Circuit Cellar my favourite part. That part lives on in a magazine called Circuit Cellar Ink, although the original author Steve Ciarcia has since retired.
Ken
|
|
|
|
|
RTek23 wrote: That part lives on in a magazine called Circuit Cellar Ink
Forgot about that. Seems their site is down:
Error establishing a database connection
|
|
|
|
|
Visual Studio 2017 15.4 introduced the new Windows Application Packaging project to help you modernizing your application by using the new Windows 10 App Deployment Stack. Your users will be so happy you don't support their version of Windows any more
|
|
|
|
|
This update contains major performance improvements, new features, as well as fixes for bugs reported by you. I still think they need a longer version name
Maybe throw a build number or adjectivey South African animal or something into it?
|
|
|
|
|
Don't forget: 'Uranus' needs to be in any truly professional product!
|
|
|
|
|
Some Windows 7 and Windows Server 2008 users are reporting they can't check for updates using Windows Update and Microsoft Update. No word yet on a Microsoft fix. That's odd - it seems to be working for Windows 10. What are the odds?
|
|
|
|
|
The phenomenon may be more common than we think The brain is a weird thing, I think
|
|
|
|
|
I didn't hear thudding. I heard the twanging and snapping of the wires.
|
|
|
|
|
I heard Godzilla.
(Actually, I did experience a faint thudding [it was more like the compression sound the thud would make as though my ear drums were preparing for a loud sound], even when I told myself not too. Damn brain.)
|
|
|
|
|
|
I want you to think about just what a supremely bad idea it is to use a textual data access language. Such a language can pass through the user interface of a system and provide unauthorized access to all the data contained within. When in doubt, throw the baby out with the bath water
I can't imagine why he doesn't have comments enabled on that one.
|
|
|
|
|
Robert Martin wrote: supremely bad idea it is to use a textual data access language
As soon as I read that I thought, "SQL?"
Then I clicked the link and read that quote:
Robert Martin said: SQL is demon spawn, and no self-respecting software developer should ever use it.
It is crazy, but you could solve most of this by requiring all SQL to be run only via Stored Procs too.
Never let dynamic SQL be passed in. Ugh!!!
|
|
|
|
|
raddevus wrote: you could solve most of this by requiring all SQL to be run only via Stored Procs too.
Stored procedures aren't a magical defence against SQLi. If you're not using a properly parameterized query, they're just as vulnerable to SQLi as any other query.
And if you've spent any time in QA, you'll know that it's perfectly possible to write a stored procedure that contains its own SQLi vulnerability.
The only defence is to parameterize everything. And if you find yourself hitting one of the few things that can't be parameterized (table and column names, for example), and you can't find a way to avoid it, then use the system views to validate the crap out of the user input, preferably ditching the user input in favour of the values returns from the views.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
We never run raw SQL from our applications.....ever! And this is one of the reasons why. We execute stored procedures against the data. This is far more secure.
"There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult." - C.A.R. Hoare
Home | LinkedIn | Google+ | Twitter
|
|
|
|
|
Kent Sharkey wrote: I want you to think about just what a supremely bad idea it is to use a textual data access language.
You mean like JSON in client-side POST/GET commands?
|
|
|
|
|
So, you create an API and access the data... but there is no data since we chucked the database.
The far better solution is to have no data. This has the additional advantages of not having to write any code at all, nor having to design a UI. Heck, we can then get rid of project managers and executives will stop complaining about the annoying nerds, er, engineers. The amount of money saved is in the trillions world-wide.
|
|
|
|
|
In a recent survey conducted by Gartner, the organization found that the highest-ranked strategy for a successful DevOps approach was collaboration with information security. Step 0: don't
|
|
|
|
|
A Nobel Prize-winning economist says that Bitcoin should be outlawed. He states that the currency holds no real function and can easily be brought down by regulation. If you outlaw bitcoin, only outlaws will use bitcoin?
Yeah, I know - "Nobel prize-winning Economist" is just this side of, "some guy".
Also, gotta love that rouge currency. Rubles?
|
|
|
|
|
economist said: [bitcoin] can easily be brought down by regulation.
Well...what can't be?
|
|
|
|