• (cs) in reply to Mickey D
    Mickey D:
    geoffrey:
    C-Octothorpe:
    Back in *reality*, the weak points are usually caused by human error (lack of training, knowledge, poor implementation, etc.), and not because MS Sql Server failed in some way or because SHA256 was broken. No, it was because fucking moron developers who like do things like concat SQL strings with user input, don't encode output, don't sanitize input, etc., etc., because they don't know how or even that they *should*.

    And why is that? It's because all devs have to do to survive these days is glue a website to SQL Server, even if they have no idea how it all works.

    If their job entailed tasks such as coding a DBS in two weeks, well that would soon sort the wheat from the chaff. If there were no jobs for morons there would be no morons in jobs.

    Sorry, but you're argument is simply a grossly misinformed red-herring. Fortunately, if I ever have to work with you or interview you, I would be able to spot you from a mile away...

    I don't do interviews, but hey, swings and roundabouts.

    This I agree with to some degree. Without promoting C too much, I recently had to work with someone who grew up on Java (and knew it well), but because they didn't really understand what the memory was doing under the hood they had little issue with spawning objects unnecessarily (which had the double whammy of increasing memory usage and increasing work done by the Garbage Collector). Although I have no objection to the likes of Java and C# (and many others) I think developers still have to understand not just the language, but what the system is actually doing.

    I think this is where geoffery is coming from. Good developers believe they can do anything. They might not need to, but they believe themselves capable of it. Bad developers want to use only the technologies they know (although they may be quite good at them). Using Oracle (for example) just because we all know how to use it isn't the right approach. Building a new DBMS for the hell of it, isn't necessarily the right appraoch either, but as someone has pointed out, the weakest link is usually the (local) developer. The simpler a system is to use, then the lower quality the developer that will appear adequate in it, and the higher the risk of hiring a turkey who doesn't really know what he's doing - and will end up stuffing things up irrespective of the technology you choose to use.

    Creating systems for idiots merely encourages idiots. It won't be long before systems are so 'clever' that there will be no-one who actually understands what is going on to properly fix things when the shit hits the fan....

    So don't employ idiots. Du-uh.

  • visualbasucks (unregistered)

    Rot26 is sadly missing. 'Or =' not?

  • (cs) in reply to Mickey D
    Mickey D:
    Using Oracle (for example) just because we all know how to use it isn't the right approach. Building a new DBMS for the hell of it, isn't necessarily the right appraoch either...
    Yes, the correct approach is to determine which solution best meets the needs of the project and go with that. Rarely are massive-data-storage needs not fully met by an existing product.

    And I agree it's optimal for people to learn how things work under the hood (how else will you know which products meet your needs?). But honestly, I don't have time to wait for my co-workers to dick around self-teaching things they should have already learned in school (or any time prior to getting hired for this job).

  • trtrwtf (unregistered) in reply to boog
    boog:
    Mickey D:
    Using Oracle (for example) just because we all know how to use it isn't the right approach. Building a new DBMS for the hell of it, isn't necessarily the right appraoch either...
    Yes, the correct approach is to determine which solution best meets the needs of the project and go with that. Rarely are massive-data-storage needs not fully met by an existing product.

    And I agree it's optimal for people to learn how things work under the hood (how else will you know which products meet your needs?). But honestly, I don't have time to wait for my co-workers to dick around self-teaching things they should have already learned in school (or any time prior to getting hired for this job).

    Anyone worth hiring is going to continue to do a lot of self-teaching. I'm happy to see some of that happen on the job - as long as it doesn't interfere too much with getting the damned work done.

    (If you're learning your primary language on the job, I'd be a little bovvered. )

  • (cs)

    Is this the Bitcoin algorithm finally revealed?

  • Stunning Cute (unregistered) in reply to Mickey D
    Mickey D:
    This I agree with to some degree. Without promoting C too much, I recently had to work with someone who grew up on Java (and knew it well), but because they didn't really understand what the memory was doing under the hood they had little issue with spawning objects unnecessarily (which had the double whammy of increasing memory usage and increasing work done by the Garbage Collector).

    Bad developers want to use only the technologies they know (although they may be quite good at them). Using Oracle (for example) just because we all know how to use it isn't the right approach.

    Using Java just because we all know how to use it isn't the right approach. Your app is slow because you using Java, and not because of object allocation.

    Also, I think they fixed things in C# - its GC optimized for quick allocation of small objects

  • Arvind (unregistered)

    The real WTF is you, sir, Mr. Matthew R. You apparently lack the communication skills expected of a team lead. I can imagine very well you must have explained the need for encryption with arrogance, trying to prove them that "I am the lead, and what I say is right".

    If you really had any leadership skills, you would have been able to convince them to do it willingly, and not begrudgingly. Another FAIL for you is you did not notice the obvious sarcasm in the 'bullet proof' remark.

    A team lead needs to be not only technically competent, but needs to have good interpersonal skills too.

  • (cs) in reply to Stunning Cute
    Stunning Cute:
    Your app is slow because you using Java, and not because of object allocation.
    There are exactly three ways in which Java is slow.
    1. It's slow to start up.
    2. It's a huge memory hog (which causes problems with both paging and caches).
    3. It's GUI is famously problematic.

    It's also easy to write code that performs badly, but that's true for other languages too. I've never seen any language where it was impossible to write bad code (except for languages where it was practically impossible to write any code, and those were largely just jokes that got out of hand).

  • Tamy (unregistered) in reply to Rodnas

    Actually, that's what kevlar vests are made of. Cotton.

  • (cs) in reply to Zylon
    Zylon:
    The Great Lobachevsky:
    PS: My very non-technical mom has asked me on several occasions what the word "algorithm" means. I keep trying to give her definitions on her level but it isn't working very well... I'm tempted to pull out a cookbook and point to a recipe and tell her it is an algorithm for pot roast. :)
    Recipes aren't algorithms.
    You couldn't be wronger!

    Recipes are algorithms!

    And Akismet deserves to die!

  • (cs) in reply to Nagesh
    Nagesh:
    A Brahman, a Sikh, and a Muslem walk into a bar. The bartender say: "What is this? Some sort of joking?"
    QFH XD
  • (cs)

    Meanwhile, the user is logging in with a password of '123456'.

  • (cs) in reply to Watson
    Watson:
    Meanwhile, the user is logging in with a password of '123456'.

    Hey! That's the same combination I use on my luggage!

  • Dildo Jones (unregistered) in reply to wernercd

    This:

    SELECT * FROM USERS WHERE name = 'robert'; drop table users; --'

    In php wouldnt work. One cannot perform ,multiple queries using the default mysql query functions which is what all lesser gods are using.

    However, using 'union all select' might work if the name parameter wasn't properly escaped which is how most lesser god applications trip over and die.

  • (cs) in reply to ObiWayneKenobi
    ObiWayneKenobi:
    Watson:
    Meanwhile, the user is logging in with a password of '123456'.

    Hey! That's the same combination I use on my luggage!

    My cycle lock is simpel. I use only 1234. :) 2 less digits.

  • (cs) in reply to ObiWayneKenobi
    ObiWayneKenobi:
    Watson:
    Meanwhile, the user is logging in with a password of '123456'.

    Hey! That's the same combination I use on my luggage!

    Yes I know. Wow, is that really your wife? Ewwwww ...

  • (cs) in reply to trtrwtf
    trtrwtf:
    boog:
    Mickey D:
    Using Oracle (for example) just because we all know how to use it isn't the right approach. Building a new DBMS for the hell of it, isn't necessarily the right appraoch either...
    Yes, the correct approach is to determine which solution best meets the needs of the project and go with that. Rarely are massive-data-storage needs not fully met by an existing product.

    And I agree it's optimal for people to learn how things work under the hood (how else will you know which products meet your needs?). But honestly, I don't have time to wait for my co-workers to dick around self-teaching things they should have already learned in school (or any time prior to getting hired for this job).

    Anyone worth hiring is going to continue to do a lot of self-teaching. I'm happy to see some of that happen on the job - as long as it doesn't interfere too much with getting the damned work done.

    (If you're learning your primary language on the job, I'd be a little bovvered. )

    I should be clear: I wasn't hating on self-teaching. I was hating on having-to-wait-for-people-who-should-have-already-learned-this-shit-before-starting-on-the-project-to-get-up-to-speed. That counts as "interfering too much with getting the damned work done" in my book.

  • Statute of limitations (unregistered) in reply to Rupee
    Rupee:
    David:
    Steve The Cynic:
    So the idiot colleague thinks that an encrypted hashed hashed hashed encrypted password is more secure than one that is merely hashed. Wonderful.
    I've heard people say this before. Can someone explain why this isn't more secure? I'm not arguing that it actually is. Security is not really my field, so I'd just like someone to give me the "For Dummies" overview of why this doesn't help.

    My thought process (and clearly the guy who wrote it like this) would be that you'd have to brute force it multiple times AND know the exact order that the encryptions were applied.

    I can't be the only one in the dark, so someone help the rest of us learn something new today.

    Performing multiple hashes can make it harder to brute force a password - because it adds a few milliseconds to your authentication process, but could add years to a brute force attack. Checkout Key Stretching. Checkout bcrypt as it has a built in mechanism to avoid the need for key stretching.

    It's interesting because Moore's Law about computer speed doubling every so often means that an algorithm that is secure today may be brute forced in 10 years time when computers are faster.

    Using different algorithms adds some strength in that if a vulnerability is discovered in one, it won't leave you open to attack.

    Having a special hashing order like in this example gives you some security through obscurity - but you can't rely on that.

    My PHP ain't great, but it looks like this guy has gone a little over the top. I reckon I'd "WTF" if I came across that - but it's not as shocking as people are making out.

    In 10 years these accounts will all be dead. Hell, even some account holders will have died! Encryption only needs to be secure enough while the data is still useful.

    Cell phone encryption is a good example. The audio (voice) must be encrypted and decrypted in real-time to be heard. However, decrypting the conversation 10 days later is useless, since they did whatever they said already.

    This is covered in Applied Cryptography by Bruce Schneier.

  • Nagesh (unregistered) in reply to boog
    boog:
    trtrwtf:
    boog:
    Mickey D:
    Using Oracle (for example) just because we all know how to use it isn't the right approach. Building a new DBMS for the hell of it, isn't necessarily the right appraoch either...
    Yes, the correct approach is to determine which solution best meets the needs of the project and go with that. Rarely are massive-data-storage needs not fully met by an existing product.

    And I agree it's optimal for people to learn how things work under the hood (how else will you know which products meet your needs?). But honestly, I don't have time to wait for my co-workers to dick around self-teaching things they should have already learned in school (or any time prior to getting hired for this job).

    Anyone worth hiring is going to continue to do a lot of self-teaching. I'm happy to see some of that happen on the job - as long as it doesn't interfere too much with getting the damned work done.

    (If you're learning your primary language on the job, I'd be a little bovvered. )

    I should be clear: I wasn't hating on self-teaching. I was hating on having-to-wait-for-people-who-should-have-already-learned-this-shit-before-starting-on-the-project-to-get-up-to-speed. That counts as "interfering too much with getting the damned work done" in my book.

    Fair enough - I guess we agree. I think this counts as a WTF, these days.

  • trtrwtf (unregistered) in reply to Nagesh
    Nagesh:
    boog:
    trtrwtf:
    boog:
    Mickey D:
    Using Oracle (for example) just because we all know how to use it isn't the right approach. Building a new DBMS for the hell of it, isn't necessarily the right appraoch either...
    Yes, the correct approach is to determine which solution best meets the needs of the project and go with that. Rarely are massive-data-storage needs not fully met by an existing product.

    And I agree it's optimal for people to learn how things work under the hood (how else will you know which products meet your needs?). But honestly, I don't have time to wait for my co-workers to dick around self-teaching things they should have already learned in school (or any time prior to getting hired for this job).

    Anyone worth hiring is going to continue to do a lot of self-teaching. I'm happy to see some of that happen on the job - as long as it doesn't interfere too much with getting the damned work done.

    (If you're learning your primary language on the job, I'd be a little bovvered. )

    I should be clear: I wasn't hating on self-teaching. I was hating on having-to-wait-for-people-who-should-have-already-learned-this-shit-before-starting-on-the-project-to-get-up-to-speed. That counts as "interfering too much with getting the damned work done" in my book.

    Fair enough - I guess we agree. I think this counts as a WTF, these days.

    (oops - caught myself Nageshing...)

  • (cs) in reply to trtrwtf
    trtrwtf:
    Nagesh:
    boog:
    trtrwtf:
    boog:
    Mickey D:
    Using Oracle (for example) just because we all know how to use it isn't the right approach. Building a new DBMS for the hell of it, isn't necessarily the right appraoch either...
    Yes, the correct approach is to determine which solution best meets the needs of the project and go with that. Rarely are massive-data-storage needs not fully met by an existing product.

    And I agree it's optimal for people to learn how things work under the hood (how else will you know which products meet your needs?). But honestly, I don't have time to wait for my co-workers to dick around self-teaching things they should have already learned in school (or any time prior to getting hired for this job).

    Anyone worth hiring is going to continue to do a lot of self-teaching. I'm happy to see some of that happen on the job - as long as it doesn't interfere too much with getting the damned work done.

    (If you're learning your primary language on the job, I'd be a little bovvered. )

    I should be clear: I wasn't hating on self-teaching. I was hating on having-to-wait-for-people-who-should-have-already-learned-this-shit-before-starting-on-the-project-to-get-up-to-speed. That counts as "interfering too much with getting the damned work done" in my book.

    Fair enough - I guess we agree. I think this counts as a WTF, these days.

    (oops - caught myself Nageshing...)

    I think it would have been funny to see Nagesh ranting about the verbing of "hate". You're usually a grammar nazi type, right?

  • trtrwtf (unregistered) in reply to frits
    frits:
    trtrwtf:
    Nagesh:
    boog:
    trtrwtf:
    boog:
    Mickey D:
    Using Oracle (for example) just because we all know how to use it isn't the right approach. Building a new DBMS for the hell of it, isn't necessarily the right appraoch either...
    Yes, the correct approach is to determine which solution best meets the needs of the project and go with that. Rarely are massive-data-storage needs not fully met by an existing product.

    And I agree it's optimal for people to learn how things work under the hood (how else will you know which products meet your needs?). But honestly, I don't have time to wait for my co-workers to dick around self-teaching things they should have already learned in school (or any time prior to getting hired for this job).

    Anyone worth hiring is going to continue to do a lot of self-teaching. I'm happy to see some of that happen on the job - as long as it doesn't interfere too much with getting the damned work done.

    (If you're learning your primary language on the job, I'd be a little bovvered. )

    I should be clear: I wasn't hating on self-teaching. I was hating on having-to-wait-for-people-who-should-have-already-learned-this-shit-before-starting-on-the-project-to-get-up-to-speed. That counts as "interfering too much with getting the damned work done" in my book.

    Fair enough - I guess we agree. I think this counts as a WTF, these days.

    (oops - caught myself Nageshing...)

    I think it would have been funny to see Nagesh ranting about the verbing of "hate". You're usually a grammar nazi type, right?

    I prefer to think of myself as "ReMastered".... they're so much more effective and cool and fictional and stuff. But my ranting services are being not needed in this instance. I am thinking that you will find "h8" is alreddy verb. U cannot verb a verb, matterpaneer! </Nagesh>

  • (cs) in reply to trtrwtf
    trtrwtf:
    Nagesh (trtrwtf):
    Fair enough - I guess we agree. I think this counts as a WTF, these days.
    (oops - caught myself Nageshing...)
    How disappointing. I'd expect you to just play along with the sock puppet, responding to him even if he inadvertently speaks out of turn.

    But instead you went and took off the sock, revealing it to be a puppet all along. To everyone's surprise, no doubt.

  • trtrwtf (unregistered) in reply to boog
    boog:
    trtrwtf:
    Nagesh (trtrwtf):
    Fair enough - I guess we agree. I think this counts as a WTF, these days.
    (oops - caught myself Nageshing...)
    How disappointing. I'd expect you to just play along with the sock puppet, responding to him even if he inadvertently speaks out of turn.

    But instead you went and took off the sock, revealing it to be a puppet all along. To everyone's surprise, no doubt.

    If that's a revelation, I have some bad news for you regarding Santa Claus.

  • (cs) in reply to trtrwtf
    trtrwtf:
    boog:
    trtrwtf:
    Nagesh (trtrwtf):
    Fair enough - I guess we agree. I think this counts as a WTF, these days.
    (oops - caught myself Nageshing...)
    How disappointing. I'd expect you to just play along with the sock puppet, responding to him even if he inadvertently speaks out of turn.

    But instead you went and took off the sock, revealing it to be a puppet all along. To everyone's surprise, no doubt.

    If that's a revelation, I have some bad news for you regarding Santa Claus.
    Sorry, my comment was intended to sound as deadpan as possible, particularly the last bit.

    <deadpan>I'll be sure to use proper markup in future.</deadpan>

  • (cs) in reply to trtrwtf
    trtrwtf:
    boog:
    trtrwtf:
    Nagesh (trtrwtf):
    Fair enough - I guess we agree. I think this counts as a WTF, these days.
    (oops - caught myself Nageshing...)
    How disappointing. I'd expect you to just play along with the sock puppet, responding to him even if he inadvertently speaks out of turn.

    But instead you went and took off the sock, revealing it to be a puppet all along. To everyone's surprise, no doubt.

    If that's a revelation, I have some bad news for you regarding Santa Claus.

    I was actually surprised it was you.

  • trtrwtf (unregistered) in reply to boog
    boog:
    trtrwtf:
    boog:
    trtrwtf:
    Nagesh (trtrwtf):
    Fair enough - I guess we agree. I think this counts as a WTF, these days.
    (oops - caught myself Nageshing...)
    How disappointing. I'd expect you to just play along with the sock puppet, responding to him even if he inadvertently speaks out of turn.

    But instead you went and took off the sock, revealing it to be a puppet all along. To everyone's surprise, no doubt.

    If that's a revelation, I have some bad news for you regarding Santa Claus.
    Sorry, my comment was intended to sound as deadpan as possible, particularly the last bit.

    <deadpan>I'll be sure to use proper markup in future.</deadpan>

    Sorry, hard to tell the deadpan from the serious some days. Markup would be helpful. <wide-eyed naivete>Do you think it would defeat the purpose, though? </wide-eyed naivete>

  • trtrwtf (unregistered) in reply to frits
    frits:
    trtrwtf:
    boog:
    trtrwtf:
    Nagesh (trtrwtf):
    Fair enough - I guess we agree. I think this counts as a WTF, these days.
    (oops - caught myself Nageshing...)
    How disappointing. I'd expect you to just play along with the sock puppet, responding to him even if he inadvertently speaks out of turn.

    But instead you went and took off the sock, revealing it to be a puppet all along. To everyone's surprise, no doubt.

    If that's a revelation, I have some bad news for you regarding Santa Claus.

    I was actually surprised it was you.

    Only once in a while. Not mine to begin with, I assure you.

    Isn't it your hand in the sock some days? Now I'm the one surprised.

  • (cs) in reply to trtrwtf
    trtrwtf:
    frits:
    trtrwtf:
    boog:
    trtrwtf:
    Nagesh (trtrwtf):
    Fair enough - I guess we agree. I think this counts as a WTF, these days.
    (oops - caught myself Nageshing...)
    How disappointing. I'd expect you to just play along with the sock puppet, responding to him even if he inadvertently speaks out of turn.

    But instead you went and took off the sock, revealing it to be a puppet all along. To everyone's surprise, no doubt.

    If that's a revelation, I have some bad news for you regarding Santa Claus.

    I was actually surprised it was you.

    Only once in a while. Not mine to begin with, I assure you.

    Isn't it your hand in the sock some days? Now I'm the one surprised.

    Only the unicode Иagɘsнen...

    I think you have to be some kind of insider to have controlled the "real" Nagesh. However, I postulate someone changed the password and usurped the sock for themselves only these days.

  • Nagesh (unregistered) in reply to frits
    frits:
    trtrwtf:
    frits:
    trtrwtf:
    boog:
    trtrwtf:
    Nagesh (trtrwtf):
    Fair enough - I guess we agree. I think this counts as a WTF, these days.
    (oops - caught myself Nageshing...)
    How disappointing. I'd expect you to just play along with the sock puppet, responding to him even if he inadvertently speaks out of turn.

    But instead you went and took off the sock, revealing it to be a puppet all along. To everyone's surprise, no doubt.

    If that's a revelation, I have some bad news for you regarding Santa Claus.

    I was actually surprised it was you.

    Only once in a while. Not mine to begin with, I assure you.

    Isn't it your hand in the sock some days? Now I'm the one surprised.

    Only the unicode Иagɘsнen...

    I don't find that highly unlikely.

  • (cs) in reply to trtrwtf
    trtrwtf:
    Nagesh:

    Fair enough - I guess we agree. I think this counts as a WTF, these days.

    (oops - caught myself Nageshing...)

    And what else will you admit to? You'll be telling us zunesis is a virgin next...

  • trtrwtf (unregistered) in reply to PedanticCurmudgeon
    PedanticCurmudgeon:
    trtrwtf:
    Nagesh:

    Fair enough - I guess we agree. I think this counts as a WTF, these days.

    (oops - caught myself Nageshing...)

    And what else will you admit to? You'll be telling us zunesis is a virgin next...

    Oh, no, that could never be.

  • (cs) in reply to trtrwtf
    trtrwtf:
    PedanticCurmudgeon:
    trtrwtf:
    Nagesh:

    Fair enough - I guess we agree. I think this counts as a WTF, these days.

    (oops - caught myself Nageshing...)

    And what else will you admit to? You'll be telling us zunesis is a virgin next...

    Oh, no, that could never be.

    It can if you don't count the vacuum and the family dog...

  • Ipods will go down! (unregistered) in reply to trtrwtf
    trtrwtf:
    Isn't it your hand in the sock some days? Now I'm the one surprised.
    My hand is on the sock fairly frequently - it's not my hand that I put in it.

    Unless you're talking about something else, which which case, yes, my hand is in the "sock" - I stretch my fingers to turn it inside out. Psssst... Hint: distended rectum. Can you imagine it coming inside out, say after a huge, rock-hard shit (need to eat them greens) and then running around, begging your wife/roommate/teenage child's friends - "shove it back in!"

  • Ipods will go down! (unregistered) in reply to PedanticCurmudgeon
    PedanticCurmudgeon:
    trtrwtf:
    (oops - caught myself Nageshing...)
    And what else will you admit to? You'll be telling us zunesis is a virgin next...
    I think trtrwtf knows very well that's not true. WHY WON'T YOU CALL ME!!!!!!! Doesn't he?
  • (cs) in reply to Zylon
    Zylon:
    The Great Lobachevsky:
    PS: My very non-technical mom has asked me on several occasions what the word "algorithm" means. I keep trying to give her definitions on her level but it isn't working very well... I'm tempted to pull out a cookbook and point to a recipe and tell her it is an algorithm for pot roast. :)
    Recipes aren't algorithms. Flowcharts, however, are. Just Google up a flowchart, point at it, and say "This is an algorithm!" Everyone understands flow charts.

    I think you overestimate my mom. :)

    I am trying to find a way to relate it to reality TV, QVC, or the Food Network to get it in a context she'll understand. And I don't really want to try to flowchart the outcomes at Tribal Council. :)

  • Ipods will go down! (unregistered) in reply to C-Octothorpe
    C-Octothorpe:
    PedanticCurmudgeon:
    And what else will you admit to? You'll be telling us zunesis is a virgin next...
    It can if you don't count the vacuum and the family dog...
    I've never misused a vacuum cleaner is such a way! Who do you think I am!?

    As an aside, just speaking hypothetically, using my imagination, I really wouldn't recommend it. If I had to guess, I'd say it causes unsettling numbness and discoloration following, and you care about Junior like any normal guy, seeing him like this isn't the happiest of pictures. If I had to guess. HIDDEN MESsAGE!@!!!!!!

  • Ipods will go down! (unregistered) in reply to The Great Lobachevsky
    The Great Lobachevsky:
    Zylon:
    The Great Lobachevsky:
    PS: My very non-technical mom has asked me on several occasions what the word "algorithm" means. I keep trying to give her definitions on her level but it isn't working very well... I'm tempted to pull out a cookbook and point to a recipe and tell her it is an algorithm for pot roast. :)
    Recipes aren't algorithms. Flowcharts, however, are. Just Google up a flowchart, point at it, and say "This is an algorithm!" Everyone understands flow charts.
    I think you overestimate my mom. :)

    I am trying to find a way to relate it to reality TV, QVC, or the Food Network to get it in a context she'll understand. And I don't really want to try to flowchart the outcomes at Tribal Council. :)

    I think I can help. I'll need her phone number (of course) and a picture. Beach photos, preferably. That will help me to relations to her. oh, and some used panties of hers if you can get them. You can get in on the call if you want - what numbers do you press to make it a three-way?

  • (cs) in reply to C-Octothorpe
    C-Octothorpe:
    trtrwtf:
    PedanticCurmudgeon:
    You'll be telling us zunesis is a virgin next...
    Oh, no, that could never be.
    It can if you don't count the vacuum and the family dog...
    I expect you'd have to omit every inanimate object in Zunelander's house if you really wanted to make such a claim.
  • Brian White (unregistered) in reply to Mickey D
    Mickey D:
    geoffrey:
    C-Octothorpe:
    Back in *reality*, the weak points are usually caused by human error (lack of training, knowledge, poor implementation, etc.), and not because MS Sql Server failed in some way or because SHA256 was broken. No, it was because fucking moron developers who like do things like concat SQL strings with user input, don't encode output, don't sanitize input, etc., etc., because they don't know how or even that they *should*.

    And why is that? It's because all devs have to do to survive these days is glue a website to SQL Server, even if they have no idea how it all works.

    If their job entailed tasks such as coding a DBS in two weeks, well that would soon sort the wheat from the chaff. If there were no jobs for morons there would be no morons in jobs.

    Sorry, but you're argument is simply a grossly misinformed red-herring. Fortunately, if I ever have to work with you or interview you, I would be able to spot you from a mile away...

    I don't do interviews, but hey, swings and roundabouts.

    This I agree with to some degree. Without promoting C too much, I recently had to work with someone who grew up on Java (and knew it well), but because they didn't really understand what the memory was doing under the hood they had little issue with spawning objects unnecessarily (which had the double whammy of increasing memory usage and increasing work done by the Garbage Collector). Although I have no objection to the likes of Java and C# (and many others) I think developers still have to understand not just the language, but what the system is actually doing.

    I think this is where geoffery is coming from. Good developers believe they can do anything. They might not need to, but they believe themselves capable of it. Bad developers want to use only the technologies they know (although they may be quite good at them). Using Oracle (for example) just because we all know how to use it isn't the right approach. Building a new DBMS for the hell of it, isn't necessarily the right appraoch either, but as someone has pointed out, the weakest link is usually the (local) developer. The simpler a system is to use, then the lower quality the developer that will appear adequate in it, and the higher the risk of hiring a turkey who doesn't really know what he's doing - and will end up stuffing things up irrespective of the technology you choose to use.

    Creating systems for idiots merely encourages idiots. It won't be long before systems are so 'clever' that there will be no-one who actually understands what is going on to properly fix things when the shit hits the fan....

    Building a new DBMS is never the right approach. Whether you want sql, object, or noSql, it's all out there already. Now eventually you may end up writing your own domain specific programming language, but please don't write a DBMS

  • ᴺᵃᵍᵉsh (unregistered) in reply to Brian White
    Brian White:
    Building a new DBMS is never the right approach. Whether you want sql, object, or noSql, it's all out there already. Now eventually you may end up writing your own domain specific programming language, but please don't write a DBMS
    Let him be go ahead and write it. Jaffrey-troll is needing something productive to do. You wouldn't want to let him close to any real work, would ja?
  • (cs)
    mcrypt_cbc($password)
    That doesn't even make sense. CBC-mode encryption, but most of the parameters are missing - it doesn't even specify the encryption algorithm to use. Anonymisation artefact?
  • (cs) in reply to Brian White
    Brian White:
    Building a new DBMS is never the right approach. Whether you want sql, object, or noSql, it's all out there already. Now eventually you may end up writing your own domain specific programming language, but please don't write a DBMS
    (To a first approximation): Because it doesn't matter how the internals are implemented if an attacker can't even make it past the interface.
  • (cs) in reply to trtrwtf
    trtrwtf:
    boog:
    Mickey D:
    Using Oracle (for example) just because we all know how to use it isn't the right approach. Building a new DBMS for the hell of it, isn't necessarily the right appraoch either...
    Yes, the correct approach is to determine which solution best meets the needs of the project and go with that. Rarely are massive-data-storage needs not fully met by an existing product.

    And I agree it's optimal for people to learn how things work under the hood (how else will you know which products meet your needs?). But honestly, I don't have time to wait for my co-workers to dick around self-teaching things they should have already learned in school (or any time prior to getting hired for this job).

    Anyone worth hiring is going to continue to do a lot of self-teaching. I'm happy to see some of that happen on the job - as long as it doesn't interfere too much with getting the damned work done.

    (If you're learning your primary language on the job, I'd be a little bovvered. )

    In my previous job, the boss hired a PHP developer... who didn't know PHP at all. He claimed he knew .NET (which he didn't either), so had to learn his primary language on the job... and refused to do so! He kept claiming he, as a programmer, should just be able to download any and all code he needed from the internet. He even just plain refused to make the simplest exercises.

    When he walked in one morning and had his coffee, I gave him an exercise of making a contact form. Just a plain "name, e-mail address, textarea" form and returning the input on-screen.

    At noon, none was done yet, so I opened the manual's pages explaining the functions he required up in his browser and gave him an example (meaning he actually just had to alter a 10-line or so piece of code!).

    By the evening, it still didn't work. Guy told me it didn't return the input. He didn't even bother reading the function page in the manual, or he'd have known he should assign the return value of that function to a variable...

  • trtrwtf (unregistered) in reply to The poop of DOOM

    The worst part is, that guy probably comes on this site to gloat about all the terrible programmers out there.

  • GL (unregistered) in reply to C-Octothorpe

    I thought someone just hooked in Emacs to this site and started ELIZA.

    CAPTCHA: Ludus - apparently a "playful lover"

  • Jules (unregistered)

    Somebody should tell this guy that if you hash the results of a hash with a different algorithm, it can be broken by a collision in either scheme, so it's actually less secure than just hashing once...

  • Jules (unregistered) in reply to Brian White
    Building a new DBMS is never the right approach. Whether you want sql, object, or noSql, it's all out there already. Now eventually you may end up writing your own domain specific programming language, but please don't write a DBMS

    I almost agree with you. But I also think saying something is never right is too extreme. There are applications where writing your own DBMS is likely to be the best thing to do. I'll grant that they are extremely rare, but they are out there, which is why every now and then we see a new design of database crop up which is better than existing ones for some narrow task.

  • (cs)

    I agree with that, it is superfluous talking about that anymore! http://www.porntubest.com/sites

Leave a comment on “Bullet-proof Encryption”

Log In or post as a guest

Replying to comment #:

« Return to Article