Where Science Went Wrong (hilarious web site)

Quadibloc wrote:
Mike Ash wrote:
Why? With any half-competent data layer, a good index will work and a
bad index will return an error. If your data layer can be exploited by
giving it a bad ID number, then your problem lies in the data layer.

Expected behavior is that *any* invalid URL gives a nice neat 404 error.

Nothing is _ever_ passed on to any code which can cause an unhandled
exception, because the results of an error are, by their very nature,
unpredictable. They can potentially be exploited for attack purposes,
or they can have denial-of-service results just by accident - bringing
the system down, or causing an infinite loop.

In this case, the design error is to allow the untrusted outside world
to make a database request directly. Instead, there should be a layer
of bombproof code that parses URLs, sorts out valid ones from invalid
ones, and then, once it gets a valid one, passes on the request to the
database engine.

Obxkcd: http://xkcd.com/327/

Dave "also see: the BLINK tag in my .sig" DeLaney
--
\/David DeLaney posting from "It's not the pot that grows the flower
It's not the clock that slows the hour The definition's plain for anyone to see
Love is all it takes to make a family" - R&P. VISUALIZE HAPPYNET VRbeableBLINK
http://www.vic.com/~dbd/ - net.legends FAQ & Magic / I WUV you in all CAPS! --K.

In article ,
(David Goldfarb) wrote:

In article ,
David Mitchell wrote:
Chapter 21 is up!

http://www.fanfiction.net/s/5782108/21/

And Harry seems to be putting into practice the ideas mentioned in
the article linked from the root post of this thread.

Can't say he's wrong to do so, even though I wouldn't approve of doing
it in reality. He's dealing with a world where it appears that the
equivalent of nuclear weapons can be created and deployed by individuals
with the right skills and knowledge. And he knows that the stuff is
dangerous, but as yet doesn't know HOW dangerous, because nobody's
systematically investigated the stuff before. Seems like a reasonable
precaution.

--
Mike Ash
Radio Free Earth
Broadcasting from our climate-controlled studios deep inside the Moon

In article ,
Dimensional Traveler wrote:

On 5/17/2010 2:56 PM, Gene Wirchenko wrote:
On Mon, 17 May 2010 03:24:51 -0500, David Mitchell
wrote:

On Sat, 15 May 2010 01:04:29 -0500, David Mitchell wrote:

On Fri, 14 May 2010 14:06:58 -0700, Gene Wirchenko wrote:

I just checked the browse tab I have open to see if chapter 21
has been released yet. I have done this too many times already.

No, it has not been. And if it were, I would be crying for
chapter 22.

I've just signed up, so I can receive a story alert. I'll post here
if/when that happens.

Chapter 21 is up!

http://www.fanfiction.net/s/5782108/21/

Yup. I am already waiting for chapter 22.

Get a jump on the crowd, start waiting for chapter 23.

Lightweights. I'm already waiting for the end.

--
Mike Ash
Radio Free Earth
Broadcasting from our climate-controlled studios deep inside the Moon

On Mon, 17 May 2010 23:26:33 -0400, Mike Ash wrote:

In article ,
Dimensional Traveler wrote:

On 5/17/2010 2:56 PM, Gene Wirchenko wrote:
On Mon, 17 May 2010 03:24:51 -0500, David Mitchell
wrote:

[snip]

Chapter 21 is up!

http://www.fanfiction.net/s/5782108/21/

Yup. I am already waiting for chapter 22.

Get a jump on the crowd, start waiting for chapter 23.

Lightweights. I'm already waiting for the end.

I did not want to belabour the obvious. Besides, I might not
want it to end.

Sincerely,

Gene Wirchenko

On Mon, 17 May 2010 11:08:50 +0200, Morten Reistad wrote:

In article , John F. Eldredge
wrote:
On Sun, 16 May 2010 06:53:23 -0600, noRm d. plumBeR wrote:

Mike Ash wrote:


Which shows what incredibly bad software is supporting the thing.

The scary part is that it isn't all that unusual.

The tinyurl link worked OK.

As far as the linked-to page is concerned, while I feel sorry for the
two airmen who were blown up (one survived, one didn't), it sounds like
they didn't fully appreciate the risk. If I found that an enclosure was
full of a fuel/air mixture, I wouldn't sit down at the edge of the
enclosure to wait for my ride, I would get as far away from it as
possible. I did once have to deal with a propane leak inside a factory;
I opened several overhead doors for ventilation (manually, not using an
electric hoist), then got outside as quickly as possible. Had the
concentration been as high as what the two airmen found, I wouldn't have
taken the time to open the doors, I would just have run for my life.

When you have a maxed out concentration of some combustible gas in air;
do you ventilate (and bring in oxygen) or contain it (keeping it in one
place, only slowly to seep out).

At least with propane, gasoline and such, the maximum saturation in air
would be rapidly depleted of oxygen if it blew up, thereby dampening the
explosion damage. It will become a two-stage fire; first an explosion
and then an inrush fire when the oxygen gets back to the flame.

Just a question.

Well, in the case of the factory propane leak, it had not yet reached
flashover concentration,and I was adding ventilation to keep it from
doing so. I don't know which would be the better solution to the maximum-
saturation situation. I _do_ know that I wouldn't sit down, just outside
the structure, to wait for transportation.

--
John F. Eldredge --
"Reserve your right to think, for even to think wrongly
is better than not to think at all." -- Hypatia of Alexandria

In article ,
"John F. Eldredge" said:

As far as the linked-to page is concerned, while I feel sorry for
the two airmen who were blown up (one survived, one didn't), it
sounds like they didn't fully appreciate the risk. If I found
that an enclosure was full of a fuel/air mixture, I wouldn't sit
down at the edge of the enclosure to wait for my ride, I would get
as far away from it as possible.

It's possible that they were both exhausted from their efforts,
almost certainly performed while using a self-carried oxygen (or
air) supply and possibly wearing hot, heavy and/or airtight
protective clothing. That wouldn't make "Whew, we're in good air
now, let's take off our hoods and catch our breaths for a moment" a
_good_ decision, but it would make it fairly understandable.

-- wds