Skip to main content

Chris Morrow

Chris Morrow's Public Library

  • For example, doTask() and doTask(object O) are overloaded methods. To call the latter, an object must be passed as a parameter, whereas the former does not require a parameter, and is called with an empty parameter field. A common error would be to assign a default value to the object in the second method, which would result in an ambiguous call error, as the compiler wouldn't know which of the two methods to use.

  • Are there any holes in this type of security?

     
      

    There are no holes but no advantages as well. Conventional string formatting is equally safe but without all this useless hexing/unhexing stuff.

  • One way to prevent SQL injection completely (via PHP) is to use the two functions DECHEX()[21] and BIN2HEX().[22] The first converts any integer value into hex and the second will convert any other type of variable into hex as well. Then, instead of simply having the string or number exposed on the SQL command itself - you use the UNHEX()[23] function to convert the hexed values back to something which can be used. The difference is - the value never goes to the SQL command interpreter itself but is kept in memory by the SQL server and applied after the interpretation of the SQL command is through. So no SQL injection can occur.
  • This is NOT to say that you shouldn't do checks of whatever you get back from the browser before you put it in to the database. This isn't a magic wand that will fix everything that has ever been wrong with your database or programs. It does though, make it so you do not have to worry about the kinds of SQL injections presented at the beginning of this webpage. Those it will stop.

     

  • The goto operator CAN be evaluated with eval, provided the label is in the eval'd code:

    <?php
    a
    : eval("goto a;"); // undefined label 'a'
    eval("a: goto a;"); // works
    ?>

    It's because PHP does not consider the eval'd code, containing the label, to be in the same "file" as the goto statement.
  • GOTO is the daredevil of all programming languages. Like Evil Knievel the GOTO can jump from one place in your code to a completely different place with no return.
    Knievel broke nearly every bone in his body making his jumps. GOTO will absolutely break your apps bones.

  • The shebang line is usually ignored by the interpreter because the "#" character is a comment marker in many scripting languages; some language interpreters that do not use the hash mark to begin comments (such as Scheme) still may ignore the shebang line in recognition of its purpose.[9]

     

     
     

  • Unlike the CGI SAPI, no headers are  written to the output. 

     

      Though the CGI SAPI provides a way  to suppress HTTP headers, there's no equivalent switch to enable them in  the CLI SAPI.

  • PHP in a shell environment tends to be used for a much more diverse  range of purposes than typical Web-based scripts, and as these can  be very long-running, the maximum execution time is set to unlimited.     

  • The CLI SAPI is enabled by default using  --enable-cli , but may be disabled using  the --disable-cli  option when running  ./configure

       

  • Execute history again and you will see the effect on the spot, bare in mind that the timestamp for command lines that executed at previous sessions may not valid, as the time was not tracked.

     

  • In particular, the example most often raised is a warning to watch out for
    filenames with the newline character in the name.

    My question, sort of a mini survey if you like, is just how many people
    use newlines in filenames or how often do you come across filenames with
    newlines in them?

  • Apart from files that I created for the purpose of testing scripts,
       the only time I've seen it was when another person's script created
       files using the output of a remote command as the names. The script
       didn't check for errors, and some files were created with newlines.

       The reason you see warnings given about newlines in filenames is
       that many script are written to handle other pathological
       characters in filenames, but will break in the unlikely event that
       one contains a newline. It's rare enough that many scripts do not
       bother to take it into account. (It wasn't all that long ago that
       scripts often didn't even worry about spaces in filenames.)

  • In its default mode, if standard output isn't a terminal, ls separates filenames with newlines. This is fine until you have a file with a newline in its name.

  • Note that if you had used ls dash letter l instead, the count is one greater than the actual number of files. This is because ls dash letter l outputs an extra total line: 

    $ ls -1 targetdir  total 529436 -rw-r--r-- 1 peter peter  1510976 Jul 13  2008 DSCN1001.jpg ....

  • something like this :

      
    for ($i = 0; $i <= 100; $i++) {     echo "Loading... {$i}%\r";     usleep(10000); }

  • The box not being checked is by design and cannot be changed.

     

    It's important to leave the unchecked by default as it is to avoid problems, such as unintentionally deleted or copied files.

  • To change the memory limit for one specific script, include a line such as this at the top of the script:

     

    ini_set("memory_limit","12M");

     

    The 12M sets the limit to 12 megabytes (12582912 bytes). If this does not work, keep increasing the memory limit until your script fits or your server squeals for mercy.

  • Huh. Yesterday I built a gate. It took maybe two hours.

     

    I think it had the same effect on national security issues as Paul’s speech and took a sixth of the time. 

  • Your installation of a gate prevented the Senate from sliding the Patriot Act through without a debate? Interesting take. 

  • Looks like the vote on section 215 will be punted until at least June. I’m cautiously hopeful some progress can be made. The Patriot Act has gone from undebatable to very debatable. The original act was passed 98-1. The 2006 renewal 89-10. The 2011 renewal 74-8 (with 18 abstentions and Paul voting No). The longer this can remain in the public’s mind, the better the chances of getting the USA FREEDOM Act passed (or the better version that Paul wants).

  • A directory is a file but its not a regular file, so the question is not clear enough
     If he does not want directory, then something awfull like this should do:
      echo $(($(ls -l | grep -v ^d | wc -l)-1))

  • It would be easy to criticize Green for not looking at the data more carefully, but . . . that’s easy to say after the fact. In all my collaborations, I’ve never even considered the possibility that I might be working with a Diederik Stapel. And, indeed, in my previous post on the topic, I expressed surprise at the published claim but no skepticism.

  • Ironically, LaCour benefited (in the short term) by his strategy of completely faking it. If he’d done the usual strategy of taking real data and stretching out the interpretation, I and others would’ve been all over him for overinterpreting his results, garden of forking paths, etc. But, by doing the Big Lie, he bypassed all those statistical concerns.

  • Next month, the Supreme Court will rule on King v. Burwell. If all five Republican appointees support the plaintiffs (there’s no chance any of the Democrat-appointed justices will take the lawsuit seriously), some 7 million Americans will quickly lose their insurance. The prospect that this will occur has induced a wave of panic — not among the customers at risk of losing their insurance, who seem largely unaware, nor even among Obamacare’s Democratic supporters, but among Republicans. The chaos their lawsuit would unleash might blow back in a way few Republicans had considered until recently, and now, on the eve of a possible triumph, they find themselves scrambling to contain the damage. It is dawning on the Grand Old Party that snatching health insurance away from millions of helpless victims is not quite as rewarding as expected.
  • The plaintiffs insist Congress created the threat of self-destructing federal exchanges to coerce states into creating their own. (Disregard the copious evidence that the law’s drafters, and officials at the state level in both parties, believed federal exchanges would include tax credits.)

        
     
     

    The lawsuit works more on the level of an elaborate prank than as a serious reading of the law.

  • Senator Ron Johnson of Wisconsin appeared on a conservative talk-radio show last month to raise awareness of the party’s dilemma. Obama, he told host Jay Weber, will unleash a public-relations campaign to highlight the Republicans’ cruelty. “And of course, he’ll have the ads all racked up with the individuals that have benefited from Obamacare on the backs of the American taxpayer,” he said. “He’ll have all those examples as well, so — ”

     

    “And the sad-sack stories about who’s dying from what and why they can’t get their coverage,” interjected Weber.

     

    “Right,” agreed Johnson.

1 more annotation...

  • Our economy is like Dick Cheney's heart. We keep recussitating it, keep it going for a few more years before it has another attack again.
  • to me the real problem is businesses are getting essentially 'free' labour, with the costs met by the taxpayer in the form of welfare, who they can then ditch at the end of the period and just truck another set of unemployed people in to use and the cycle repeats, and 'was forced to work in a shitty bottom rung job with no training upon paid of being made destitute' isn't a great addition to a CV, whatever this government think.
  • There wouldn't be quite the backlash if they were instead channelled into local community ,non profit work that needs doing but there isn't the funding for. But then you wouldn't be jerking off the companies that are donating to your political party, just doing something good for society and humanity in general. Where's the profit in that?

      

4 more annotations...

1 - 20 of 18665 Next › Last »
20 items/page

Highlighter, Sticky notes, Tagging, Groups and Network: integrated suite dramatically boosting research productivity. Learn more »

Join Diigo