* Posts by Paul

8 publicly visible posts • joined 6 Apr 2007

Microsoft and HP tackle SQL-injection scourge


@Anonymous Coward

"Scanning for SQL injection / XSS attacks should be the WebServers responsibility."

If you think scanning for SQL injection should be the webserver's responsibility, then you have no fscking clue what you're talking about.

US airline pilot pops a cap in cockpit



But really, I don't see the great danger in giving pilots guns. They already have control of an airplane with hundreds of passengers -- if they're responsible enough for that, giving them a gun really isn't a big deal. And no, contrary to what movies portray, shooting a hole in the side of the plane is not going to cause major structural damage and destroy the plane. At most, it will leave a little hole and they'll have to use the oxygen.

The fact that the TSA was against the plan to allow pilots to be armed also makes me think it was a good idea.

Sun dreams the impossible Java on Jesus Phone dream


Re: JDK on OS X

@Jim Moores

Apple told Sun they would create and maintain the JDK for OS X. And then failed to follow through with it.

Disintegrating wind turbine caught on camera



Why is that van parked so close to the wind turbine when they knew it was going to fail? In the second video, you can see a big poof of dirt right at the moment of failure, and it appears pretty close to the van. After that, it looks like the support tower for the turbine falls pretty close to the van as well.

So what's in a URL? The Reg URL?


Domain should reflect the writers

I've been reading elreg from the U.S. for 5 or 6 years now, and I've always typed the .co.uk domain in. I think the domain name used should reflect the culture of the site. Given that the writing uses many British phrases (presumably most of your journalists are British), staying with ".co.uk" seems appropriate. I don't see how changing it to ".com" would increase the site's appeal.

Although there I think anything of a site that was just ".com" to start with, changing from ".co.uk" to ".com" for the purpose of appealing to American readers seems like the sort of thing that would backfire and/or attract the wrong type of readership (i.e., who would suddenly start reading a site just because the domain changed from ".co.uk" to ".com").

UK spooks offered 10Gig wire-speed processor


Attack vector

Although it's nothing new, this looks like a good attack vector as they become more common. Many high-level protocol implementations have had holes in them exploited; the complexity needed to do DPI promises plenty of compromised DPI devices and DoS attacks.

Don't forget the ‘C’ in Objective-C


Fix your article

Dave Jewell, when are you going to fix your article? The very first comment *clearly* outlined why your example is wrong. I don't do much Win32, so I'm not sure about the Unicode issues brought up, but if the strings involved could be more than plain ASCII, you've got a whole other issue to deal with. You call the strstr problem a "side issue", but you're ignoring the fact that it doesn't matter how efficient it is if it's wrong.

The thing is, efficiency takes a little work. How about putting some work into the example? You could put the strstr in a loop, with each pass checking that the character preceding the match is either out of bounds or a space, and the character after the match is either a space or a NULL. But then you'd have to confront the issue of why people just hack strings into arrays and call it good. Your example makes it seem easier to be efficient, but this often is not the case. You can still make a case for efficiency despite the code often being more complex. You just have to acknowledge that it's not for all situations, and it's not for everyone.


Re: Bad Example

I understand the point of the article is about the relevance of efficiency, but your mistake with the substring was so glaringly obvious I was looking for it before I got to the line of code you posted -- the very first comment pointed it out. I love efficiency, having spent years working in assembly, but you just proved why people do things like split strings into arrays and search for the matching element. Your article is actually an excellent COUNTERPOINT to the point you were trying to make.