Greetings:
Personally, I don't think top-posting is the most annoying newsgroup
habit. I think it's making a big fuss about minor inconveniences.
One of the nicest things about being human is the amazing flexibility of
our brains. For example, if a block of text isn't arranged in the order
we're used to, we can easily rearrange it mentally and read it anyway.
Oriental and Arabic peoples, for example, do this each time they read
something written in English. It's EASY, once you get used to it!
It took me about 3 seconds to realize that Mr. D'Aprano' Q&A session was
laid out bottom-to-top instead of top-to-bottom. After that, it made
perfect sense. While it was a excellent way to demonstrate his
argument, it failed to prove his point, because, while top-to-bottom may
be the way he reads things, it isn't the way _everyone_ reads things.
So, as far as I'm concerned, post your posts in whatever manner works
for you. If it's in English, I'll figure it out. If not, well, there's
always Babelfish. ;^)
Regards,
Barry ba***********@p sc.com
541-302-1107
_______________ _________
We who cut mere stones must always be envisioning cathedrals.
-Quarry worker's creed
-----Original Message-----
From: Steven D'Aprano [mailto:st***@RE MOVE.THIS.cyber source.com.au]
Sent: Friday, January 19, 2007 11:30 AM
To: py*********@pyt hon.org
Subject: Re: when format strings attack
On Fri, 19 Jan 2007 10:43:53 -0800, John Zenger wrote:
Perhaps it is not as severe a security risk, but pure Python
programs
can run into similar problems if they don't check user input for %
codes.
Please don't top-post.
A: Because it messes up the order that we read things.
Q: Why?
A: Top-posting.
Q: What is the most annoying newsgroup habit?
Example:
>>k = raw_input("Try to trick me: ")
Try to trick me: How about %s this?
>>j = "User %s just entered: " + k
print j % "John"
Traceback (most recent call last):
File "<pyshell#8 >", line 1, in ?
print j % "John"
TypeError: not enough arguments for format string
That's hardly the same sort of vulnerability the article was talking
about, but it is a potential bug waiting to bite.
In a serious application, you should keep user-inputted strings
separate
from application strings, and never use user strings unless they've
been
made safe. See Joel Spolsky's excellent article about one way of doing
that:
http://www.joelonsoftware.com/articles/Wrong.html
--
Steven.
7  1562 
In article <ma************ *************** ************@py thon.org>,
Carroll, Barry <Ba***********@ psc.comwrote:
>
Personally, I don't think top-posting is the most annoying newsgroup
habit. I think it's making a big fuss about minor inconveniences. =20
Thing is, nobody will ignore your posts for following standard Usenet
conventions, but some of us will definitely ignore your posts if you
don't. It's your choice how much attention you want.
--
Aahz (aa**@pythoncra ft.com) <* http://www.pythoncraft.com/
Help a hearing-impaired person: http://rule6.info/hearing.html
On Fri, 19 Jan 2007 12:20:26 -0800, Carroll, Barry wrote:
It took me about 3 seconds to realize that Mr. D'Aprano' Q&A session was
laid out bottom-to-top instead of top-to-bottom. After that, it made
perfect sense.
Three seconds, compared to about thirty milliseconds if it were written in
the normal fashion. That's an inefficiency of about two orders of
magnitude. Multiply that by a few hundred news posts and emails that you
might read in a day, and, well, I think that makes it a big deal. That
means top posting is to effective communication what exchange-sort is to
quicksort.
I use the analogy advisably: just as there is overhead to quicksort that
makes it slower for sufficiently small lists, so there is overhead to
in-line posting that makes top posting easier for the reader under quite
restricted circumstances: you're reading the posts in order, and the
entire thread (or at least the relevant parts of it) are still in short
term memory.
While it was a excellent way to demonstrate his
argument, it failed to prove his point, because, while top-to-bottom may
be the way he reads things, it isn't the way _everyone_ reads things.
There are, as far as I know, no human languages that write from the
bottom of the page upwards.
But even if there are such languages, we're on an English language
newsgroup, not Martian, and so we should (whenever possibly) adapt English
conventions.
So, as far as I'm concerned, post your posts in whatever manner works
for you. If it's in English, I'll figure it out. If not, well, there's
always Babelfish. ;^)
Or perhaps I should say:
..snoitnevnoc
hsilgnE tpada )ylbissop revenehw( dluohs ew os dna ,naitraM ton ,puorgswen
egaugnal hsilgnE na no er'ew ,segaugnal hcus era ereht fi neve tuB
--
Steven.
I should write a python script to read this. :)
>.snoitnevnoc
hsilgnE tpada )ylbissop revenehw( dluohs ew os dna ,naitraM ton ,puorgswen
egaugnal hsilgnE na no er'ew ,segaugnal hcus era ereht fi neve tuB
"Steven D'Aprano" <st***@REMOVE.T HIS.cybersource .com.auwrote:
Or perhaps I should say:
.snoitnevnoc
hsilgnE tpada )ylbissop revenehw( dluohs ew os dna ,naitraM ton ,puorgswen
egaugnal hsilgnE na no er'ew ,segaugnal hcus era ereht fi neve tuB
First I thought it was Welsh or Cornish or something.
Then it was like being in my first year of school again-
reading letter by letter. Never realised how difficult it is.
I suppose it will improve with practice.
- Hendrik
"Hendrik van Rooyen" <ma**@microcorp .co.zawrites:
"Steven D'Aprano" <st***@REMOVE.T HIS.cybersource .com.auwrote:
.snoitnevnoc
hsilgnE tpada )ylbissop revenehw( dluohs ew os dna ,naitraM ton ,puorgswen
egaugnal hsilgnE na no er'ew ,segaugnal hcus era ereht fi neve tuB
First I thought it was Welsh or Cornish or something.
Then it was like being in my first year of school again-
reading letter by letter. Never realised how difficult it is.
I suppose it will improve with practice.
Alternatively, you could consider it to be an active impediment to
understanding, which, no matter how convenient it may be for the
person writing it, is against the norms of written English and
inconsiderate of the reader.
With that in mind, you might convince those who write their messages
that way to conform to the norms of written English for the sake of
communication.
--
\ "No wonder I'm all confused; one of my parents was a woman, the |
`\ other was a man." -- Ashleigh Brilliant |
_o__) |
Ben Finney
On Friday 19 January 2007 22:51, Hendrik van Rooyen wrote:
"Steven D'Aprano" <st***@REMOVE.T HIS.cybersource .com.auwrote:
Or perhaps I should say:
.snoitnevnoc
hsilgnE tpada )ylbissop revenehw( dluohs ew os dna ,naitraM ton
,puorgswen egaugnal hsilgnE na no er'ew ,segaugnal hcus era ereht fi neve
tuB
First I thought it was Welsh or Cornish or something.
Then it was like being in my first year of school again-
reading letter by letter. Never realised how difficult it is.
I suppose it will improve with practice.
Not to steer this topic even futher off topic, but this is something that's
been on my mind lately...
The biggest problem with it that the letters were forwards and not also
backwards (and the parens). But then, it's my understanding that as a
left-handed person, reading and writing backwards is far easier for me than
for the majority that is right-handed. Have any other lefties found that the
case?
-Dane
Dane Jensen <ca***@fastmail .fmwrote in
news:ma******** *************** *************** *@python.org:
On Friday 19 January 2007 22:51, Hendrik van Rooyen wrote:
>"Steven D'Aprano" <st***@REMOVE.T HIS.cybersource .com.auwrote:
Or perhaps I should say:
.snoitnevnoc
hsilgnE tpada )ylbissop revenehw( dluohs ew os dna ,naitraM
ton ,puorgswen egaugnal hsilgnE na no er'ew ,segaugnal hcus
era ereht fi neve tuB
First I thought it was Welsh or Cornish or something.
Then it was like being in my first year of school again-
reading letter by letter. Never realised how difficult it is.
I suppose it will improve with practice.
Not to steer this topic even futher off topic, but this is
something that's been on my mind lately...
The biggest problem with it that the letters were forwards and
not also backwards (and the parens). But then, it's my
understanding that as a left-handed person, reading and writing
backwards is far easier for me than for the majority that is
right-handed. Have any other lefties found that the case?
How would anybody know? As a left-hander, I have found it easy
enough to read backwards, but then, being left-handed forces a
certain habit of adaptability in any case. Maybe that makes it
easier to read backward, but that is not a task I'm often called
on to do. It takes practice regardless.
This subthread reminds me of my *highly secure* plaintext
encryption system that would render the sentence
<But even if there are such languages, we're on an English
language newsgroup, not Martian, and so we should (whenever
possibly) adapt English conventions>
as
<Sno itne vn ochsi lgn etpa daylbisso, pr'ev en eh Wdluohs
ewosdnan aitramton, puo Rgswene, gau gn al hsilgn (enanoere
wsegaugn) alhcu Seraere htfinevetub>
I think it looks vaguely Esperantonic (Esperantoid? Esperantic?),
if anything.
--
rzed This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Simon Brooke |
last post by:
I'm investigating a bug a customer has reported in our database
abstraction layer, and it's making me very unhappy.
Brief summary:
I have a database abstraction layer which is intended to mediate
between webapps and arbitrary database backends using JDBC. I am very
unwilling indeed to write special-case code for particular
databases. Our code has worked satisfactorily with many databases,
including many instances MS SQLServer 2000...
|
by: Douglas Buchanan |
last post by:
I am using the following code instead of a very lengthly select case
statement.
(I have a lot of lookup tables in a settings form that are selected
from a ListBox. The data adapters are given a similar name to the
table. Rather than making a long Select Case that could become
obsolete if lookup tables are added and the source table of the
ListBox is edited I came up with this code.)
This code works but of course it gives me build...
|
by: Mantorok Redgormor |
last post by:
I have a member of a struct which is:
int32_t ut_addr_v6;
And int32_t is typedef int int32_t; mentioning that for clarity.
Now when I attempt the following:
printf("%u.%u.%u.%u\n", ut_addr_v6,
ut_addr_v6, ut_addr_v6,
ut_addr_v6);
I get: 2912244697.0.0.0
|
by: maniac |
last post by:
Hey guys, I'm new here, just a simple question.
I'm learning to Program in C, and I was recommended a book called,
"Mastering C Pointers", just asking if any of you have read it,
and if it's worth the $25USD.
I'm just looking for a book on Pointers, because from what I've
read it's one of the toughest topics to understand.
thanks in advanced.
|
by: spike |
last post by:
How do i reset a string?
I just want to empty it som that it does not contain any characters
Say it contains "hello world" at the time...
I want it to contain "". Nothing that is..
Thanx
| | |
by: Lee |
last post by:
Hi
Whenever I use the gets() function, the gnu c compiler gives a
warning that it is dangerous to use gets(). Is this due to the
possibility of array overflow? Is it correct that the program flow can
be altered by giving some specific calculated inputs to gets()? How
could anyone do so once the executable binary have been generated? I
have heard many of the security problems and other bugs are due to
array overflows.
|
by: mensanator |
last post by:
Probably just me. I've only been using Access and SQL Server
for 12 years, so I'm sure my opinions don't count for anything.
I was, nevertheless, looking forward to Sqlite3. And now
that gmpy has been upgraded, I can go ahead and install
Python 2.5.
So I open the manual to Section 13.13 where I find the first
example of how to use Sqlite3:
|
by: Eric_Dexter |
last post by:
http://www.ddj.com/184405774;jsessionid=BDDEMUGJOPXUMQSNDLQCKHSCJUNN2JVN
I saw a warning from homeland security about this. I only comment on
the because I am trying to use os.system('command1 arg') and it doesn't
work but I do see examples with % that is borrowed from the c language.
Seems like if I can write a batch file that does something the same
behavior should happen in the os module..
|
by: braver |
last post by:
Is there any trick to get rid of having to type the annoying,
character-eating "self." prefix everywhere in a class? Sometimes I
avoid OO just not to deal with its verbosity. In fact, I try to use
Ruby anywhere speed is not crucial especially for @ prefix is better-
looking than self.
But things grow -- is there any metaprogramming tricks or whatnot we
can throw on the self?
Cheers,
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
