473,326 Members | 2,732 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

OT Annoying Habits (Was: when format strings attack)

Greetings:

Personally, I don't think top-posting is the most annoying newsgroup
habit. I think it's making a big fuss about minor inconveniences.

One of the nicest things about being human is the amazing flexibility of
our brains. For example, if a block of text isn't arranged in the order
we're used to, we can easily rearrange it mentally and read it anyway.
Oriental and Arabic peoples, for example, do this each time they read
something written in English. It's EASY, once you get used to it!

It took me about 3 seconds to realize that Mr. D'Aprano' Q&A session was
laid out bottom-to-top instead of top-to-bottom. After that, it made
perfect sense. While it was a excellent way to demonstrate his
argument, it failed to prove his point, because, while top-to-bottom may
be the way he reads things, it isn't the way _everyone_ reads things.

So, as far as I'm concerned, post your posts in whatever manner works
for you. If it's in English, I'll figure it out. If not, well, there's
always Babelfish. ;^)

Regards,

Barry
ba***********@psc.com
541-302-1107
________________________
We who cut mere stones must always be envisioning cathedrals.

-Quarry worker's creed

-----Original Message-----
From: Steven D'Aprano [mailto:st***@REMOVE.THIS.cybersource.com.au]
Sent: Friday, January 19, 2007 11:30 AM
To: py*********@python.org
Subject: Re: when format strings attack

On Fri, 19 Jan 2007 10:43:53 -0800, John Zenger wrote:
Perhaps it is not as severe a security risk, but pure Python
programs
can run into similar problems if they don't check user input for %
codes.
Please don't top-post.

A: Because it messes up the order that we read things.
Q: Why?
A: Top-posting.
Q: What is the most annoying newsgroup habit?

Example:
>>k = raw_input("Try to trick me: ")
Try to trick me: How about %s this?
>>j = "User %s just entered: " + k
print j % "John"
Traceback (most recent call last):
File "<pyshell#8>", line 1, in ?
print j % "John"
TypeError: not enough arguments for format string
That's hardly the same sort of vulnerability the article was talking
about, but it is a potential bug waiting to bite.

In a serious application, you should keep user-inputted strings
separate
from application strings, and never use user strings unless they've
been
made safe. See Joel Spolsky's excellent article about one way of doing
that:

http://www.joelonsoftware.com/articles/Wrong.html

--
Steven.

Jan 19 '07 #1
7 1535
In article <ma***************************************@python. org>,
Carroll, Barry <Ba***********@psc.comwrote:
>
Personally, I don't think top-posting is the most annoying newsgroup
habit. I think it's making a big fuss about minor inconveniences. =20
Thing is, nobody will ignore your posts for following standard Usenet
conventions, but some of us will definitely ignore your posts if you
don't. It's your choice how much attention you want.
--
Aahz (aa**@pythoncraft.com) <* http://www.pythoncraft.com/

Help a hearing-impaired person: http://rule6.info/hearing.html
Jan 19 '07 #2
On Fri, 19 Jan 2007 12:20:26 -0800, Carroll, Barry wrote:
It took me about 3 seconds to realize that Mr. D'Aprano' Q&A session was
laid out bottom-to-top instead of top-to-bottom. After that, it made
perfect sense.
Three seconds, compared to about thirty milliseconds if it were written in
the normal fashion. That's an inefficiency of about two orders of
magnitude. Multiply that by a few hundred news posts and emails that you
might read in a day, and, well, I think that makes it a big deal. That
means top posting is to effective communication what exchange-sort is to
quicksort.

I use the analogy advisably: just as there is overhead to quicksort that
makes it slower for sufficiently small lists, so there is overhead to
in-line posting that makes top posting easier for the reader under quite
restricted circumstances: you're reading the posts in order, and the
entire thread (or at least the relevant parts of it) are still in short
term memory.
While it was a excellent way to demonstrate his
argument, it failed to prove his point, because, while top-to-bottom may
be the way he reads things, it isn't the way _everyone_ reads things.
There are, as far as I know, no human languages that write from the
bottom of the page upwards.

But even if there are such languages, we're on an English language
newsgroup, not Martian, and so we should (whenever possibly) adapt English
conventions.
So, as far as I'm concerned, post your posts in whatever manner works
for you. If it's in English, I'll figure it out. If not, well, there's
always Babelfish. ;^)
Or perhaps I should say:

..snoitnevnoc
hsilgnE tpada )ylbissop revenehw( dluohs ew os dna ,naitraM ton ,puorgswen
egaugnal hsilgnE na no er'ew ,segaugnal hcus era ereht fi neve tuB

--
Steven.

Jan 20 '07 #3
I should write a python script to read this. :)
>.snoitnevnoc
hsilgnE tpada )ylbissop revenehw( dluohs ew os dna ,naitraM ton ,puorgswen
egaugnal hsilgnE na no er'ew ,segaugnal hcus era ereht fi neve tuB
Jan 20 '07 #4
"Steven D'Aprano" <st***@REMOVE.THIS.cybersource.com.auwrote:
Or perhaps I should say:

.snoitnevnoc
hsilgnE tpada )ylbissop revenehw( dluohs ew os dna ,naitraM ton ,puorgswen
egaugnal hsilgnE na no er'ew ,segaugnal hcus era ereht fi neve tuB
First I thought it was Welsh or Cornish or something.

Then it was like being in my first year of school again-
reading letter by letter. Never realised how difficult it is.

I suppose it will improve with practice.

- Hendrik

Jan 20 '07 #5
"Hendrik van Rooyen" <ma**@microcorp.co.zawrites:
"Steven D'Aprano" <st***@REMOVE.THIS.cybersource.com.auwrote:
.snoitnevnoc
hsilgnE tpada )ylbissop revenehw( dluohs ew os dna ,naitraM ton ,puorgswen
egaugnal hsilgnE na no er'ew ,segaugnal hcus era ereht fi neve tuB

First I thought it was Welsh or Cornish or something.

Then it was like being in my first year of school again-
reading letter by letter. Never realised how difficult it is.

I suppose it will improve with practice.
Alternatively, you could consider it to be an active impediment to
understanding, which, no matter how convenient it may be for the
person writing it, is against the norms of written English and
inconsiderate of the reader.

With that in mind, you might convince those who write their messages
that way to conform to the norms of written English for the sake of
communication.

--
\ "No wonder I'm all confused; one of my parents was a woman, the |
`\ other was a man." -- Ashleigh Brilliant |
_o__) |
Ben Finney

Jan 20 '07 #6
On Friday 19 January 2007 22:51, Hendrik van Rooyen wrote:
"Steven D'Aprano" <st***@REMOVE.THIS.cybersource.com.auwrote:
Or perhaps I should say:

.snoitnevnoc
hsilgnE tpada )ylbissop revenehw( dluohs ew os dna ,naitraM ton
,puorgswen egaugnal hsilgnE na no er'ew ,segaugnal hcus era ereht fi neve
tuB

First I thought it was Welsh or Cornish or something.

Then it was like being in my first year of school again-
reading letter by letter. Never realised how difficult it is.

I suppose it will improve with practice.
Not to steer this topic even futher off topic, but this is something that's
been on my mind lately...

The biggest problem with it that the letters were forwards and not also
backwards (and the parens). But then, it's my understanding that as a
left-handed person, reading and writing backwards is far easier for me than
for the majority that is right-handed. Have any other lefties found that the
case?

-Dane
Jan 20 '07 #7
Dane Jensen <ca***@fastmail.fmwrote in
news:ma***************************************@pyt hon.org:
On Friday 19 January 2007 22:51, Hendrik van Rooyen wrote:
>"Steven D'Aprano" <st***@REMOVE.THIS.cybersource.com.auwrote:
Or perhaps I should say:

.snoitnevnoc
hsilgnE tpada )ylbissop revenehw( dluohs ew os dna ,naitraM
ton ,puorgswen egaugnal hsilgnE na no er'ew ,segaugnal hcus
era ereht fi neve tuB

First I thought it was Welsh or Cornish or something.

Then it was like being in my first year of school again-
reading letter by letter. Never realised how difficult it is.

I suppose it will improve with practice.

Not to steer this topic even futher off topic, but this is
something that's been on my mind lately...

The biggest problem with it that the letters were forwards and
not also backwards (and the parens). But then, it's my
understanding that as a left-handed person, reading and writing
backwards is far easier for me than for the majority that is
right-handed. Have any other lefties found that the case?
How would anybody know? As a left-hander, I have found it easy
enough to read backwards, but then, being left-handed forces a
certain habit of adaptability in any case. Maybe that makes it
easier to read backward, but that is not a task I'm often called
on to do. It takes practice regardless.

This subthread reminds me of my *highly secure* plaintext
encryption system that would render the sentence

<But even if there are such languages, we're on an English
language newsgroup, not Martian, and so we should (whenever
possibly) adapt English conventions>

as

<Sno itne vn ochsi lgn etpa daylbisso, pr'ev en eh Wdluohs
ewosdnan aitramton, puo Rgswene, gau gn al hsilgn (enanoere
wsegaugn) alhcu Seraere htfinevetub>

I think it looks vaguely Esperantonic (Esperantoid? Esperantic?),
if anything.

--
rzed
Jan 20 '07 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

15
by: Simon Brooke | last post by:
I'm investigating a bug a customer has reported in our database abstraction layer, and it's making me very unhappy. Brief summary: I have a database abstraction layer which is intended to...
10
by: Douglas Buchanan | last post by:
I am using the following code instead of a very lengthly select case statement. (I have a lot of lookup tables in a settings form that are selected from a ListBox. The data adapters are given a...
4
by: Mantorok Redgormor | last post by:
I have a member of a struct which is: int32_t ut_addr_v6; And int32_t is typedef int int32_t; mentioning that for clarity. Now when I attempt the following: printf("%u.%u.%u.%u\n", ut_addr_v6,...
388
by: maniac | last post by:
Hey guys, I'm new here, just a simple question. I'm learning to Program in C, and I was recommended a book called, "Mastering C Pointers", just asking if any of you have read it, and if it's...
22
by: spike | last post by:
How do i reset a string? I just want to empty it som that it does not contain any characters Say it contains "hello world" at the time... I want it to contain "". Nothing that is.. Thanx
302
by: Lee | last post by:
Hi Whenever I use the gets() function, the gnu c compiler gives a warning that it is dangerous to use gets(). Is this due to the possibility of array overflow? Is it correct that the program...
66
by: mensanator | last post by:
Probably just me. I've only been using Access and SQL Server for 12 years, so I'm sure my opinions don't count for anything. I was, nevertheless, looking forward to Sqlite3. And now that gmpy...
9
by: Eric_Dexter | last post by:
http://www.ddj.com/184405774;jsessionid=BDDEMUGJOPXUMQSNDLQCKHSCJUNN2JVN I saw a warning from homeland security about this. I only comment on the because I am trying to use os.system('command1...
84
by: braver | last post by:
Is there any trick to get rid of having to type the annoying, character-eating "self." prefix everywhere in a class? Sometimes I avoid OO just not to deal with its verbosity. In fact, I try to...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.