Assorted links

by on August 2, 2013 at 12:06 pm in Uncategorized | Permalink

1. There is no great stagnation, kitchen larva edition.

2. Will, on the succor.

3. Pictures of 200 calories, and the most expensive kitchen appliances.

4. What happens when an employee’s last name is Null?

5. One professor’s story, more here (pdf).

6. New revenue results on the NYT paywall.

Ironman August 2, 2013 at 12:09 pm

One for fun: Inflation and The Batman!

Rahul August 2, 2013 at 12:16 pm

#4 In a well designed language / database, nothing, I suppose. “Null” is not the same as Null, hopefully.

JWatts August 2, 2013 at 1:41 pm

It’s not really that simple. If there are any non-sanitized inputs into the database (assuming Transact SQL) you could easily get an unexpected and catastrophic result. However, since most programmers are aware of this issue, the most obvious likely mis-code is that in order to prevent a SQL injection attack, the interface automatically rejects the “Null” string.

So, most of the time I wouldn’t expect bad results, however, the system rejecting the string “Null” as a search term doesn’t surprise me in the least.

Rahul August 2, 2013 at 2:19 pm

An esoteric side-effect of preventing SQL-injection attacks, I suppose. I’m no expert, but I think that there are more nuanced ways of protecting against these attacks than simply dropping every potential keyword. Then again, it’s entirely reasonable for a programmer to never expect to encounter Mister Null.

Sigivald August 2, 2013 at 2:17 pm

More accurately a good toolkit, but yes.

If your design is correct, your last name (ala Bobby Tables) could be “; drop table” and nothing would happen.

Contra JWatts, yeah, you can TRY to check your strings for things like “null” or “drop”, but that’s both more work and less secure than properly parameterizing your SQL access in the first place. With paramaterized SQL access you automatically fix all the injection attacks and can’t “miss” a Wicked String.

Rejecting “Null” for that reason just proves to me that something was halfassed in the design somewhere.

(In this actual case it appears to have been a casting failure in Flex 3.5, that turned a Null into a “Null” in error, rather than any attempt to prevent a SQL injection attack.)

Rahul August 2, 2013 at 2:23 pm

Exactly! I agree.

An analogous example of the correct way to do things seems Linux: I’ve never managed to find a file name (and probably a username too) that it won’t accept or will hiccup on. I think you can practically put every control character you want into a filename and live with it.

I’d be curious to know if I’m wrong.

JWatts August 2, 2013 at 2:58 pm

“Contra JWatts, yeah, you can TRY to check your strings for things like “null” or “drop”, but that’s both more work and less secure than properly parameterizing your SQL access in the first place.”

You are addressing what programmers should do, I was addressing what people (many of whom aren’t professional programmers) often do.

AVX August 5, 2013 at 11:28 am

One should be wary of sites which allow SQL injection attacks. Well written sites will never have a problem with any input passed in their forms, including null, accented characters or actual commands. If a site tries to sanitize an input, its only preventing dumb hackers because null or a command can be passed in various ways ( how about passing null as “N” + “U” + “L” + “L”, or replace(MULL,”M”,”N”) or a billion other variations which can bypass any sanitizing one might attempt to do). Most databases have a concept of parameterized statement which prevents SQL injection. What that does is to make sure that a literal string passed into an input field is always treated as a string and never as part of a command.
Never trust a website which throws errors when you pass in single or double quotes or throws errors because it is trying to sanitize input. Those websites are not only easily hackable, but also shows that the website owners are not serious about the security of your data.

8 August 2, 2013 at 12:33 pm

#2 It is not hard at all to see the GOP going hardcore populist fueled by an injection of Ron Paul anti-bank policies. I get the sense that the GOP base is still pro-business in the sense of an owner/manager, but is turning against the rentier class that is the “country club” Republican. Rand Paul is trying to fuse the two with a more hawkish foreign policy. Eventually you’re going to see a hawk come out for a more isolationist foreign policy, anti-WTO and trade, anti-finance, anti-media. Currently the elite control both parties, but a populist leader will be fully anti-elite. As I pointed out in the thread on wealth taxes, hitting university endowments and trusts is a great way to score billions immediately. Imagine grabbing 50% of Harvard’s endowment and having it be wildly popular, this is where America is headed because the wealth is concentrating. Once the elite are isolated, a populist can win huge majorities because he can throw money around for a short time to sop up lower class left-wing voters, while practicing upper class replacement.

George Doehner August 2, 2013 at 1:36 pm

The GOP base is probably pro-business, in the sense they support entrepreneurship and capitalism. The GOP party is anti-business and pro-Wall Street. I think what we are seeing today is the base finally understanding the difference. How that plays out is a mystery to me, but my guess is they lose a few more elections until the gap between the party and their voters narrows.

Andrew' August 3, 2013 at 6:27 am

If the GOP base realizes that and the left realizes that you don’t get ahead by being doled out a living welfare of “company scrip” skimmed off the top margin of the profits of an elite that is rent-seeking, we’ll be in business.

I also don’t accept Chait’s assertion that populism is only about economic inequality. A large chunk of populism is the moral views of the populists, which can accept a meritocracy, not to mention many of the elites are not rich.

Andrew' August 3, 2013 at 6:31 am

“Margaret Canovan argues that both these polar views are faulty, and has defined two main branches of modern populism worldwide—agrarian and political—and mapped out seven disparate sub-categories”

Agrarian sounds a little Jeffersonian, and the “new agrarian” might mean the small business, or anything opposite Federal capitial accumulators.

Within the political label is the “reactionary populists” which could easily contain paleo-conservative and libertarian strains.

zbicyclist August 2, 2013 at 12:54 pm

#5: Interesting as a “where is he now” story, but really not a cause for action. He did his time, changed his name, seems to have been in no trouble since, and has a job at a small Presbyterian college in a small rural city.

prior probability August 2, 2013 at 3:56 pm

Plus, he probably has tenure!

Silas Barta August 2, 2013 at 4:56 pm

What I want to know is, how did he even get into a PhD program? People have a hard time getting admitted to a good Bachelor’s at *18* and when they *don’t* have a mysterious high school record. What preferential treatment did he get?

Oh, I know, right: his papers on psychology while an undergrad must have been *soo* insightful and soooo falsfiable ….

Chris August 2, 2013 at 5:54 pm

I’m pretty sure I wasn’t even asked about name changes or criminal records when I applied to Ph.D. programs. I agree with that policy, by the way. If you have the grades and the letters, you’re in. And I bet that was even more so decades ago, before the hysteria set into America.

Silas Barta August 2, 2013 at 8:31 pm

Weren’t asked about name changes? Just letters and grades and you’re in? Must have been a long time since you filled out an application. No SSN? No admissions essay? No filter-by-undergrad school (hence my question about which one admitted him)? No questions about financial interest in certain companies?

Rahul August 3, 2013 at 12:20 am

I don’t remember being asked about t name changes or criminal records either. For jobs yes, for my PhD no. SSN was explicitly mentioned as “optional”

Chris August 3, 2013 at 10:59 am

Rahul is right. This was only seven years ago (this is for Ph.D. programs, not for jobs). There was an essay, but widely understood to be unimportant and unread. I don’t know what you mean by “filter by undergrad”. Certainly I sent my undergraduate transcript in, they knew where I came from. I didn’t mean that you could just show up with a transcript from Nowhere University and automatically get admitted. I meant that by and large, economics Ph.D. programs care virtually zero about personal characteristics, and that includes criminal records (as evidenced by this. As far as I remember, there weren’t questions about criminal records or name changes.

JWatts August 2, 2013 at 1:20 pm

There is no great stagnation:

Goats to help tend historic grave sites in the nation’s capital
The non-profit Association for the Preservation of Historic Congressional Cemetery has partnered with a gaggle of 100 grazing goats, who will trim the exterior perimeters of the site from Aug. 7-12 as an “innovative green project.

Indeed. The goats will graze 24 hours a day for six days, scarfing up vines, poison ivy, ground cover and random debris, “all the while fertilizing the ground,” organizers say.

Turkey Vulture August 2, 2013 at 5:55 pm

I wanted to start a goats-eating-stuff centric company. Looks like the niche is quickly filling.

Jeromy August 2, 2013 at 1:22 pm

If you like #3, youll love

George Doehner August 2, 2013 at 1:42 pm

#6: One of the things I find interesting about this is the subscriber numbers. Publications transitioning from print to digital always see a huge drop in subscriptions after the initial transition. The Times claims 700,000 digital subscribers, which is close to their FT circulation. The slowdown suggests their ceiling is getting close for this phase of their roll out. It is what comes next that will determine the final size of the NYT as an organization. History suggests a slow erosion of subs until they settle in around 50% of their DT circulation.

JF August 2, 2013 at 2:34 pm

#6. I laughed: “The law of large numbers all but dictates a slowdown from early high growth rates.”

JWatts August 2, 2013 at 2:50 pm

{facepalm}, I just got around to reading that and started laughing.

ohwilleke August 2, 2013 at 3:54 pm

After they get around to addressing Mr. Null’s issue, maybe they can someday start fixing the myriad institutional databases that can’t handle hyphenated names that make up a significant percentage, albeit small, of the population. Constantly getting dissed by credit card companies, airlines, etc. gets old.

TMC August 2, 2013 at 7:37 pm

Hyphenated names are a PIA. I just truncate the name to the last portion – the real last name, like your parents should of. (ok, I might be trolling just a little)

Rahul August 3, 2013 at 12:22 am

What about people with Umlauts or accents. Would your not-so-friendly DMV dragon know how to enter those on her keyboard?

Maybe a more pragmatic solution is people sanitizing their names……..

Chris S August 3, 2013 at 9:07 am

The best solution is that we all just go by numbers. I will name my next child -1, and his friend, sqrt(-1)

Turkey Vulture August 3, 2013 at 11:31 am

Dibs on 905.

Rahul August 3, 2013 at 4:23 pm

Be glad you aren’t in Germany. I hear they have an Approved Names List.

Adrian Ratnapala August 2, 2013 at 5:28 pm

#3 500 ml of Coca-cola is only worth half a hamburger? I thought the stuff was nearly all sugar. Or is that diet coke?

sanjiv August 2, 2013 at 10:59 pm

“What happens when an employee’s last name is Null?”


Dave Barnes August 3, 2013 at 4:47 pm

En Español, nada.

Andrew' August 3, 2013 at 6:19 am

1. Ha! The joke is on you. Those are black soldier fly larvae. They are an amazing “technology.” Set up a decent compost pile and they will likely just show up, seemingly by magic. They repel other types of fly and don’t produce the typical disgusting smells. All the adult flies care about is mating and finding garbage to eat…typical teenagers. The larvae combined with the right kitchen scraps and compost bucket create a nearly automated chicken feeding system. The larvae contain unusually high calcium, which helps with egg production. And per Wikipedia ‘As a feeder species, BSFL are not known to be intermediate hosts of parasitic worms that infect poultry, while redworms are host to many.”

jf August 3, 2013 at 9:40 am

Interesting advert across from the Wolcott story: “Guns: get ‘em while you still can.”

How could the Wolcott tragedy possibly have been avoided..?

Andrew' August 3, 2013 at 10:20 am

By shooting him.

jf August 3, 2013 at 10:55 am

I don’t know. I hate holding a gun in the firing position while I read in bed; it makes turning the pages harder, and if the gun goes off accidentally, a little piece will be missing from each page all the way to the end.

Anyways, I’ve already taken the best precaution possible to protect my family: we have no guns.

jf August 3, 2013 at 10:56 am

(^ This comment was in response to Andrew above.)

Andrew' August 4, 2013 at 4:04 am

That is of course your right but certainly isn’t the best possible precaution, and I bet you even know that.

lxm August 3, 2013 at 11:30 am

WW says:
That said, it remains that egalitarian anti-corporatism is a genuinely excellent, genuinely egalitarian idea. I would prefer to see it combined with a really solid scheme of social insurance. But we never see this combination because neither party is interested in it.

I agree.

Comments on this entry are closed.

Previous post:

Next post: