The logic of null values in Oracle is peculiar. For starters, an empty string is treated as a null value, a behaviour that is totally against the SQL standard and common sense. And comparison operators also behave in unexpected ways when they encounter nulls. A null value is never equal to anything else (makes sense). A null value is also never equal to another null value (stranger, but I can live with that). But apparently a null value is also never not equal (!=) to anything else (which I find very counter-intuitive):

SQL> select * from dual where null = 77;
no rows selected

SQL> select * from dual where null = null;
no rows selected

SQL> select * from dual where null != null;
no rows selected

SQL> select * from dual where null != 77;
no rows selected

This all adds up to a gaping security hole in my login password checking code:

if ( password != v_password) then
    events.count_it(-1); -- wrong password
    return -1;
end if;

Before I changed it to

if ( password is null or password != v_password) then
    events.count_it(-1); -- wrong password
    return -1;
end if;

people have been able to log in just by entering an empty password, which gets interpreted as NULL, which is never regarded as different from the real password.

I am very grateful that someone spotted this before we launched the site.

The temperature in Tokyo hit an all-time high yesterday at 39.5 C just before 1 pm. The previous record of 39.1 C was reached in August 1994.

There is a saying in the Perl community that nothing but perl can parse Perl. While this mainly alludes to the two well known facts that the Perl syntax is much more complex than that of other programming languages, and that Perl is very well suited to write parsers, it also hints at particularily useful feature common in interpreted languages: run-time evaluation. This ability to treat input data as little programs makes it very easy to extend and configure your Perl applications.

With Perl, you do not really need, for example, a special syntax for configuration files. If you can live with the obvious security implications, you can just use Perl snippets instead of .ini, .properties or XML files. Using those files from your application is actually easier than reading any other type of file (the built-in do() function does all the work), and you can

• use comments, spacing and indentation at will
• use Perl's many quoting styles
• use complex data structures -- arrays, hashes, nested if required (ever tried to create an array in a Java properties file?)
• set Perl variables
• set environment variables
• load additional modules
• call functions to calculate some settings dynamically
• or anything else you can do in a program, but never dared to ask of a configuration file.

One person's data is another person's program.

Programming Pearls, Communications of the ACM, Sept. 1985

Part one - Tanaka-san.

The problem with these serial movies is that they do not really have a beginning, but continue where the previous one left off (so that you have to remember many things from the a movie you saw two years ago) and, even worse, they do not really have an end, but leave everything open to possible further sequels. And then, of course, there are the 41 (and counting) mistakes.

6 points

This third part of the Vampire Chronicles starts great: Awakened by Lestat's (who has taken up a career as a rock star) songs, Akasha, an Egyptian queen and mother of all vampires, rises from her six-thousand-year sleep, bringing great uncertainty and worry to blood drinkers of all ages and countries. In the first half of the book the major characters travel to San Francisco to see Lestat's concert where all events culminate. Their backgrounds are very diverse and interesting and the idea to integrate the publishing of the first two novels (Interview with the Vampire and The Vampire Lestat) into the story line is also quite clever. In the second half, after the concert, however, I found the book to turn rather dull, and almost decided to put it down and stop reading Anne Rice for good (in fact, I did put it down and turned to The Bonfire of the Vanities). The novel is somehow redeemed by its last chapter, which, after Akasha is dealt with, provides a cliff-hanger opening to the next parts of the series.

Basically all movie theaters in Tokyo have Ladies' Day (1000 yen instead of 1800 yen for the ticket) every Wednesday, but I can of course only benefit indirectly from that. Well, I just found out that Thursday at the Shibuya Cine Palace is Men's Day. Yie-hah!

21 Grams tells a very depressing story about how a terrible car accident brings together and destroys the lives of a deeply religious ex-con (Benicio Del Toro, looking like a wasted version of Brad Pitt), a mother (Naomi Watts) and a professor (Sean Penn in various degrees of bad health). To say more than that about the plot would be unfair in case you want to see the movie, as its main feature is how the story unfolds with a completely non-linear arrangement of many small scenes.

7 points