Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
United Kingdom

North Yorkshire Council To Ban Apostrophes On Street Signs To Avoid Database Problems (bbc.com) 100

The North Yorkshire Council in England announced it will ban apostrophes on street signs as it can affect geographical databases. Resident Anne Keywood told the BBC that she urged the authority to retain apostrophes, saying: "If you start losing things like that then everything goes downhill doesn't it?" From the report: North Yorkshire Council said it "along with many others across the country" had opted to "eliminate" the apostrophe from street signs. A spokesperson added: "All punctuation will be considered but avoided where possible because street names and addresses, when stored in databases, must meet the standards (PDF) set out in BS7666.

"This restricts the use of punctuation marks and special characters (e.g. apostrophes, hyphens and ampersands) to avoid potential problems when searching the databases as these characters have specific meanings in computer systems."

This discussion has been archived. No new comments can be posted.

North Yorkshire Council To Ban Apostrophes On Street Signs To Avoid Database Problems

Comments Filter:
  • by DrMrLordX ( 559371 ) on Thursday May 09, 2024 @05:01AM (#64458977)

    You already ran this story recently.

  • Tha could be t'problem in yarkshire!

  • by wierd_w ( 1375923 ) on Thursday May 09, 2024 @05:07AM (#64458989)

    Robert '); DROP TABLE Students;-- ? would be proud that this village in England cannot sanitize their freaking inputs by substituting an accent acute for apostrophe in the names. (Or be able to use unicode extended codepage identical appearing characters with a different value, like U-2019, instead.)

    Nope. Too much work. Cant have the office drones actually have to learn how to sanitize things, now can we? /snark

    • lol
    • It's not even office staff. It's adding a little bit of code to the UI & backend to process special characters in strings. That's it. It's that simple. Find out who the IT contractor is then name & shame them!
    • Imagine asking your average DMV drone to type Alt+2019 every time they want to type " ' "

      We joke, but the real solution is to fix the input field, which may be hard to get done in a government IT department.

      • Yep. Never rely on the human doing data entry to adapt, because even if they care to try not to they're eventually going to make a mistake.

        But whoever built a database without reviewing the data it was intended to contain should be fired, shamed, and unable to work in IT ever again.

      • Imagine asking your average DMV drone to type Alt+2019 every time they want to type " ' "

        We joke, but the real solution is to fix the input field, which may be hard to get done in a government IT department.

        I could see the union for the DMV drone demanding all new keyboards that incorporate that character as a separate key ... to reduce RSI you know /s

    • Computer says CANT.

    • Re: (Score:3, Interesting)

      Robert '); DROP TABLE Students;-- ? would be proud that this village in England cannot sanitize their freaking inputs by substituting an accent acute for apostrophe in the names. (Or be able to use unicode extended codepage identical appearing characters with a different value, like U-2019, instead.)

      Nope. Too much work. Cant have the office drones actually have to learn how to sanitize things, now can we? /snark

      Eh, sure ... in an ideal world every piece of software and every data entry person in every office would do everything perfectly.

      In the real world, where everything costs money, systems are diverse, and chaos is real ... it might very well be simpler to just train people not to use punctuation in names. (And to just strip it from inputs rather than use possibly disparate encoding methods.)

      • Re:Obligatory XKCD (Score:5, Insightful)

        by KiloByte ( 825081 ) on Thursday May 09, 2024 @06:19AM (#64459081)

        In the real world, if you don't pay devs to fix this particular issue, you have a gaping security hole right there.

        • Re:Obligatory XKCD (Score:4, Interesting)

          by StormReaver ( 59959 ) on Thursday May 09, 2024 @08:17AM (#64459327)

          If you're not using prepared statements for all your queries, THAT is where you have a gaping security hole. If you're using a vendor that does inline queries with manual escaping, THAT is where you have a gaping security hole. If your program barfs on punctuation, it is using inline queries with escaping and is a gaping security hole. This is database 101 stuff.

          But that doesn't seem to be the main issue. The main issue is when searching for streets with apostrophes. Searching for "St. Mary's Walk" will potentially give very different results than searching for "St Marys Walk" or "St Mary's Walk". Training won't help, because it relies on perfect human compliance.

          Removing punctuation from the database is the most reliable solution.

          • Removing punctuation from the sort index makes sense. But you do need to be able to store the proper text.

          • "Removing punctuation from the database is the most reliable solution"

            No, making your searches punctuation insensitive is the most reliable solution.

      • I was meaning, more, 'they need to use a simple string check and manipulation function to automatically test for presence of any incidences of " ' ", and substitute either U+2019 or U+00B4, using equivalents of LEN, LEFT, RIGHT, and + operators."

        Use a local shadow string variable to copy the LEFT portion of the string, insert the substitute character, get and store position of insertion, continue, and as found, append new LEFT from last position +1 (minus LEN of old LEFT), and substitute as needed until end

        • In other words, trust the (web)-client. No thank you.
        • by unrtst ( 777550 ) on Thursday May 09, 2024 @07:56AM (#64459265)

          WTF is up with multiple people suggesting these insane ways of sanitizing the data??? How do people think binary data (ex. images) get inserted into a database? The BS7666 standard is archaic. Just process the data correctly.

          FYI, every modern (and most ancient) SQL server supports a concept of placeholders in queries (parameterized input). Like:
          INSERT INTO SomeTable (id, street_name) VALUES (?, ?)
          And then you pass the values in via an array to execute that prepared statement.

          It's not hard at all to fix this sort of stuff, and leaving any code that can't handle garbage user data input is just asking for much MUCH bigger problems.

          If also not difficult to escape or replace characters to sanitize the data instead of using SQL placeholders. This is needed for some formats, like CSV files to transfer this info, but it's a very well established practice.

          • by ceoyoyo ( 59147 )

            When you're a perl programmer you've just gotta make the string yourself.

            • by unrtst ( 777550 )

              Odd you say that, since perl is my primary language. DBI, and the various DBD drivers, have robust support for placeholders, and well implemented escaping for those few databases that don't support placeholders themselves ($dbh->quote("string")).


              $dbh = DBI->connect(...);
              $sth = $dbh->prepare("INSERT INTO whatever (column1, column2, column3) VALUES ('static value', ?, ?)");
              $sth->execute("param2", "param3");
              $sth->finish();
              $dbh->disconnect();

              • by ceoyoyo ( 59147 )

                Perl isn't what it used to be. Drivers! If you're not assembling the bytes yourself and squirting them at the socket, what are you even doing?

                • by unrtst ( 777550 )

                  Thank you! You made this old perl guy feel young! DBI was released in '94.
                  Oh, and bind params seem to have been supported since then as well (which actually surprised me a little).

          • It may not be difficult to escape/sanitize instead of using parameterized queries, but it's wrong. Just use the parameterized queries. Sanitization and string comparison are subject to constant new and creative ways of using international characters to bypass them. Just don't do it.
            • by unrtst ( 777550 )

              It may not be difficult to escape/sanitize instead of using parameterized queries, but it's wrong. Just use the parameterized queries. Sanitization and string comparison are subject to constant new and creative ways of using international characters to bypass them. Just don't do it.

              Please note, I qualified that statement with, "This is needed for some formats, like CSV files to transfer this info". You are right, and I agree - if bind variables / parameterized queries are available, use them.

              If you're working with MDB Tools, or older versions of SQLite or MySQL, they don't support bind variables. Many of the DB libraries, especially ones designed to work with multiple DB backends like perl DBI, support the bind variable syntax but will automagically do the proper escapes/quoting for y

      • by AmiMoJo ( 196126 )

        But they are relying on people doing their job perfectly. If they forget to strip punctuation, or typo it, they could break the database. Not to mention the vulnerability to bad actors.

        The only reasonable solution is to properly sanitize input, and in 2024 it's not rocket science. We have well proven software designed to do just that.

        • _We_ have well proven software designed to do just that.

          The UK government has a tax to Fujitsu pipeline and a lack of interest in proving or disproving their claim that your mother is money-laundering for the mob before prosecuting.

        • But they are relying on people doing their job perfectly.

          No, you are relying on people not to completely f*** up their job. There is no need for sanitisation. All you need is to handle anything someone wants to store in the database.

        • It is trivial to find non-parameterized queries in code reviews. Almost any security tool will find them as well. And if a punctuation could break the database, what's to stop a malicious actor from using one even if it's not part of the official name. And no, don't sanitize. You are like the twentieth person to suggest this. Use parameterized queries.
      • by jsonn ( 792303 )
        If your database access layer doesn't use parametrized queries, fire your IT staff. It's really that simple. It makes the code more secure and more readable as well. There is no excuse for SQL injection issues at all.
      • > In the real world, where everything costs money

        I find it hard to believe that replacing hundreds to thousands of street signs to remove the apostrophe is more cost effective than adding a function to add some escape characters.

        =Smidge=

      • We've all learned to ignore apostrophes if needed in real life, without IT, and make other adjustments in pattern matching. When you misused "THAT" in capitals (misused in my eyes at least), I did not even see it the first time I read it. We can adapt, software should be able to do it too.

        And software does change and adapt. I just did a google search for "st mary at finchley". The top result was the correct one, a Wikipedia article for "St Mary-at-Finchley Church" (I never knew the name was actually hyphe

    • How about 'drop table taxRates' .. just sayin'
      • How about 'drop table taxRates' .. just sayin'

        Unless your SQL is created by idiots (and any SQL injection _is_ created by idiots) having a street named 'drop table taxRates' is no problem at all.

        Now the German post office... My company received a letter with a completely unreadable address. Then we figured out someone had used a keyboard blindly and moved his fingers one position to the left. Post office delivered it. And they managed to correctly deliver a letter addressed to (drawn square) (drawn triangle) 3.

    • Good Lord, this has been a problem since aropund 1998, and is fixable with effort and competent programming.

      Oh, right, government.

    • Robert '); DROP TABLE Students;-- ?

      A guy I worked with did a spectacular tech talk along a similar vein. His topic was internationalization and how most of our GUI products would mangle non-7-bit-clean strings (by UTF-encoding or decoding one too many times). After presenting his findings, he said he had a manager tell him to stop working on it. Apparently, according to Steve, users don't want a solution, they want a workaround.

      Steve, being a clever amateur artist, also created some "No ASCII" buttons, where "ASCII" was a drawing of a butt m

    • Substituting an accent acute for apostrophe is not a valid way to prevent SQL Injection defects. The proper solution is to use parameterized queries.
  • In Yorkshire, you don't fix government, government fix you! :D

    • In Yorkshire, you don't fix government, government fix you! :D

      In Yorkshire, you don't fix t'government, t'government fix you! :D

  • That'll fix it.

  • by Impy the Impiuos Imp ( 442658 ) on Thursday May 09, 2024 @05:44AM (#64459035) Journal

    As a programmer for 35 years and counting, I say this with as much experience-based authority I can muster:

    You lazy, good for nothing programmers! You fix this issue. Whining about apostrophes and ampersands and so on, in text strings, is an "oops, didn't think of that", 30 years ago. No more.

    Fix it. All arguments to the contrary can be diverted to /dev/lazy, /dev/whiney, /dev/30yearstofixit, and /dev/ohboyhiddencommandlineinterfaces. You are the ones who suck, thinking yourselves great for throwing wrappers around internal APIs, and presenting that as a product.

    You are the ones who suck. 30 years.

    Fix it.

    • "I was following the specs".

    • by coofercat ( 719737 ) on Thursday May 09, 2024 @06:54AM (#64459135) Homepage Journal

      Agreed, I could summarise with a slight fix to the text:

      > ...searching the databases as these characters have specific meanings in shit computer systems

      If you ever have to work differently because a computer told you so, then you absolutely should demand the computer do better. We make them to serve us and make us more productive, not the other way around. We seem to have got so 'normalised' to crappy experiences (Windows, I'm looking at you) that we seem to think that's how it has to be.

      As for road signs, places like Brow o' the Hill and the like make no sense without an apostrophe. Further, abbreviations don't either. This plan is daft from top to bottom. Just fix the damn computer and then have whatever you want.

    • Why would they fix it?

      Their government contract says they delivered the software as required.

      The beauty of fascism is everybody on corporate welfare can get rich being lazy while the taxpayers get poorer and poorer.

      It used to be that the town had a guy with a router and a stack of boards and good paint to make the road signs. Now somebody's uncle gets 10x that to make them with no accountability.

      Yeah, the apostrophe problem is probably in some other dumb software system but follow the premise.

      Ain't the Publ

      • by JustNiz ( 692889 )

        > But thanks to corruption and kickbacks that will continue.

        This. Otherwise all governments would have also moved from MSWindows to Linux by now.

        • I suspect more it's because of the low salaries in government IT jobs.
          • by JustNiz ( 692889 )

            What do low salaries have to do with which OS the government uses?

            • It's relatively easy to get someone who is "Microsoft Certified," but I'd say less so to get someone who intimately knows other operating environments. Consequently, the metrics for deciding who to hire ("He or she has certification X") and perhaps has a larger quantity of candidates in the talent pool; that last might lead to lower salaries. But in general, software (IT, development) salaries in government are amazingly small.
    • by jsonn ( 792303 )
      It's even worse. All modern web and database layers provide mechanisms that do escaping by default. It's pure incompetence.
    • It's a boss issue. Someone wrote a poor program, maybe in the 80s. Then the boss decided that instead of rewriting, their company's way of doing things should be the standard. They persuaded some other bosses of this. Now instead of an expense, you now have a "moat".

    • We lost the source code years ago, was on a floppy somewhere.
    • "Impy the Impious Imp" for UK CIO !

      Or really, for any country or organization.

    • Don't jump to conclusions of it being bad software. It's more likely that a mid-level manager with little to do had a pet peeve and dreamed up this directive. The software was probably a fig-leaf.

      I am so tired of people masquerading as organisations. North Yorkshire Council indeed!

      Rather, announcement by organisations should disclose the people responsible for key decision-making. Like this:

      The North Yorkshire Council Manager in England announced that, consequent to the approval by supervisory manager John Sumpter-Willowden of internal memorandum dated 2/2/22 authored by assistant-manager Jill McGraw-Hill, it will ban apostrophes on street signs...

    • It's a government IT department, sir. I'd be glad to fix it, sir, if you would just approve the budget, sir!

  • by AlexSledge ( 10102306 ) on Thursday May 09, 2024 @06:22AM (#64459089)

    By all means, less race into subservience to machines because developers are too lazy to properly handle punctuation.

    • I've actually always wondered this in other countries. How do machines handle foreign and unknown characters. Can the Spanish government issue a fine from a speed camera from a guy whose car is registered in Plön, Schleswig-Holstein, Germany because the license place has PLÖ as the first three digits? Will their system cope with the umlaut? Or will it attempt to find a car registered in Plauen, Saxony where the first digits are PL?

    • by mjwx ( 966435 )

      By all means, less race into subservience to machines because developers are too lazy to properly handle punctuation.

      No, that's how we beat them. When the machines rise we'll stop them with strategically placed commas, apostrophise and semi-colons. We're keep the thorns and percontation points in reserve in case things get really desperate.

  • and leave it at that. I could forgive them if their data store / query language wasn't built to handle querying across special characters. A lowly injection concern? Naw, parametrization has been around since the stone age.
  • The queen shall have a fresh head to kick around soon.

  • by EmagGeek ( 574360 ) on Thursday May 09, 2024 @06:38AM (#64459107) Journal

    The real reason to ban apostrophe's is because nobody knows what they're for or how to use them anymore.

    • > nobody knows what they're for

      you could have gone with "their". ;)

    • Your terms are more than acceptables. I'd also like to get rid of double quotes because I'm tired of seeing them as "emphasis."
    • by Bongo ( 13261 )

      A flash of light. A man wearing 21st century clothes appears. He tells the locals in 1550, "Stop! Do not do it. I am from the future. We still do not understand."

    • > The real reason to ban apostrophe's is because nobody knows what they're for or how to use them anymore.

      Nonsense. It really is quite simple. The aphostrophe's role is to warn that a letter "s" is following :)

    • When it comes to punctuation its fine if its' missing or wrong so long as you spell correctly and people understand what youre getting at right?

      Unrelatedly a coworker was telling me about his big plans for the weekend. He always loves when he gets to enjoy cooking his family and his dog. Another coworker was telling me about his concern for the hostages in Gaza, his ailing mother and President Biden.

      (I hope that the above was as painful to read as it was to write)

  • I am more offended by spurious apostrophes than missing ones.

    If this avoids the grocers apostrophe ("apples' 30c each")*, then I can live with it.

    * That is an example of a grocers apostrophe, not what Street signs might show!

  • by zephvark ( 1812804 ) on Thursday May 09, 2024 @07:12AM (#64459169)

    In order to reduce printing costs, England has banned the letter "U". While this brings many of their words into conformance with the superior American standard, many people consider it gly, and kids no longer know how to abbreviate the word "yo" to a single letter.

    • They wanted to have better Qality with things, too. I don't think it'll help much, though, because Scotland, Wales, and Northern Ireland will still be using 'u.'
    • by GFS666 ( 6452674 )
      Well the great "Aluminum Versus Aluminium" battle just started another chapter with the deletion of the "U" ;)
  • Yeah it's a dupe... But, after a quick glance at the summary, my immediate thoughts were:

    If BS7666 doesn't allow for the use of apostrophes etc. in street names then BS7666 clearly needs revising as it's just plain wrong ! I bet there are place names with punctuation going right back to the Domesday book.

    N.B. I've not read the PDF as I'm not *that* interested.

    This is clearly a case of an inept management/IT departments who can't escape/sanitise strings etc. Think I might actually write to them about thi

    • Spoiler, BS7666 doesn't mandate that they are not used. It uses the phrase 'alphanumeric' which implies that, but then goes on to define what it actually means by that.

  • ... a problem familiar to CS -- removing troublesome characters from a database. Particularly the treed structures that comprise most filesystems. In Linux/BSD the utility `detox` was written and widely-available to do clean-up renaming.

  • What kind of inept/lazy people are they employing for the job?
    • The kind that are wanted there. I presume you have never not gotten a job from an interview where the interviewer doesn't know what he or she is doing? You know, you realize twenty minutes into the interview that the interviewer understands less of the topic than you do so you are incompetent.
  • ... and not the other way round.

  • I like the woman quoted who's upset about the message this sends to kids regarding grammar and punctuation. She's not wrong. But more importantly, what about the message it sends to kids about CS?! That the world should bend to accommodate buggy, unsecure programming? Um, no... pass a law that mapping software should properly accommodate real place names. That's not a big ask; it was your job in the first place.

  • The better strategy is to create even more street names with these characters in them.

  • Since lots of morons nowadays can't spell and think apostrophes are the way to indicate a plural, this will hit hard.

Do you suffer painful illumination? -- Isaac Newton, "Optics"

Working...