Domain: cshl.org
Stories and comments across the archive that link to cshl.org.
Comments · 19
-
W3C Security FAQ disagrees
Lincoln Stein, the author of CGI.pm and GD.pm and a few books, and the co-author of the WWW Security FAQs, wrote a tool called sbox that is used for securely running untrusted CGI scripts. And sbox does use the chroot() system call (in addition to other security measures) to confine the process to the CGI script owner's home directory.
Also, from the aforementioned FAQ: "You can't make your server completely safe, but you can increase its security significantly in a Unix environment by running it in a chroot environment."
So, the words, "chroot is not and never has been a security tool" are simply wrong. Unless you are willing to argue that Lincoln Stein belongs to "incompetent people implementing security solutions" and that W3C publishes bullshit on their web site.
-
Re:How long have they been sitting on this?
I suspect this is why, to the best of my knowledge, Unisys never actually took any GIF infringers on their LZW patent to court--because having gone so long without any attempt to enforce the patent, they pretty much knew that they would lose. And I still find it very strange that Lincoln Stein actually encouraged people to pay Unisys' extortionate $5,000 per Website GIF license.
-
Re:Podcast from nature
-
My working-at-home storyI have worked at home for most of the last ten years.
Starting in 1993, shortly after moving to Seattle, I more-or-less-consulted for a previous employer, Cold Spring Harbor Laboratory. At the time I lived alone, and I did find it hard to get motivated in the morning. Telecommuting via transcontinental telnet over a 14.4kbps modem was a hassle. The time difference from my employer was also a problem; starting work when they did (5am my time...) was not an option. Fortunately I lived in the Capitol Hill neighborhood of Seattle, which is very pedestrian-oriented, and I discovered that walking to Espresso Vivace every morning for a latte allowed me to "come to work" afterwards in a psychologically helpful way. Yes, I invented a commute for myself, but it was a very pleasant one!
In 1994 I took a job with Progressive Networks (later renamed RealNetworks. That took me out of my studio apartment and back into the workplace for a year. It wasn't a bad place to work during my time there, especially by mid-nineties tech company standards, but I felt I'd done most of my best work during the early months when I was the only programmer on staff. Back then I was a lot better at innovation than at maintenance, and I wasn't crazy about taking direction or meeting the often perfectly reasonable demands of my supervisor, either. I decided it was time to strike out on my own.
Meanwhile there was a lot of interest in the Mapedit imagemap editor, a web statistics package called Wusage, the old WWW FAQ list, and the GD library. But neither Mapedit nor Wusage was set up as a proper revenue-earning product, and I didn't have enough time to work on GD or the FAQ, either. I wanted to start my own company and make an independent living at it, but I didn't want to starve in the process. In 1995 I landed a deal for a book on CGI programming with Addison-Wesley, which provided me with an advance to live on, and I went back to working at home.
I set Boutell.Com up in partnership with my wife Michele. Another person in the living room/office was a helpful motivator to get a reasonable amount of work done. During those first nine months or so I completed the book, wrote a version of Mapedit that (a) was easy to use and (b) expired unapologetically when not registered after 30 days, and created the first commercial version of Wusage.
Fortunately, just as my checking account was scraping the bottom of the book advance, the software started to sell. Shortly after I was able to rescue my sister from temping for Microsoft and put her to work as my office manager. Filling the room with sensible women helps keep a guy on track.
In 1997 or so, my sister moved to Oakland with my soon-to-be brother-in-law, and we needed a new office manager. Michele and I hired Chris, an old friend from college. These were the fattest years for the company, and I was also able to employ Stephen, another old friend. Unfortunately I didn't provide Stephen with much guidance and support; one of his projects should have been recognized as too late in the gaming marketplace he wanted to enter, and the other needed more timely help from me or possibly outside investment to make it as a web-based calendaring solution. These days I can admit that his second project would have been better off with a larger company.
But back to what my workday looked like: make that agonizing commute all the way up the stairs, start the coffee, go out and fetch bagels, come back and sit down... and some weeks I worked hard, others I played way too much Quake. I was still getting the hang of maintaining a good thing if that's what is profitable for you; I kept pushing out new projects that were
-
Yawn. Another reinvented wheel.
Nothing that can't already done with any number of form automation/templatting systems already out there. And where's the docs?
I'll stick to mod_perl, CGI::Application, HTML::Template and CGI.pm. But that's my opinion. Everything I could possibly need for dynamic forms with flexible presentation.
-
perl GD module
I've been using TWiki for collaboration notes, and one of its features is a plugin for charting. It manages to draw jpegs and pngs using the perl GD module and the gd library.
Of course, you'd need to write your own server side to generate the chart you want, but these tools put you easily along that path. -
James Watson.
I've been pleasantly surprised by all the attention the 50th anniversary of the discovery of DNA has gotten.
It got to be the Google logo. Cold Spring Harbor Laboratories has been very active in celebrating this. Among a few other things, they've had a really nice lecture series to commemorate the event.
I'm a little bit closer to the whole thing since I've done some genetics work (mostly at the Columbia Genome Center). My current work involves some genetic manipulation, but that's not the main focus.
Also, I happen to personally know James Watson. I first met him when he spoke at my commencement. But, I shouldn't tell that story, because it has some racist (and very amusing) content... which would only get me modded as a troll. I've kind of worked with him a bit since then, and he's really a very nice, down to earth, intelligent guy. He hasn't really let this whole thing go to his head.
Anyway, it's very nice to see the general public taking a little bit of interest in science. Maybe this will help to turn some of the scientific illiterates into elites... -
The Pursuit of Happiness
When I was living close to Independence Hall in Philly, I had the pleasure of seeing Watson and Crick receive the Liberty Medal on July 4th. Watson actually showed and Crick had a speech on tape.
The only thing worse than the oppressive heat, was the abortion protestors who surrounded the perimeter of award ceremony with their stupid yelling. I had never seen protests like this at another liberty award. The abortion protestors and their wall-sized dead fetus posters were nowhere to be found when Colin Powell got his medal. As if the discovery of the structure of DNA was somehow responsible for abortion.
Watson made a great speech that touched on their discovery, politics in a time of war, God and science, happiness and endorphins. Reads even better in 2003 than it did in 2000. -
Re:Others more important?
not finding out that if you were born under the Gibbous moon in August
What the hell are you babbling about? I say there's valuable information on the internet that you can't get in a book and you start babbling about gibbous moons?
You're not going to find resources like 1in9.org in any book. I did not choose that website at random. I am indirectly involved with 1in9 and I attend many of their events. If you think 1in9.org is not a serious resource for cancer patients and cancer survivors then you can take your gibbous moon and stick it where the sun don't shine. And most internet filters will block that website because it mentions "breast" all over the place.
Cold Spring Harbor Laboratory is a local research facility involved in world-class research into the genetic and enviornmental causes of cancer. You simply CANNOT find up-to-date medical information in library books. It is only available on the internet.
Many patient support groups simply could not exist without the internet. We don't need some idiot filter blocking a patient support chat room when anyone mentions breast cancer.
Why do people get legislators involved in this? Because if the government facilities don't change by themselves
You can run your library any way you like. Just keep your hands off everyone else's libraries. If you have a problem with how your local library is run then take it up with your local government running that library. I don't need some holier-than-thou running to the US congress trying to force MY local library to be run the way YOU think it should be run.
Hell, forget *my* local community, some families live in nudist communities. Families with young children. And THEY think it's perfectly fine for their children to be "exposed to nudity". It's none of YOUR bussiness to tell THEM how to run their library. That's just dumb - their library would end up blocking all local webpages. It would block local news. Hell, the library would probably end up blocking itself.
I think there's a consensus among responsible adults
Of course you think there's a consensus among "responsible adults" - anyone who dissagrees with you obviously isn't a "responsible adult" LOL! I'm no nudist, but if you say nudists aren't "responsible adults" I'll laugh in your face.
I'd like you to see pr0n get thumbs up from the Catholic Church
I couldn't care less whether the catholic church gives something a "thumbs up" or a "thumbs down". Neither you nor the catholic church has a right to to tell other people how they can run their libraries. And as far as I can tell every condemnation of the Harry Potter books did in fact come from catholic churches.
Three different versions of the same damn federal law have been have been ruled unconstitutional and struck down. The CDA, COPA, and CIPA. Take the hint already, the damn law is unconstitutional. Run your library any way you like, filter anything you like, just don't try to impose it on everyone else.
- -
Re:Stop whinging - this is a good thingAnd just for your own education, why don't you check out all the application specific non-network related exploits that are posted in droves on bugtraq. All these become network exploitable when you have a shell.
Perhaps I should have expanded on what I meant. Why let users have a shell? If you haven't looked already, check out Lincoln Stein's sbox.
Also, with the User directive available in Apache/suexec, there is no reason to not run CGI's as the script owner, rather than as user 'nobody' or 'www' (or whatever) - another common security issue.
.02
cLive
;-) -
Re:Posting comments here won't cut it.
Don't be so negative about fruit flies.
They can train fruit flies to a number of different things... I read about single flies that were trained to avoid a course toward a visual object that had been associated with the aversive odor benzaldehyde. (to quote the site)
Study your flies on cshl.org
-
Re: FRUITFLY?
Don't be so negative about fruit flies.
They can train fruit flies to a number of different things... I read about single flies that were trained to avoid a course toward a visual object that had been associated with the aversive odor benzaldehyde. (to quote the site)
Study your flies on cshl.org
-
Re:I totally agree...
What I've never understood about Microsoft is why they don't have licenses that give people the opportunity to learn their product. In doing this they are shutting out a huge number of developers (not just students).
I used to study on the largest technological university in the Central Europe.Most of the software we learned about was written by Microsoft (Windows 95/NT, Visual C++, Visual Basic, MS SQL Server, IIS, ASP, Word, Excel, Front Page, etc.) and our professors always told us to get this software from somewhere and install it for educational purposes (the pirated versions of course). Some of them were even offering us their own CDs which we could borrow and install.
They used to say "it's for educational purposes, it's not a piracy, it's not unfair to Microsoft" and guess what? They were right. Microsoft should pay them for that!
Why? Because they were teaching thousands of future IT experts, which were totally unable to use free software. Will their future employers buy Windows for servers? Sure they will, because their "sysadmins" will be too dumb to run Debian or OpenBSD. Will they buy IIS? Of course, because their "webmasters" will have no idea how to run Apache. Will they buy MS SQL Server? They will have to, because their "database experts" won't be able to use MySQL. Will they use ASP for server-side scripting? What else could they do having PHP/Perl/Python-ignorant "web developers". Will they buy MCVC++? They won't have much choice as VI/Emacs+GCC will be a black magic for their "C++ programmers".
What else can I say? "Pirating software is like stealing crack from a drug dealer and pretending that it makes you free from addiction." This is especially true on the university.
I'm sure that every time Bill Gates gets the information that students on such a university are pirating thousands of copies of Microsoft software, he laughs like an evil genius - and he's right. People don't use IIS because it's better, faster, more secure, stable or cost effective than Apache. They use it, because that is everything they know.
And what would most of employers do when their crew knows only IIS and ASP? Would they ask them to read many different books and lots of online documentation and start the project next year? No, it'd be cheaper and faster to just give up, buy Microsoft licenses and start the project today.
But maybe I shouldn't be angry, after all I have a rare knowledge how to save hundreds thousands of dollars in just a small-sized server farm so I have quite a nice money thanks to other people's stupidity. Actually, I should (together with Bill Gates) pay those ignorant professors, or at least send them flowers!
-
Distributed annotation system for genome databasesI'mnot sure if this is truly P2P but it is probably close enough (and was to a certain extent inspired by Napster)
background
The major biological databases (EMBL, GenBank, Swissprot etc.) are repositories for sequence data, the information that describes the order of the DNA or proteins (depending on the database). This is collected and curated by a relatively small number of people compared to the size of these databases.This information is relatively useless without annotation. Annotation is the description of the biological role of the sequence and which bits are important. Unfortunately annotation is difficult and time consuming for people who are non experts to maintain. THis means that many of the entries in the databases are either poorly annotated (poor), have out of date annotation (poor) or blatently incorrect annotation (really bad).
A system of P2P sharing of annotation data has been devised where an expert working on gene Xyz can make available his own annotations without having to burden the overworked people at GenBank/EMBL/DDBJ to make updates to the central database. Interested parties can access this data in a P2P manner (ie a query on 'what does anyone know about Xyz').
One of the main protagonists of DAS (Distributed Annotation System) is Lincoln Stein at Cold Spring Harbor Laboratory (yes, of CGI.pm fame). It will also be presented at the Bioinformatics Open Source Conference in July this year (where I hope to find out a lot more about it too..)
This sounds like a perfect example of productive P2P.Have a look at http://stein.cshl.org/das/ for more information. I know that at least one of the authors on the paper referenced has been guilty of reading Slashdot in the past so maybe he would comment.
..d -
Re:Open Source Bioinformatics
One of the things I enjoy about working in bioinformatics is that there are a number of open source tools, biological databases and resources available. (For example, I'd guess that the majority of bioinformaticians - and a good number of web developers! - depend on software released by Lincoln Stein.)
The split between the "free and open" software licenses and the proprietary ones in science reflects the general differences we see with how biological information is protected/released. Companies answer to investors, and try to protect their intellectual property and trade secrets, with an intent to sell what is marketable. Academics generally have a more open attitude towards information ... at least, so long as they can still publish! (Of course, generalizations are dangerous, and some academics *do* hoard their info, while some companies may adopt a more open approach in some areas ...)
YS -
Cold Spring Harbor Lab
Check out the Watson School. There are a number of bioinformatic groups there, and I hear they are pretty good.
However, I'd recommend going to a school with a very strong CS curriculum. There are lots of people interested in bioinformatics right now, but unfortunately most think some perl or python will serve all their computing needs. It won't. The bioinformatics community needs more people with both biology knowledge _and_ a strong grounding in algorithms.
I'd say MIT certainly has the computing knowledge, and I know several CS profs at Wash U who were heavily into the genome when I was there. So one of those would be good. You'll be much better able to advance the woeful state of bioinformatics if you can help come up with better ways to store and search things, than if you spend your time writing slow and crappy cgi scripts. -
Re:What's the real value of this?
So the HGP and Celera have managed to sequence the geonome of a single person. This doesn't really address the fact that there are variations on genetic sequences even those that code for important proteins. Some of these variations cause problems but others don't.
Absolutely. Of course, to a large extent finding those variations is what genetecists have been doing for nearly a century. There are massive public and private efforts to scale up those efforts to make use of the genome data. See the SNP Consortium for the most visible project. (Nitpick: I thnk Celera is sequencing multiple individuals.)
The outlook for coming up with effective genetic therapies is pretty bleak. We haven't really been able to treat even the diseases that are purely genetic and are caused by a well defined mutation.
I think you're calling the glass half-empty. My impression (somewhat unininformed - I work in genetics, not therapy) is that we're one or two breakthroughs away from being able to fix all sorts of things. Remember that DNA is DNA, and when successful delivery methods are developed, they'll most likely broadly applicable.
-
"Music software to come to genome aid?"
A recent issue of Nature 404, 13 April 2000, page 694, has an article, "Music software to come to genome aid?" "When Lincoln Stein, a bioinformaticist at the Cold Spring Harbor Laboratory in New York, heard about Napster, he was struck by the parallels with his own work on writing software for the human genome." Stein thinks Napster would be useful for sharing gene-sequence data, and peer-to-peer sharing with open-source like "debugging" of the annotations of the data has advantages over alternatives like gene banks that restrict modifications to submitters.
Rightly or wrongly, Napster has entangled the issue of sharing with the issue of copying protected intellectual property. The concept of sharing should not fall victim to fears about such copying. Uses of Napster or Napster-like software for clearly legitimate and universally beneficial uses, such as Stein contemplates, would help separate the issues and strengthen and stabilize the acceptance and use of sharing software independently of intellectual property issues.
-
Why don't you ask Watson and Crick?
I noticed something a little odd in the timothy's post - he says
What would Mendel have thought of
this? How about Watson and Crick?
This seems to imply that Watson and Crick are as dead as Mendel, which is just not true. Watson is the president of Cold Spring Harbor research institute. His homepage is here. Crick is also alive and doing some rather interesting research in the neurology of consciousness at the Salk Institute. his homepage is here. I met Dr. Crick while working at the Salk, and he's a really nice guy. I've met a number of famous people in my time, but he really awed me. Its hard to talk to him without thinking about the massive influence he has had on modern biology.
If I had to guess, I'd say that they are both as amazed by modern biology as the rest of us. Who could have guessed we'd be this far so soon? Biology is amazing. Computers are amazing. That's why I do both.
ted