Slashdot Mirror

Some places in Detroit, they'll steal the bricks off your house!
The internet is like the Wild West, the Sherrif is a bit crooked, and the Marshal is over worked. The no-good dirty rotten cattle russelers have gotten to good at keeping a border between them and the law so sometime you just have to get yourself a hired-gun to even things up for a while. Of course if you've brought up a gun-slinger for a job, it helps to point'em in the right direction. So to do that I'm collected the domains and websites that hire spammers, you know the ones, their spamm emails say "buy V1agra at http://sleezeysite.example.com/", I want all the sleezySite.example.coms. I got a little program called chummer that I'm working on, (I've written about it in my journal, feel free to take a peek), it sends bogus data to phishing sites. It spits out bogus data just as well in the POST method as it does in the GET method, so don't think POST help your sites security one bit. I figure that the phishers pretty much don't do much with the data except sell it, and if the data is full of bogus shit, the real buyers of the data will either go back and break the phisher's kneecaps, or more likely they'll just quit buying and move on to another type of scam. Either way I don't see it hurting civilized folks much and and if we draw the spammers and the phishers into a cross-fire, hooowee the worse that could happen is we'd start a von Nuemann loop in email that turns the universe into a blackhole; but more likely we'd just burn a hole in their bandwidth budget!

So If your so inclined to help, just send a text file of spammer domains to my user name at gmail and when I get 300 or 400 hundred unique spammer domains I'll test chummer to see what happens.

I don't know how you can be so supportive of this activity as it's a dangerous and unclear line to take. Exactly what separates this from an SQL injection attack or spoofing a session ID within a URL?

It's both nothing and everything. No difference between the two in terms that someone typed in a uri, lack of auditing/checking what goes up the webpage (in terms of plain directory listing or unescaped sql statements in script files), let someone got what they wanted. Both results in data ending up in the wrong hands.

However, an SQL attack and spoofing session ID usually requires knowing more than going to the parent directory, as in, instead of removing what was already given (turning something given in the form of http://example.com/private/directory/page into http://example.com/private/), the 'attacker' (I dislike your use of this term) would have to add something that they were not given (http://example.com/private/directory/page?sid=123 45, or http://example.com/private/directory/page?login=ha cker&pass='%20or%20true. Anything after 'page?' was not given to the user in the first place). That's the main difference.

Afterall, you're just sending the webserver a URL/packets, how it responds is their problem, right? I don't think so. It's not like they were just choosing URLs at random. Even if the accused did the most basic form of this attack (i.e. server directory listings), they were still intentionally using URLs designed to trick the server into giving them access to material they knew they weren't authorized to access.

The directory was not random, it was the path given. Server directory listing is not an attack, it's relatively easy to search for open directories (server directory listings) with a search engine. They did not trick the server or anything, all they did was go up a directory. How would you define "knowing" what files are not authorized for access? The server did not return 403 Forbidden, the server gave them the user the files.

Final note, time for bad analogy time - if anyone likens removing parts of a uri as an illegal act, think about stripping drm from an audio file - both involves bytes removed to have more raw access to the data (data that are not exactly given out).

I don't know how you can be so supportive of this activity as it's a dangerous and unclear line to take. Exactly what separates this from an SQL injection attack or spoofing a session ID within a URL?

It's both nothing and everything. No difference between the two in terms that someone typed in a uri, lack of auditing/checking what goes up the webpage (in terms of plain directory listing or unescaped sql statements in script files), let someone got what they wanted. Both results in data ending up in the wrong hands.

However, an SQL attack and spoofing session ID usually requires knowing more than going to the parent directory, as in, instead of removing what was already given (turning something given in the form of http://example.com/private/directory/page into http://example.com/private/), the 'attacker' (I dislike your use of this term) would have to add something that they were not given (http://example.com/private/directory/page?sid=123 45, or http://example.com/private/directory/page?login=ha cker&pass='%20or%20true. Anything after 'page?' was not given to the user in the first place). That's the main difference.

Afterall, you're just sending the webserver a URL/packets, how it responds is their problem, right? I don't think so. It's not like they were just choosing URLs at random. Even if the accused did the most basic form of this attack (i.e. server directory listings), they were still intentionally using URLs designed to trick the server into giving them access to material they knew they weren't authorized to access.

The directory was not random, it was the path given. Server directory listing is not an attack, it's relatively easy to search for open directories (server directory listings) with a search engine. They did not trick the server or anything, all they did was go up a directory. How would you define "knowing" what files are not authorized for access? The server did not return 403 Forbidden, the server gave them the user the files.

Final note, time for bad analogy time - if anyone likens removing parts of a uri as an illegal act, think about stripping drm from an audio file - both involves bytes removed to have more raw access to the data (data that are not exactly given out).

I don't know how you can be so supportive of this activity as it's a dangerous and unclear line to take. Exactly what separates this from an SQL injection attack or spoofing a session ID within a URL?

It's both nothing and everything. No difference between the two in terms that someone typed in a uri, lack of auditing/checking what goes up the webpage (in terms of plain directory listing or unescaped sql statements in script files), let someone got what they wanted. Both results in data ending up in the wrong hands.

However, an SQL attack and spoofing session ID usually requires knowing more than going to the parent directory, as in, instead of removing what was already given (turning something given in the form of http://example.com/private/directory/page into http://example.com/private/), the 'attacker' (I dislike your use of this term) would have to add something that they were not given (http://example.com/private/directory/page?sid=123 45, or http://example.com/private/directory/page?login=ha cker&pass='%20or%20true. Anything after 'page?' was not given to the user in the first place). That's the main difference.

Afterall, you're just sending the webserver a URL/packets, how it responds is their problem, right? I don't think so. It's not like they were just choosing URLs at random. Even if the accused did the most basic form of this attack (i.e. server directory listings), they were still intentionally using URLs designed to trick the server into giving them access to material they knew they weren't authorized to access.

The directory was not random, it was the path given. Server directory listing is not an attack, it's relatively easy to search for open directories (server directory listings) with a search engine. They did not trick the server or anything, all they did was go up a directory. How would you define "knowing" what files are not authorized for access? The server did not return 403 Forbidden, the server gave them the user the files.

Final note, time for bad analogy time - if anyone likens removing parts of a uri as an illegal act, think about stripping drm from an audio file - both involves bytes removed to have more raw access to the data (data that are not exactly given out).

1. • URLs http://example.com/ will auto-link a URL Important Stuff * Please try to keep posts on topic. * Try to reply to other people's comments instead of starting new threads. * Read other people's messages before posting your own to avoid simply duplicating what has already been said. * Use a clear subject that describes what your message is about. * Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) * If you want replies to your comments sent to you, consider logging in or creating an account Problems regarding accounts or comment posting should be sent to CowboyNeal. Search _____________________ [ Search ] Support your right to arm bears!! All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest (c) 1997-2006 OSTG.
     

See, I said they made it hard to spell out the URL, and then proved it... Yeah...

No, I just can't count and left it out. As for the closing slash, no one would bother today, but at the start of the "internet boom" before people really understood the web and URLs, people would include it. Generally they'd just be reading off a script that included the full URL with the closing slash - so they'd say it, because it was on the paper.

It didn't take long for people to shorten it down to just the domain name, but I still remember radio ads where the spokesperson would read out the entire URL. "Log on to our website at http://www.example.com/ for more information!"

Name: keyword
E-mail: user@example.com
Homepage: http://www.example.com/page.html
Comment:
Personally, I never use more than a single link in the comment I post because doing so can trigger spam catchers if the user has that plugin activated, whereas a single link will not.

1. • 
     URLs
     http://example.com/ will auto-link a URL
     Important Stuff
     
             * Please try to keep posts on topic.
             * Try to reply to other people's comments instead of starting new threads.
             * Read other people's messages before posting your own to avoid simply duplicating what has already been said.
             * Use a clear subject that describes what your message is about.
             * Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
     
     Problems regarding accounts or comment posting should be sent to CowboyNeal.
     

How about framing your question correctly? Something like:

"I can't get my wireless card to work. Help me please."

Will get me to tell you to RTFM. I may even throw in a "n00b" just for good measure if I have just got done reading the same series of "I'm so helpless" questions. Try something like this:

"My kernel is configured to accept modules. I compiled the module for my wireless card and did a modprobe on it. No errors were reported in my logs. My configuration is posted at http://www.example.com/~Khaed/wireless.config and it looks correct according to the examples. I am not terribly experienced with this kind of thing. Could someone please help me get this working?"

I will typically go look at your config and determine if you even bothered to put the least effort into understanding TFM. Once I see that your efforts are sincere, I will gladly spend a few hours stepping you through some of your mistakes and helping you to understand what went wrong.

My time is NOT free damnit. I have things that I want to do in my limited amount of spare time. I have a wife, kids, a job, and several hobbies. I do not have time for free tech support. I do have time to help a fellow hobbiest/whateverest to gain the same level of understanding that I have. I love helping people. I hate performing free labour. Think about it.

strike

http://example.com/ will auto-link a URL

Why not take the top 5 designs and offer them in the preferences. That IS of course the beauty of designing a website with CSS.

Why not take the top 5 designs and offer them in the preferences. That IS of course the beauty of designing a website with CSS.

The link in your post only displays a blank page for me. Here is the Google cache of the page in question.

Given the volatile nature of the web today, there's an excellent chance that the page you link to today will be gone 6 months from now. If you want your post to have any value in the future, it needs to be more than just "Hey, look here!" (Although except in the case of the shortest source articles, copy+pasting the entire page is bad form.)

Of course, for your post to have any value today, just quoting isn't enough. At that point, it may as well be a link. You have to provide some commentary, maybe your opinion, maybe additional information, or maybe you're just using the quote as a springboard to go off on your own topic.

It comes down to a balance: are the quotes there to support and/or provide context for your own words? Are they there as a summary so that someone wandering by a year from now knows what people are talking about? Or is it little more than an unauthorized mirror?

This might be a quite radical conception about the hyperlink, but I think that the overwhelming majority of human users are using a browser which shows context around the link so it doesn't matter whether you say click here or link or "I found the most interesting description of how to build a Beowolf cluster of hot grits while I was browsing Slashdot earlier today", the user will be able to know what the link pertains to regardless. The only major group of users who really need that extra reinforcement in the link text are spiders (and, because I should make at least a token effort to recognize that usability is important, folks with clients which have an extremely small "field of vision" whether thats because of their client not being on a traditional PC or because their client is non-visual). Both of these user groups benefit a heck of a lot more from "Mother of the Internet" than they do from "article".

This might be a quite radical conception about the hyperlink, but I think that the overwhelming majority of human users are using a browser which shows context around the link so it doesn't matter whether you say click here or link or "I found the most interesting description of how to build a Beowolf cluster of hot grits while I was browsing Slashdot earlier today", the user will be able to know what the link pertains to regardless. The only major group of users who really need that extra reinforcement in the link text are spiders (and, because I should make at least a token effort to recognize that usability is important, folks with clients which have an extremely small "field of vision" whether thats because of their client not being on a traditional PC or because their client is non-visual). Both of these user groups benefit a heck of a lot more from "Mother of the Internet" than they do from "article".

This might be a quite radical conception about the hyperlink, but I think that the overwhelming majority of human users are using a browser which shows context around the link so it doesn't matter whether you say click here or link or "I found the most interesting description of how to build a Beowolf cluster of hot grits while I was browsing Slashdot earlier today", the user will be able to know what the link pertains to regardless. The only major group of users who really need that extra reinforcement in the link text are spiders (and, because I should make at least a token effort to recognize that usability is important, folks with clients which have an extremely small "field of vision" whether thats because of their client not being on a traditional PC or because their client is non-visual). Both of these user groups benefit a heck of a lot more from "Mother of the Internet" than they do from "article".

This might be a quite radical conception about the hyperlink, but I think that the overwhelming majority of human users are using a browser which shows context around the link so it doesn't matter whether you say click here or link or "I found the most interesting description of how to build a Beowolf cluster of hot grits while I was browsing Slashdot earlier today", the user will be able to know what the link pertains to regardless. The only major group of users who really need that extra reinforcement in the link text are spiders (and, because I should make at least a token effort to recognize that usability is important, folks with clients which have an extremely small "field of vision" whether thats because of their client not being on a traditional PC or because their client is non-visual). Both of these user groups benefit a heck of a lot more from "Mother of the Internet" than they do from "article".

But having Javascript as the scripting language (instead of Java or some other decently secure language) is dangerous and nasty for the user who reads your website, because you're requiring the user to turn Javascript on to see your cool stuff, so unless the user is willing to do the work to configure site-by-site Javascript-enabling permissions, that means that when he later visits www.perfectly-harmless-looking-trustme.example.com , he's going to get annoying popups, ANNOYING BLINKY STUFF, and whatever other tricks the bad guys are pumping out this week.

And yes, I know that Javascript lets you write perfectly safe code if you want to - it's also possible to write perfectly safe code in ActiveX, and I don't want to run that either. Java was written to provide safe ways to write code on web pages, with an underlying security model that AFAIK is still perfectly solid today, though as with anything there have been occasional implementation bugs. That's not an accident - Gosling's previous cool system, the NeWS windowing system, used Postscript as its native language, which gave you graphics that really rendered well, client-side scripting, much better control of dynamic actions that X (e.g. running the mouse tracking and rendering from the graphics server on your desk instead of running every mouse movement across the network twice the way X does), and the ability to write scripts that did all sorts of malicious things to the user. Because this was the 80s, and it was mainly used inside a few engineering companies and academia most of the maliciousness was limited to doing random blinky things to the victim's screen, like making all the pixels melt and drip down to the bottom of the screen or having cockroaches hiding under the windows that snuck out when you left them alone for a while, but the security risk was a real problem (and occasionally debugging could be difficult, because many of the opennesses in Postscript that allow malicious attacks also allow regular bugs to sneak in.)

<link rel="stylesheet" type="text/css" media="screen, projection" href="http://www.example.com/my.css">

or http://example.com/contact

This brings up a good point. CPU isn't the only limited resource. I've often ran applications that saturate IO busses or network interfaces, or eat up a ton of memory, but only used a fraction of CPU time.

In the first case, a large simple parsing app or file compression/decompression can saturate an IO bus. While performing such operations, other user-sensitive tasks like opening an application or checking mail. Granted most users don't do a lot of IO-flooding apps, but what's more prevalent are network-flooding operations. Just recently, while I was downloading some linux ISOs via HTTP, my web browsing was slow the whole time. Sure QoS can help some of these issues, like putting a higher priority on Game network traffic, but probably wouldn't help web browsing while downloading large files.

It would be nice (no pun intended) to be able to restrict or throttle other resources besides CPU. i.e.:

nice -n-19 wget http://example.com/linux.iso
nice -i-19 gzip bighugefile.csv

This probably exists in Linux already.

If you publish a www.example.com record in the DNS, it would be entirely reasonable to assume that you've authorized people to stop by your website, yes.

So does that mean I'm breaking the law if I visit http://example.com/ rather than http://www.example.com/ since it didn't explicitly tell me through a published DNS record that it was a public web server?

or "Terms of use"

How would I find out about the terms of using your web site without visiting the website in the first place?

Note that this does not mean that launching a set of requests to exploit, say, a PHP vulnerability

Absolutely - if you are obviously having to circumvent some security (nomatter how crap) then you probably shouldn't be doing it. But what I'm saying is that when people leave systems completely open why should the "client" be held responsible for this rather than the "server" - in many cases it's impossible to tell (at least before connecting to a service) whether it was intended to be a legitimately public service or not. Using 802.11 as an example - when I see an open 802.11 network broadcasting invitations for me to use it how would I be expected to know if it's accidentally open or intentionally open?

You fire up Windows, it tells you "oh look there's an access point", you click ok and the access point hands you an IP address via DHCP - how were you to know that was a private access point that some idiot left open?

Worse than this, say I had an open Linksys access point at home which was left in it's default configuration, so my laptop knows to associate with an AP called "Linksys", I then move in range of another open Linksys access point which is broadcasting it's SSID of "Linksys" my laptop would happilly associate with it without asking me. Should I be arrested because my laptop associated with someone else's network automatically?

I certainly agree that people who are circumventing some security are in the wrong and need to be dealt with, but I'm very worried about the trend to treat people who don't bother to secure their systems as "innocent" and people who make use of these public systems as "guilty".

If I walk into a public house and ask for a beer, I don't expect to get arrested because "oops we didn't mean for it to look like a public house" :)

People need to take responsibility for their own actions - if you didn't bother to turn on the basic security options on your systems then that's _your_ fault - the other party that takes advantage of that lack of security may not be malicious.

If you publish a www.example.com record in the DNS, it would be entirely reasonable to assume that you've authorized people to stop by your website, yes.

So does that mean I'm breaking the law if I visit http://example.com/ rather than http://www.example.com/ since it didn't explicitly tell me through a published DNS record that it was a public web server?

or "Terms of use"

How would I find out about the terms of using your web site without visiting the website in the first place?

Note that this does not mean that launching a set of requests to exploit, say, a PHP vulnerability

Absolutely - if you are obviously having to circumvent some security (nomatter how crap) then you probably shouldn't be doing it. But what I'm saying is that when people leave systems completely open why should the "client" be held responsible for this rather than the "server" - in many cases it's impossible to tell (at least before connecting to a service) whether it was intended to be a legitimately public service or not. Using 802.11 as an example - when I see an open 802.11 network broadcasting invitations for me to use it how would I be expected to know if it's accidentally open or intentionally open?

You fire up Windows, it tells you "oh look there's an access point", you click ok and the access point hands you an IP address via DHCP - how were you to know that was a private access point that some idiot left open?

Worse than this, say I had an open Linksys access point at home which was left in it's default configuration, so my laptop knows to associate with an AP called "Linksys", I then move in range of another open Linksys access point which is broadcasting it's SSID of "Linksys" my laptop would happilly associate with it without asking me. Should I be arrested because my laptop associated with someone else's network automatically?

I certainly agree that people who are circumventing some security are in the wrong and need to be dealt with, but I'm very worried about the trend to treat people who don't bother to secure their systems as "innocent" and people who make use of these public systems as "guilty".

If I walk into a public house and ask for a beer, I don't expect to get arrested because "oops we didn't mean for it to look like a public house" :)

People need to take responsibility for their own actions - if you didn't bother to turn on the basic security options on your systems then that's _your_ fault - the other party that takes advantage of that lack of security may not be malicious.

You forgot to mention Full of
h y p e r l i n k s

You forgot to mention Full of
h y p e r l i n k s

You forgot to mention Full of
h y p e r l i n k s

You forgot to mention Full of
h y p e r l i n k s

You forgot to mention Full of
h y p e r l i n k s

You forgot to mention Full of
h y p e r l i n k s

You forgot to mention Full of
h y p e r l i n k s

You forgot to mention Full of
h y p e r l i n k s

You forgot to mention Full of
h y p e r l i n k s

You forgot to mention Full of
h y p e r l i n k s

You forgot to mention Full of
h y p e r l i n k s

You forgot to mention Full of
h y p e r l i n k s

1. Can't happen due to size of filter. Once you have more than 500 filter rules the performance of your router is going to drop significantly. This is a hard problem for large broadband ISPs. If they have more than 500 users who want traffic out port 25 then they lose 50% of the capacity of their infrastructure. So for now and the near future it's all or nothing. Sucks, but what can you do?

2. It is, but more and more web browsers are the attack vector. Virus scanning email is good. Better still is simply stripping any executable attachment, zip file, etc. The public won't stand for this though. They will just switch to some other email service that doesn't do it.

3. I wish people would stop saying things like this about SPF because they aren't true. I worked a lot on SPF. I contributed code and helped get a working C SPF library released so people could implement it on their systems. I wrote patches for common MTAs. I was really really behind SPF. But it was people who say things like what you are saying now that killed it. SPF does not give any information whatsoever about the user portion of the email address. Also, SPF breaks mail forwarding. The SPF community never did agree on a way to solve that, although many were proposed. Stop spreading misinformation about it, please.

4. This is tough. At the place I used to work we had an affiliate referral program. Every now and then some asshat would sign up and start spamming with our site in the message. (http://example.com/affil?1234) Of course we would kill the account. Is it fair to fine us? Is it fair to fine the ISP? How can you tell if we were behind the spam or not?

Sean (too lazy to login)

A lot of the middleware that converts data to HTML and back can go away when you use the right XML tools. XSLT does a good job of presenting static pages, and it can be fast if you cache the results as well.

But for dynamic pages (and forms) XML to XSLT to HTML leaves some big gaps:

1. The hierarchical XML data gets flattened out into name/value pairs in HTML form fields.
2. For the return trip HTML->?->XML, XSLT doesn't work; you can't run the transform backwards.
3. For dynamic pages, you're left with JavaScript or the dreaded "postback."

These are some of the reasons we updated the W3C HTML forms module to take account of XML data directly.

How does it fix the above problems?

1. The hierarchical XML data your PHP or other server-side code outputs is transmitted directly to the web browser, where it remains while the user futzes with only the nodes that the form specifies. The middleware that converts the XML data to web browser data is just printing the XML.
2. When the form results are submitted, they come back directly in XML, so there's no need to pick apart the name=value pairs and try to put them back into your data. The browser just posts the XML directly back as XML to your PHP or servlet.
3. For forms, as the data changes, the UI changes with it. If a node disappears, or appears, or if a value changes, entire sections of UI can appear and disapear just by listing a dependency on that data. And if you want dynamic pages, you can use the background submission feature to retrieve instance data asynchronously, and the presentation changes automatically.

Nice work if you can get it, you say? Well, as everyone knows Microsoft hasn't yet implemented XForms. (Heck, they haven't even implemented CSS, though we hear they do have it as a goal now.)

So what can you do today:

1. Use Mozilla or FireFox XForms 0.4. It's a one-click install download from the Mozilla website. Yes, it's beta. Yes it has bugs. Yes, IBM and others are fixing them. But it's open source.
2. Use FormFaces for most modern browsers (Firefox, IE, Safari, Opera) FormFaces is a cool JavaScript/AJAX application that you import into your web page with a one-line include, and it does everything described above. If you need cross-browser support right now, want dynamic AJAX forms, and want to interface to XML, this is your best bet, if you can tolerate a JavaScript program in your browser (i.e., it's done using AJAX). It's available under GPL and commercial licenses.
3. Use Chiba for backend processing Chiba is an open source Java-based back-end that converts your XHTML+XForms page into either an AJAX page or a static HTML page (good for Sec 503 compliance). Chiba is a great choice for applications that have a Java back end, as it puts less load on the browser than the large JavaScript engine of FormFaces, but I put it below FormFaces here because of the emphasis on PHP. (But, about half of Chiba is an XSLT transformation so a PHP port is possible.)
4. Use Formsplayer as an IE plugin FormsPlayer is a deluxe XForms processor plug-in for intranet applications using Internet Explorer, and has lots of other features as well, such as sidebar support.

Here's a quick example:

Let's suppose you have a book list you want to view, avaialble at http://example.com/books/list.

<books>
<book>
<title>No Nonsense XML Web Development with PHP</title>
<author>Thomas Myer</author>
<book>
...
<books>

If you want to display this data

1. • 
     URLs
     http://example.com/ will auto-link a URL
     Important Stuff
     
     * Please try to keep posts on topic.
     * Try to reply to other people's comments instead of starting new threads.
     * Read other people's messages before posting your own to avoid simply duplicating what has already been said.
     * Use a clear subject that describes what your message is about.
     * Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
     
     Problems regarding accounts or comment posting should be sent to CowboyNeal.
     
     Allowed HTML
     

     
     

     
     URLs
     http://example.com/ will auto-link a URL
     Important Stuff
     
     * Please try to keep posts on topic.
     * Try to reply to other people's comments instead of starting new threads.
     * Read other people's messages before posting your own to avoid simply duplicating what has already been said.
     * Use a clear subject that describes what your

1. • 
     URLs
     http://example.com/ will auto-link a URL
     Important Stuff
     
     * Please try to keep posts on topic.
     * Try to reply to other people's comments instead of starting new threads.
     * Read other people's messages before posting your own to avoid simply duplicating what has already been said.
     * Use a clear subject that describes what your message is about.
     * Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
     
     Problems regarding accounts or comment posting should be sent to CowboyNeal.
     
     Allowed HTML
     

     
     

     
     URLs
     http://example.com/ will auto-link a URL
     Important Stuff
     
     * Please try to keep posts on topic.
     * Try to reply to other people's comments instead of starting new threads.
     * Read other people's messages before posting your own to avoid simply duplicating what has already been said.
     * Use a clear subject that describes what your

Hahaha, sorry, but you sound brainwashed. "Paradigm"? "Information sharing"? When something cool happens on the internet, lots of blogs cover it but they usually just say one thing, "Check this out, it's so cool! Yeah, hmm, ok.. Lots of these people don't have any original thought of their own.

I'm not sure what the cold fusion rds thing is, however any KDE application can open a URL, so in the file open/save dialog of kedit (in your example although you probably want to use kate instead if you want a plain graphical editor, but also look at things like QuantaPlus), or in the file manager, you can use a filename like :

sftp://server.example.com/path/file.html

You can use a number of protocols in place of the sftp bit such as webdav, smb, etc. See the available kioslaves in your KDE installation.

reposting due to bad format...
------

Yes, the suicide hapend in 8 March 2005. But the officials deny any correlation with the tapping events. http://www.enet.gr/online/online_text?c=112&id=948 56912> (in Greek)

Here is a diary of the whole story:

reposting due to bad format

Yes, the suicide hapend in 8 March 2005. But the officials deny any correlation with the tapping events. http://www.enet.gr/online/online_text?c=112&id=948 56912> (in Greek)

Here is a diary of the whole story:

spring-summer-winter of 2004taps were working. That summer was when the Greek Olympic Games took place.

7 March 2005: Taps were discovered and were immediately deleted as commanded by mother Vodafone, England .

9 March 2005: A technician who worked in the company from 1995 and had specialty in mobile systems security, commits suicide.

10 March 2005: The taps were reported to Greek PM.

11 March 2005: The taps were reported privately to the government and to prosecuteors.

3 January 2006 The whole story goes public. Use the Preview Button! Check those URLs! Post Anonymously Allowed HTML

1. • URLs http://example.com/ will auto-link a URL Important Stuff * Please try to keep posts on topic. * Try to reply to other people's comments instead of starting new threads. * Read other people's messages before posting your own to avoid simply duplicating what has already been said. * Use a clear subject that describes what your message is about. * Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Problems regarding accounts or comment

     spring-summer-winter of 2004taps were working. That summer was when the Greek Olympic Games took place.

     7 March 2005: Taps were discovered and were immediately deleted as commanded by mother Vodafone, England .

     9 March 2005: A technician who worked in the company from 1995 and had specialty in mobile systems security, commits suicide.

     10 March 2005: The taps were reported to Greek PM.

     11 March 2005: The taps were reported privately to the government and to prosecuteors.

     3 January 2006 The whole story goes public.

http://www.example.com/

As a DNS administrator, the trailing dot is something I was very aware of (although I didn't know about the cookie implementation errors). I've always wondered why you never saw URLs such as http://www.example.com./, instead of http://www.example.com/ ? The later (without the dot) is subject to local DNS spoofing.

However, aside from the browser problems, it seems that web servers also mess up the trailing dot problem. Most servers won't recognize their own hostnames when the Host header has a trailing dot. Proxies are also clueless and confused.

In fact, I was always surprised that the HTTP and URL standards (not to even mention the horrid X.509 certificate standards) seem so careless about the canonical domain name representation. There's no requirement, nor even a warning, about any use of the trailing dot in domain names, nor that any software (server, proxy, or agent) should do any sort of canonical name equivalence checking.

As a DNS administrator, the trailing dot is something I was very aware of (although I didn't know about the cookie implementation errors). I've always wondered why you never saw URLs such as http://www.example.com./, instead of http://www.example.com/ ? The later (without the dot) is subject to local DNS spoofing.

However, aside from the browser problems, it seems that web servers also mess up the trailing dot problem. Most servers won't recognize their own hostnames when the Host header has a trailing dot. Proxies are also clueless and confused.

In fact, I was always surprised that the HTTP and URL standards (not to even mention the horrid X.509 certificate standards) seem so careless about the canonical domain name representation. There's no requirement, nor even a warning, about any use of the trailing dot in domain names, nor that any software (server, proxy, or agent) should do any sort of canonical name equivalence checking.

Once I looked at the website scamming PayPal (it was somewhere in South America) to see if I could get anything out of the server stats (http://example.com/server-stats) and other such Apache functions. To my horror, the Perl script that would accept input from the "verification" web page had several hundred hits. Either people are submitting bogus information, or hundreds of individuals are being fooled by these scams.

: 0 (Logged-in users start at Score: 1). Create an Account! To confirm you're not a script,
please type the word in this image: random letters - if you are visually impaired, please email us at pater@slashdot.org
Allowed HTML

1. • 
     URLs
     http://example.com/ will auto-link a URL
     Important Stuff
     
             * Please try to keep posts on topic.
             * Try to reply to other people's comments instead of starting new threads.
             * Read other people's messages before posting your own to avoid simply duplicating what has already been said.: 0 (Logged-in users start at Score: 1). Create an Account! To confirm you're not a script,
     please type the word in this image: random letters - if you are visually impaired, please email us at pater@slashdot.org
     Allowed HTML
     

     
        

     
     URLs
     http://example.com/ will auto-link a URL
     Important Stuff
     
             * Please try to keep posts on topic.
             * Try to reply to other people's comments instead of starting new threads.
             * Read other people's messages before posting your own to avoid simply duplicating what has already been said.

: 0 (Logged-in users start at Score: 1). Create an Account! To confirm you're not a script,
please type the word in this image: random letters - if you are visually impaired, please email us at pater@slashdot.org
Allowed HTML

1. • 
     URLs
     http://example.com/ will auto-link a URL
     Important Stuff
     
             * Please try to keep posts on topic.
             * Try to reply to other people's comments instead of starting new threads.
             * Read other people's messages before posting your own to avoid simply duplicating what has already been said.: 0 (Logged-in users start at Score: 1). Create an Account! To confirm you're not a script,
     please type the word in this image: random letters - if you are visually impaired, please email us at pater@slashdot.org
     Allowed HTML
     

     
        

     
     URLs
     http://example.com/ will auto-link a URL
     Important Stuff
     
             * Please try to keep posts on topic.
             * Try to reply to other people's comments instead of starting new threads.
             * Read other people's messages before posting your own to avoid simply duplicating what has already been said.

As long as the browser has the ability to respond to all pings or respond to some pings or respond to no pings, depending on a user pref, I think the default should be to respond to all pings. Just like when I load slashdot.org they link in Javascript scripts from TWO different 3rd parties (Google Analytics and something else). These pings don't do anything different than URLs like http://www.example.com/redirect.cgi?http://www.foo bar.org do. In fact, the pings discourage the use of lame URLs like http://www.example.com/redirect.cgi?s0m3_w3bs1t3 where you have no idea where you're headed until you click the link, so in that sense they'd be a marked improvement.