Slashdot Mirror

← Back to Domains

Domain: freenode.net

Stories and comments across the archive that link to freenode.net.

Comments · 59

  1. Nope by kuzb · · Score: 5, Insightful · on PHP and SQL Security

    This is not an issue dealing with PHP and MySQL, this is an issue with weak programmers writing bad code, and I'm sorry to say, you find it in every language. As a regular in #php on freenode, we are constantly correcting bad coding practices.

    In fact, it's not uncommon to find people using GET and POST variables straight out of the box without any kind of validation whatsoever. Many people do not learn the de-facto first rule of web programming: the user can not, and should never be trusted.

    To make matters worse, applications like PHP-Nuke spring up which are notorious for sloppy coding practices, and people tend to see them as reflect on the PHP community as a whole. That's like blaming the C language because someone, one day, wrote some bad code in it that got someone else hacked. This happens all the time, but we don't make claims like "C security is weak". Instead, we worry about the truth of it, that the programmer in question did a bad job, or just flat out missed something.

    One of the key points that seems to trip most novices up (and granted, this is one of the stupider moves presented by the PHP Core Development team) was a thing called magic_quotes_gpc, which attempts to auto-escape incoming GET, POST and COOKIE variables in an attempt to sanitize user input. This is usually a double-edge sword because newbies are typicly not aware if it is, or isn't on. In later versions, this is on by default, and does prevent many SQL injections from occuring. However, for the more experienced user, having your input auto-munged can be something of a pain. Unfortunatly, to write truely portable code one must test this value and normalize data accordingly.

    The issues don't stop there though. I've seen many a more serious faux pas committed by the newbie. Another more serious flaw that I see happen on a regular basis is the use of user data within include statements without proper path checking. This is probably one of the more disasterous errors I see occuring because it typicly exposes sensitive data. There has been more than one occasion where i've shown a user their own passwd file in a browser to make my point.

    Anyhow, to the newbies: we, the more experienced people of PHP are on our own quest to educate people, many times in a one-on-one basis on Freenode. If you're not sure about a particular issue, grab an IRC client and ASK US (irc://irc.freenode.net). We're there to help!

  2. Free and Open Source Software for Blind people by gustgr · · Score: 5, Informative · on Peripherals for the Visually Impaired?

    The following programs make the console accessible for blind people worth downloading. One of the administradors of the FreeNode is legally blind and use the first one:

    SpeakUp
    EmacSpeak

  3. Re:From what I gather... by Anonymous Coward · · Score: 0 · on What's The Fastest Growing Linux Distro?

    "it's always suggested when someone asks for a new distro(I won't say where though as I'm afraid of being laughed upon ;))"

    Ah, so it's in #gentoo on freenode.

  4. I don't know if this is true by gustgr · · Score: 3, Interesting · on FBI on the Windows Source Code Theft

    but at freenode a guy said he downloaded the source in one of his company computers and on the other day the admin/root got an e-mail from Microsoft with a warning and the IP which did the illegal download.

    As one have already said here, the best thing to do is to stay away from that file.

  5. Never occured to me... by Chris_Stankowitz · · Score: 1 · on The Linux Documentation Project Turns 10
    that people (linux users) would have not known about How-to's. Makes me wonder if they are also unfamilar with other means of getting thier linux questions answered. So here goes:

    You can find help using Google Group Search!

    or

    Get some questions answered in "real-time" on IRC, connect to any Visit Freenode Server! and join channels like: #linuxhelp, #Gentoo, #xf86, #security, #Debian, #etc....etc...etc...

  6. Like me... by mirabilos · · Score: 1 · on EvilWM - Minimalist Window Manager

    Hm, you are not me, but you feel about
    evilwm like I do.

    OTOH you're coming from fvwm, with which

    I could never become friends. I used IceWM

    a lot before, but didn't really like X and

    didn't even consider it an xterm multiplexor

    until some guy in #OpenBSD recommended evilwm

    to me (I don't know any more who it was, I

    think I'd kill him for making me, a console

    fanatic, use X).

    I even put evilwm into the "base system" of

    the OpenBSD fork I maintain.

    So you wouldn't have to install it manually,

    and I needed to get a replacement for wm2 which

    didn't compile cleanly after gcc 2->3.

  7. Re:Open Music Registry by Beatbyte · · Score: 3, Informative · on Free CD-Quality Music

    They're so good, the even have a working site here. ;)

  8. DaveDina is trying to.. by Cpyder · · Score: 5, Informative · on How Close is the Open Entertainment Center?
    ..create a "complete" multimedia center, with open source software. It's based on RedHat Linux, and features DVD playback, MP3/OGG (with an ingenious ranking system), tv-recording (time-lapse viewing coming soon) with automatical importing of program guides from the web, a picture browser, games (including MAME!).

    It's also being equiped with communication features such as e-mail checking, a phone answering machine, and even a who's-rang-the-door feature.

    Check it all out at their website, davedina.apestaart.org, and join their mailinglist!

    You can also come hang out at #davedina on Freenode

  9. WOPN by sharph · · Score: 1 · on Discovering New Music?

    Try WOPN. its owned by freenode, formerly OpenProjects. Come and chat in #wopn on irc.freenode.net, too. Its got an OGG stream, so you get good quality with low bandwidth.