Domain: naken.cc
Stories and comments across the archive that link to naken.cc.
Comments · 28
-
goatse assteroids
They left out this http://www.naken.cc/java/goatse/
:) -
This might help...
...thanks, Naken. I'd like to see VB2Ruby one day, please, if any of y'all have some free time.
-
Patch here...
-
Re:IIS?
Hmm, you could use ASP2PHP as a starting point, but the ADO stuff will probably have to be rewritten. This is a good reason to centralize your database code in one place, it makes it much easier to make changes.
-
Re:Gartner Group
I remember many moons ago, there was a program that could convert ASP to PHP - I wonder if it still exists and how good it is these days if so..?
Are you talking about ASP2PHP over at asp2php.naken.cc? The biggest things it doesn't seem to support are COM objects and MS SQL Server connections, at least according to the FAQ. -
Re:Gartner Group
I remember many moons ago, there was a program that could convert ASP to PHP - I wonder if it still exists and how good it is these days if so..?
Are you talking about ASP2PHP over at asp2php.naken.cc? The biggest things it doesn't seem to support are COM objects and MS SQL Server connections, at least according to the FAQ. -
Hard stuff? Or bloody dangerous stuff?
Open/Star Office isn't doing the easy stuff yet its miles away from the hard stuff like OLE and Macros with VBA calls.
If you want OLE-stye operation, try gobeProductive. I presume you're under Windows, because you speak of OLE, which is good because the Linux port isn't really stable yet. gobeProductive is wetter than the wettest dreams of Microsoft's OLE development teams in terms of smooth integration.
As to the VB macros, no, thank you: I'll take the rusty spike in the ear instead. If you wanted to do that, you could hammer GnomeBASIC* into OOo and have a winner. I'd rather have Ruby, or failing that Python, and there are reprobates out there with a PERL fetish.
If you want Office macros to be useful elsewhere, I'd suggest throwing lots of money at Michael Kohn and asking him to write a OfficeBasic-to-ScriptingLingoOfYourChoice translator.
* I was a little miffed that they didn't call it something like Gnome Windowing BASIC so we could have a useful GeeWhizBASIC again.
-
ASP migration - use asp2php
http://asp2php.naken.cc/
Cool logo aswell - would make a great T-shirt.
Of course, translating that ASP to PHP is half
the story; if you're offering to host an app
for someone, you have to get them to give you
a plain text export of the database, in a format
that you can then import into MySQL.
Definitely not a tape backup from MS SQL Server
(which has its own special tape backup format!),
even when the whole thing compresses down to
less than a floppy in size... -
Re:Apache + ASP/VBScript
The first thing that springs to mind is an ASP -> PHP converter that I've heard of, called 'asp2php'.
Perhaps a more 'correct' way of doing things would be to use the ASP-mimicing PERL functions (although I'm aware that this isn't exactly what you were asking for, it's the most 'neat' manner, if you really
/have/ to use ASP-based nonsense).A search through Google is the most obvious place to look, however, which turns up, amongst others, a thread on PHPBuilder, which suggests Apache::ASP, which, AFAICT, uses the abovementioned PERL module (given that it requires the Apache module mod_perl).
HTH.
-
In theory...... you could be able to use ASP2PHP while staying in a familiar (Windows/IIS) environment as long as possible:
- Install PHP on your IIS server.
- Convert your ASP to PHP using ASP2PHP and get it running on Windows/IIS/PHP.
- Install Apache with PHP on the Windows box. Get your site running on Windows/Apache/PHP.
- Install a new box with some securish Unix lookalike or other and move the site over.
Whose idea was it to put Windows servers on the 'net in the first place, anyway?
Cheers
//Johan -
In theory...... you could be able to use ASP2PHP while staying in a familiar (Windows/IIS) environment as long as possible:
- Install PHP on your IIS server.
- Convert your ASP to PHP using ASP2PHP and get it running on Windows/IIS/PHP.
- Install Apache with PHP on the Windows box. Get your site running on Windows/Apache/PHP.
- Install a new box with some securish Unix lookalike or other and move the site over.
Whose idea was it to put Windows servers on the 'net in the first place, anyway?
Cheers
//Johan -
The .asp stuff can be migrated with ASP2PHPASP2PHP will convert the ASP code into PHP for you. Haven't used it myself so I don't know how well it works, but it's GPL so you can just download it yourself and try it out if you're interested. I agree that ActiveX stuff (aka "vendor lock in") is still a problem though, but ASP2PHP may be a good first step.
Cheers
//Johan -
Migration tool: ASP2PHPI haven't seen any posts about it, but I think that ASP2PHP deserves some attention. A migration could (theoretically) be done like this:
- Download and install PHP for IIS on Windows.
- Convert your ASP pages to PHP (using ASP2PHP).
- Get it running on IIS.
- Replace IIS with Apache (still on Windows).
- Replace Windows with some secure Unix lookalike or other.
Cheers
//Johan -
The Real Fix
The real fix is to disable the extention mappings for things like
.ida/.idq and so on
The real fix is to install some other web server. If it supports PHP you can also migrate your VB ASP scripts using ASP2PHP. But maybe you don't want to drag extinct-but-doesn't-know-it-yet methodology and technology across to your shiny new server?
And... since you're changing such a major server component, why not change the whole server so that you're not, one day, forced to upgrade to Windows XP and bleed money for insecure software for the rest of your life? Install Service Pack MAXINT today!
-
Service Pack MAXINT, step by step
For a straight A: fix the problem forever by replacing NT with Linux...
Shouldn't be too hard to alter one of the standard installers to:
- Download a minimalist CygWin kit
- Pull down a second-stage installer
- Shrink a partition, live (might have to defrag first)
- Add three new partitions in the shrinkage (swap, image,
/var) using ReiserFS for the data partitions - Download and write a base Linux installation image into the image partition
- Download and install suitable drivers for (e.g.) video card
- Set up Linux config of network interfaces, DNS, webserver, video, etc from Windows config
- Copy all active websites into
/var/www - If any actually use ASP, download, install and use ASP2PHP on them
- Make the service pack ingredients available via HTTP so that daughter sites can fetch from here istead of home base
- Break all passwords and copy them across to PAM (invent a new root password)
- Put the new root password on the default background wallpaper
- Reboot into Linux, auto-login as root, and restore DNS/web service
- Migrate all (in case something didn't translate) Windows data into
/var/WASWINDOWS - Set up a listener at default.ida to react to future CodeRed probes
- Go through the logs and process all attacking sites
What have I forgotten? -
Use this tool, you can install Service Pack MAXINT
The magic word is ASP2PHP. Apply this to the offending projects, kiss IIS and Windows goodbye forever. Ahhhhh! Feels so good! Won't run down your battery! Made entirely from all-Open ingredients!
Encourage the author (Naken) and you'll soon be able to bin VB screen apps as well. Woohoo! -
Don't forget the scriptingASP2PHP will pretty much solve that little issue for you. And remember to set up your new Apache-on-Linux installation for automated security updates. We work while you sleep. (-:
-
Instant partial solution
The problem with security is not that we don't know what to do. The problem is that so many of us don't do anything. That is what alarms Gibson, and in that he is correct. There are so many machines not being properly managed that damage is inevitable.
Given that at least four components are necessary for a crack to be effective, removing any one of them will prevent the problem. These components are: malicious code, vulnerable service or device, access to same, lack of fixes or unwillingness to apply available fixes.
Evolution suffers the same type of problems. Hypermutation was recently discovered in components of an immune system and many hands were waved about what this proved. What was not explored was the nature of the mutations. They are almost deliberately allowed to ``go wild'' within very strict bounds, and the result (which would be disastrous outside the immune system) is that a large set of possibly useful responses are produced and tried as antigens in a very short time. However, if any one of a large set of very specific conditions were not met, hypermutation would be lethal. And you can safely bet that any retractions of the previous headlines will be four lines of fine print on page twenty.
So, given that convenience will tend to be chosen over better security (and partly becuase if an administrator goes for a more secure but less convenient solution they may actually suffer a greater security problem by encouraging (for example) undocumented sharing of passwords), a solution such as replacing Windows plus IIS with Linux/*BSD/whatever plus Apache will actually work, and much better than telling users and administrators that they're idiots. They either know that and have to live with it, or don't know it, never will, and will be annoyed every time someone tries to point this out.
ASP2PHP exists, and works, so there's no really sound reasons left for running IIS. It's also (especially in the name of avoiding monoculture) worthwhile checking out alternatives like Zope. The combination of an inherently more reliable service, and automated updates (I know that Debian, Mandrake and RedHat - at least - have these) will remove a vital section from the crackers' stairway to heaven.
Where Mr Gibson does score is in that not everyone needs to be running vulnerable servers to swamp and drown the Internet. Just enough twits to do the job. I'm currently wondering what social effect would drive IIS market penetration up 4% at the very instant this it's been shown to be a public menace. Again. Remember that it's been copping buffer overflows for the best part of a decade now, and doesn't look like stopping.
-
Re:60 % Apache is not all unix
Check out Apache::ASP, Sun Chili!Soft ASP or even better move on over to PHP using ASP2PHP.
-
MSN: Chinese Web Attack Fizzles on Whitehouse
[subhead] Microsoft Opponents Frustrated As Worm Proves Harmless
MSN will focus on the political issues and try to avoid going anywhere near the 196,000+ systems infected, and similar issues.
Ummm, if the cracker has any brains (and any malice left) (s)he'll get his nice, fresh list of over two hundred thousand known-vulnerable targets and release a different worm that targets a number of whitehouse systems using a mixture of DNS and IP addresses. And maybe saves itself to disk and restarts on boot.
Meantime, for the longsuffering ASP dependents, we heartily recommend visiting the ASP2PHP website. And if you're not using ASP, put IIS+Windows in the bin now and install something decent in its place. Mandrake 8.0 should do. -
two cents worth
I wouldn't know the comparisons between PHP over Windows and a Nix based machine, but should you want to switch over quickly check out ASP2PHP this way you don't have to write tons of code over. I used to use PHP last year on one of my sites but moved to a hacked version of ePerl since PHP caused high loads with the scripts I had running.
Now what was scary in my eyes was the fact that the scripts were nothing but random image and random quote scripts, and it brought the load on the server extremely high and if you think that the average 6.75 load is not high for nothing but random quotes, and images then your off your rocker since I've got it down to an average of about 2.something. Anyways I guess it depends on what it is your doing.
mod_python is pretty neat for gui based stuff but again it can be a mem hog in its own right. Only way to get a good enough grasp is to just try it out, it certainly won't kill you lest you change all your production machines without testing. (hey I've seen it done)
Another quick note is, stay a bit weary of reviews of ASP vs. PHP or other since no two systems will be configured to do the same tasks, and your always going to get a biased opinion whether its from an ASP developer or PHP developer. I've had my share of reading articles claiming one is better than the other for X reasons. Best case scenario TIYASOYO. (test it yourself and see on your own) -
why not use...
-
Other ASP solutionsIf you've got to use ASP, there are a number of solutions that already work on BSD!
The most complete is a commercial package from Halcyon Software, called Instant ASP. There's a comparison between iASP and Chili!ASP on the site (hard to find just with their links). Since iASP is Java (servlet) based, it also makes a decent package to support migration from ASP to JSP.
There are also at least a couple free ASP tools that work fine on BSD: Apache::ASP (Perl only), and ASP2PHP, which supports a certain amount of automatic conversion from ASP VBscript pages to PHP.
-
Using Access with PHP, mySQL
It is very possible to develop your db application in Access and use mySQL as a backend. Use myODBC (free software, stable). Once you install this driver, you can create a machine data source to point to each of your mysql server's db's. Next, create your tables in mySQL. Then, create an mdb (Access application). Instead of creating new tables in Access, use the Link Table feature, select your myODBC data source, and then develop your application as you would have if you had created your tables in Access.
So, you want to web enable this with PHP4? Can do! Access is capable of exporting an ASP application which manipulates your db via ODBC (MS assumes you are running IIS, Win2K). You may take this exported ASP and use the asp2php application to crank out php code. A simple find-and-replace operation should be able to correctly point PHP at mySQL instead of Access.
Whatever you do, you should let the boss know that it needs to be web-enabled. Browsers are free, Access is not. Unfortunately, Access-generated ASP files fail the XHTML 1.0 validator post-processing miserably, and I don't think they even use external CSS.
All this can be accomplished much more easily with a plain old mySQL client, emacs, Apache and PHP. Perhaps someone could start a benchmarking project to compare processing time for functionally equivalent scripts on the PHP4+Zend/mySQL/Apache/Linux and ASP/SQL-Server/IIS/Win2K platforms. That way you could have some tangible evidence to use to convince your boss to get off the MS soap box.
Good luck.
-
Re:There Can't Be Much Difference...
I've met a Basic programmer some (long) time ago that hated C, but was forced to learn it.
He would be interested to know that C is so much alike Basic, after all, it can't be much different if there is a tool to convert basic to C.
And I've a web developer here that got frustrated by ASP on *nix, so he is learning PHP, he would also be amazed to learn that there can't be much different between ASP & PHP because there is a tool to covert ASP to PHP.
-
...and has already been more than half done
-
Perfect, but we need one more thing!
We need, a VirusBASIC-to-Python translator. Yes, it will result in buckets of poor-quality Python, but it will enable heaps of VB programmers to make the Right Decision{tm}, just like that bloke's dual-boot Athlon did.
By the way, Michael Kohn already has the hardest part done, and done well. That was a hint, guys... -
Good suggestions here, but not complete.
Here are a few technologies to consider (using Perl):
There are many more, but these are the ones I would consider for people who already know ASP. Apache::ASP looks like a very mature and solid product, as does Embperl. I would trust either of those.
Also, is there a business need to convert the existing ASP code to work with the new platform? If so, you might consider looking into ASP2PHP, if you're already considering PHP. The author says that it will convert most of the code to PHP.
Also, I can tell you that there is (sort of) a project in the works right now to build an ASP to Apache::ASP/Perl converter and/or interpreter. To follow this, just keep an eye on the mod_perl mailing list at one of the archive locations. It will probably be called VBScript::Parser. See http://perl.apache.org/#maillists for a list of searchable archives. Most of them are updated weekly.
Also, I've noticed some comments along the lines of "JSP is without a doubt the best/fastest technology out there". Uh... Where is your proof on this? I have a suggestion, go to the mod_perl mailing list and make this statement. See where it gets you. According to them, "It's widely accepted that server side Java solutions such as JServ, JSP and JRUN, are far slower then mod_perl solutions" (http://perl. apache.org/perl_myth.html#Java_does_away_with_the
_ need_for).That being said, I think that JSP is a fine technology, and there is nothing wrong with using it. I'm about to embark on a project myself using JSP. Just don't try to tell people it's the "Holy Grail". That's more than arguable.