Slashdot Mirror

Wrote this: NetUSE workflow Manager.

Kristian

"Worldwide and 7*24h Support" and "Open Source" are no contradictions. I think we (NetUSE) are not the only company to offer support for Open Source products like SSH, Squid, Apache etc.

Typical customers purchase support like helpdesk, patch services or (espescially for Solaris) packaging.

It's not a lot of work to offer SSH packages that you can remove and install in a newer version without a new host key. But it's those small things a lot of customers pay gladly for.

Thanks to Open Source and the community, companies like are ours usually faster with patches than a lot of other big software companies i could name.

On the other side the Open Source products get a benefit when enhancements on the request of customers (LDAP support here, there another command line option) find their way back into the community. I believe this is win-win at its best.

Open Source says "you can patch/modify/package it by yourself". But it's not a holy duty to do so.

Yours, Martin

P.S. If you want to use OSS and don't know where to spend your huge support budget, feel free to contact me ;-).

1. Why and how is a computer program expressive speech? What does it express?

A computer program, represented by source code, is free speech because I lerned about as much about all that computer stuff from reading source code as I learned from lectures and books. A piece of source code expresses the authors understanding (or misunderstanding) of a problem domain and ideas how to solve the problem. The PHP Base Library (PHPLib) for instance is a comprehensive guide to session management and user authentication for web applications. Sure, there's also a manual, but a lot of detail is buried in the actual source code and nowhere else. And reading the source code gives me confidence the authors know what they do. Source code examples posted to Usenet, on the other hand, often show common errors or misunderstandings, and thus trigger discussions on style, security, robustness, etc.

A compiled, binary program can be expressive speech as well. For instance I am interested in typesetting -- since I used LaTeX for the first time, and though I never looked at the source code. I understand formal languages much better after playing with Lex and Yacc and AWK, which represent generic concepts for interpretation of certain classes of formal languages. Even without myself looking at the source code, those programs told me something, something their authors had written down carefully in a programming language. If that's not expression, there's no expression at all in any language.

The question should read: Why may computer-illiterate people consider computer programs being different from expressive speech, and how could they be educated?

Oh, and a final reminder: Freedom of speech has been invented to protect you from powerful entities who don't like whot you say.

Try FastTemplate.
or Smarty which also processes the templates into ordinary php files on the first run (to reduce overhead).
Also PHPLIB which has many other uses including session an database management.


DILBERT: But what about my poem?

If you need to be able to grow to form a huge community, then you'll need slashcode.

But if you are talking about a few thousand visitors per day, you should look into any of the following slash-alikes:

• PHPslash
• Squishdot
• ThatPHPware
• scoop
• SlashJ
• sips
• localecho
• twig
• ASPslash
• phpweblog

Methinks this would have been a better question to ask on Slashcode.org instead of here on Slashdot itself.

I like his argument, but his .sig really
pisses me off. Slashdot's forum is a public
place. Anything you say here can be quoted
as if you yelled it on the streets of Miami.
That is the result of public expression.

Quoting, or more properly, citation, is covered under fair use. Look it up at Brad Templeton's site: Myth 4, third paragraph:

Fair use is almost always a short excerpt and almost always attributed. (One should not use more of the work than is necessary to make the commentary). It should not harm the commercial value of the work -- in the sense of people no longer needing to buy it (which is another reason why reproduction of the entire work is generally forbidden.)

Also, by simple act of posting my comments here on Slashdot, I obviously implicitly allow copying of my content for the purpose of conducting a discussion on Slashdot. This includes viewing, printing, quoting, and all other uses necessary to have a discussion here on this site. Copyright law explicitly protects such uses.

Use of my text outside of Slashdot, for example in a book published by Andover, or on a Best Of Slashdot CD-ROM, or in other places or for purposes other than discussion here on Slashdot requires a license. That is, I have to explicitly grant you the right to use my words.

Copyright does not cover names, trademark law does that.

Copyright does not cover ideas, patent law does that.

So if you like what I write, but I would not grant you a license to use my words, you could always phrase the ideas I convey in your own words, or express them differently (i.e. using no words at all). That should be differently enough in order not to qualify as a derived work, though.

And finally, when asked, I usually grant the license to use my words for free - completely, unaltered and with correct attribution as well as a pointer to my homepage. I do like to get 1-3 free reference exemplars of printed matter, and pointers to the sites where my words are hosted. Also, I will not grant license to use my words for free, if you sell them. If you make a living by selling my words and my works, I demand a sensible share of that money.

If you want to read my words, and my works, please go to my homepage. You find it at http://www.koehntopp.de/kris. I keep freely accessible online copies of everything I have written and deemed useful, whether sold or not. I make my contracts in such ways that I can maintain this website with my works so that you can access all my published articles and USENET posts as well as my open source projects.

Copyright law may be not an ideal solution, and may be an annoyance sometimes. But there is (or at least was at some point in time) reason behind it and used sensibly and nonoffensively, it can be actually useful to protect the interests of the public as well as the interests of the author. Just try to think, and use Google, before you flame.

© Copyright 2000 Kristian Köhntopp

Yeah, this attitude is frustrating. I love PHP, I code in it daily. Me an PHP, we go way back ;-)

I do want to point out however, JDBC the unified DB API for Java is a very appealing feature. ODBC is a very slow API and requires a Microsoft environment to run your DBs (I think there might be ODBC implmentations on Unix [variants] but this is hole in my knowledge). I have developed *many* DB (MySQL, MSSQL, mSQL) apps with PHP and what I would give to have the flexibility of a unified API.

I have heard that phplib can mimic a unified DB API but I have not yet used it for fear of performance problems using an external foreign 'lib'. I gather this mainly from the fact that many great PHP+MySQL projects do not use phplib and have the problem of porting to other DBs

If you are a phplib fan and want to try to convince me I am all ears.

At several points in its history, Slashdot's
owners had a very liberal attitude towards
the ownership of the words of its contributors.

For example, Slashdot once had a notice claiming
copyright of the entire page when in fact most
of that page were user contributed comments. Also,
Slashdot was trying to bundle and print a number
of user posts as a book without contacting the
original authors first.

I added the Copyright notice to my posts in order
to visibly claim ownership of my words - not that
this would be necessary under current Copyright
legislation in Germany or the US. But it works
fine to remind everyone of the current legal
situation with respect to the content I and
you and everyone else here creates.

Note that I am usually very generous with
my own content: I maintain a page where I keep
everything that I have written
and sold online and readable for everyone for
free. If you ask me beforehand, I will usually
grant you the needed rights to republish something
I have written. I also maintain or have maintained
a number of FAQs (currently the de.comp.lang.php
FAQ) or HOWTOs (formerly the Linux Partition
Mini-HOWTO) and I maintain a popular PHP package
(PHPLIB).

But I want to know where I am published and why
and that is why I require that you ask me before
you work with my words. Hence the disclaimer below
my posts.

© Copyright 2000 Kristian Köhntopp

Remeber, PHP is a tool, tool can't determine it's use. It is the programmer who tells the tool how to work.

Finally some sanity among the PHP-bashing!

One other thing I'd recommend, if you chose the PHP route. Use PHPlib. It does a lot to help clean up a few rough edges around PHP, like:

• Database Abstraction - Write code that can work with a number of SQL backends: PostgreSQL, MySQL, Oracle & OCI8, ODBC, mSQL and Sybase are supported.
• Sessions - Added session support to PHP3. Somewhat obsoleted now that PHP4 has sessions; I believe a compatibility layer for PHP4 sessions is in the works.
• Authentication & Permissions - Much more flexible than HTTP authentication.
• Templates - PHPlib has it's own template class, similar in concept to FastTemplates.
• Object Oriented convenience classes for tables and forms.
• More that I can't think of right now...

My $.02...

I'd also point out that phplib has a nice abstract database interface that wraps the pg_ functions with ones that will work with both mysql and pgsql (and others). I've seen a couple of cases recently (bookmarker, webcalendar) where apps which were written using phplib and mysql were easily ported to pgsql.

There are two routes you can go for using templates with PHP, FastTemplates and the PHP Base Library's ("PHPLIB") Template.

So how are they different? FastTemplates was originally a Perl library that was ported to PHP. FastTemplates works well for Perl programs, but it's not ideal for PHP. Kristian Koehntopp wrote PHPLIB Template from the ground up as a pure PHP library to better take advantage of the capabilities of PHP. One advantage to Kristian's design is that it parses templates with preg_replace(), which is said to be faster than FastTemplate's reliance on ereg_replace(). Another advantage of PHPLIB Template is it allows dynamic blocks to be nested, unlike FastTemplates.

For those reasons I prefer to use PHPLIB Template, but you do have a choice of the two libraries.

It may be worth also mentioning the XML approach. XLT is an XML based format for templates, so you might want to look into that. PHP4 can parse XML, but there isn't code to specifically parse XLT as far as I know. XML or XLT are options if you need them, but they're probably more involved then you would need for most PHP projects that really just need templates.

And for a nice tutorial on PHPLIB Template, look for my article on phpbuilder.net sometime soon (assuming the editor over there decides he wants to publish it). But even if my article doesn't get put online there, it is a very nice site for PHP info.

Why is this technique so useful compared to session-id tracking? I don't believe that it really is, or why such a fuss should be kicked up about it :

If I understand it correctly, it simply replaces the session ID normally stored in as a cookie/get-var in the hostname.

This would lead to extremely user-unfriendly domain names, and surely it would really bugger up users trying to bookmark the site (stale sessions could stay in bookmarks for a LONG time).

Also, its simply not as efficient as session IDs, which after one unfriendly GET, tend to store their results in a cookie which is transparently passed around. Surely dynamic DNS would all have to have really low TTLs and generally slow down site access if you have to do a large number of DNS lookups (which can be the slowest stage in an http access cycle?)

As I see it, the only problem with the session-id method is that it complicates serverside scripting, but with simply superb tools like PHPLIB all those details are abstracted away from the user. And also PHP4 has built in session handling to simplify things further. IIS has similar modules for ASP developers, and I'm sure others exist forother scripting languages (mod_perl? dunno ...)

So while this might be of interest to some specific applications, I can't see it revolutionising the whole ecommerce industry with its cunning "new" user tracking system.

But then again, I might be talking bull :) Do correct my bullshit if it is that, please.

There is no need to store the password in cookies. When I build a website (in PHP) I always keep sensitive information in session variables at the server. The only thing stored in a cookie is the session ID.

One could even argue with that because I've heard of bad proxies caching cookies :-(. Anyway, if slashdot would use sessions there would be no need to store passwords in cookies. Also, the way it is now, the password is sent across the wire (in CLEAR text) at every page request. This is very bad.

To see a real nice solution to this check out PHPLIB. It uses a challenge/response type authentication and sessions. The challenge/response requires Javascript (:-) to generate the MD5 hash of the password together with the challenge so it is never transmitted across the wire in cleartext.

Check out this URL for a PHP version of Slash:

PHP Slash

Whoops! Try this:

http://phplib.netuse.de/download

Well, considering how people were mentioning wanting a php-based slashdot earlier I guess I should plug phpslash Seeing as I work on it and all:)

It's not slash0.9, (based on slash0.2 with improvments) but it's in php and in resonable development with plans to add all the current slashdot goodies.

Thanks for the info--Scoop looks like it could be a wonderful thing! I've created an accout and I'll keep an eye on it. Please make it easy for us to help you! I'm no Perl guru, but I'm learning, and I'd love to help out on something like Scoop. If you added some detailed info on how to contribute and how the code is structured, and put it on the front page, I'm sure you'd get more volunteers.

You might be interested in PHPSlash, which is another attempt at creating a Slashdot-like system under the GPL. You may have a preference for Perl over PHP, and there's nothing wrong with a bit of healthy competition! On the other hand, there's a few volunteers working on PHPSlash already, and because it comes from the developers of PHPLib you'd expect the quality to be high.

Is this going to be the new "hot grits down my pants" / "Natalie Portman" troll of the next few months?

Do people really think that replying to every story post on Slashdot with "So when is Rob going to stop being a hypocrite and release the Slash code" or comments to that effect will make him move any faster? I want to play with the Slash code too; I have an idea for a LARP (live action roleplaying) forum and I think a Slashdot-style site would work well for it. I've tried playing with the 0.3 tarball (with what litle time I've had to play with it) and would like to see the changes in 0.4 before I put any more work into it. But even I'm getting tired of people badgering them about it!

If you really think that Hemos and Taco are such huge hypocrites, or that Slashdot is going downhill because of mindless MS bashing and rabid Linux zealotry at the expense of common sense, then go the hell away. Find another tech site that will give you the info you want (or go and start one yourself) and let those of us who like Slashdot the way it is, semi-closed source and all, be. Go and contribute to the OpenSlash or PHPSlash projects if you really want open code that badly.

• Squishdot (Zope)
• DOINS (PHP/Perl)
• PHPSlash (PHP)

I understand both sides of the issue. It is Rob's code. No law says he has to release it. But, out of respect for the community in which he has become such an icon, he could at least be honest about it. If the code is heading for a close source, then say so. If it is truely going for open source, give us a target date. We have heard 'soon' since mid-1999 at least.

Odviously, Rob, you are taking a bit of flack for this, and you must see that inflamatory remarks like the '24 delay' comment don't help the situation, though I understand your frustration.

I also understand that you probably won't give us an target, but you may find yourself catching a bit less flack if you give us a bit more than just an undefined 'soon'. Give us a plan with some meat. Will it be released under a standard GNU? A modified GNU? Will we have to link to Andover as well as Slashdot? What features will be included and what won't (moderation, PGP keys, karma, etc.) in the initial 0.4 release? Give us some positive discussion on the topic instead of just voicing you frustration.

Here is some info on slashcode help and alternative code bases:

The slash-help mailing list is here. This list discusses the original slashcode 0.3, as well as non-Malda flavors of slash and the pro's and con's of each.

A forked version of the 0.3 code is availible here.

PHPSlash is being developed independently of the Malda crew. It can be had here.

A Zope version called Squishdot is also availible.

DOINS is also an alternative slashcode base, though I've not worked with it personally.

I've seen some comments about slashsites not giving credit to Rob and Co. Please remember that these other versions of the code exist and are completely seperate. So, just because a site looks like slashdot doesn't mean its using Rob's code. That said, most of the non-0.3/0.2 sites are run by fans of Slashdot and so have links to it. Squishdot for example.

• PHPSlash
  DOINS
  SquishDot
  

But isn't that what Open Source is about? Some additions to the Slash code may fix /. bugs --some maybe additions that don't interest the /. folk, but there are plenty of sites that can use/need a /.-like format and would love to add them --like mine, based on PHPSlash --a PHP port of Slash.

I haven't changed PHPSlash significantly yet, but when I do, I will surely roll back my changes to the CVS --that's what open source is about: a few hobbyists joining forces to produce something better than what they can by going at it alone. This is what this forum has been preaching all along, yet its own engine is closed source.

If the /. overlords are so short-sighted as to be afraid of releasing Slash, why are they preaching Open Source to begin with? Let me tell you: I've been running a /.-like site (on a totally different subject BTW) for 2 months now, and I can tell you that the back end has nothing to do with how popular a site is. Content, word-of-mouth, links, willingness of people to come out and post comments (where I am failing right now BTW) are vastly more important.

Technology is not the end-all-be-all. Technology (i.e. code) is a tool, a means to an end. The end is service, entertainment, ideas, what have you. Not some KBs of Perl code.


engineers never lie; we just approximate the truth.

I gave up on waiting for a Slash release. I was looking for a similar /.-like engine for my site, and after some research I settled on PHPSlash. It's at least a generation behind /. --no user accts, no dynamic homepages, no moderation-- but: a) it's Open Source, with a decent enough following, b) it's based on PHP, which I wanted to learn.

FYI, there's also Squishdot (sorry no link in my RAM ;-) based on Zope and a coupla interesting projects on the Java Apache pages.

I agree with the other comments though. The /. overlords should be releasing Slash, even as a rough draft, just so to put their code where their mouths are.

engineers never lie; we just approximate the truth.

The slash-help mailing list is here. This list discusses the original slashcode 0.3, as well as non-Malda flavors of slash and the pro's and con's of each.

A forked version of the 0.3 code is availible here.

PHPSlash is being developed independently of the Malda crew. It can be had here.

A Zope version called Squishdot is also availible.

I've seen some comments about slashsites not giving credit to Rob and Co. Please remember that these other versions of the code exist and are completely seperate. So, just because a site looks like slashdot doesn't mean its using Rob's code. That said, most of the non-0.3/0.2 sites also have mention and links to slashdot. Squishdot for example.

Here are my questions:

So far slashdot is the only site I know of that IS a self-moderating community. If other code bases begin creating moderation/metamoderation models, are they in danger of a Malda patient on metamoderation/karma or the self-moderating community concept? I think I can guess at the answer, but it would be good to have some official verbage on this from Rob.

Those of us actively working with slashcode 0.3 etc. understand the nature of beta and don't expect a 1.0 release. 0.4 would be fine even it is doesn't work, like 0.3 didn't when it was released. We will gladly fix it. Given the long period of time that 0.4 has been promised (check here for a post by Rob back in June about releasing 0.4 and here is one in August), the fact that the slash community is not likely to forget that promise, and the fact 0.3 has rather silly Y2K problems (see the slash-help list archive for fixes) will you, finally release SOMETHING or admit that the Slashdot code is in reality and practice close sourced beyond 0.3?

Would you please add a link to the slash-help mailing list mentioned above (http://projects.is.asu.edu/mailman/listinfo/slash -help) to the www.slashdot.org/code.shtml page?

If it hasn't exactly shown in this post, Rob does great code. My compliments! You have us hooked and we want more! -Temple

You can find PHPSlash here: http://phplib.netuse.de/download/index.php3

Be aware that it is pre-alpha software (v 0.5.2). A website will exist at phpslash.org, but it is not there yet.

PHPslash distribution.

LetterJ

Anyone designing/reviewing an authenticeation scheme, should start with reading basic background info, like Pr udent engineering practice for cryptographic protocols" and related papers.

Once you have set up your design, review it, using proper tools for authentication logic. Start with BA N logic. Although old, it will catch most serious glitches. Then consider using some of the more complex tools available, like GNY.

Even the most sophisticated ciphers won't help if your protocol design is flawed. (original Kerberos was vulnerable to replay attacks). A clean protocol does not have to be complex. The wide mouthed frog protocol only uses three messages.

Remember freshness. A l/p scheme should at least have some form of challenge/response funcionality added to it. This does not have to be visible (add complexity) to the user. See a simple c/r scheme used by PHPlib (check the source).

Ok, I trailed off from the question, but anyone interested in authentication, and haven't already read academic papers on the subject, should check out the works of Burrows and friends.

If you can't wait for PHP4, then check out PHPLIB, which is one of the session management libraries for PHP3. Besides the session management class, PHPLIB also offers other classes for things like authentication, permissions, building forms and validating input, and a ton of other stuff I can't think of now.

Yes, it does take a while to figure out how PHPLIB works, but once you've figured it out you'll be hooked. I highly recommend it.

As far as Cold Fusion goes, I wouldn't recommend the Solaris version. We developed one of our sites in CFML and we had nothing but problems with the CF server. Hopefully the Linux version will be more stable.

-Philip
http://www.buymp3.com/

Here is how you do a foreach-loop in PHP:

reset($ary);
while(list($k, $v) = each($ary)) {
print "key = $k val=$v\n";
}


Here is how you speak to any database, using
the PHPLIB database abstraction:


$db = new DB_Example;
$db->query("select * from mytable");
while($db->next_record()) {
print $db->f("fieldname");
}


The DB_Example class is a subclass of DB_Sql provided by PHPLIB and knows the connection parameters (host, username, password, database) as well as the specific details of your DB server (such as vendor, protocol and the like).

Here is how you handle sessions using PHPLIB:


page_open(array("sess" => "Example_Session"));

$somevar = "somevalue";
$sess->register("somevar");

page_close();


$somevar will now be present on all session pages that use Example_Session. We propagate sessions using cookies, automatically and transparently falling back to other means if the user does not support sessions. In PHP4, session support is buildin and available without PHPLIB. You will be able to use PHPLIB with PHP4, too, taking advantage of the builtin support.