EVERYONE feels superior to everyone else if they're being honest.
I've never understood this sentiment. I have no such delusions that "I'm better than everyone else" because by any standard, there are people who are more exceptional than me in every way and/or people who exist that I cannot compare to. How people can even have this "feeling" is a mystery to me. That's being honest, and I'm sure that it's not a special case in knowing it.
The docs are poor, but the triumvirate can achieve it...just from the apache config (remove the http auth). Lots of people do, and will continue to, use SVN to deploy because it just works and it's good experience that's transferable. I give up on trying to figure out what your point is.
Even if such system configuration deployment is done via read-only HTTP access, where is the minimum configuration for this documented for Subversion?
If you deploy via http, there is a webserver component (per web path security policy) that should use credentials (user from svn-auth-file, app specific user file) through the svn-acl (specific user associations to app groups, read, write permissions).
example Apache component: <blockquote> <Location/myrepo >
DAV svn
SVNPath/repositories/myrepo
AuthType Basic
AuthName "My Subversion repository"
AuthUserFile/etc/svn-auth-file
Please excuse my lack of clarity: I assumed from your support of Subversion that you were actually familiar with how it works on UNIX and Linux. Their subversion clients, by default, store all passwords in clear text in repository specific text files in the user's home directory.
This is not "how SVN works on *nix". There are lots of clients that have varying levels of reliability and security. That's an svn client problem (I've never met anyone who uses the SVN stock CLI client for lots of reasons). I can just as well say that Oracle is insecure because I use some trash app that stores my passwords locally in plaintext. Not a reason not to use svn, but a good warning that the client is insecure.
that said, the idea that a small or large shop shouldn't bother to have a security policy until they can afford auditors is both insane, and not my point.
I didn't say that. I did say "there's no reason for me to write out" in response to "even when they put their write-authorized passwords in their NFS shared home directories". It's assumed that an admin understands security basics, in my support of SVN as a deployment tool. I apologize for typing that retarded statement.
Oh, dear. "We trust the people we work with" to prevent people reading the unencrypted passwords in $HOME/.svn/auth/. Yes that trick works really well for root owned system configuration files. No one would _ever_ steal those or modify them behind your back, even when they put their write-authorized passwords in their NFS shared home directories, even when those passwords are also used for email and sudo, and even when those passwords can be used to alter root-owned system configuration files.
Huh? $HOME/.svn/auth/ Root owned system configuration files? I'd like some explanation as it looks like nonsense to me, when you had ample space to explain it and chose to pick random sentences to illustrate your own specific gripe that doesn't look like anything scary to me.
even when they put their write-authorized passwords in their NFS shared home directories, even when those passwords are also used for email and sudo, and even when those passwords can be used to alter root-owned system configuration files.
There's pragmatism and paranoia. For such a shop (or larger, until you have an independent staff to do audits) there's no reason for me to write out "you should make sure all your passwords differ and are secure". You can't hand-hold security. This is about environment management and there are many strategies other than "you have to choose an app with rigorous security support". That's just throwing out the baby with the bathwater because you know water can erode things.
Do _not_ use Subversion for this. Use git, even if you have to use gitsvn to point it to an upstream Subversion repository. Subversion's security models in UNIX and Linux are exceptionally poor, and typically wind up storing passwords in clear-text without properly notifying you. (Now it notifies you before storing it, but usex it automatically.) Subversion also has very poor handling of multiple upstream repositories, and there is no way to store local changes locally, for testing or branching purposes, and only submit them to the central repository when your changes are complete.
Ahem, DO_USE_SUBVERSION for this. It's simple, fast, easy to manage and teach. Keeping your dev/test secured by ip filtering to your network, there's no reason to use anything more elaborate for security. There's no need to version local changes as the users can decide and implement their own local versioning. Sheesh.
Same percentage of respondents "don't want appearance to matter so much". But they do. Pointless study tells more about people's attitudes (understanding) than about their desires.
What's more, he didn't actually make a sale. I can say, I'm making available, anything that is not criminally illegal to sell. The question could go to the legality of "making available" that the music industry is so fond of.
Advertising uses a fair amount of spidering for such things as contextual searching (where has a user been and what are their interests). Amazon was completely apatheic, in regards to a company who offered 50 mil for sending them crawling business. I was surprised, to say the least. When it was attempted to do so piecemeal, Amazon got very upset. So there's a demand, but it's probably not very large (# of capitalized consumers).
If I felt I had a fraction of those finances, to fund and produce the software I always wanted to make, I would spend my last breath trying to do so. Just as I am now, but I'm not quite wealthy enough.
No, not even 30% of the subset of PCs with this performance-monitoring software run it. In order to claim that not even 30% of PCs run Vista, you would need to establish that the sampling method is not biased, which is a pretty implausible claim.
Of note is the fact that, two years after Vista's release, not even 30 percent of PCs actually run it.
Too add to this, they claim Vista is just a flat out flop, when it has far more market share ALONE than all Macs combined.
Irrelevant. * wtf
So why is it a total flop when its still managed to out-share Mac systems that are considered a success?
Also irrelevant. * wtf
Maybe I misread the conversation, how are those irrelevant? The claims are statistically inaccurate with a biased and completely insufficient sample size.
Slashdot Mirror
I've never understood this sentiment. I have no such delusions that "I'm better than everyone else" because by any standard, there are people who are more exceptional than me in every way and/or people who exist that I cannot compare to. How people can even have this "feeling" is a mystery to me. That's being honest, and I'm sure that it's not a special case in knowing it.
The docs are poor, but the triumvirate can achieve it...just from the apache config (remove the http auth). Lots of people do, and will continue to, use SVN to deploy because it just works and it's good experience that's transferable. I give up on trying to figure out what your point is.
I'm not sure what you're getting at. Unless you know it's implemented differently, the configs I posted can mimic that behavior.
If you deploy via http, there is a webserver component (per web path security policy) that should use credentials (user from svn-auth-file, app specific user file) through the svn-acl (specific user associations to app groups, read, write permissions).
example Apache component:
<blockquote>
<Location
DAV svn
SVNPath
AuthType Basic
AuthName "My Subversion repository"
AuthUserFile
Require valid-user
AuthzSVNAccessFile
</Location>
</blockquote>
example svn-acl:
<blockquote>
[groups]
team1 = user1
team2 = user2
[myrepo:/]
@team1 = r
user2 = rw
</blockquote>
example svn-auth-file:
<blockquote>
user1:$apr1$923.....$SbWzZcrQeCMfiqCcS6U6S0
user2:$bz2ff112.....$HedeEqWWR3SQ5NfeS343SS
</blockquote>
This is a basic setup (paths vary).
This is not "how SVN works on *nix". There are lots of clients that have varying levels of reliability and security. That's an svn client problem (I've never met anyone who uses the SVN stock CLI client for lots of reasons). I can just as well say that Oracle is insecure because I use some trash app that stores my passwords locally in plaintext. Not a reason not to use svn, but a good warning that the client is insecure.
I didn't say that. I did say "there's no reason for me to write out" in response to "even when they put their write-authorized passwords in their NFS shared home directories". It's assumed that an admin understands security basics, in my support of SVN as a deployment tool. I apologize for typing that retarded statement.
Huh? $HOME/.svn/auth/ Root owned system configuration files? I'd like some explanation as it looks like nonsense to me, when you had ample space to explain it and chose to pick random sentences to illustrate your own specific gripe that doesn't look like anything scary to me.
There's pragmatism and paranoia. For such a shop (or larger, until you have an independent staff to do audits) there's no reason for me to write out "you should make sure all your passwords differ and are secure". You can't hand-hold security. This is about environment management and there are many strategies other than "you have to choose an app with rigorous security support". That's just throwing out the baby with the bathwater because you know water can erode things.
Ahem, DO_USE_SUBVERSION for this. It's simple, fast, easy to manage and teach. Keeping your dev/test secured by ip filtering to your network, there's no reason to use anything more elaborate for security. There's no need to version local changes as the users can decide and implement their own local versioning. Sheesh.
Some of us are still hunting with long sticks.
If the military was assigned to "protect" the interests of Haliburton (which it was), there was indirect control. Nice revisionism.
Another periodic table, is not news.
Someone should have already linked one of the periodic table databases like:
http://www.meta-synthesis.com/webbook/35_pt/pt_database.php
Same percentage of respondents "don't want appearance to matter so much". But they do. Pointless study tells more about people's attitudes (understanding) than about their desires.
Has anyone thought to run the supercolliders a couple times? I'd really like to know the spread on the superbowl.
What's more, he didn't actually make a sale. I can say, I'm making available, anything that is not criminally illegal to sell. The question could go to the legality of "making available" that the music industry is so fond of.
Advertising uses a fair amount of spidering for such things as contextual searching (where has a user been and what are their interests). Amazon was completely apatheic, in regards to a company who offered 50 mil for sending them crawling business. I was surprised, to say the least. When it was attempted to do so piecemeal, Amazon got very upset. So there's a demand, but it's probably not very large (# of capitalized consumers).
Also commerce and terrorism and scientific research and banking and hacking and collective processing and ....
Brian Eno is a "well known" (in circles that might possibly care), experimental musician. In short, nobody.
If I felt I had a fraction of those finances, to fund and produce the software I always wanted to make, I would spend my last breath trying to do so. Just as I am now, but I'm not quite wealthy enough.
And so the labor and data rate tiering are different as well.
This was a logical argument about the validity of using a specific case to support a theory. Thx again.
Right, so experimentation IS how science is done. Thx for clarifying what everyone knows.
Explain how science is done please.
Maybe I misread the conversation, how are those irrelevant? The claims are statistically inaccurate with a biased and completely insufficient sample size.
So if a child has never been to school, you would also consider them a pre-schooler? Sigh.
It's called democracy. Yes, they do.
Citation? SERIOUSLY, how do you come up with Pig-latin == stupid? Way to demonstrate how dumb you are.