For those who may be curious, the proper way to actually prevent SQL injections is to wrap anything coming in with a function that calls stripslashes() and mysql_escape_string() (or equivalent function for another db). For example, the function I use looks like the following (this also adds quotes around anything that is not numeric):
[sorry for the poor formatting,./ is highly broken when it comes to posting code]// Quote variable to make safe function quote_smart($value) {// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}// Quote if not integer
if (!is_numeric($value)) {
$value = "'" . mysql_escape_string($value) . "'";
}
return $value; }
Now you call this through sprintf like:
$res=mysql_query(sprintf("select data from users where userid=%s", quote_smart($_GET['u']));
Now this is perfectly safe from SQL injection. Anyone who has done real web programming knows all about this and knows that you need to deal with this sort of thing regardless of what language you're using.
Also, whenever you emit data that will appear in HTML you also need to wrap it. This time you just use the builtin htmlentities() function like:
This prevents cross site scripting. Again, no different from any other language.
PS: IMHO if someone goes out of their way to claim something "sucks" they probably don't know what they're talking about. Try the other languages and read the documentation so that you can evaluate which is best for your project.
Yeah, so PHP stands for "Personal Home Pages" but that's is an historical misnomer now. PHP has a CLI binary that can be used to run scripts on the commandline. Obligatory "hello world" follows:
!#/usr/bin/php
echo "Hello, world!";
Now consider that PHP ships standard on virtually every Linux distro and comes with a large assortment of libraries. You can write LDAP scripts, do IMAP, generate images, the list is loooong. It amazes me that PHP isn't used more in corporate envirments. PHP is easy to use, arrays are surprisingly useful, and you can do a little OO (which is just the right amount IMO). And something that a lot of people take for granted is that the documentation on php.net is great. Everything is on one place unlike other languages (e.g. Python) where you just get redirected to every little sourceforge scribble and wiki there is.
I'm a C person. I'll continue to use C for heavy lifting but you also need a good scripting language. I just wrote a Zend extension to interface with some of my C work and it exceeded all of my expectations.
If you're looking for the lastest hot new "technology" then Ruby is a good buzzword. Otherwise, if you're just looking to get work done, so you can go home and play with your kids, PHP is a workhorse.
PS: I don't know spit about this book but the tutorial on writing extensions on the Zend website was pretty good. Good enough for me anyway.
This is an insult. AT&T Bell Labs invented UNIX, C, the transitor, and countless other things instrumental to the development of the telecommunications and computer industry. Google has a great text searching program. They didn't even really "invent" it either. They just built a much better one than anyone else had at the time. What else have they done lately? Sure you can rattle off a list of things but is any one of them REALLY useful for anything more than inflating their stock price? The only other thing they have that I would catagorize as remotely innovative is maps.google.com but the entire basis for that is the XmlRpcRequest usage which if you had to attribute it as an "invention" (which it's not) to someone you would have to give credit to Microsoft. Google Earth was purchased so they didn't invent that.
Re:The problem with the alternatives to PHP
on
Pro PHP Security
·
· Score: 1
Seriously? Go to python.org. Scroll down the page to where you see the "Using Python for... databases" link. Click it.
Funny, I just did this and couldn't find it. I ended looking at some sourceforge boilerplate. I think the OP was pointing out that PHP has comprehensive and *consistent* documentation.
PHP Security in 5 sentences, Not 500 Pages
on
Pro PHP Security
·
· Score: 2, Insightful
No doubt user's need to be very careful but you don't need a 528 page book to describe how to escape reserved characters in your input and sql. I can summerize what you need to do right here with one use case. The use case is accepting an HTML form text field input and using it in an SQL statement.
First, you trim() and strlen() to make sure you have something. Then you use ereg to validate the hell out of it. Then you use the following function:// pardon the horrible formatting, it's a./ problem// Quote variable to make safe
function quote_smart($value)
{// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}// Quote if not integer
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
} to prep the input for inserting into the DB. Finally, you call that in conjuction with sprintf to build the SQL you're going to call like:
$sql = sprintf("SELECT * FROM acct WHERE name=%s", quote_smart($name));
This looks like a lot of work but in practice it's really not that bad. Also, every website must do this. It's not like there's something wrong with PHP. Some environments might abstract this stuff a little but frankly I'd rather do it explicitly so that I know exactly what's happening.
Concurrency Level: 500 Time taken for tests: 8.480740 seconds Complete requests: 5000 Requests per second: 589.57 [#/sec] (mean) Time per request: 848.074 [ms] (mean)
I don't understand this. These results are HORRIBLE. 5000 requests in 8 seconds? 1 request in.8 seconds? I think your decimal point is off.
You forgot multiprocess. Like anything in software the answer is, "it depends on the application". But one of the most overlooked and frequently very important factors that affects performance is cache locality. If the CPU has to fetch something from main memory (or heaven forbid it actually has to drudge it up from disk) the program has to wait. That wait time is often much much greater than the execution time of the target code. Aside from simply writing small code (that only get's you so far), one way to get better cache locality is to break up your processing into a pipeline. Mail servers frequently do this. One process will accept connections do some sanity checking and write the message to another process. The next process juggles addresses for routing and writes it to another process. That process might then work on delivery either locally or remotely. What happends (or what is supposed to happen under high load) is that one process becomes hot and processes as many messages as it can until the buffer to the next process is full. Then the next process runs processing all of those messages until it either runs out of stuff to process or cant write anything more to the next process in the pipeline. If you have multiple cores / CPUs this scales pretty well too.
But again, "it depends on the application". The above pipelining method only performs well if you're processing items in an assembly line fashion. If you're an HTTP proxy server you wouldn't want that model. You would probably want a single process libevent type of thing. I have some code that doesn't use either of those models. It's a multiprocess model but event driven with *everything* in shared memory. It's very close to a multithreaded model but I needed security context switching. Also, contrary to popular belief threaded servers are slower than equivalent multiprocess servers. So in-general, the benifit of a multithreaded server is pretty much just about convenience for the programmer. Since you can acheive the same effect by just creating an allocator from a big chunk of shared memory mapped before anything is forked, there's very little reason to use threads at all.
Hopefully the extension encrypts the passwords block with a master key and prompts the user for it when saving/restoring. I don't care if they use by history to do marketing metrics or whatever but there's no way in hell I'm going to give them my passwords. Even if they are just "weak" ones.
A good design correctly models the concept of what it is you're trying to achive with the program. Ultimately this means the programming interfaces (APIs) for each concept are correct [1]. Don't design interfaces around procedures. Don't design interfaces around the physical world. Design to *concepts* and *ideas*. This is superior because you will never discover at a later time that the code is fundamentally flawed and needs to be totally re-written. If the interface correctly models the concept, by definition, it CANNOT be wrong. If it is wrong then you simply didn't understand the concept well enough or you failed to translate that concept into a suitable interface and you just need to think more and type less. If you do get things right you'll find that major peices dovetail together perfectly [2]. The implementation can be wrong and may need to be re-written but if the interface correctly represents the concept the re-write will be localized to one library or part of a library. That is a much more straight forward matter than using a bad design and finding half way through a project that the required changes transcend the whole system.
And thus you cannot validate a design because that would require representing a concept and determining if an interface suitably models it. That is HARD. If that were possible you would effectively have a thinking, rationalizing, brain (Artifical Intelligence) in which case you wouldn't be dorking around with validating programs, you would be dynamically generating them.
[1] Frequently people advocate that interfaces are "well defined". That just means there are no holes in the logic of it's use. Personally I think a well defined interface is useless if it does not correctly model a concept. You can always go back and fill in the holes later. [2] Although this is also when you discover that you didn't get the concept right and need to adjust the interface (hopefully not by much)
All I do is just putting the spam into certain folders and our good old friend cron does the rest.
Man I can't believe we're still doing this. Cron? The proper way to do this is to have a "Spam" button on your email program that triggers a script (and preferrably provide default scripts for things like SpamCop).
Well now I know RoR is bull because any article that is 90% about trying to debunk hype and talk about philosophy must be hiding something. You can easly find 10 Java programmers but if you're an expert in something that offers 10 to 1 productivity then you're going to be popular. My guess this is just another guy trying to drum up some business for himself. Not that there's anything wrong with that but you have to technical content to backup your claims. Let's see that "three lines of code to render a table".
That legal strategy was designed by Real, Netscape and others to yield compensation dollars. The problem with Microsoft's anticompetitive behavior has to do with Inter Process Communication (IPC). A file is a form of IPC. A network message is IPC. If the details of the various forms of IPC are widely available products can interoperate and that is bad for Microsoft's market share. I believe that if a product is completely dominant in a market (e.g. Exchange / Outlook mail system on corporate intranets) the details regarding it's IPC should be made available so as to reduce the liability associated with using that product. In this particular case that liability is the unfair business practice of forcing other companies out of a market by leveraging undisclosed IPCs. Secondarily there are a number of other very good reasons for having alternative programs that understand the same IPCs but it's not clear that they have legal bearing.
Now, if you look at Java or C#,... You cannot (repeat cannot) go modifying the internal structures of objects if they are not marked as being accessible to you.
That's two many cannots:-> All you have to do is write a little JNI call, do a libraryLoad and now you can touch anything you want.
get yourself a technology designed for multi-threaded programming. Java will give
.. will give you a headache. Java thread support is bad. Because you can only lock around the synchronized() block you can't unlock the lock if you call out from that block. And what's worse, is the way they deal with the problem is to introduce bloated java.util.concurrent.* packages. It would have been much better to start with a small simple ReentrantLock type class.
Java is such a great langange it really pisses me off to see them put these huge bloated libs in it like all the logging crap and the overdesigned nio packages.
Microsoft's not in trouble because they've bundled software. Microsoft's in trouble because they've abused their monopoly in one area (end-user operating systems and office-program file formats) to gain monopolies in other areas (web browsers, media formats, server operating systems etc).
Right on. The REAL issue is not bundling. That legal strategy was designed by Real, Netscape and others to yield compensation dollars. The real issue is Inter Process Communication (IPC). A file is a form of IPC. A network message is IPC. If the details of the various forms of IPC are widely available products can interoperate and that is good. I believe that a product that is completely dominant in a market the details regarding it's IPC should be made available so as to reduce the liability associated with using that product. In this particular case that liability is the unfair business practice of forcing other companies out of a market by leveraging undisclosed IPCs. Secondarily there are a number of other very good reasons for having alternative programs that understand the same IPCs but it's not clear that they have legal bearing.
They could not give us any kind of specs on the protocol or the MPPC compression. Thank god for Ethereal.
You hit the nail right on the head. MS does NOT have documentation for this stuff. And Ethereal has saved the f'n day AFAIC.
MS should be required to setup a "Network Interoperability Compliance" department. Basically they're required to hire a tech who answers queries by third party developers.
For example, let's say I'm writing an authentication module for some XMLRPC service on a Unix machine and for some I can't figure out how to get cross domain deligation to work. I might send my packet capture to the Office of Network Interoperability Compliance and ask them if the flags in frame 15 are correct. They might even take a capture of a cross domain authentication and compare. If they're still not sure they might ask around or look at Active Directory source code. And if the backlog of requests get's too great, MS has to hire another tech until the response time is less than 10 days.
... Then I have a ssh-agent running on the box. Each bash script then sources a file I create in ~/.ssh/my-agent.env that sets $SSH_AGENT_PID and $SSH_AUTH_SOCK.
Whenever the agent doesn't have a key added, I can just do ssh-add, then enter my passphrase and it is stored in the agent. When I exit, that agent is left running and all scripts then source the env to get to the PID/Sock for my agent.
I do exactly this for my rsync backup. Arguably it's really the best/only way. But what would be better is a krb5-agent so that you can use the same technique with all kerberized applications and not just SSH. Of course this assumes you're just doing intrAnet stuff. For the intErnet, then I guess SSH is still the way to go.
Also, I have to wonder if ssh-agent is actually safe. It seems to me, it would be possible for a malicous program to deduce the PID/Sock by looking at/proc and trying different sockets in/tmp.
I know a lot of./'ers like their Tivos and all but this is just another stupid patent that should be rejected. If Tivo dies because of competition then sorry but that's irrelivant. Patents aren't a crutch for weak business models. They're supposed to give an inventor time to develop and deliver their product (and that's if it's NOT Just Another Stupid Patent). Providing a service to schedule recording TV shows to a hard drive is mildly innovative but it is not a "eureka" moment, it's just bundling. You could record a show to magnetic tape at a certain time with a run-of-the-mill VCR.
I used to play guitar a lot when I was ~15. Sometimes I would play for 10 hours straight until I was bleary eyed. It was only deep in a jam session that I thought my skills really progressed. Now, 15 years later, I started tooling around with Garage Band on my Mac. I got an M-AUDIO FastTrack USB to see if I could do some simple overbubbing. Sure it was fun but I've come to the conclusion that software assisted authoring is and always will be inferior to just playing your heart out. The spontanaiety of humans so much more interesting. Computers don't imitate art very well (unless maybe you're mixing techno or something mechanical like that).
I'm not a fanboy of any OS - I spend 90% of my time in xterms in WindowMaker on Linux writing C code. But I have a Mac Mini and I have to say, launching programs and navigating through menus on the Mac is slow. There's a 500ms+ delay between the time you click on something and get a result. Actually I think there's something wrong with the eventloop of the UI. Hopefully it's something they can fix. But launching programs is pretty slow too. At least I perceive it as slow compared to Windows.
Slashdot Mirror
I did. Wikipedia's PHP page says "Personal Home Pages".
For those who may be curious, the proper way to actually prevent SQL injections is to wrap anything coming in with a function that calls stripslashes() and mysql_escape_string() (or equivalent function for another db). For example, the function I use looks like the following (this also adds quotes around anything that is not numeric):
./ is highly broken when it comes to posting code] // Quote variable to make safe // Stripslashes // Quote if not integer
[sorry for the poor formatting,
function quote_smart($value)
{
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (!is_numeric($value)) {
$value = "'" . mysql_escape_string($value) . "'";
}
return $value;
}
Now you call this through sprintf like:
$res=mysql_query(sprintf("select data from users where userid=%s", quote_smart($_GET['u']));
Now this is perfectly safe from SQL injection. Anyone who has done real web programming knows all about this and knows that you need to deal with this sort of thing regardless of what language you're using.
Also, whenever you emit data that will appear in HTML you also need to wrap it. This time you just use the builtin htmlentities() function like:
echo "<input name=\"u\" type=\"text\" value=\"" . htmlentities($user) . "\">\n";
This prevents cross site scripting. Again, no different from any other language.
PS: IMHO if someone goes out of their way to claim something "sucks" they probably don't know what they're talking about. Try the other languages and read the documentation so that you can evaluate which is best for your project.
Yeah, so PHP stands for "Personal Home Pages" but that's is an historical misnomer now. PHP has a CLI binary that can be used to run scripts on the commandline. Obligatory "hello world" follows:
!#/usr/bin/php
echo "Hello, world!";
Now consider that PHP ships standard on virtually every Linux distro and comes with a large assortment of libraries. You can write LDAP scripts, do IMAP, generate images, the list is loooong. It amazes me that PHP isn't used more in corporate envirments. PHP is easy to use, arrays are surprisingly useful, and you can do a little OO (which is just the right amount IMO). And something that a lot of people take for granted is that the documentation on php.net is great. Everything is on one place unlike other languages (e.g. Python) where you just get redirected to every little sourceforge scribble and wiki there is.
I'm a C person. I'll continue to use C for heavy lifting but you also need a good scripting language. I just wrote a Zend extension to interface with some of my C work and it exceeded all of my expectations.
If you're looking for the lastest hot new "technology" then Ruby is a good buzzword. Otherwise, if you're just looking to get work done, so you can go home and play with your kids, PHP is a workhorse.
PS: I don't know spit about this book but the tutorial on writing extensions on the Zend website was pretty good. Good enough for me anyway.
This is an insult. AT&T Bell Labs invented UNIX, C, the transitor, and countless other things instrumental to the development of the telecommunications and computer industry. Google has a great text searching program. They didn't even really "invent" it either. They just built a much better one than anyone else had at the time. What else have they done lately? Sure you can rattle off a list of things but is any one of them REALLY useful for anything more than inflating their stock price? The only other thing they have that I would catagorize as remotely innovative is maps.google.com but the entire basis for that is the XmlRpcRequest usage which if you had to attribute it as an "invention" (which it's not) to someone you would have to give credit to Microsoft. Google Earth was purchased so they didn't invent that.
Seriously? Go to python.org. Scroll down the page to where you see the "Using Python for... databases" link. Click it.
Funny, I just did this and couldn't find it. I ended looking at some sourceforge boilerplate. I think the OP was pointing out that PHP has comprehensive and *consistent* documentation.
No doubt user's need to be very careful but you don't need a 528 page book to describe how to escape reserved characters in your input and sql. I can summerize what you need to do right here with one use case. The use case is accepting an HTML form text field input and using it in an SQL statement.
// pardon the horrible formatting, it's a ./ problem // Quote variable to make safe // Stripslashes // Quote if not integer
First, you trim() and strlen() to make sure you have something. Then you use ereg to validate the hell out of it. Then you use the following function:
function quote_smart($value)
{
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
to prep the input for inserting into the DB. Finally, you call that in conjuction with sprintf to build the SQL you're going to call like:
$sql = sprintf("SELECT * FROM acct WHERE name=%s", quote_smart($name));
This looks like a lot of work but in practice it's really not that bad. Also, every website must do this. It's not like there's something wrong with PHP. Some environments might abstract this stuff a little but frankly I'd rather do it explicitly so that I know exactly what's happening.
Don't believe me? Ok. Andrew Tridgell from the Samba team has some experience with this. Here's what he has to say about the topic:
0 4-December/038301.html
http://lists.samba.org/archive/samba-technical/20
I don't understand this. These results are HORRIBLE. 5000 requests in 8 seconds? 1 request in .8 seconds? I think your decimal point is off.
You forgot multiprocess. Like anything in software the answer is, "it depends on the application". But one of the most overlooked and frequently very important factors that affects performance is cache locality. If the CPU has to fetch something from main memory (or heaven forbid it actually has to drudge it up from disk) the program has to wait. That wait time is often much much greater than the execution time of the target code. Aside from simply writing small code (that only get's you so far), one way to get better cache locality is to break up your processing into a pipeline. Mail servers frequently do this. One process will accept connections do some sanity checking and write the message to another process. The next process juggles addresses for routing and writes it to another process. That process might then work on delivery either locally or remotely. What happends (or what is supposed to happen under high load) is that one process becomes hot and processes as many messages as it can until the buffer to the next process is full. Then the next process runs processing all of those messages until it either runs out of stuff to process or cant write anything more to the next process in the pipeline. If you have multiple cores / CPUs this scales pretty well too.
But again, "it depends on the application". The above pipelining method only performs well if you're processing items in an assembly line fashion. If you're an HTTP proxy server you wouldn't want that model. You would probably want a single process libevent type of thing. I have some code that doesn't use either of those models. It's a multiprocess model but event driven with *everything* in shared memory. It's very close to a multithreaded model but I needed security context switching. Also, contrary to popular belief threaded servers are slower than equivalent multiprocess servers. So in-general, the benifit of a multithreaded server is pretty much just about convenience for the programmer. Since you can acheive the same effect by just creating an allocator from a big chunk of shared memory mapped before anything is forked, there's very little reason to use threads at all.
Hopefully the extension encrypts the passwords block with a master key and prompts the user for it when saving/restoring. I don't care if they use by history to do marketing metrics or whatever but there's no way in hell I'm going to give them my passwords. Even if they are just "weak" ones.
I don't see how any Windows machine could have an uptime of longer than a month if you have to reboot after every update. Unless you're not updating.
A good design correctly models the concept of what it is you're trying to achive with the program. Ultimately this means the programming interfaces (APIs) for each concept are correct [1]. Don't design interfaces around procedures. Don't design interfaces around the physical world. Design to *concepts* and *ideas*. This is superior because you will never discover at a later time that the code is fundamentally flawed and needs to be totally re-written. If the interface correctly models the concept, by definition, it CANNOT be wrong. If it is wrong then you simply didn't understand the concept well enough or you failed to translate that concept into a suitable interface and you just need to think more and type less. If you do get things right you'll find that major peices dovetail together perfectly [2]. The implementation can be wrong and may need to be re-written but if the interface correctly represents the concept the re-write will be localized to one library or part of a library. That is a much more straight forward matter than using a bad design and finding half way through a project that the required changes transcend the whole system.
And thus you cannot validate a design because that would require representing a concept and determining if an interface suitably models it. That is HARD. If that were possible you would effectively have a thinking, rationalizing, brain (Artifical Intelligence) in which case you wouldn't be dorking around with validating programs, you would be dynamically generating them.
[1] Frequently people advocate that interfaces are "well defined". That just means there are no holes in the logic of it's use. Personally I think a well defined interface is useless if it does not correctly model a concept. You can always go back and fill in the holes later.
[2] Although this is also when you discover that you didn't get the concept right and need to adjust the interface (hopefully not by much)
All I do is just putting the spam into certain folders and our good old friend cron does the rest.
Man I can't believe we're still doing this. Cron? The proper way to do this is to have a "Spam" button on your email program that triggers a script (and preferrably provide default scripts for things like SpamCop).
... EVERY FUCKING STORY. Does anyone listen? NO! They're too busy WITH THEIR HEADS STUCK ...
Get a grip dork. Maybe you should try building model airplanes or going outstide. I think the mold in your mom's basement is getting to you.
Well now I know RoR is bull because any article that is 90% about trying to debunk hype and talk about philosophy must be hiding something. You can easly find 10 Java programmers but if you're an expert in something that offers 10 to 1 productivity then you're going to be popular. My guess this is just another guy trying to drum up some business for himself. Not that there's anything wrong with that but you have to technical content to backup your claims. Let's see that "three lines of code to render a table".
That legal strategy was designed by Real, Netscape and others to yield compensation dollars. The problem with Microsoft's anticompetitive behavior has to do with Inter Process Communication (IPC). A file is a form of IPC. A network message is IPC. If the details of the various forms of IPC are widely available products can interoperate and that is bad for Microsoft's market share. I believe that if a product is completely dominant in a market (e.g. Exchange / Outlook mail system on corporate intranets) the details regarding it's IPC should be made available so as to reduce the liability associated with using that product. In this particular case that liability is the unfair business practice of forcing other companies out of a market by leveraging undisclosed IPCs. Secondarily there are a number of other very good reasons for having alternative programs that understand the same IPCs but it's not clear that they have legal bearing.
That's two many cannots :-> All you have to do is write a little JNI call, do a libraryLoad and now you can touch anything you want.
Java is such a great langange it really pisses me off to see them put these huge bloated libs in it like all the logging crap and the overdesigned nio packages.
Right on. The REAL issue is not bundling. That legal strategy was designed by Real, Netscape and others to yield compensation dollars. The real issue is Inter Process Communication (IPC). A file is a form of IPC. A network message is IPC. If the details of the various forms of IPC are widely available products can interoperate and that is good. I believe that a product that is completely dominant in a market the details regarding it's IPC should be made available so as to reduce the liability associated with using that product. In this particular case that liability is the unfair business practice of forcing other companies out of a market by leveraging undisclosed IPCs. Secondarily there are a number of other very good reasons for having alternative programs that understand the same IPCs but it's not clear that they have legal bearing.
They could not give us any kind of specs on the protocol or the MPPC compression. Thank god for Ethereal.
You hit the nail right on the head. MS does NOT have documentation for this stuff. And Ethereal has saved the f'n day AFAIC.
MS should be required to setup a "Network Interoperability Compliance" department. Basically they're required to hire a tech who answers queries by third party developers.
For example, let's say I'm writing an authentication module for some XMLRPC service on a Unix machine and for some I can't figure out how to get cross domain deligation to work. I might send my packet capture to the Office of Network Interoperability Compliance and ask them if the flags in frame 15 are correct. They might even take a capture of a cross domain authentication and compare. If they're still not sure they might ask around or look at Active Directory source code. And if the backlog of requests get's too great, MS has to hire another tech until the response time is less than 10 days.
Whenever the agent doesn't have a key added, I can just do ssh-add, then enter my passphrase and it is stored in the agent. When I exit, that agent is left running and all scripts then source the env to get to the PID/Sock for my agent.
I do exactly this for my rsync backup. Arguably it's really the best/only way. But what would be better is a krb5-agent so that you can use the same technique with all kerberized applications and not just SSH. Of course this assumes you're just doing intrAnet stuff. For the intErnet, then I guess SSH is still the way to go.
Also, I have to wonder if ssh-agent is actually safe. It seems to me, it would be possible for a malicous program to deduce the PID/Sock by looking at /proc and trying different sockets in /tmp.
I know a lot of ./'ers like their Tivos and all but this is just another stupid patent that should be rejected. If Tivo dies because of competition then sorry but that's irrelivant. Patents aren't a crutch for weak business models. They're supposed to give an inventor time to develop and deliver their product (and that's if it's NOT Just Another Stupid Patent). Providing a service to schedule recording TV shows to a hard drive is mildly innovative but it is not a "eureka" moment, it's just bundling. You could record a show to magnetic tape at a certain time with a run-of-the-mill VCR.
I used to play guitar a lot when I was ~15. Sometimes I would play for 10 hours straight until I was bleary eyed. It was only deep in a jam session that I thought my skills really progressed. Now, 15 years later, I started tooling around with Garage Band on my Mac. I got an M-AUDIO FastTrack USB to see if I could do some simple overbubbing. Sure it was fun but I've come to the conclusion that software assisted authoring is and always will be inferior to just playing your heart out. The spontanaiety of humans so much more interesting. Computers don't imitate art very well (unless maybe you're mixing techno or something mechanical like that).
It's 512 and it's the one w/ a faster processor.
I'm not a fanboy of any OS - I spend 90% of my time in xterms in WindowMaker on Linux writing C code. But I have a Mac Mini and I have to say, launching programs and navigating through menus on the Mac is slow. There's a 500ms+ delay between the time you click on something and get a result. Actually I think there's something wrong with the eventloop of the UI. Hopefully it's something they can fix. But launching programs is pretty slow too. At least I perceive it as slow compared to Windows.