You can fix this problem by catching attempts to modify the $GEEKLOG_DIR file via get or post methods at the top of the gallery/classes/geeklog/User.php file. Insert this line:
if (isset($_GET['GEEKLOG_DIR']) || isset($_POST['GEEKLOG_DIR'])|| isset($_SESSION['GEEKLOG_DIR'])) die('nice try buddy.'); }
The $GEEKLOG_DIR variable is actually set at the end of the gallery init file, so it should not be coming from any other directories. This is another example of why it's bad to leave register_globals on, as the whole problem could have been avoided otherwise.
Snooping on people is not really the problem. I don't really care if people blank out their referrer or put something bogus instead. The problem is that by having your logs constantly spammed, your log data becomes useless. If you're using a log analysis program like webalizer, your total hits, visits, etc are way out of wack because only 1 out of every 3 or so hits is legitimate. You can't get an accurate picture of how many hits your site is actually getting. I don't know how it happened, but my site has gotten so bad that it is constantly being bombarded with these hits from a bunch of different ip addresses and a ton of different domains.
I was having the same problem; getting literally thousands of hits to my site from referrers for all kinds of porn and other random domain names. I did a google search and found this site: http://www.spywareinfo.com/articles/referer_spam/. It shows how to use mod_rewrite with apache to block the most frequent domains. I took Mike's blacklist and created this page, which automatically creates the.htaccess file for you. The problem is that they seem to be registering tons of new domain names so it's hard to keep up a decent blacklist.
Pro tools has very limited midi abilities. It's mainly used for recording. Also, there's not nearly as many plugins available for it, and the ones that are available are expensive.
Take a look at "Web Application Development with PHP 4.0", by Ratschiller and Gerken. This book is primarily intended for advanced php programmers and contains topics on advanced topics such as bitwise operations for storing values in databases and writing your own database-driven session handlers to replace php's.
I have this book, and I definetly would not give it a 9/10. The text is plagued with errors. Most of them are corrected easily enough, but it is still a hassle to type in some sample code and not even be able to compile it without debugging first. To make matters worse, the url in the book given to download the sample code (and the errata) doesn't work. Take a look at some of the amazon reviews to gauge popular opinion on the book. I picked up my copy on sale for $10 at frys, but I would wait for a second edition or look at another book if you're planning to pay full price.
I'd imagine the detection program would have some sort of default 'normal behaviour' parameters, and executing everything in/usr/bin would not be part of them. Another thought I had, what about programs like emacs that can give you a shell from within the program? Would that even show up as normal commands entered on a terminal?
Wouldn't it be relatively easy to get around this by aliasing shell scripts to frequently used commands? Sure, the admin might be able to find the shell scripts lying around, but if an intruder was trying to do a one-off attack, it might be viable.
I've had one on my car for about 3 months now, and I haven't received a single inquiry yet. I do like to get in front of people with various jesus fish on the back of their cars in hopes that I either confuse them or piss them off:)
Why? Try tested, reliabile 24/7 uptime for mission critical applications. We use as/400 at my hospital for storing patient admission data, among other things. The command system is archaic, but it works, and it is extremely reliable.
My girlfriend and I bought a really nice rocking chair when we had our son. It was originally intended for feeding, but the thing is so comfortable I use it all the time for reading or playing video games. I've spent many later nights playing baldurs gate: dark alliance and final fantasy x in that chair, and never get uncomfortable. It costed about 500$ including the ottoman, and we got it at babies 'r us. Go to any baby store and they'll have tons of comfortable rocking chairs.
Perhaps more importantly, computers in general are not suitable for reading large amounts of text. Perhaps if you had a nice laser printer and a postscript copy of the book you could print it out, but I would not pay any amount of money (no matter how small) to read a good sized book in html format. I'd rather spend the extra 10 bucks to get it in paperback.
The oreilly book 'practical postgresql' is online for free at http://www.commandprompt.com/ppbook/. It has some useful information about postgresql and sql in general.
I think requiring pre-calculous as a prereq. is ridiculous. I know plenty of people (myself included) who suck at math but are still decent programmers. The concept of a function isn't that hard to grasp, and variables are taught in pre-algebra. So if the people you were teaching didn't understand functions and variables, I'd say they had other problems. You have to be reasonably intelligent to learn to program, but intelligence doesn't neccessarily equate to being good with math.
While this Privacy Statement expresses SourceForge.net's standards for maintenance of private data, SourceForge.net is not in a position to guarantee that the standards will always be met. There may be factors beyond our control that may result in disclosure of data. As a consequence, SourceForge.net disclaims any warranties or representations relating to maintenance or nondisclosure of private information.
Perhaps windows has had less overall security vulnerabilities, but the ones it has had have completely ruined systems and clogged up the internet (i.e. code red, nimda etc...).
"They've yet to understand we're not marketing to them but to people who actually purchase software, instead of religiously create it. They may have made Linux, but we know how to make money with it, and we just can't understand why they don't care about that."
Wow. This guy must be one of those souless people who are completely shallow save their wealth. You always hear how 'suits' are ruining it for linux, but this is the first time I've read something first hand
I use phped 2.96, which is the last version released before Nu-Sphere took it over. It's really a shame, I would love to get the new version but Nu-Sphere is charging $299 for it, which is a ridiculous amount of money to pay for a scripting language ide. The older version is great when it works, but can be extremely frustrating when you try to add a file to your project and the whole thing crashes. Also, there isn't a linux version to my knowledge. All in all though, it's the best choice for windows php development.
You can download Libranet 1.9.1. If you installed and liked that version, then it would follow that you would like the new and improved version as well.
Slashdot Mirror
Snooping on people is not really the problem. I don't really care if people blank out their referrer or put something bogus instead. The problem is that by having your logs constantly spammed, your log data becomes useless. If you're using a log analysis program like webalizer, your total hits, visits, etc are way out of wack because only 1 out of every 3 or so hits is legitimate. You can't get an accurate picture of how many hits your site is actually getting. I don't know how it happened, but my site has gotten so bad that it is constantly being bombarded with these hits from a bunch of different ip addresses and a ton of different domains.
I was having the same problem; getting literally thousands of hits to my site from referrers for all kinds of porn and other random domain names. I did a google search and found this site: http://www.spywareinfo.com/articles/referer_spam/. It shows how to use mod_rewrite with apache to block the most frequent domains. I took Mike's blacklist and created this page, which automatically creates the .htaccess file for you. The problem is that they seem to be registering tons of new domain names so it's hard to keep up a decent blacklist.
A company has already built a completely dedicated piece of hardware around the sid music chip from the commodore 64: http://www.sidstation.com.
Pro tools has very limited midi abilities. It's mainly used for recording. Also, there's not nearly as many plugins available for it, and the ones that are available are expensive.
Take a look at "Web Application Development with PHP 4.0", by Ratschiller and Gerken. This book is primarily intended for advanced php programmers and contains topics on advanced topics such as bitwise operations for storing values in databases and writing your own database-driven session handlers to replace php's.
Brandon
That's a false analogy, because he didn't pay for the software. The vendor should not be expected to provide any services at all for him.
Brandon
I have this book, and I definetly would not give it a 9/10. The text is plagued with errors. Most of them are corrected easily enough, but it is still a hassle to type in some sample code and not even be able to compile it without debugging first. To make matters worse, the url in the book given to download the sample code (and the errata) doesn't work. Take a look at some of the amazon reviews to gauge popular opinion on the book. I picked up my copy on sale for $10 at frys, but I would wait for a second edition or look at another book if you're planning to pay full price.
I'd imagine the detection program would have some sort of default 'normal behaviour' parameters, and executing everything in /usr/bin would not be part of them. Another thought I had, what about programs like emacs that can give you a shell from within the program? Would that even show up as normal commands entered on a terminal?
Brandon
Wouldn't it be relatively easy to get around this by aliasing shell scripts to frequently used commands? Sure, the admin might be able to find the shell scripts lying around, but if an intruder was trying to do a one-off attack, it might be viable.
Brandon
We're dressing up our 16 month old son as this.
I've had one on my car for about 3 months now, and I haven't received a single inquiry yet. I do like to get in front of people with various jesus fish on the back of their cars in hopes that I either confuse them or piss them off :)
Babushka is the russian word for 'grandma' (it can also be meant as 'old lady').
Why? Try tested, reliabile 24/7 uptime for mission critical applications. We use as/400 at my hospital for storing patient admission data, among other things. The command system is archaic, but it works, and it is extremely reliable.
My girlfriend and I bought a really nice rocking chair when we had our son. It was originally intended for feeding, but the thing is so comfortable I use it all the time for reading or playing video games. I've spent many later nights playing baldurs gate: dark alliance and final fantasy x in that chair, and never get uncomfortable. It costed about 500$ including the ottoman, and we got it at babies 'r us. Go to any baby store and they'll have tons of comfortable rocking chairs.
What stands in the way of this utopia:
Perhaps more importantly, computers in general are not suitable for reading large amounts of text. Perhaps if you had a nice laser printer and a postscript copy of the book you could print it out, but I would not pay any amount of money (no matter how small) to read a good sized book in html format. I'd rather spend the extra 10 bucks to get it in paperback.
Brandon Tallent
http://www.resynthesize.com/code/
The oreilly book 'practical postgresql' is online for free at http://www.commandprompt.com/ppbook/. It has some useful information about postgresql and sql in general.
I think requiring pre-calculous as a prereq. is ridiculous. I know plenty of people (myself included) who suck at math but are still decent programmers. The concept of a function isn't that hard to grasp, and variables are taught in pre-algebra. So if the people you were teaching didn't understand functions and variables, I'd say they had other problems. You have to be reasonably intelligent to learn to program, but intelligence doesn't neccessarily equate to being good with math.
snip
NO GUARANTEES
While this Privacy Statement expresses SourceForge.net's standards for maintenance of private data, SourceForge.net is not in a position to guarantee that the standards will always be met. There may be factors beyond our control that may result in disclosure of data. As a consequence, SourceForge.net disclaims any warranties or representations relating to maintenance or nondisclosure of private information.
/snip
IBM doesn't need to, their 75GXP hard drives are already bad.
Brandon
Are you sure you're not using Windows? ;)
Perhaps windows has had less overall security vulnerabilities, but the ones it has had have completely ruined systems and clogged up the internet (i.e. code red, nimda etc...).
From the wired article:
"They've yet to understand we're not marketing to them but to people who actually purchase software, instead of religiously create it. They may have made Linux, but we know how to make money with it, and we just can't understand why they don't care about that."
Wow. This guy must be one of those souless people who are completely shallow save their wealth. You always hear how 'suits' are ruining it for linux, but this is the first time I've read something first hand
I use phped 2.96, which is the last version released before Nu-Sphere took it over. It's really a shame, I would love to get the new version but Nu-Sphere is charging $299 for it, which is a ridiculous amount of money to pay for a scripting language ide. The older version is great when it works, but can be extremely frustrating when you try to add a file to your project and the whole thing crashes. Also, there isn't a linux version to my knowledge. All in all though, it's the best choice for windows php development.
You can download Libranet 1.9.1. If you installed and liked that version, then it would follow that you would like the new and improved version as well.
Brandon Tallent.